package com.ibm.ws.webservices.wssecurity.handler.token;

import com.ibm.websphere.security.UserMapping;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.xml.soapsec.token.UserRegistry;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Permission;
import java.security.cert.X509Certificate;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/webservices/wssecurity/handler/token/WSUserRegistry.class */
public class WSUserRegistry extends UserRegistry {
    private String realm = null;
    private static final String USERMAPPING_IMPL = "com.ibm.ws.security.core.UserMappingImpl";
    private static final String comp = "security.wssecurity";
    private static UserMapping _userMapping = null;
    private static final TraceComponent tc = Tr.register(WSUserRegistry.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = WSUserRegistry.class.getName();
    private static final Permission PERM = new WebSphereRuntimePermission("wssecurity.WSUserRegistry.mapCertificate");

    @Override // com.ibm.xml.soapsec.token.UserRegistry
    public String getRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        if (this.realm == null) {
            com.ibm.websphere.security.UserRegistry userRegistry = getUserRegistry();
            if (userRegistry != null) {
                try {
                    this.realm = userRegistry.getRealm();
                } catch (Exception e) {
                    Tr.warning(tc, "security.wssecurity.WSUserRegistry.token50", e);
                    Tr.processException(e, clsName + ".getRealm", "60", this);
                }
            } else {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    Tr.error(tc, "security.wssecurity.ctxmgr.isnull");
                } else {
                    this.realm = contextManagerFactory.getDefaultRealm();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", this.realm);
        }
        return this.realm;
    }

    @Override // com.ibm.xml.soapsec.token.UserRegistry
    public String mapCertificate(X509Certificate x509Certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate", new Object[]{x509Certificate});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(PERM);
        }
        String str = null;
        UserMapping userMapping = getUserMapping();
        if (userMapping != null) {
            try {
                str = userMapping.mapCertificateToName(new X509Certificate[]{x509Certificate});
            } catch (Exception e) {
                Tr.processException(e, clsName + ".mapCertificate", "95", this);
                Tr.warning(tc, "security.wssecurity.WSEC5185W", new Object[]{x509Certificate.getSubjectDN().getName(), e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapCertificate", str);
        }
        return str;
    }

    @Override // com.ibm.xml.soapsec.token.UserRegistry
    public boolean checkUsername(String str) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkUsername");
        }
        com.ibm.websphere.security.UserRegistry userRegistry = getUserRegistry();
        boolean z = false;
        if (userRegistry != null) {
            try {
                z = userRegistry.isValidUser(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "registry.isValidUser() [" + str + "] = " + z);
                }
                if (!z) {
                    String userSecurityName = userRegistry.getUserSecurityName(str);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "registry.getUserSecurityName()=" + userSecurityName);
                    }
                    z = userRegistry.isValidUser(userSecurityName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "registry.isValidUser() [" + userSecurityName + "] = " + z);
                    }
                }
            } catch (Exception e) {
                Tr.error(tc, "security.wssecurity.checkUsername", e);
                Tr.processException(e, clsName + ".checkUsername", "%C");
                throw new LoginException(ConfigUtil.getMessage("security.wssecurityWSUserRegistry.token48", new String[]{str, e.toString()}));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkUsername(String username) returns boolean[" + z + "]");
        }
        return z;
    }

    private static com.ibm.websphere.security.UserRegistry getUserRegistry() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserRegistry");
        }
        com.ibm.websphere.security.UserRegistry userRegistry = null;
        if (0 == 0 && ContextManagerFactory.getInstance().isServerSecurityEnabled() && WSSecurityPlatformContextFactory.getInstance().isServer()) {
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            userRegistry = contextManagerFactory.getRegistry(contextManagerFactory.getDefaultRealm());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserRegistry", userRegistry);
        }
        return userRegistry;
    }

    private static UserMapping getUserMapping() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserMapping");
        }
        if (_userMapping == null && ContextManagerFactory.getInstance().isServerSecurityEnabled() && WSSecurityPlatformContextFactory.getInstance().isServer()) {
            try {
                _userMapping = (UserMapping) Class.forName(USERMAPPING_IMPL).newInstance();
            } catch (ClassNotFoundException e) {
                Tr.processException(e, clsName + ".getUserMapping", "203");
                Tr.error(tc, "security.wssecurity.WSEC5186E", new Object[]{USERMAPPING_IMPL, e});
            } catch (IllegalAccessException e2) {
                Tr.processException(e2, clsName + ".getUserMapping", "206");
                Tr.error(tc, "security.wssecurity.WSEC5188E", new Object[]{USERMAPPING_IMPL, e2});
            } catch (Exception e3) {
                Tr.processException(e3, clsName + ".getUserMapping", "209");
                Tr.error(tc, "security.wssecurity.WSEC5187E", new Object[]{USERMAPPING_IMPL, e3});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserMapping", _userMapping);
        }
        return _userMapping;
    }
}
