package com.ibm.ws.security.core;

import com.ibm.ISecurityLocalObjectBaseL13Impl.DomainInfo;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.MBeanFactory;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.management.application.AppDeploymentUtil;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataAccessorFactory;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataHelper;
import com.ibm.websphere.management.repository.ConfigChangeNotifier;
import com.ibm.websphere.management.repository.ConfigRepositoryEvent;
import com.ibm.websphere.models.config.security.SecurityPackage;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.asynchbeans.AsynchBeansService;
import com.ibm.ws.asynchbeans.AsynchBeansServiceCollaborator;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.crypto.config.KeySetGroupManager;
import com.ibm.ws.exception.ConfigurationError;
import com.ibm.ws.exception.ConfigurationWarning;
import com.ibm.ws.exception.RuntimeError;
import com.ibm.ws.exception.RuntimeWarning;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.AdminServiceImpl;
import com.ibm.ws.management.collaborator.DefaultRuntimeCollaborator;
import com.ibm.ws.management.commands.properties.PropertiesBasedConfigConstants;
import com.ibm.ws.management.service.Admin;
import com.ibm.ws.management.service.ConfigChangeListener;
import com.ibm.ws.runtime.component.ComponentImpl;
import com.ibm.ws.runtime.service.ConfigRoot;
import com.ibm.ws.runtime.service.EJBContainer;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.runtime.service.ORB;
import com.ibm.ws.runtime.service.Repository;
import com.ibm.ws.runtime.service.Server;
import com.ibm.ws.runtime.service.VariableMap;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.audit.utils.AuditHelper;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.Cache;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.AuditConfig;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.AuthorizationConfig;
import com.ibm.ws.security.config.AuthorizationProviderConfig;
import com.ibm.ws.security.config.SSLConfigCompare;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityConfigObjectList;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.context.ContextImpl;
import com.ibm.ws.security.internals.ContextManagerInternals;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.policy.DynamicPolicy;
import com.ibm.ws.security.policy.DynamicPolicyFactory;
import com.ibm.ws.security.policy.JaccPolicyDomainProxy;
import com.ibm.ws.security.policy.NullDynamicPolicy;
import com.ibm.ws.security.policy.WSDynamicPolicy;
import com.ibm.ws.security.role.RoleBasedAppException;
import com.ibm.ws.security.role.RoleBasedConfigurator;
import com.ibm.ws.security.role.RoleBasedConfiguratorFactory;
import com.ibm.ws.security.role.RoleBasedConfiguratorImpl;
import com.ibm.ws.security.server.SecurityServer;
import com.ibm.ws.security.server.SecurityServerFactory;
import com.ibm.ws.security.service.SecurityService;
import com.ibm.ws.security.service.SecurityServiceEvent;
import com.ibm.ws.security.service.SecurityServiceListener;
import com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl;
import com.ibm.ws.security.util.ConfigUtils;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.DomainContextHelper;
import com.ibm.ws.security.util.JaccUtil;
import com.ibm.ws.security.util.MultiDomainHelper;
import com.ibm.ws.security.util.ORBUtils;
import com.ibm.ws.security.web.TrustAssociationManager;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws.workspace.query.WorkSpaceQueryUtil;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.runtime.config.ConfigObject;
import com.ibm.wsspi.runtime.config.ConfigScope;
import com.ibm.wsspi.runtime.config.ConfigService;
import com.ibm.wsspi.runtime.service.WsServiceRegistry;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.auth.callback.WSMappingCallbackHandlerFactory;
import com.ibm.wsspi.security.authorization.InitializeJACCProvider;
import java.io.File;
import java.net.URL;
import java.security.CodeSource;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Properties;
import java.util.TreeSet;
import javax.management.ObjectName;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/security/core/distSecurityComponentImpl.class */
public class distSecurityComponentImpl extends ComponentImpl implements SecurityService, ConfigChangeListener {
    private static final String LOGIN_CONFIG_CLASS = "com.ibm.ws.security.auth.login.Configuration";
    SecurityComponentImpl Proxy;
    private static final String START_EVENT = "start";
    private static final String STOP_EVENT = "stop";
    private static final TraceComponent tc = Tr.register((Class<?>) distSecurityComponentImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static RoleBasedConfigurator configurator = null;
    private static AuditService _auditService = null;
    private static boolean orbServiceAvailable = true;
    private static Object _lockObj = new Object();
    private Repository repository = null;
    private EndPointMgr endPointMgr = null;
    private boolean globalSecurityEnabled = true;
    private boolean serverSecurityEnabled = true;
    private boolean securityServiceStarted = false;
    private String processType = null;
    private SecurityServer secServer = null;
    private ArrayList listeners = new ArrayList(32);
    private InitializeJACCProvider initializeJACCProvider = null;
    private boolean expandedVariables = false;
    private boolean auditEnabled = false;
    private ObjectName objName = null;
    private SecurityConfig _security = null;
    private SecurityConfig _appSecurity = null;
    private String nameOfNode = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public distSecurityComponentImpl(SecurityComponentImpl securityComponentImpl) {
        this.Proxy = null;
        this.Proxy = securityComponentImpl;
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void initialize(Object obj) throws ConfigurationWarning, ConfigurationError {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE, obj);
        }
        try {
            initializeWCCMConfig();
            DomainInfo.setAdminRealm(this._security.getActiveUserRegistry().getString("realm"));
            if (DomainInfo.getAdminRealm() == null || DomainInfo.getAdminRealm().isEmpty()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Realm name was not defined in the security configuration.");
                }
                DomainInfo.setAdminRealm(getRealmFromUserRegistry());
            }
            setAppSecurityInfo();
            initializeAuditWCCMConfig();
            initializeJava2Sec();
            initializeJAAS();
            initializeSecurityConfig();
            try {
                if (this.auditEnabled) {
                    initializeAudit();
                }
            } catch (Exception e) {
            }
            initializeSSOTAI();
            Tr.info(tc, "security.init.startcomplete");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.distSecurityComponentImpl.initialize", "402", this);
            Tr.audit(tc, "security.init.svcstartfail");
            AuditHelper.auditServerRuntimeStatus(AuditConstants.START_SEC_SERVER, "start", "FAILURE", _auditService);
            if (e2 instanceof ConfigurationError) {
                throw ((ConfigurationError) e2);
            }
            if (!(e2 instanceof ConfigurationWarning)) {
                throw new ConfigurationError(e2);
            }
            throw ((ConfigurationWarning) e2);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void destroy() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "destroy");
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void start() throws RuntimeError, RuntimeWarning {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "start");
        }
        try {
            if (this.globalSecurityEnabled) {
                TrustAssociationManager.getInstance();
                String serverType = AdminServiceFactory.getAdminService().getServerType();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Server type: " + serverType);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "orbServiceAvailable: " + orbServiceAvailable);
                }
                if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                    ManagedObjectMetadataHelper managedObjectMetadataHelper = new ManagedObjectMetadataHelper(ManagedObjectMetadataAccessorFactory.createAccessor(new Properties()));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "nameOfNode: " + this.nameOfNode);
                    }
                    if (!managedObjectMetadataHelper.getAccessor().getMetadataProperties(this.nameOfNode).getProperty(ManagedObjectMetadataHelper.BASE_WAS_PRODUCT_SHORT_NAME).equalsIgnoreCase("nddmz") && !serverType.equals("PROXY_SERVER") && !serverType.equals("ONDEMAND_ROUTER") && orbServiceAvailable) {
                        bindRegistries();
                    }
                } else if (!serverType.equals("PROXY_SERVER") && !serverType.equals("ONDEMAND_ROUTER") && orbServiceAvailable) {
                    bindRegistries();
                }
                registerListenerWithAdminService();
            }
            if (this.processType.equals("NodeAgent")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Security server is being started");
                }
                initialize();
                fireStartedEvent();
                this.securityServiceStarted = true;
                Tr.info(tc, "securityServiceStarted is true");
                Tr.info(tc, "security.init.svcstartcomplete");
                AuditHelper.auditServerRuntimeStatus(AuditConstants.START_SEC_SERVER, "start", "SUCCESS", _auditService);
                Tr.info(tc, "security.init.secstatus", new Object[]{new Boolean(this.globalSecurityEnabled)});
            }
            try {
                EJBContainer eJBContainer = (EJBContainer) this.Proxy.GetService(EJBContainer.class);
                if (eJBContainer != null) {
                    ((AppContextManagerImpl) AppContextManagerFactory.getInstance()).initialize(eJBContainer);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attempt to get EJBContainer failed");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.start", "504", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attempt to initialize AppContextManager failed", e);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "start");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityComponentImpl.start", "510", this);
            Tr.error(tc, "security.init.error", new Object[]{e2});
            Tr.audit(tc, "security.init.svcstartfail");
            AuditHelper.auditServerRuntimeStatus(AuditConstants.START_SEC_SERVER, "start", "FAILURE", _auditService);
            throw new RuntimeError(e2);
        }
    }

    private void bindRegistries() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "bindRegistries");
        }
        bindRegistry(SecurityObjectLocator.getSecurityConfig("security"));
        if (!PlatformHelperFactory.getPlatformHelper().isZOS()) {
            UserRegistryConfig activeUserRegistry = this._security.getActiveUserRegistry();
            if (activeUserRegistry.getType().equals("WIMUserRegistry")) {
                String string = this._security.getActiveUserRegistry().getString("realm");
                String realm = ((UserRegistry) activeUserRegistry.getUserRegistryImpl()).getRealm();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realm name in security.xml: " + string + " realm name in wimconfig.xml: " + realm);
                }
                if (!string.equals(realm)) {
                    Tr.warning(tc, "security.realms.mismatch", new Object[]{string, realm});
                }
            }
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig(PropertiesBasedConfigConstants.APPSECURITY_RESOURCE_TYPE);
        if (securityConfig != null) {
            bindRegistry(securityConfig);
            logSecurityDomainStatus(securityConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "bindRegistries");
        }
    }

    private void bindRegistry(SecurityConfig securityConfig) throws Exception {
        Object lookup;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "bindRegistry " + securityConfig);
        }
        UserRegistryConfig activeUserRegistry = securityConfig.getActiveUserRegistry();
        if (activeUserRegistry == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "bindRegistry has no active user registry: returning as we assume this is an application domain");
                return;
            }
            return;
        }
        UserRegistry userRegistry = (UserRegistry) activeUserRegistry.getUserRegistryImpl();
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (contextManagerFactory.getPlatformHelper().isZOS() && contextManagerFactory.getPlatformHelper().isServantJvm()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "bindRegistry in SR, Using Local version of userRegistryImpl");
                return;
            }
            return;
        }
        String property = securityConfig.getProperty("WAS_UseRemoteRegistry");
        if (property == null || !(property.equalsIgnoreCase("node") || property.equalsIgnoreCase("cell"))) {
            try {
                InitialContext initialContext = new InitialContext();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "bindRegistry Once I have the IntCtx, issue a rebind on it ");
                }
                try {
                    if (activeUserRegistry.getSCO().isDomainConfig()) {
                        Tr.debug(tc, "bindRegistry binding domain registry as UserRegistry");
                        initialContext.rebind(Constants.USER_REGISTRY, userRegistry);
                    } else {
                        Tr.debug(tc, "bindRegistry binding admin registry as AdminUserRegistry");
                        initialContext.rebind("AdminUserRegistry", userRegistry);
                        Tr.debug(tc, "bindRegistry binding admin registry also as UserRegistry");
                        initialContext.rebind(Constants.USER_REGISTRY, userRegistry);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "bindRegistry finished binding user registry");
                    }
                    try {
                        Object lookup2 = activeUserRegistry.getSCO().isDomainConfig() ? initialContext.lookup(Constants.USER_REGISTRY) : initialContext.lookup("AdminUserRegistry");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "bindRegistry narrowing UserRegistry object to get stub", lookup2);
                        }
                        activeUserRegistry.setUserRegistryStub((UserRegistry) PortableRemoteObject.narrow(lookup2, UserRegistry.class));
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "694", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "bindRegistry Failed to find user registry in name space");
                        }
                        Tr.error(tc, "security.secsrv.find.registry", new Object[]{e});
                        throw e;
                    }
                } catch (NamingException e2) {
                    FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "675", (Object) this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "bindRegistry Error binding User Registry");
                    }
                    Tr.error(tc, "security.secsrv.bind.registry", new Object[]{e2});
                    throw e2;
                }
            } catch (NamingException e3) {
                FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "654", (Object) this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "bindRegistry Failed to get initial Naming Context");
                }
                Tr.error(tc, "security.secsrv.get.initCtx", new Object[]{e3});
                throw e3;
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "bindRegistry using remote user registry");
            }
            try {
                InitialContext initialContext2 = new InitialContext();
                try {
                    if (property.equalsIgnoreCase("node")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "bindRegistry looking up node's registry");
                        }
                        lookup = initialContext2.lookup("thisNode/nodeAgent/AdminUserRegistry");
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "bindRegistry looking up cell's registry");
                        }
                        lookup = initialContext2.lookup("cell/deploymentManager/AdminUserRegistry");
                    }
                    try {
                        initialContext2.rebind("AdminUserRegistry", (UserRegistry) PortableRemoteObject.narrow(lookup, UserRegistry.class));
                        try {
                            activeUserRegistry.setUserRegistryStub((UserRegistry) PortableRemoteObject.narrow(initialContext2.lookup("AdminUserRegistry"), UserRegistry.class));
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "bindRegistry looked up local UserRegistry");
                            }
                        } catch (Exception e4) {
                            FFDCFilter.processException(e4, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "642", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "createRegistryObjects Failed to find user registry in name space");
                            }
                            Tr.error(tc, "security.secsrv.find.registry", new Object[]{e4});
                            throw e4;
                        }
                    } catch (NamingException e5) {
                        FFDCFilter.processException((Throwable) e5, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "627", (Object) this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "bindRegistry Error binding User Registry");
                        }
                        Tr.error(tc, "security.secsrv.bind.registry", new Object[]{e5});
                        throw e5;
                    }
                } catch (Exception e6) {
                    FFDCFilter.processException(e6, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "617", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "createRegistryObjects Failed to find user registry in name space");
                    }
                    Tr.error(tc, "security.secsrv.find.registry", new Object[]{e6});
                    throw e6;
                }
            } catch (NamingException e7) {
                FFDCFilter.processException((Throwable) e7, "com.ibm.ws.security.core.distSecurityComponentImpl.bindRegistries", "599", (Object) this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "bindRegistry Failed to get initial Naming Context");
                }
                Tr.error(tc, "security.secsrv.get.initCtx", new Object[]{e7});
                throw e7;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "bindRegistry");
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public void startSecurity() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "startSecurity");
        }
        initialize();
        fireStartedEvent();
        this.securityServiceStarted = true;
        Tr.info(tc, "securityServiceStarted is true");
        Tr.info(tc, "security.init.svcstartcomplete");
        Tr.info(tc, "security.init.secstatus", new Object[]{new Boolean(this.globalSecurityEnabled)});
        AuditHelper.auditServerRuntimeStatus(AuditConstants.START_SEC_SERVER, "start", "SUCCESS", _auditService);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "startSecurity");
        }
    }

    public void initialize() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        try {
            SecurityContext.setIsServerProcess();
            ConfigRoot configRoot = this.repository.getConfigRoot();
            if (this.globalSecurityEnabled) {
                try {
                    this.secServer = SecurityServerFactory.create();
                    initializeCache();
                    boolean pushAdminContext = SecurityObjectLocator.pushAdminContext();
                    try {
                        try {
                            SecurityContext.enable(_auditService);
                            if (pushAdminContext) {
                                SecurityObjectLocator.popContext();
                            }
                            if (DomainInfo.isMultiDomainDefined()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "initializing context manager for the domain");
                                }
                                boolean pushAppContext = SecurityObjectLocator.pushAppContext("");
                                try {
                                    try {
                                        SecurityContext.enable(_auditService);
                                        if (pushAppContext) {
                                            SecurityObjectLocator.popContext();
                                        }
                                    } catch (Exception e) {
                                        FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.initialize", "768", this);
                                        throw e;
                                    }
                                } catch (Throwable th) {
                                    if (pushAppContext) {
                                        SecurityObjectLocator.popContext();
                                    }
                                    throw th;
                                }
                            }
                            ContextManagerFactory.setIsReadyToInitialize(true);
                            initializeServerSubject();
                            if (SecurityObjectLocator.getAdminData().getString(AdminData.UNEXPANDED_SERVER_ID) != null) {
                                getCellHostNames();
                            }
                        } catch (Throwable th2) {
                            if (pushAdminContext) {
                                SecurityObjectLocator.popContext();
                            }
                            throw th2;
                        }
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityComponentImpl.initialize", "753", this);
                        throw e2;
                    }
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityComponentImpl.initialize", "800", this);
                    Tr.error(tc, "security.init.secidautherror", new Object[]{e3});
                    throw e3;
                }
            }
            if (this.globalSecurityEnabled) {
                configureRoleBasedAuthz(configRoot, Constants.ADMIN_APP);
                configureRoleBasedAuthz(configRoot, "naming-authz");
                configureRoleBasedAuthz(configRoot, Constants.AUDIT_APP);
                SecurityCollaborator.initialize();
            }
            initializeSecurityMBeans();
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.core.SecurityComponentImpl.initialize", "824", this);
            if (this.globalSecurityEnabled) {
                Tr.error(tc, "security.init.error", new Object[]{e4});
                throw e4;
            }
            Tr.warning(tc, "security.init.error", new Object[]{e4});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    private void registerListenerWithAdminService() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerListenerWithAdminService");
        }
        Admin admin = null;
        try {
            try {
                admin = (Admin) this.Proxy.GetService(Admin.class);
                if (admin != null) {
                    admin.addConfigChangeListener(this);
                }
                if (admin != null) {
                    this.Proxy.ReleaseService(admin);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.ServerSecurityComponentImpl.registerListenerWithAdminService", "853", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attempt to register ConfigChangeListener failed", e);
                }
                if (admin != null) {
                    this.Proxy.ReleaseService(admin);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "registerListenerWithAdminService");
            }
        } catch (Throwable th) {
            if (admin != null) {
                this.Proxy.ReleaseService(admin);
            }
            throw th;
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void stop() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stop");
        }
        if (this.initializeJACCProvider != null) {
            this.initializeJACCProvider.cleanup();
        }
        AuditHelper.auditServerRuntimeStatus(AuditConstants.STOP_SEC_SERVER, "stop", "SUCCESS", _auditService);
        if (this.auditEnabled) {
            stopAudit();
        }
        fireStoppedEvent();
        this.securityServiceStarted = false;
        Tr.info(tc, "securityServiceStarted is false");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stop");
        }
    }

    private void stopAudit() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stopAudit");
        }
        _auditService.stopAuditService();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stopAudit");
        }
    }

    private void initializeAuditWCCMConfig() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeAuditWCCMConfig");
        }
        AuditConfig auditConfig = SecurityObjectLocator.getAuditConfig();
        if (auditConfig == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeAuditWCCMConfig");
                return;
            }
            return;
        }
        this.auditEnabled = auditConfig.getBoolean(AuditConfig.ENABLED);
        if (this.auditEnabled) {
            Tr.info(tc, "security.audit.service.enabled.audit");
        } else {
            Tr.info(tc, "security.audit.service.disabled.audit");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeAuditWCCMConfig");
        }
    }

    private void initializeWCCMConfig() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeWCCMConfig");
        }
        this._security = SecurityObjectLocator.getSecurityConfig("security");
        this.globalSecurityEnabled = this._security.getBoolean("enabled");
        this.serverSecurityEnabled = this._security.getBoolean(SecurityConfig.APP_SECURITY_ENABLED);
        try {
            try {
                this.Proxy.AddService(SecurityService.class);
                this.repository = (Repository) this.Proxy.GetService(Repository.class);
                new SecurityDM().registerWithFFDCService();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "isEnabled = " + this.globalSecurityEnabled + "isAppEnabled = " + this.serverSecurityEnabled);
                }
                this.processType = AdminServiceFactory.getAdminService().getProcessType();
                if (this.processType == null || this.processType.length() == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot determine process type");
                    }
                    Tr.error(tc, "security.init.nullprocesstype");
                    throw new SecurityConfigException("Cannot determine the process type.");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Process type: " + this.processType);
                }
                SecurityObjectLocator.getAdminData().setString(AdminData.PROCESS_TYPE, this.processType);
                WSAccessManager.adminapps = AppDeploymentUtil.listSystemApps(this.repository);
                MultiDomainHelper.setSystemApps(WSAccessManager.adminapps);
                if (this.processType.equals("NodeAgent")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Non-managed process: Start merging the node agent's and cell's configuration");
                    }
                    if (SecurityObjectLocator.getSecurityConfigManager().merge("server", this.processType) == null) {
                        Tr.error(tc, "security.init.nullsecobject");
                        throw new SecurityConfigException("Cannot get the Security object after security merge. security.xml might be corrupt or missing");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Non-managed process: End of merging the node agent's and cell's configuration");
                    }
                    String property = this._security.getProperty("WAS_UseRemoteRegistry");
                    String property2 = this._security.getActiveUserRegistry().getProperties().getProperty("com.ibm.websphere.registry.UseDataSource");
                    if ("cell".equalsIgnoreCase(property) || "true".equalsIgnoreCase(property2)) {
                        this._security.setString("WAS_UseRemoteRegistry", "cell");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting remote registry to: cell");
                        }
                    }
                } else if (this.processType.equals(com.ibm.websphere.management.AdminConstants.DEPLOYMENT_MANAGER_PROCESS)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Non-managed process: Start merging the deployment manager's and cell's configuration");
                    }
                    if (SecurityObjectLocator.getSecurityConfigManager().merge("server", this.processType) == null) {
                        Tr.error(tc, "security.init.nullsecobject");
                        throw new SecurityConfigException("Cannot get the Security object after security merge. security.xml might be corrupt or missing");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Non-managed process: End of merging the deployment manager's and cell's configuration");
                    }
                } else if (this.processType.equals(com.ibm.websphere.management.AdminConstants.MANAGED_PROCESS)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Managed process: Start merging the server's and cell's configuration");
                    }
                    if (SecurityObjectLocator.getSecurityConfigManager().merge("server", this.processType) == null) {
                        Tr.error(tc, "security.init.nullsecobject");
                        throw new SecurityConfigException("Cannot get the Security object after security merge. security.xml might be corrupt or missing");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Managed process: End of merging the server's and cell's configuration");
                    }
                    String property3 = this._security.getProperty("WAS_UseRemoteRegistry");
                    if (property3 != null && (property3.equalsIgnoreCase("node") || property3.equalsIgnoreCase("cell"))) {
                        this._security.setString("WAS_UseRemoteRegistry", property3);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting remote registry to: " + property3);
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "initializeWCCMConfig");
                }
            } catch (Exception e) {
                Tr.error(tc, "security.init.error", new Object[]{e});
                throw new ConfigurationError("Error merging security config for cell and server", e);
            }
        } finally {
            if (this.repository != null) {
                this.Proxy.ReleaseService(this.repository);
            }
        }
    }

    private void initializeAudit() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeAudit");
        }
        if (this.globalSecurityEnabled) {
            try {
                AuditServiceImpl.initAuditService();
                _auditService = AuditServiceImpl.getAuditService();
                if (_auditService == null) {
                    Tr.error(tc, "security.audit.service.init.error");
                    throw new Exception("Auditing is enabled, but the AuditService is not initialized.");
                }
            } catch (Exception e) {
                Tr.error(tc, "security.init.error", new Object[]{e});
                throw new ConfigurationError("Failed to initialize AuditService", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeAudit");
        }
    }

    private void initializeSSOTAI() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSSOTAI");
        }
        if (this.globalSecurityEnabled) {
            String property = SecurityObjectLocator.getSecurityConfig().getProperty("security.mappingCallbackHandlerFactoryClass");
            if (property != null) {
                WSMappingCallbackHandlerFactory.getInstance(property);
            }
            TrustAssociationManager.getInstance();
            AuthMechanismConfig activeAuthMechanism = this._security.getActiveAuthMechanism();
            String type = activeAuthMechanism.getType();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "active authMech.getType=" + type);
            }
            if (type.equalsIgnoreCase("LTPA") && !activeAuthMechanism.getSingleSignon().getBoolean("enabled")) {
                Tr.warning(tc, "security.init.ltpawithoutsso");
            }
            if (this._security.getPropertyBool("security.enablePluggableAuthentication")) {
                try {
                    String property2 = this._security.getProperty("security.callbackHandlerFactoryClass");
                } catch (Exception e) {
                    Tr.error(tc, "security.init.error", new Object[]{e});
                    throw new ConfigurationError("Failed to initialize WSCallbackHandlerFactory", e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeSSOTAI");
        }
    }

    private void initialize_CSIv2(EndPointMgr endPointMgr) {
        if (endPointMgr == null) {
            Tr.debug(tc, "distSecurityComponentImpl initialize_CSIvl: endPointMgr is null");
        } else {
            Tr.debug(tc, "distSecurityComponentImpl initialize_CSIv2: endPointMgr is not null");
        }
        SecurityObjectLocator.getCSIv2Config(endPointMgr);
        if (this._appSecurity == null || this._appSecurity.getCSIv2Config(false) == null) {
            return;
        }
        boolean pushAppContext = SecurityObjectLocator.pushAppContext("");
        try {
            SecurityObjectLocator.getCSIv2Config(endPointMgr);
            if (pushAppContext) {
                SecurityObjectLocator.popContext();
            }
        } catch (Throwable th) {
            if (pushAppContext) {
                SecurityObjectLocator.popContext();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initializeSecurityConfig() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dist initializeSecurityConfig");
        }
        Properties properties = new Properties();
        ORB orb = (ORB) this.Proxy.GetService(ORB.class);
        if (orb == null) {
            orbServiceAvailable = false;
        } else if (orb != null) {
            try {
                properties = orb.getOrbProps();
            } finally {
                if (orb != null) {
                    this.Proxy.ReleaseService(orb);
                }
            }
        }
        insertVariables(properties);
        Server server = (Server) this.Proxy.GetService(Server.class);
        try {
            AdminData adminData = SecurityObjectLocator.getAdminData();
            this.nameOfNode = server.getNodeName();
            String str = server.getCellName() + ":" + server.getNodeName() + ":" + server.getName();
            adminData.setString("process.serverName", str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Set SERVER_NAME to = " + str);
            }
            if (!this._security.getActiveUserRegistry().getBoolean("useRegistryServerId")) {
                StringBuffer stringBuffer = new StringBuffer("server");
                stringBuffer.append(":").append(server.getCellName()).append("_").append(server.getNodeName()).append("_").append(server.getName());
                String stringBuffer2 = stringBuffer.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting internalServerID to = " + stringBuffer2);
                }
                adminData.setString("com.ibm.ws.security.internalServerId", stringBuffer2);
            }
            adminData.setString(AdminData.SHORT_SERVER_NAME, server.getName());
            adminData.setString(AdminData.SERVER_SHORT_NAME, server.getShortName());
            adminData.setString(AdminData.NODE_NAME, server.getNodeName());
            adminData.setString(AdminData.NODE_SHORT_NAME, server.getShortNodeName());
            adminData.setString(AdminData.CELL_NAME, server.getCellName());
            adminData.setString(AdminData.CELL_SHORT_NAME, server.getShortCellName());
            if (server != null) {
                this.Proxy.ReleaseService(server);
            }
            if (this.globalSecurityEnabled && properties != null) {
                String property = this._security.getProperty("com.ibm.CORBA.keyFileName");
                if (property != null) {
                    properties.put("com.ibm.CORBA.keyFileName", property);
                }
                String property2 = this._security.getProperty("com.ibm.ssl.keyStoreClientAlias");
                if (property2 != null) {
                    properties.put("com.ibm.ssl.keyStoreClientAlias", property2);
                }
                String property3 = this._security.getProperty("com.ibm.ssl.keyStoreServerAlias");
                if (property3 != null) {
                    properties.put("com.ibm.ssl.keyStoreServerAlias", property3);
                }
                String property4 = this._security.getProperty("com.ibm.ssl.sas.outbound.keyStoreClientAlias");
                if (property4 != null) {
                    properties.put("com.ibm.ssl.sas.outbound.keyStoreClientAlias", property4);
                }
                String property5 = this._security.getProperty("com.ibm.ssl.sas.outbound.keyStoreServerAlias");
                if (property5 != null) {
                    properties.put("com.ibm.ssl.sas.outbound.keyStoreServerAlias", property5);
                }
                String property6 = this._security.getProperty("com.ibm.ssl.sas.inbound.keyStoreClientAlias");
                if (property6 != null) {
                    properties.put("com.ibm.ssl.sas.inbound.keyStoreClientAlias", property6);
                }
                String property7 = this._security.getProperty("com.ibm.ssl.sas.inbound.keyStoreServerAlias");
                if (property7 != null) {
                    properties.put("com.ibm.ssl.sas.inbound.keyStoreServerAlias", property7);
                }
                String property8 = this._security.getProperty("com.ibm.ssl.csi.outbound.keyStoreClientAlias");
                if (property8 != null) {
                    properties.put("com.ibm.ssl.csi.outbound.keyStoreClientAlias", property8);
                }
                String property9 = this._security.getProperty("com.ibm.ssl.csi.outbound.keyStoreServerAlias");
                if (property9 != null) {
                    properties.put("com.ibm.ssl.csi.outbound.keyStoreServerAlias", property9);
                }
                String property10 = this._security.getProperty("com.ibm.ssl.csi.inbound.keyStoreClientAlias");
                if (property10 != null) {
                    properties.put("com.ibm.ssl.csi.inbound.keyStoreClientAlias", property10);
                }
                String property11 = this._security.getProperty("com.ibm.ssl.csi.inbound.keyStoreServerAlias");
                if (property11 != null) {
                    properties.put("com.ibm.ssl.csi.inbound.keyStoreServerAlias", property11);
                }
                String property12 = this._security.getProperty("com.ibm.ssl.tokenSlot");
                if (property12 != null) {
                    properties.put("com.ibm.ssl.tokenSlot", property12);
                }
                String property13 = this._security.getProperty("com.ibm.security.useFIPS");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "use_fips_flag = " + property13);
                }
                if (property13 != null) {
                    properties.put("com.ibm.security.useFIPS", property13);
                } else {
                    properties.put("com.ibm.security.useFIPS", "false");
                }
                String property14 = this._security.getProperty("security.enablePluggableAuthentication");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "enable_pluggable_auth_falg = " + property14);
                }
                if (property14 != null) {
                    properties.put("security.enablePluggableAuthentication", property14);
                } else {
                    properties.put("security.enablePluggableAuthentication", "false");
                }
                String property15 = this._security.getProperty("com.ibm.websphere.security.suppressExceptionStack");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "suppress_exception_stack = " + property15);
                }
                if (property15 != null) {
                    properties.put("com.ibm.websphere.security.suppressExceptionStack", property15);
                } else {
                    properties.put("com.ibm.websphere.security.suppressExceptionStack", "false");
                }
            }
            this.endPointMgr = (EndPointMgr) this.Proxy.GetService(EndPointMgr.class);
            if (this.endPointMgr == null) {
                Tr.debug(tc, "distSecurityComponentImpl: endPointMgr is null");
            } else {
                Tr.debug(tc, "distSecurityComponentImpl: endPointMgr is not null");
            }
            try {
                initialize_CSIv2(this.endPointMgr);
                SecurityObjectLocator.getAdminData().setBoolean(AdminData.IS_SERVER_PROCESS, Boolean.TRUE);
                ORBUtils.populateORBProperties(this._security, properties, this.endPointMgr, null);
                if (this.endPointMgr != null) {
                    this.Proxy.ReleaseService(this.endPointMgr);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "dist initializeSecurityConfig");
                }
            } catch (Throwable th) {
                if (this.endPointMgr != null) {
                    this.Proxy.ReleaseService(this.endPointMgr);
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (server != null) {
                this.Proxy.ReleaseService(server);
            }
            throw th2;
        }
    }

    private void initializeJAAS() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeJAAS");
        }
        try {
            Configuration.setConfiguration(new com.ibm.ws.security.auth.login.Configuration());
            Configuration configuration = com.ibm.ws.security.auth.login.Configuration.getConfiguration();
            String name = configuration.getClass().getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The Login Configuration class is: " + name);
            }
            if (!(configuration instanceof com.ibm.ws.security.auth.login.Configuration)) {
                if (this.globalSecurityEnabled) {
                    Tr.error(tc, "security.init.wccmjaas.wrongclasserror", new Object[]{name, LOGIN_CONFIG_CLASS});
                    throw new RuntimeException("JAAS Login provider class com.ibm.ws.security.auth.login.Configuration is not configured as login provider class");
                }
                Tr.warning(tc, "security.init.wccmjaas.wrongclasswarning", new Object[]{name, LOGIN_CONFIG_CLASS});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeJAAS");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.initialize", "1331", this);
            Tr.error(tc, "security.init.wccmjaas.setcfgerror", new Object[]{LOGIN_CONFIG_CLASS, e});
            throw new ConfigurationError("Unable to set com.ibm.ws.security.auth.login.Configuration as the JAAS Login Configuration class.", e);
        }
    }

    private void initializeJaccProxy(DynamicPolicy dynamicPolicy) throws Exception {
        AuthorizationConfig authorizationConfig;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeJaccProxy");
        }
        DynamicPolicyFactory.setInstance(dynamicPolicy);
        if (!SecurityObjectLocator.getSecurityConfigManager().isMultiDomainDefined() || !this.processType.equals(com.ibm.websphere.management.AdminConstants.DEPLOYMENT_MANAGER_PROCESS) || !DomainContextHelper.isDmgrAndMultiDomainAndMultiJacc()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "JAAC Provider initialization is handling a single configuration.");
            }
            String property = System.getProperty(CommonConstants.JACC_POLICY_PROVIDER);
            boolean z = false;
            AuthorizationProviderConfig authorizationProviderConfig = null;
            if (this._appSecurity != null) {
                authorizationConfig = this._appSecurity.getAuthorizationConfig();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JAAC Provider attribute is based on the application security domain setting");
                }
            } else {
                authorizationConfig = this._security.getAuthorizationConfig();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JAAC Provider attribute is based on the global security domain setting");
                }
            }
            if (authorizationConfig != null) {
                z = authorizationConfig.getBoolean(AuthorizationConfig.USE_JACC_PROVIDER);
                authorizationProviderConfig = authorizationConfig.getAuthorizationProvider();
            }
            if (property == null && !z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using default authorization");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "initializeJaccProxy");
                    return;
                }
                return;
            }
            expandVariables();
            if (property == null && authorizationProviderConfig != null) {
                property = authorizationProviderConfig.getString(AuthorizationProviderConfig.J2EE_POLICY_IMPL_CLASS_NAME);
                if (property != null) {
                    System.setProperty(CommonConstants.JACC_POLICY_PROVIDER, property);
                }
            }
            if (property == null) {
                throw new ConfigurationError("The JACC provider's policy class name is null");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The JACC provider's policy implementation class name is: " + property);
            }
            if (authorizationProviderConfig.getBoolean(AuthorizationProviderConfig.SUPPORTS_DYNAMIC_MODULE_UPDATES)) {
                JaccUtil.setAppDynamicUpdates();
            }
            if (property.equals(CommonConstants.DEFAULT_JACC_POLICY_PROVIDER) || property.equals("com.sun.ts.tests.jacc.provider.TSPolicy")) {
                this._security.setBoolean(SecurityConfig.IS_DEFAULT_JACC_PROVIDER, true);
                if (this._appSecurity != null) {
                    this._appSecurity.setBoolean(SecurityConfig.IS_DEFAULT_JACC_PROVIDER, true);
                }
            }
            String string = authorizationProviderConfig.getString(AuthorizationProviderConfig.INITIALIZE_JACC_PROVIDER_CLASS_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "jaccInit Class Name: ", string);
            }
            if (string != null && string.length() != 0) {
                try {
                    this.initializeJACCProvider = (InitializeJACCProvider) Class.forName(string, true, Thread.currentThread().getContextClassLoader()).newInstance();
                    try {
                        int initialize = this.initializeJACCProvider.initialize(authorizationProviderConfig.getProperties());
                        if (initialize != 0) {
                            throw new ConfigurationError(Constants.nls.getFormattedMessage("security.jacc.initialize.error", new Object[]{string, new Integer(initialize)}, "The initialize method of " + string + " did not return success code 0.  The error code returned was: " + initialize));
                        }
                    } catch (Exception e) {
                        Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e});
                        FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJaccProvider", "1464", this);
                        throw new ConfigurationError(e.getMessage(), e);
                    }
                } catch (ClassNotFoundException e2) {
                    Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e2});
                    FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJaccProvider", "1442", this);
                    throw new ConfigurationError(e2.getMessage(), e2);
                } catch (IllegalAccessException e3) {
                    Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e3});
                    FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJaccProvider", "1448", this);
                    throw new ConfigurationError(e3.getMessage(), e3);
                } catch (InstantiationException e4) {
                    Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e4});
                    FFDCFilter.processException(e4, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJaccProvider", "1454", this);
                    throw new ConfigurationError(e4.getMessage(), e4);
                }
            }
            try {
                Policy.setPolicy((Policy) Class.forName(property, true, Thread.currentThread().getContextClassLoader()).newInstance());
                Policy.getPolicy().refresh();
                Tr.audit(tc, "security.jacc.initialized", new Object[]{property, authorizationProviderConfig.getString(AuthorizationProviderConfig.POLICY_CONFIGURATION_FACTORY_IMPL_CLASS_NAME), authorizationProviderConfig.getString(AuthorizationProviderConfig.ROLE_CONFIGURATION_FACTORY_IMPL_CLASS_NAME), string});
                this._security.setObject(SecurityConfig.NULL_CODE_SOURCE, new CodeSource((URL) null, (Certificate[]) null));
                this._security.setObject(SecurityConfig.NULL_PROTECTION_DOMAIN, new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, null));
                if (this._appSecurity != null) {
                    this._appSecurity.setObject(SecurityConfig.NULL_CODE_SOURCE, new CodeSource((URL) null, (Certificate[]) null));
                    this._appSecurity.setObject(SecurityConfig.NULL_PROTECTION_DOMAIN, new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, null));
                }
            } catch (Throwable th) {
                Tr.error(tc, "security.jacc.init.error", new Object[]{property, th});
                FFDCFilter.processException(th, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJaccProvider", "1485", this);
                throw new ConfigurationError(th.getMessage(), th);
            }
        } else if (this.processType.equals(com.ibm.websphere.management.AdminConstants.DEPLOYMENT_MANAGER_PROCESS)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initilizing JACC for the Dmgr process in multi-security domain and in mulit-jacc configuration.");
            }
            expandVariables();
            JaccPolicyDomainProxy jaccPolicyDomainProxy = new JaccPolicyDomainProxy();
            try {
                jaccPolicyDomainProxy.getDomainPolicy();
                Policy.setPolicy(jaccPolicyDomainProxy);
            } catch (Exception e5) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Initilizing JACC for the Dmgr process in multi-security domain and in mulit-jacc configuration caught exception: " + e5.getMessage());
                }
                throw new ConfigurationError(e5.getMessage(), e5);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding EJB Method Interfaces:Timer,MessageEndpoint using Apache property:org.apache.security.jacc.EJBMethodPermission.methodInterfaces");
        }
        System.setProperty(SecurityConfig.APACHE_EJB_METHOD_INTERFACE_PLUGPOINT, SecurityConfig.EJB_3_1_ADDITIONAL_INTERFACE);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeJaccProxy");
        }
    }

    private void initializeJava2Sec() throws SecurityConfigException, ConfigurationError {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeJava2Sec");
        }
        try {
            if (this._appSecurity != null) {
                z = this._appSecurity.getBoolean(SecurityConfig.ENFORCE_JAVA2_SECURITY);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Java2Sec enablement is based on the application security domain setting: " + z);
                }
            } else {
                z = this._security.getBoolean(SecurityConfig.ENFORCE_JAVA2_SECURITY);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Java2Sec enablement is based on the global security domain setting: " + z);
                }
            }
            try {
                if (z) {
                    WSDynamicPolicy wSDynamicPolicy = new WSDynamicPolicy(Policy.getPolicy(), this.repository);
                    Policy.setPolicy(wSDynamicPolicy);
                    initializeJaccProxy(wSDynamicPolicy);
                    String property = this._security.getProperty(CommonConstants.DEBUGMSG_JAVA2SECURITY);
                    Server server = (Server) this.Proxy.GetService(Server.class);
                    ExtClassLoader extClassLoader = (ExtClassLoader) server.getRuntimeClassLoader();
                    this.Proxy.ReleaseService(server);
                    System.setSecurityManager(new SecurityManager(property, extClassLoader, wSDynamicPolicy.getRuntimeFilteredPermission(), this._security.getBoolean(SecurityConfig.ENABLED_JAVA2_SECURITY_RUNTIME_FILTERING)));
                    Tr.info(tc, "security.jsecman.installed");
                    wSDynamicPolicy.initApplicationTemplate(Boolean.valueOf(this._security.getBoolean(SecurityConfig.ISSUE_PERMISSION_WARNING)));
                } else {
                    NullDynamicPolicy nullDynamicPolicy = new NullDynamicPolicy(Policy.getPolicy());
                    Policy.setPolicy(nullDynamicPolicy);
                    initializeJaccProxy(nullDynamicPolicy);
                    String property2 = System.getProperty("java.security.manager");
                    if (property2 == null || property2.length() <= 0) {
                        System.setSecurityManager(null);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Custom SecurityManager is loaded :" + property2);
                    }
                    Tr.info(tc, "security.manager.disabled");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "initializeJava2Sec");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJava2Sec", "1611", this);
                Tr.error(tc, "security.j2sec.init.error", new Object[]{e});
                throw new ConfigurationError("Error during Java 2 Security and Dynamic Policy initialization", e);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityComponentImpl.initializeJava2Sec", "1566", this);
            Tr.error(tc, "security.j2sec.init.error", new Object[]{e2});
            throw new ConfigurationError("Failed to get EnforceJava2Security.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void configureRoleBasedAuthz(ConfigRoot configRoot, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "configureRoleBasedAuthz", new Object[]{configRoot, str});
        }
        String str2 = str + ".xml";
        RoleBasedConfigurator configurator2 = getConfigurator();
        if (configurator2 instanceof RoleBasedConfiguratorImpl) {
            RoleBasedConfiguratorImpl roleBasedConfiguratorImpl = (RoleBasedConfiguratorImpl) configurator2;
            try {
                ConfigService configService = (ConfigService) WsServiceRegistry.getService(SecurityConfigManager.class, ConfigService.class);
                ConfigObject configObject = (ConfigObject) configService.getDocumentObjects(configService.getScope(0), str2).get(0);
                if (configObject == null) {
                    Tr.error(tc, "ssl.init.nullsecobject.CWPKI0009E");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "configureRoleBasedAuthz() error getting AuthorizationTableExt object from List");
                    }
                }
                if (roleBasedConfiguratorImpl.areAccessIdsMissing(configObject)) {
                    try {
                        configurator2.loadApplication(str, configRoot.getResource(0, str2));
                    } catch (Exception e) {
                        Tr.error(tc, "security.loadresource.error", new Object[]{str2, e});
                        throw e;
                    }
                } else {
                    roleBasedConfiguratorImpl.loadApplication(str, configObject);
                }
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "configureRoleBasedAuthz() exception", e2);
                }
                throw new RoleBasedAppException("configureRoleBasedAuthz() error loading " + str + ".xml from RCSList");
            }
        } else {
            try {
                configurator2.loadApplication(str, configRoot.getResource(0, str2));
            } catch (Exception e3) {
                Tr.error(tc, "security.loadresource.error", new Object[]{str2, e3});
                throw e3;
            }
        }
        if (str.equals(Constants.ADMIN_APP)) {
            try {
                getConfigurator().loadSecurityPolicy(str, Constants.SECURITY_SERVER_XML, "domain");
            } catch (Exception e4) {
                Tr.error(tc, "security.load.secConfig", new Object[]{e4});
                throw e4;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "configureRoleBasedAuthz");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initializeSecurityMBeans() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSecurityMBeans");
        }
        try {
            SecurityAdmin securityAdmin = new SecurityAdmin();
            MBeanFactory mBeanFactory = AdminServiceFactory.getMBeanFactory();
            mBeanFactory.activateMBean("SecurityAdmin", new DefaultRuntimeCollaborator(securityAdmin, "SecurityAdmin"), mBeanFactory.getConfigId("SecurityAdmin"), "com/ibm/ws/management/descriptor/xml/SecurityAdmin.xml");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeSecurityMBeans");
            }
        } catch (Exception e) {
            Tr.error(tc, "security.init.mbeanerror", new Object[]{"SecurityAdmin", e});
            throw e;
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public void addListener(SecurityServiceListener securityServiceListener) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addListener", securityServiceListener);
        }
        synchronized (this.listeners) {
            ListIterator listIterator = this.listeners.listIterator();
            boolean z = false;
            while (listIterator.hasNext() && !z) {
                if (((SecurityServiceListener) listIterator.next()) == securityServiceListener) {
                    z = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "found matching listener, not adding");
                    }
                }
            }
            if (!z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "did not find matching listener, adding listener");
                }
                this.listeners.add(securityServiceListener);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LISTENERS AFTER ADD: ");
            Iterator it = this.listeners.iterator();
            while (it.hasNext()) {
                Tr.debug(tc, " add> " + it.next());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addListener");
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public void clearListener(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearListener: " + str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LISTENERS BEFORE: ");
            Iterator it = this.listeners.iterator();
            while (it.hasNext()) {
                Tr.debug(tc, " rem_b>  " + it.next());
            }
        }
        ArrayList arrayList = new ArrayList(32);
        synchronized (this.listeners) {
            Iterator it2 = this.listeners.iterator();
            while (it2.hasNext()) {
                SecurityServiceListener securityServiceListener = (SecurityServiceListener) it2.next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "lstr: " + securityServiceListener.toString());
                }
                if (securityServiceListener.toString().contains(str)) {
                    arrayList.add(securityServiceListener);
                }
            }
        }
        synchronized (this.listeners) {
            Iterator it3 = arrayList.iterator();
            while (it3.hasNext()) {
                SecurityServiceListener securityServiceListener2 = (SecurityServiceListener) it3.next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "removing: " + securityServiceListener2.toString());
                }
                this.listeners.remove(securityServiceListener2);
            }
        }
        if (!arrayList.isEmpty()) {
            arrayList.clear();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LISTENERS AFTER: ");
            Iterator it4 = this.listeners.iterator();
            while (it4.hasNext()) {
                Tr.debug(tc, " rem_a>  " + it4.next());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearListener");
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public void removeListener(SecurityServiceListener securityServiceListener) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeListener", securityServiceListener);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LISTENERS BEFORE ");
            Iterator it = this.listeners.iterator();
            while (it.hasNext()) {
                Tr.debug(tc, " rem_b>  " + it.next());
            }
        }
        synchronized (this.listeners) {
            this.listeners.remove(securityServiceListener);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LISTENERS AFTER: ");
            Iterator it2 = this.listeners.iterator();
            while (it2.hasNext()) {
                Tr.debug(tc, " rem_a>  " + it2.next());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeListener");
        }
    }

    @Override // com.ibm.ws.management.service.ConfigChangeListener
    public void configChanged(ConfigRepositoryEvent configRepositoryEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "configChanged", configRepositoryEvent);
        }
        try {
            try {
                AdminData adminData = SecurityObjectLocator.getAdminData();
                TreeSet treeSet = (TreeSet) adminData.getObject(AdminData.MULTI_SERVER_ID_LIST);
                String string = adminData.getString(AdminData.UNEXPANDED_SERVER_ID);
                String str = "cells/" + adminData.getString(AdminData.CELL_NAME) + "/security.xml";
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Security.xml: " + str);
                }
                ConfigChangeNotifier[] changes = configRepositoryEvent.getChanges();
                if (treeSet != null && string != null) {
                    for (int i = 0; i < changes.length; i++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Document changed: " + changes[i].getUri());
                        }
                        if ((changes[i].getChangeType() == 0 || changes[i].getChangeType() == 1) && changes[i].getUri().endsWith(WorkSpaceQueryUtil.SERVER_INDEX_URI)) {
                            String uri = changes[i].getUri();
                            int lastIndexOf = uri.lastIndexOf(47);
                            int lastIndexOf2 = lastIndexOf > 0 ? uri.lastIndexOf(47, lastIndexOf - 1) : -1;
                            if (lastIndexOf > 0 && lastIndexOf2 > 0) {
                                String substring = uri.substring(lastIndexOf2 + 1, lastIndexOf);
                                if (tc.isDebugEnabled()) {
                                    if (changes[i].getChangeType() == 0) {
                                        Tr.debug(tc, "Node added: " + substring);
                                    } else {
                                        Tr.debug(tc, "Node removed: " + substring);
                                    }
                                }
                                if (this.repository == null) {
                                    this.repository = (Repository) this.Proxy.GetService(Repository.class);
                                }
                                ConfigService configService = (ConfigService) WsServiceRegistry.getService(this, ConfigService.class);
                                ConfigScope createScope = configService.createScope(3);
                                String[] list = createScope.list("nodes");
                                if (list != null) {
                                    for (String str2 : list) {
                                        if (str2.equals(substring)) {
                                            createScope.set(3, list[i]);
                                            String expandHost = ConfigUtils.expandHost(string, ((ConfigObject) configService.getDocumentObjects(createScope, WorkSpaceQueryUtil.SERVER_INDEX_URI).get(0)).getString("hostName", null).toLowerCase());
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Expanded serverID: " + expandHost);
                                            }
                                            if (expandHost != null) {
                                                if (changes[i].getChangeType() == 0) {
                                                    boolean add = treeSet.add(expandHost);
                                                    if (tc.isDebugEnabled()) {
                                                        if (add) {
                                                            Tr.debug(tc, "Server ID " + expandHost + " was added to the multi-serverID list.");
                                                        } else {
                                                            Tr.debug(tc, "Server ID " + expandHost + " was already in the multi-serverID list.");
                                                        }
                                                    }
                                                } else if (changes[i].getChangeType() == 1) {
                                                    boolean remove = treeSet.remove(expandHost);
                                                    if (tc.isDebugEnabled()) {
                                                        if (remove) {
                                                            Tr.debug(tc, "Server ID " + expandHost + " was removed to the multi-serverID list.");
                                                        } else {
                                                            Tr.debug(tc, "Server ID " + expandHost + " was not present in the multi-serverID list.");
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
                for (int i2 = 0; i2 < changes.length; i2++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "configChanged Document changed: " + changes[i2].getUri());
                    }
                    String uri2 = changes[i2].getUri();
                    if (uri2.equalsIgnoreCase(str)) {
                        try {
                            refreshSpnegoAuthMech(null);
                            String domainName = securityConfigManager.getDomainName();
                            if (domainName != null) {
                                refreshSpnegoAuthMech(domainName);
                            }
                            Tr.debug(tc, "Check to see if SSL config has changed.");
                            if (SSLConfigCompare.sslConfigChanged()) {
                                Tr.debug(tc, "SSL config has changed so reload it.");
                                SecurityConfigObject refreshSSLConfig = securityConfigManager.refreshSSLConfig();
                                if (refreshSSLConfig.getBoolean(SecurityConfig.DYNAMICALLY_UPDATE_SSL_CONFIG).booleanValue()) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "entering synchronized()");
                                    }
                                    synchronized (_lockObj) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "entered synchronized()");
                                        }
                                        try {
                                            AdminServiceImpl adminService = AdminServiceFactory.getAdminService();
                                            if (adminService != null && ManagementScopeManager.getInstance().getProcessType().equals(com.ibm.websphere.management.AdminConstants.DEPLOYMENT_MANAGER_PROCESS) && (adminService.isZOSInitComplete() || !PlatformHelperFactory.getPlatformHelper().isZOS())) {
                                                temporarilyDisableCertificateAuthenticationAcrossCell(90000L);
                                            }
                                            SSLConfigManager.getInstance().initializeServerSSL(refreshSSLConfig, true);
                                            KeySetGroupManager.getInstance().initializeKeySetGroups(refreshSSLConfig, true);
                                            LTPAServerObject.getLTPAServer().refreshTokenFactories();
                                            AuthCache.getInstance().removeAllEntries();
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "exit synchronized()");
                                            }
                                            boolean z = true;
                                            String property = this._security.getProperty("com.ibm.websphere.security.initializeRSAProperties");
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "com.ibm.websphere.security.initializeRSAProperties=" + property);
                                            }
                                            if (property != null && property.equalsIgnoreCase("false")) {
                                                z = false;
                                            }
                                            if (z) {
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "Initializing the properties");
                                                }
                                                SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).reinitializeRSAProperties();
                                            } else {
                                                SecurityConfigObject object = securityConfigManager.getObject("security").getObject(SecurityConfig.ADMIN_PREFERRED_AUTH_MECH);
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "adminPreferredAuthMech=" + object);
                                                }
                                                AuthMechanismConfig activeAuthMechanism = this._security.getActiveAuthMechanism();
                                                String type = activeAuthMechanism.getType();
                                                if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "activeAuthMechanism=" + activeAuthMechanism.getType());
                                                }
                                                if ((object != null && object.instanceOf("RSAToken")) || type.equals(AuthMechanismConfig.TYPE_RSATOKEN)) {
                                                    if (tc.isDebugEnabled()) {
                                                        Tr.debug(tc, "RSA properties are used.  Initializing the properties even though com.ibm.websphere.security.initializeRSAProperties is specified.");
                                                    }
                                                    SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN).reinitializeRSAProperties();
                                                } else if (tc.isDebugEnabled()) {
                                                    Tr.debug(tc, "RSA properties does not seem used. Skip initializing");
                                                }
                                            }
                                        } catch (Exception e) {
                                            FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.configChanged", "2011", this);
                                            Tr.debug(tc, "Exception re-loading the SSL config.", new Object[]{e.getMessage()});
                                            throw e;
                                        }
                                    }
                                }
                            } else {
                                Tr.debug(tc, "No changes to the SSL configuration.");
                            }
                        } catch (Exception e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.core.distSecurityComponentImpl.configChanged", "2026", this);
                            Tr.debug(tc, "Exception re-loading the config.", new Object[]{e2.getMessage()});
                            throw e2;
                        }
                    } else if (uri2.indexOf("domain-security.xml") != -1) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "configChanged found domain-security.xml");
                        }
                        int indexOf = uri2.indexOf("waspolicies/default/securitydomains/");
                        if (indexOf != -1) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "configChanged found securitydomains dir at offset " + indexOf);
                            }
                            int length = indexOf + "waspolicies/default/securitydomains/".length();
                            int indexOf2 = uri2.indexOf("/", length);
                            if (indexOf2 != -1) {
                                String substring2 = uri2.substring(length, indexOf2);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "configChanged domainName: " + substring2);
                                }
                                refreshSpnegoAuthMech(substring2);
                            }
                        }
                    }
                }
                if (this.repository != null) {
                    this.Proxy.ReleaseService(this.repository);
                }
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityComponentImpl.configChanged", "2056", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, GSSEncodeDecodeException.exceptionCaughtStr + e3.getMessage());
                }
                if (this.repository != null) {
                    this.Proxy.ReleaseService(this.repository);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "configChanged");
            }
        } catch (Throwable th) {
            if (this.repository != null) {
                this.Proxy.ReleaseService(this.repository);
            }
            throw th;
        }
    }

    private void refreshSpnegoAuthMech(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshSpnegoAuthMech " + str);
        }
        SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        boolean z = false;
        String str2 = null;
        if (str == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "refreshSpnegoAuthMech refreshing admin scope");
            }
            z = true;
            str2 = "Security";
        } else {
            String domainName = securityConfigManager.getDomainName();
            if (domainName != null && str.equals(domainName)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "refreshSpnegoAuthMech refreshing process domain: " + domainName);
                }
                z = true;
                str2 = PropertiesBasedConfigConstants.APPSECURITY_RESOURCE_TYPE;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "refreshSpnegoAuthMech supplied domain is not the process domain, not refreshing");
            }
        }
        if (z) {
            boolean z2 = false;
            if (str != null) {
                try {
                    z2 = SecurityObjectLocator.getThreadLocal().pushResource(str, "domain");
                } finally {
                    if (z2) {
                        SecurityObjectLocator.getThreadLocal().popResource();
                    }
                }
            }
            securityConfigManager.refreshDynamicReload(str2);
            SecurityConfigObjectList objectList = securityConfigManager.getObjectList(str2 + "::dynamicReload::authMechanisms");
            if (objectList != null) {
                for (int i = 0; i < objectList.size(); i++) {
                    if (objectList.get(i).instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_SPNEGO)) {
                        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig(str2);
                        securityConfig.refreshSPNEGOAuthMechanism();
                        AuthMechanismConfig authMechanism = securityConfig.getAuthMechanism(AuthMechanismConfig.TYPE_SPNEGO);
                        if (authMechanism != null && authMechanism.getBoolean(AuthMechanismConfig.SPNEGO_ENABLED)) {
                            authMechanism.getSpnegoFilterProps();
                            TrustAssociationInterceptorImpl.getInstance().initialize(authMechanism.getSpnegoFilterProps());
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshSpnegoAuthMech");
        }
    }

    public void temporarilyDisableCertificateAuthenticationAcrossCell(long j) throws Exception {
        this.objName = getMBean();
        for (ObjectName objectName : AdminServiceFactory.getAdminService().queryNames(new ObjectName("WebSphere:type=SSLAdmin,*"), null)) {
            try {
                if (!this.objName.equals(objectName)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, " SSLAdmin object name = " + objectName);
                    }
                    AdminServiceFactory.getAdminService().invoke(objectName, "temporarilyDisableCertificateAuthentication", new Object[]{new Long(j)}, new String[]{"java.lang.Long"});
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigChangeListener.temporaryDisableCertificateAuthentication", "2157", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception on MBean call.", new Object[]{e});
                }
                throw e;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " SSLAdmin object name (self) = " + this.objName);
        }
        AdminServiceFactory.getAdminService().invoke(this.objName, "temporarilyDisableCertificateAuthentication", new Object[]{new Long(j)}, new String[]{"java.lang.Long"});
    }

    private ObjectName getMBean() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMBean");
        }
        if (this.objName != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning MBean");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getMBean");
            }
            return this.objName;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Getting MBean");
        }
        try {
            this.objName = new ObjectName("WebSphere:type=SSLAdmin,process=" + AdminServiceFactory.getAdminService().getProcessName() + ",*");
            Iterator it = AdminServiceFactory.getAdminService().queryNames(this.objName, null).iterator();
            if (!it.hasNext()) {
                Tr.error(tc, "security.ctr.nombean.error");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getMBean");
                }
                throw new Exception("No SSLAdmin MBean found: returning null");
            }
            this.objName = (ObjectName) it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " SSLAdmin object name = " + this.objName);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getMBean");
            }
            return this.objName;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigChangeListener.getMBean", "2186", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception on MBean call.", new Object[]{e});
            }
            throw e;
        }
    }

    private void getCellHostNames() throws Exception {
        String expandHost;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellHostNames");
        }
        TreeSet treeSet = new TreeSet();
        AdminData adminData = SecurityObjectLocator.getAdminData();
        try {
            WSCredential serverCredential = ContextManagerFactory.getInstance().getServerCredential();
            if (serverCredential != null) {
                String lowerCase = serverCredential.getAccessId().toLowerCase();
                String string = adminData.getString("process.hostName");
                if (string == null) {
                    string = ConfigUtils.getHostName().toLowerCase();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Server accessID: " + lowerCase + ", hostname: " + string);
                }
                if (string != null) {
                    int length = string.length();
                    int indexOf = lowerCase.indexOf(string);
                    if (indexOf != -1) {
                        StringBuffer stringBuffer = new StringBuffer(lowerCase);
                        stringBuffer.replace(indexOf, indexOf + length, "${HOST}");
                        String stringBuffer2 = stringBuffer.toString();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Unexpanded accessID is: " + stringBuffer2);
                        }
                        adminData.setString(AdminData.UNEXPANDED_SERVER_ID, stringBuffer2);
                    }
                }
            }
            ConfigService configService = (ConfigService) WsServiceRegistry.getService(this, ConfigService.class);
            ConfigScope createScope = configService.createScope(3);
            String[] list = createScope.list("nodes");
            if (list != null) {
                for (int i = 0; i < list.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Node name: " + list[i]);
                    }
                    createScope.set(3, list[i]);
                    String lowerCase2 = ((ConfigObject) configService.getDocumentObjects(createScope, WorkSpaceQueryUtil.SERVER_INDEX_URI).get(0)).getString("hostName", null).toLowerCase();
                    String string2 = adminData.getString(AdminData.UNEXPANDED_SERVER_ID);
                    if (string2 != null && (expandHost = ConfigUtils.expandHost(string2, lowerCase2)) != null && treeSet.add(expandHost)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Server ID " + expandHost + " was added to the multi-serverID list.");
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Server ID " + expandHost + " was already in the multi-serverID list.");
                        }
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.getCellHostNames", "2263", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting Cell hostnames.", new Object[]{e});
            }
        }
        adminData.setObject(AdminData.MULTI_SERVER_ID_LIST, treeSet);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellHostNames");
        }
    }

    private void fireStartedEvent() {
        fireEvent("start");
    }

    private void fireStoppedEvent() {
        fireEvent("stop");
    }

    private void fireEvent(String str) {
        List list;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fireEvent,  event is :" + str);
        }
        synchronized (this.listeners) {
            list = (List) this.listeners.clone();
        }
        if (list != null) {
            int size = list.size();
            SecurityServiceEvent securityServiceEvent = str.equals("start") ? new SecurityServiceEvent(1) : new SecurityServiceEvent(2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list size = " + size, "event = " + str);
            }
            for (int i = 0; i < size; i++) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("Invoking stateChanged(), Listener.hashCode() = ");
                    stringBuffer.append(list.get(i).hashCode());
                    stringBuffer.append("Listener.toString()");
                    stringBuffer.append(list.get(i).toString());
                    Tr.debug(tc, stringBuffer.toString());
                }
                try {
                    ((SecurityServiceListener) list.get(i)).stateChanged(securityServiceEvent);
                } catch (Exception e) {
                    Tr.error(tc, "security.init.error", new Object[]{e});
                    FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.fireEvent", "2320", this);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fireEvent, : event is " + str);
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public RoleBasedConfigurator getConfigurator() throws RoleBasedAppException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConfigurator");
        }
        RoleBasedConfigurator configurator2 = RoleBasedConfiguratorFactory.getConfigurator();
        if (configurator2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RoleBasedConfigurator not initialized");
            }
            throw new RoleBasedAppException("RoleBasedConfigurator not initialized");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConfigurator");
        }
        return configurator2;
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public Properties getSecureSocketLayer(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecureSocketLayer", str);
        }
        if (str == null || str.equals("")) {
            throw new IllegalArgumentException("Alias is null or empty string.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecureSocketLayer");
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("com.ibm.ssl.direction", "inbound");
            return JSSEHelper.getInstance().getProperties(str, hashMap, null);
        } catch (SSLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.getSecureSocketLayer", "2358", this);
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception getting SSL properties.", new Object[]{e});
            return null;
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public boolean isSecurityEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSecurityEnabled");
        }
        try {
            return this.globalSecurityEnabled;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.core.SecurityComponentImpl.isSecurityEnabled", "2375", this);
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Exception caught", th);
            return true;
        }
    }

    public boolean isServerSecurityEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerSecurityEnabled");
        }
        try {
            return this.serverSecurityEnabled;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.core.SecurityComponentImpl.isServerSecurityEnabled", "2392", this);
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Exception caught", th);
            return true;
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public boolean isSecurityServiceStarted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSecurityServiceStarted");
        }
        try {
            return this.securityServiceStarted;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.core.SecurityComponentImpl.isSecurityServiceStarted", "2410", this);
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Exception caught", th);
            return true;
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public String getRealm() {
        return this._security.getActiveUserRegistry().getString("realm");
    }

    public static boolean isOrbServiceAvailable() {
        return orbServiceAvailable;
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public WSSecurityContext getWSSecurityContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSSecurityContext");
        }
        WSSecurityContext wSSecurityContext = null;
        if (this.globalSecurityEnabled) {
            try {
                wSSecurityContext = WSSecurityContextFactory.getInstance().createContext(String.valueOf(this._security.getActiveAuthMechanism().getString(AuthMechanismConfig.OID)));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityComponentImpl.getWSSecurityContext", "2457", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception getting WSSecurityContext", e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSSecurityContext", wSSecurityContext);
        }
        return wSSecurityContext;
    }

    private void expandVariables() {
        String property;
        String property2;
        String str;
        String str2;
        String str3;
        String str4;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expandVariables");
        }
        VariableMap variableMap = (VariableMap) this.Proxy.GetService(VariableMap.class);
        try {
            property = variableMap.expand(SecConstants.WAS_INSTALL_ROOT);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_INSTALL_ROOT}");
            }
            property = System.getProperty("was.install.root");
        }
        try {
            property2 = variableMap.expand(SecConstants.USER_INSTALL_ROOT);
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${USER_INSTALL_ROOT}");
            }
            property2 = System.getProperty("user.install.root", System.getProperty("was.install.root"));
        }
        try {
            str = variableMap.expand(SecConstants.WAS_TEMP_DIR);
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_TEMP_DIR}");
            }
            str = property + File.separator + "tmp";
        }
        try {
            str2 = variableMap.expand(SecConstants.WAS_PROPS_DIR);
        } catch (Exception e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_PROPS_DIR}");
            }
            str2 = property + File.separator + "properties";
        }
        try {
            str3 = variableMap.expand(SecConstants.APP_INSTALL_ROOT);
        } catch (Exception e5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${APP_INSTALL_ROOT}");
            }
            str3 = property + File.separator + AppConstants.APPDEPL_LOCAL_CONFIG_INSTALL_DIR_DEFAULT;
        }
        try {
            str4 = variableMap.expand(SecConstants.WAS_ETC_DIR);
        } catch (Exception e6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_ETC_DIR}");
            }
            str4 = property + File.separator + "etc";
        }
        AdminData adminData = SecurityObjectLocator.getAdminData();
        adminData.setString(SecConstants.WAS_INSTALL_ROOT, property);
        adminData.setString(SecConstants.USER_INSTALL_ROOT, property2);
        adminData.setString(SecConstants.WAS_TEMP_DIR, str);
        adminData.setString(SecConstants.WAS_PROPS_DIR, str2);
        adminData.setString(SecConstants.WAS_ETC_DIR, str4);
        adminData.setString(SecConstants.APP_INSTALL_ROOT, str3);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "${WAS_INSTALL_ROOT}  = " + property);
            Tr.debug(tc, "${USER_INSTALL_ROOT} = " + property2);
            Tr.debug(tc, "${WAS_TEMP_DIR}      = " + str);
            Tr.debug(tc, "${WAS_PROPS_DIR}     = " + str2);
            Tr.debug(tc, "${WAS_ETC_DIR}       = " + str4);
            Tr.debug(tc, "${APP_INSTALL_ROOT}  = " + str3);
        }
        this.expandedVariables = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expandVariables");
        }
    }

    private void insertVariables(Properties properties) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "inserting variables into orbProps");
        }
        if (!this.expandedVariables) {
            expandVariables();
        }
        if (properties != null) {
            AdminData adminData = SecurityObjectLocator.getAdminData();
            properties.put(SecConstants.WAS_INSTALL_ROOT, adminData.getString(SecConstants.WAS_INSTALL_ROOT));
            properties.put(SecConstants.USER_INSTALL_ROOT, adminData.getString(SecConstants.USER_INSTALL_ROOT));
            properties.put(SecConstants.WAS_TEMP_DIR, adminData.getString(SecConstants.WAS_TEMP_DIR));
            properties.put(SecConstants.WAS_PROPS_DIR, adminData.getString(SecConstants.WAS_PROPS_DIR));
            properties.put(SecConstants.WAS_ETC_DIR, adminData.getString(SecConstants.WAS_ETC_DIR));
            properties.put(SecConstants.APP_INSTALL_ROOT, adminData.getString(SecConstants.APP_INSTALL_ROOT));
            properties.put(AdminData.PROCESS_TYPE, adminData.getString(AdminData.PROCESS_TYPE));
        }
    }

    private void initializeCache() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeCache");
        }
        int integer = this._security.getInteger(SecurityConfig.CACHE_TIMEOUT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "security cache timeout", Integer.valueOf(integer));
        }
        Cache.setDefaultTimeout(integer * 1000);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeCache");
        }
    }

    Subject initializeServerSubject() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeServerSubject");
        }
        Subject serverSubjectInternal = ((ContextManagerInternals) ContextManagerFactory.getInstance()).getServerSubjectInternal();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeServerSubject", serverSubjectInternal);
        }
        return serverSubjectInternal;
    }

    /* JADX WARN: Code restructure failed: missing block: B:25:0x00ae, code lost:
    
        if (r10 == false) goto L23;
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x00b4, code lost:
    
        com.ibm.ejs.ras.Tr.warning(com.ibm.ws.security.core.distSecurityComponentImpl.tc, "security.checkProviderList.warning");
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x00c3, code lost:
    
        if (com.ibm.ws.security.core.distSecurityComponentImpl.tc.isEntryEnabled() == false) goto L26;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x00c6, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.security.core.distSecurityComponentImpl.tc, "In FIPS mode, IBMJCEFIPS provider is not found before the IBMJCE provider in the java.security file.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkProviderList() {
        /*
            Method dump skipped, instructions count: 529
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.core.distSecurityComponentImpl.checkProviderList():void");
    }

    private void setAppSecurityInfo() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAppSecurity");
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "about to load and process the app-security.xml config file");
            }
            this._appSecurity = SecurityObjectLocator.getSecurityConfig(PropertiesBasedConfigConstants.APPSECURITY_RESOURCE_TYPE);
            if (this._appSecurity != null) {
                UserRegistryConfig activeUserRegistry = this._appSecurity.getActiveUserRegistry(false);
                if (activeUserRegistry != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "a user registry is defined for the applications domain");
                    }
                    DomainInfo.setAppRealm(activeUserRegistry.getString("realm"));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "application domain realm is set to: " + activeUserRegistry.getString("realm"));
                    }
                    this._appSecurity.setBoolean("use_single_registry", Boolean.FALSE);
                    this._security.setBoolean("use_single_registry", Boolean.FALSE);
                    this._appSecurity.setString("security.domain.type", "application");
                    this._security.setString("security.domain.type", "administration");
                    DomainInfo.setUseSingleRealm(false);
                    if (activeUserRegistry.getType().equals("LOCALOS")) {
                        DomainInfo.setAppRegType("LOCALOS");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "app domain registry type: LOCALOS");
                        }
                    } else if (activeUserRegistry.getType().equals("CUSTOM")) {
                        DomainInfo.setAppRegType("CUSTOM");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "app domain registry type: CUSTOM");
                        }
                    } else if (activeUserRegistry.getType().equals("WIMUserRegistry")) {
                        DomainInfo.setAppRegType(CommonConstants.WIM);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "app domain registry type: WIM");
                        }
                    } else if (activeUserRegistry.getType().equals("LDAP")) {
                        DomainInfo.setAppRegType("LDAP");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "app domain registry type: LDAP");
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "app domain active user registry type for app domain is unknown");
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "no user registry is defined for the applications domain");
                    }
                    this._security.setBoolean("use_single_registry", Boolean.TRUE);
                    DomainInfo.setUseSingleRealm(true);
                }
                DomainInfo.setMultiDomainDefined(true);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "no application security domain is defined for this server");
                }
                this._security.setString("security.domain.type", "admin_and_app");
                this._security.setBoolean("use_single_registry", Boolean.TRUE);
                DomainInfo.setUseSingleRealm(true);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception attempting to load the app-security.xml config file", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAppSecurity");
        }
    }

    @Override // com.ibm.ws.security.service.SecurityService
    public void setAsynchBeansService(AsynchBeansService asynchBeansService) {
        registerWithAsynchBeansService((AsynchBeansServiceCollaborator) asynchBeansService);
    }

    private void registerWithAsynchBeansService(AsynchBeansServiceCollaborator asynchBeansServiceCollaborator) {
        if (asynchBeansServiceCollaborator == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AsynchBeansServiceCollaborator is unavailable, registering a listener with AsynchBeans");
            }
        } else if (Configuration.getConfiguration().getAppConfigurationEntry(ContextImpl.DESERIALIZE_ASYNCH_CONTEXT) == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "system.DESERIALIZE_ASYNCH_CONTEXT login configuration is unavailable, Security component has not registered with AsynchBeans");
            }
        } else {
            asynchBeansServiceCollaborator.register(ContextManagerFactory.getInstance().getServiceWithContext());
            releaseService(asynchBeansServiceCollaborator);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security component has successfully registered with AsynchBeans");
            }
        }
    }

    protected String getSecurityDomainStatusMessageID(SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomainStatusMessageID");
        }
        String str = null;
        if (securityConfig != null) {
            boolean z = securityConfig.getBoolean(SecurityConfig.APP_SECURITY_ENABLED);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "application security in security domain is : " + z);
            }
            str = z ? "security.multidomain.runtime.SECJ7802I" : "security.multidomain.runtime.SECJ7803I";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityDomainStatusMessageID");
        }
        return str;
    }

    protected String logSecurityDomainStatus(SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityDomainStatus");
        }
        String str = null;
        if (securityConfig != null) {
            String securityDomainStatusMessageID = getSecurityDomainStatusMessageID(securityConfig);
            str = securityConfig.getDomain();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "domain name is : " + str);
            }
            if (securityDomainStatusMessageID != null && securityDomainStatusMessageID.length() > 0 && str != null && str.length() > 0) {
                Tr.info(tc, securityDomainStatusMessageID, new Object[]{str});
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SECJ7802I/SECJ7803I message isn't logged.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityDomainStatus");
        }
        return str;
    }

    protected String getRealmFromUserRegistry() {
        UserRegistryConfig activeUserRegistry;
        UserRegistry userRegistry;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealmFromUserRegistry");
        }
        String str = null;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.exit(tc, "zOS has different realm handling. Do not look up user registry and return null.");
            return null;
        }
        if (!this.globalSecurityEnabled) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.exit(tc, "getRealmFromUserRegistry global security is not enabled. Do not look up user registry and return null.");
            return null;
        }
        try {
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig("security");
            if (securityConfig != null && (activeUserRegistry = securityConfig.getActiveUserRegistry()) != null && (userRegistry = (UserRegistry) activeUserRegistry.getUserRegistryImpl()) != null) {
                str = userRegistry.getRealm();
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.distSecurityComponentImpl.start", "2853", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Realm was not obtained from user registry. ");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmFromUserRegistry", str);
        }
        return str;
    }
}
