package com.ibm.ws.security.registry.ldap.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.webcontainer.util.Base64Coder;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.NoSuchElementException;
import java.util.StringTokenizer;
import java.util.Vector;
import org.apache.bcel.Constants;
import org.eclipse.osgi.internal.signedcontent.SignedContentConstants;

@TraceOptions(traceGroups = {"LDAP"}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.ldap_1.0.1.jar:com/ibm/ws/security/registry/ldap/internal/CertificateMapper.class */
public class CertificateMapper {
    private static final TraceComponent tc = Tr.register(CertificateMapper.class);
    public static final String exactDnMapMode = "EXACT_DN";
    public static final String uniqueKeyMapMode = "uniqueKeyMode";
    public static final String filterDescriptorMapMode = "CERTIFICATE_FILTER";
    private String mapMode;
    private int searchScope;
    private String mapDesc = null;
    private String[] mapDescEles = null;
    static final long serialVersionUID = 8088254545353515362L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public CertificateMapper() {
        setLdapMapMode("EXACT_DN");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getLdapMapMode() {
        return this.mapMode;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setLdapMapMode(String str) {
        this.mapMode = str;
        if (str.equals("EXACT_DN")) {
            this.searchScope = 0;
        } else if (str.equals("uniqueKeyMode")) {
            this.searchScope = 2;
        } else if (str.equals("CERTIFICATE_FILTER")) {
            this.searchScope = 2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getLdapFilterDescriptor() {
        return this.mapDesc;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setLdapFilterDescriptor(String str) throws RegistryException {
        if (str != null) {
            this.mapDescEles = parseFilterDescriptor(str);
        }
        this.mapDesc = str;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getLdapSearchFilter(X509Certificate x509Certificate) throws RegistryException {
        if (this.mapMode.equals("EXACT_DN")) {
            return x509Certificate.getSubjectX500Principal().getName();
        }
        if (this.mapMode.equals("uniqueKeyMode")) {
            return "userCertificate=" + getUniqueKey(x509Certificate);
        }
        if (this.mapMode.equals("CERTIFICATE_FILTER")) {
            return getFilterByDescriptor(x509Certificate);
        }
        throw new RegistryException("unknown map mode: " + this.mapMode);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public int getLdapSearchScope() {
        return this.searchScope;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static String getUniqueKey(X509Certificate x509Certificate) {
        StringBuffer stringBuffer = new StringBuffer("subjectDN:");
        stringBuffer.append(x509Certificate.getSubjectX500Principal().getName()).append("issuerDN:").append(x509Certificate.getIssuerDN().getName());
        return new String(Base64Coder.base64Encode(getDigest(stringBuffer.toString()).getBytes()));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getFilterByDescriptor(X509Certificate x509Certificate) throws RegistryException {
        if (this.mapDescEles == null) {
            throw new RegistryException("map descriptor is not set");
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < this.mapDescEles.length; i++) {
            String str = this.mapDescEles[i];
            if (str.charAt(0) != '$') {
                stringBuffer.append(str);
            } else if (str.equals("${UniqueKey}")) {
                stringBuffer.append(getUniqueKey(x509Certificate));
            } else if (str.equals("${PublicKey}")) {
                stringBuffer.append(x509Certificate.getPublicKey().getEncoded());
            } else if (str.equals("${BasicConstraints}")) {
                continue;
            } else if (str.startsWith("${Issuer")) {
                stringBuffer.append(getDnSubField(str.substring(8, str.length() - 1), x509Certificate.getIssuerDN().getName()));
            } else if (!str.equals("${IssuerUniqueID}") && !str.equals("${KeyUsage}")) {
                if (str.equals("${NotAfter}")) {
                    stringBuffer.append(x509Certificate.getNotAfter().toString());
                } else if (str.equals("${NotBefore}")) {
                    stringBuffer.append(x509Certificate.getNotBefore().toString());
                } else if (str.equals("${SerialNumber}")) {
                    stringBuffer.append(x509Certificate.getSerialNumber());
                } else if (str.equals("${SigAlgName}")) {
                    stringBuffer.append(x509Certificate.getSigAlgName());
                } else if (str.equals("${SigAlgOID}")) {
                    stringBuffer.append(x509Certificate.getSigAlgOID());
                } else if (str.equals("${SigAlgParams}")) {
                    stringBuffer.append(x509Certificate.getSigAlgParams());
                } else if (str.equals("${Signature}")) {
                    continue;
                } else if (str.startsWith("${Subject")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "str = " + str, new Object[0]);
                        Tr.debug(tc, "first param = " + str.substring(9, str.length() - 1), new Object[0]);
                        Tr.debug(tc, "second param = " + str.substring(9, str.length() - 1), new Object[0]);
                        Tr.debug(tc, "getDnSubField = " + getDnSubField(str.substring(9, str.length() - 1), x509Certificate.getSubjectX500Principal().getName()), new Object[0]);
                    }
                    stringBuffer.append(getDnSubField(str.substring(9, str.length() - 1), x509Certificate.getSubjectX500Principal().getName()));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "filter = " + stringBuffer.toString(), new Object[0]);
                    }
                } else if (str.equals("${SubjectUniqueID}")) {
                    continue;
                } else {
                    if (str.equals("${TBSCertificate}")) {
                        throw new RegistryException("getTBSCertificate() is unsupported");
                    }
                    if (!str.equals("${Version}")) {
                        throw new RegistryException("unknown variable: " + str);
                    }
                    stringBuffer.append(x509Certificate.getVersion());
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getFilterByDescriptor returning: " + stringBuffer.toString(), new Object[0]);
        }
        return stringBuffer.toString();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String[] parseFilterDescriptor(String str) throws RegistryException {
        Vector vector = new Vector();
        int i = 0;
        int i2 = 0;
        int length = str.length();
        while (true) {
            if (i >= length) {
                break;
            }
            int indexOf = str.indexOf("${", i2);
            if (indexOf != -1) {
                if (i2 < indexOf) {
                    vector.addElement(str.substring(i2, indexOf));
                }
                int indexOf2 = str.indexOf("}", indexOf);
                if (indexOf2 == -1) {
                    throw new RegistryException("missing '}'");
                }
                i = indexOf2 + 1;
                vector.addElement(str.substring(indexOf, i));
                i2 = i;
            } else if (i2 < length) {
                vector.addElement(str.substring(i2));
            }
        }
        String[] strArr = new String[vector.size()];
        for (int i3 = 0; i3 < vector.size(); i3++) {
            strArr[i3] = (String) vector.elementAt(i3);
        }
        return strArr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10 */
    /* JADX WARN: Type inference failed for: r0v12, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.StringTokenizer] */
    /* JADX WARN: Type inference failed for: r0v3 */
    /* JADX WARN: Type inference failed for: r0v4 */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static String getDnSubField(String str, String str2) throws RegistryException {
        String nextToken;
        if (str.equals("DN")) {
            return str2;
        }
        ?? stringTokenizer = new StringTokenizer(str2);
        do {
            try {
                String nextToken2 = stringTokenizer.nextToken(",= ");
                nextToken = stringTokenizer.nextToken(",");
                stringTokenizer = nextToken;
                if (stringTokenizer != 0) {
                    nextToken = nextToken.substring(1);
                }
                stringTokenizer = nextToken2.equals(str);
            } catch (NoSuchElementException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.CertificateMapper", "268", null, new Object[]{str, str2});
                throw new RegistryException("unknown field of DN: " + str);
            }
        } while (stringTokenizer == 0);
        return nextToken;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static String getDigest(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignedContentConstants.MD5_STR);
            messageDigest.update(str.getBytes());
            return Base64Coder.toString(messageDigest.digest());
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.CertificateMapper", "287", null, new Object[]{str});
            return null;
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
