package com.ibm.eNetwork.security.sso.cms;

import com.ibm.eNetwork.security.sso.CMRequest;
import com.ibm.eNetwork.security.sso.CMResponse;
import com.ibm.eNetwork.security.sso.Ras;
import com.ibm.hats.runtime.RuntimeConstants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:lib/hodwel.jar:com/ibm/eNetwork/security/sso/cms/CMPIDCASELF.class */
public class CMPIDCASELF extends CMPIDCAS {
    private static final String SCAFFOLD_CERT_FILE = "CMPI_DCAS_SCAFFOLD_CERT_FILE";
    private static final String className = "com.ibm.eNetwork.security.sso.cms.CMPIDCASELF";
    private String scaffoldCertFile;

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS
    protected int customMemberInit() {
        this.scaffoldCertFile = getProperty(SCAFFOLD_CERT_FILE, false);
        return 0;
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS
    protected int customObjectCreate() {
        return 0;
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS, com.ibm.eNetwork.security.sso.cms.CMInterface
    public CMResponse CMSGetUserCredentials(CMRequest cMRequest) {
        if (this.traceLevel >= 1) {
            Ras.traceEntry(className, "CMSGetUserCredentials", (Object[]) new String[]{new StringBuffer().append("Network ID       = ").append(cMRequest.getID()).toString(), new StringBuffer().append("Application ID   = ").append(cMRequest.getHostApplID()).toString(), new StringBuffer().append("DCAS Server Addr = ").append(cMRequest.getHostDestination()).toString()});
        }
        CMResponse cMResponse = new CMResponse();
        String hostApplID = cMRequest.getHostApplID();
        String hostDestination = cMRequest.getHostDestination();
        if (hostApplID == null || hostApplID.trim().equals("")) {
            if (this.traceLevel >= 1) {
                Ras.logMessage(2, className, "CMSGetUserCredentials", "PARAMETER_ERROR", "Application ID");
            }
            cMResponse.setStatus(4);
            return cMResponse;
        }
        if (!this.keepWhite) {
            hostApplID = hostApplID.trim();
        }
        if (hostDestination == null || hostDestination.trim().equals("")) {
            if (this.traceLevel >= 1) {
                Ras.logMessage(2, className, "CMSGetUserCredentials", "PARAMETER_ERROR", "DCAS Server Addr");
            }
            cMResponse.setStatus(5);
            return cMResponse;
        }
        if (!this.keepWhite) {
            hostDestination = hostDestination.trim();
        }
        byte[] certificateFromFileSystem = (this.scaffoldDCAS == 1 || this.scaffoldDCAS == 3) ? getCertificateFromFileSystem(this.scaffoldCertFile) : getBrowserCertificate(cMRequest.getHttpRequestObject());
        if (certificateFromFileSystem == null) {
            if (this.traceLevel >= 1) {
                Ras.logMessage(2, className, "CMSGetUserCredentials", "NO_CERTIFICATE_PROVIDED");
            }
            cMResponse.setStatus(3);
        } else {
            try {
                cMResponse = this.dcasClient.getPassticket(certificateFromFileSystem, hostApplID, hostDestination, this.timeout);
            } catch (Exception e) {
                DCASClient.logException(e, className, "CMSGetUserCredentials");
                cMResponse.setStatus(8);
            }
        }
        if (this.traceLevel >= 1) {
            Ras.traceExit(className, "CMSGetUserCredentials");
        }
        return cMResponse;
    }

    private byte[] getBrowserCertificate(HttpServletRequest httpServletRequest) {
        byte[] bArr = null;
        X509Certificate[] x509CertificateArr = null;
        if (this.traceLevel > 0) {
            Ras.traceEntry(className, "getBrowserCertificate", httpServletRequest);
        }
        if (httpServletRequest == null) {
            if (this.traceLevel <= 0) {
                return null;
            }
            Ras.trace(className, "getBrowserCertificate", "No browser certificate available because there is no HTTP header information.");
            return null;
        }
        try {
            x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
            if (x509CertificateArr != null) {
                bArr = x509CertificateArr[0].getEncoded();
            }
        } catch (NullPointerException e) {
            Ras.logMessage(2, className, "getBrowserCertificate", "EXCEPTION", new StringBuffer().append("1:").append(e.toString()).toString());
        } catch (CertificateEncodingException e2) {
            Ras.logMessage(2, className, "getBrowserCertificate", "EXCEPTION", new StringBuffer().append("2:").append(e2.toString()).toString());
        } catch (Throwable th) {
            Ras.logMessage(2, className, "getBrowserCertificate", "EXCEPTION", new StringBuffer().append("3:").append(th.toString()).toString());
        }
        if (this.traceLevel > 0) {
            Ras.traceExit(className, "getBrowserCertificate", bArr == null ? RuntimeConstants.CMD_NULL : new StringBuffer().append(x509CertificateArr[0].getType()).append(", ").append(x509CertificateArr[0].getIssuerDN().getName()).append(", ").append(x509CertificateArr[0].getSerialNumber()).toString());
        }
        return bArr;
    }

    private byte[] getCertificateFromFileSystem(String str) {
        byte[] bArr = null;
        if (str != null) {
            File file = new File(str);
            if (file.canRead()) {
                bArr = new byte[(int) file.length()];
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    fileInputStream.read(bArr);
                    fileInputStream.close();
                } catch (FileNotFoundException e) {
                    Ras.logMessage(2, className, "getCertificateFromFileSystem", "The certificate file provided ({0}) does not exist", str);
                } catch (IOException e2) {
                    Ras.logMessage(2, className, "getCertificateFromFileSystem", "The certificate file provided ({0}) is not accessible", str);
                }
            }
        }
        return bArr;
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS, com.ibm.eNetwork.security.sso.cms.CMInterface
    public String getName() {
        return WELCMSMsgs.genMsg("CMPI_DCASELF_ID");
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS, com.ibm.eNetwork.security.sso.cms.CMInterface
    public String getDescription() {
        return WELCMSMsgs.genMsg("CMPI_DCASELF_DESC");
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS, com.ibm.eNetwork.security.sso.cms.CMInterface
    public String[] getParameters() {
        return new String[]{"CMPI_DCAS_TRACE_LEVEL", "CMPI_DCAS_HOST_PORT", "CMPI_DCAS_HOST_ADDRESS", "CMPI_DCAS_REQUEST_TIMEOUT", "CMPI_DCAS_USE_DEFAULT_TRUSTSTORE", "CMPI_DCAS_TRUSTSTORE", "CMPI_DCAS_TRUSTSTORE_TYPE", "CMPI_DCAS_TRUSTSTORE_PASSWORD", "CMPI_DCAS_NO_FIPS", "CMPI_DCAS_USE_WELLKNOWN_KEYS", "CMPI_DCAS_WELLKNOWN_PASSWORD", "CMPI_DCAS_VERIFY_SERVER_NAME", "CMPI_DCAS_USE_SSL", "CMPI_DCAS_SCAFFOLD", SCAFFOLD_CERT_FILE};
    }

    @Override // com.ibm.eNetwork.security.sso.cms.CMPIDCAS, com.ibm.eNetwork.security.sso.cms.CMInterface
    public Properties getParameterInfo(String str) {
        Properties properties = new Properties();
        if ("CMPI_DCAS_TRACE_LEVEL".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
            properties.put(CMInterface.cmiDefaultValue, Integer.toString(0));
        } else if ("CMPI_DCAS_HOST_PORT".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_HOST_ADDRESS".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_REQUEST_TIMEOUT".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_KEYRING_FILE".equals(str)) {
            properties.put(CMInterface.cmiRequired, "true");
        } else if ("CMPI_DCAS_KEYRING_PASSWORD".equals(str)) {
            properties.put(CMInterface.cmiRequired, "true");
            properties.put(CMInterface.cmiEncrypted, "true");
        } else if ("CMPI_DCAS_USE_WELLKNOWN_KEYS".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_WELLKNOWN_PASSWORD".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
            properties.put(CMInterface.cmiEncrypted, "true");
        } else if ("CMPI_DCAS_VERIFY_SERVER_NAME".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_USE_SSL".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_SCAFFOLD".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if (SCAFFOLD_CERT_FILE.equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
        } else if ("CMPI_DCAS_USE_DEFAULT_TRUSTSTORE".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
            properties.put(CMInterface.cmiDefaultValue, "false");
        } else if ("CMPI_DCAS_TRUSTSTORE".equals(str)) {
            properties.put(CMInterface.cmiRequired, "true");
        } else if ("CMPI_DCAS_TRUSTSTORE_TYPE".equals(str)) {
            properties.put(CMInterface.cmiRequired, "true");
        } else if ("CMPI_DCAS_TRUSTSTORE_PASSWORD".equals(str)) {
            properties.put(CMInterface.cmiRequired, "true");
        } else if ("CMPI_DCAS_NO_FIPS".equals(str)) {
            properties.put(CMInterface.cmiRequired, "false");
            properties.put(CMInterface.cmiDefaultValue, "false");
        }
        return properties;
    }
}
