package com.ibm.ws.security.registry;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.CertificateMapNotSupportedException;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.EntryNotFoundException;
import com.ibm.websphere.security.NotImplementedException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.Result;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.profile.WASUtilities;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.registry.ldap.LdapRegistryImpl;
import com.ibm.ws.security.registry.nt.NTLocalDomainRegistryImpl;
import com.ibm.ws.security.registry.zOS.SAFRegistryImpl;
import com.ibm.ws.security.role.RoleBasedAuthorizer;
import com.ibm.ws.security.role.RoleBasedConfigurator;
import com.ibm.ws.security.stat.impl.SecurityAuthenticationModuleImpl;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.wsspi.pmi.factory.StatsFactory;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.rmi.RemoteException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/registry/UserRegistryImpl.class */
public class UserRegistryImpl extends PortableRemoteObject implements UserRegistry {
    private UserRegistry custImpl;
    public static final String NONE = "";
    public static final String USERTYPE = "user";
    public static final String GROUPTYPE = "group";
    public static final String ROLETYPE = "role";
    public static final String realmSeparator = "/";
    public static final String typeSeparator = ":";
    private SecurityAuthenticationModuleImpl authModule;
    private static TraceComponent tc = Tr.register((Class<?>) UserRegistryImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static String CUSTOM_REALM = "customRealm";
    private static RoleBasedAuthorizer authorizer = null;
    private String realm = null;
    private boolean isLDAP = false;
    private boolean isSAF = false;
    private boolean isWindows = false;
    private boolean isLocalOrDomain = false;
    private String useDisplayName = null;
    private String useLoggedInSecName = null;
    private Properties supportedRegistries = new Properties();

    public UserRegistryImpl() throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public void initialize(Properties properties) throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize");
        }
        String str = null;
        if (properties != null) {
            str = loadValuesFromProperties(properties);
        }
        if (str == null) {
            str = getDefaultCustomImplClassName("wsregistries.properties");
        }
        if (str == null) {
            Tr.error(tc, "security.registry.noclassname");
            throw new CustomRegistryException("CustomUserRegistryImplementation Class name is null");
        }
        try {
            createCustomImplInstance(properties, str);
            initializeCustomImpl(properties, str);
            if (StatsFactory.isPMIEnabled()) {
                this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
            }
            String userDefinedRealm = getUserDefinedRealm(properties);
            if (!RegistryUtil.isStringNullEmptyOrBlank(userDefinedRealm)) {
                this.realm = userDefinedRealm;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "reset user registry realm to its user-defined value of: " + userDefinedRealm);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "using registry realm. " + this.realm);
            }
            Tr.audit(tc, "security.custom.registry.initialized", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initialize", this);
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.UserRegistryImpl.initialize", "187", this);
            Tr.error(tc, "security.registry.loadclass", new Object[]{str, th});
            throw new CustomRegistryException(th.getMessage(), th);
        }
    }

    protected String getDefaultCustomImplClassName(String str) throws CustomRegistryException {
        try {
            this.supportedRegistries.load(getClass().getResourceAsStream(str));
            String property = System.getProperty("os.name");
            if (property.startsWith(WASUtilities.S_WINDOWS)) {
                property = WASUtilities.S_WINDOWS;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Registry type", property);
            }
            String property2 = this.supportedRegistries.getProperty(property);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Registry implementation", property2);
            }
            return property2;
        } catch (Throwable th) {
            Tr.error(tc, "security.registry.loadproperr", new Object[]{th});
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.UserRegistryImpl.initialize", "228", this);
            throw new CustomRegistryException(th.getMessage(), th);
        }
    }

    protected void initializeCustomImpl(Properties properties, String str) throws RemoteException, CustomRegistryException {
        try {
            this.custImpl.initialize(properties);
            this.realm = getRealm();
        } catch (CustomRegistryException e) {
            Tr.error(tc, "security.registry.initerr", new Object[]{str, e});
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.UserRegistryImpl.initialize", "264", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initialize", e);
            }
            throw e;
        }
    }

    protected String getUserDefinedRealm(Properties properties) {
        String property = properties.getProperty("WAS_Realm");
        String property2 = properties.getProperty("WAS_UseRegistryRealm");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "realmFromProperty = " + property + " useRegistryRealm = " + property2);
        }
        String str = null;
        if (property2 != null && property2.equalsIgnoreCase("false") && !RegistryUtil.isStringNullEmptyOrBlank(property)) {
            str = property.trim();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "a user-defined realm is provided. " + property);
            }
        }
        return str;
    }

    protected void createCustomImplInstance(Properties properties, String str) throws ClassNotFoundException, IllegalAccessException, InstantiationException, CustomRegistryException {
        Object newInstance = Class.forName(str, true, ExtClassLoader.getInstance()).newInstance();
        if (!(newInstance instanceof UserRegistry)) {
            Tr.error(tc, "security.registry.unsupportedclass", new Object[]{str});
            throw new CustomRegistryException("The implementation file for the custom registry: " + str + " is not supported");
        }
        this.custImpl = (UserRegistry) newInstance;
        this.isLDAP = newInstance instanceof LdapRegistryImpl;
        this.isWindows = newInstance instanceof NTLocalDomainRegistryImpl;
        this.isSAF = newInstance instanceof SAFRegistryImpl;
        if (!this.isWindows || properties == null) {
            return;
        }
        String property = properties.getProperty(CommonConstants.USE_LOCAL_OR_DOMAIN);
        if ("Domain".equalsIgnoreCase(property) || "Local".equalsIgnoreCase(property)) {
            this.isLocalOrDomain = true;
        }
    }

    protected String loadValuesFromProperties(Properties properties) {
        this.useDisplayName = properties.getProperty("WAS_UseDisplayName");
        this.useLoggedInSecName = properties.getProperty(CommonConstants.USE_LOGGED_SECURITY_NAME);
        String str = (String) properties.get("CustUserRegImplClass");
        if (CommonConstants.LDAP_REG_IMPL_CLASS.equals(str) && "true".equalsIgnoreCase((String) properties.get("com.ibm.websphere.security.registry.UseTAM"))) {
            str = CommonConstants.TAM_REGISTRY_IMPL_CLASS;
        }
        return str;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String checkPassword(String str, String str2) throws PasswordCheckFailedException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = str2 == null ? null : "****";
            Tr.entry(traceComponent, "checkPassword", objArr);
        }
        if (RegistryUtil.isStringNullEmptyOrBlank(str2)) {
            Tr.error(tc, "security.authn.failed.foruser", new Object[]{str});
            throw new PasswordCheckFailedException("Authentication failed for user: " + str);
        }
        String checkPassword = this.custImpl.checkPassword(str, str2);
        if (RegistryUtil.isStringNullEmptyOrBlank(checkPassword)) {
            Tr.error(tc, "security.registry.checkpass.failed", new Object[]{str});
            throw new PasswordCheckFailedException("checkPassword for: " + str + " failed to return a user: " + checkPassword);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "checkPassword", checkPassword);
        }
        return checkPassword;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapNotSupportedException, CertificateMapFailedException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate", x509CertificateArr);
        }
        if (authorizer != null && !authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "mapCertificate")) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
            return null;
        }
        String mapCertificate = this.custImpl.mapCertificate(x509CertificateArr);
        if (RegistryUtil.isStringNullEmptyOrBlank(mapCertificate)) {
            Tr.error(tc, "security.registry.mapcertfail");
            throw new CertificateMapFailedException("could not map the certificate to a user");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapCertificate", mapCertificate);
        }
        return mapCertificate;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsers(String str, int i) throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsers", new Object[]{str, new Integer(i)});
        }
        if (authorizer == null || authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getUsers")) {
            Result users = this.custImpl.getUsers(str, i);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", users);
            }
            return users;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
        return null;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserDisplayName(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserDisplayName", str);
        }
        String userDisplayName = this.custImpl.getUserDisplayName(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(userDisplayName)) {
            userDisplayName = "";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserDisplayName", userDisplayName);
        }
        return userDisplayName;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueUserId(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueUserId", str);
        }
        if (authorizer != null && !authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getUniqueUserId")) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
            return null;
        }
        String uniqueUserId = this.custImpl.getUniqueUserId(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(uniqueUserId)) {
            throw new CustomRegistryException("Custom registry returned a null, empty or blank string for getUniqueUserId(" + str + ")");
        }
        String appendRealm = RegistryUtil.appendRealm("user", uniqueUserId.trim(), getRealm());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueUserId", appendRealm);
        }
        return appendRealm;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserSecurityName(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserSecurityName", str);
        }
        String userSecurityName = this.custImpl.getUserSecurityName(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(userSecurityName)) {
            throw new CustomRegistryException("Custom registry returned a null, empty or blank string for getUserSecurityName(" + str + ")");
        }
        String trim = userSecurityName.trim();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserSecurityName", trim);
        }
        return trim;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidUser(String str) throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidUser", str);
        }
        boolean isValidUser = this.custImpl.isValidUser(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isValidUser", new Boolean(isValidUser));
        }
        return isValidUser;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getGroups(String str, int i) throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups", new Object[]{str, new Integer(i)});
        }
        if (authorizer == null || authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getGroups")) {
            Result groups = this.custImpl.getGroups(str, i);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroups", groups);
            }
            return groups;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
        return null;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupDisplayName(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupDisplayName", str);
        }
        String groupDisplayName = this.custImpl.getGroupDisplayName(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(groupDisplayName)) {
            groupDisplayName = "";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupDisplayName", groupDisplayName);
        }
        return groupDisplayName;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueGroupId(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupId", str);
        }
        if (authorizer != null && !authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getUniqueGroupId")) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
            return null;
        }
        String uniqueGroupId = this.custImpl.getUniqueGroupId(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(uniqueGroupId)) {
            throw new CustomRegistryException("Custom registry returned a null, empty or blank string for getUniqueGroupId(" + str + ")");
        }
        String appendRealm = RegistryUtil.appendRealm("group", uniqueGroupId.trim(), getRealm());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueGroupId", appendRealm);
        }
        return appendRealm;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupSecurityName(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupSecurityName", str);
        }
        String groupSecurityName = this.custImpl.getGroupSecurityName(str);
        if (RegistryUtil.isStringNullEmptyOrBlank(groupSecurityName)) {
            throw new CustomRegistryException("Custom registry returned a null, empty or blank string for getUserSecurityName(" + groupSecurityName + ")");
        }
        String trim = groupSecurityName.trim();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupSecurityName", trim);
        }
        return trim;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidGroup(String str) throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidGroup", str);
        }
        boolean isValidGroup = this.custImpl.isValidGroup(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isValidGroup", new Boolean(isValidGroup));
        }
        return isValidGroup;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List<String> getGroupsForUser(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupsForUser", str);
        }
        if (authorizer != null && !authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getGroupsForUser")) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
            return null;
        }
        List<String> groupsForUser = this.custImpl.getGroupsForUser(str);
        int i = 0;
        if (groupsForUser != null) {
            i = groupsForUser.size();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupsForUser", String.valueOf(i));
        }
        return groupsForUser;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public WSCredential createCredential(String str) throws CustomRegistryException, EntryNotFoundException, NotImplementedException, RemoteException {
        long j = 0;
        try {
            if (StatsFactory.isPMIEnabled()) {
                j = System.currentTimeMillis();
            }
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "createCredential", str);
            }
            if (authorizer != null && !authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "createCredential")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
                }
                if (StatsFactory.isPMIEnabled()) {
                    long currentTimeMillis = System.currentTimeMillis();
                    if (this.authModule == null) {
                        this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
                    }
                    this.authModule.onCredentialCreationTime(currentTimeMillis - j);
                }
                return null;
            }
            if (str == null || str.length() == 0) {
                throw new EntryNotFoundException("SecurityName is null");
            }
            WSCredential createCredential = (this.isLDAP || this.isSAF) ? this.custImpl.createCredential(str) : createCredentialInternal(str, null);
            try {
                createAndSetPlatformCredential(str, createCredential);
            } catch (Exception e) {
                Tr.debug(tc, "Exception creating mapped Platform Credential: " + e.getMessage());
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "841", this);
            }
            try {
                createCredential.set(AttributeNameConstants.REFRESH_GROUPS, new Boolean(true));
                createCredential.set(AttributeNameConstants.VERIFY_USER, new Boolean(true));
            } catch (Exception e2) {
                Tr.debug(tc, "Exception setting refreshGroups and verifyUser booleans in newly created credential");
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "850", this);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createCredential", createCredential);
            }
            WSCredential wSCredential = createCredential;
            if (StatsFactory.isPMIEnabled()) {
                long currentTimeMillis2 = System.currentTimeMillis();
                if (this.authModule == null) {
                    this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
                }
                this.authModule.onCredentialCreationTime(currentTimeMillis2 - j);
            }
            return wSCredential;
        } catch (Throwable th) {
            if (StatsFactory.isPMIEnabled()) {
                long currentTimeMillis3 = System.currentTimeMillis();
                if (this.authModule == null) {
                    this.authModule = SecurityAuthenticationModuleImpl.getInstance("Security Authentication");
                }
                this.authModule.onCredentialCreationTime(currentTimeMillis3 - j);
            }
            throw th;
        }
    }

    protected void createAndSetPlatformCredential(String str, WSCredential wSCredential) throws CredentialDestroyedException, CredentialExpiredException, WSSecurityException, WIMException {
        PlatformCredential createMappedCredential;
        if (wSCredential == null || wSCredential.get(CommonConstants.PLATFORM_CREDENTIAL) != null || (createMappedCredential = PlatformCredentialManager.instance().createMappedCredential(str, wSCredential)) == null) {
            return;
        }
        wSCredential.set(CommonConstants.PLATFORM_CREDENTIAL, createMappedCredential);
    }

    protected WSCredential createCredentialInternal(String str, WSCredential wSCredential) throws CustomRegistryException, RemoteException {
        int indexOf;
        String str2 = null;
        if ("true".equalsIgnoreCase(this.useDisplayName)) {
            try {
                str2 = getUserDisplayName(str);
                if ("".equals(str2)) {
                    str2 = null;
                }
            } catch (Exception e) {
            }
        }
        try {
            final String uniqueUserId = this.custImpl.getUniqueUserId(str);
            final String realm = getRealm();
            final String appendRealm = RegistryUtil.appendRealm("user", uniqueUserId, realm);
            final ArrayList arrayList = new ArrayList();
            List<String> uniqueGroupIds = this.custImpl.getUniqueGroupIds(uniqueUserId);
            String str3 = null;
            if (uniqueGroupIds != null && uniqueGroupIds.size() > 0) {
                String[] strArr = (String[]) uniqueGroupIds.toArray(new String[uniqueGroupIds.size()]);
                for (int i = 0; i < strArr.length; i++) {
                    if (i == 0) {
                        str3 = RegistryUtil.appendRealm("group", strArr[i], realm);
                    }
                    arrayList.add(RegistryUtil.appendRealm("group", strArr[i], realm));
                }
            }
            str = str2 != null ? str2 : str;
            if (this.isWindows && !this.isLocalOrDomain && (indexOf = str.indexOf("\\")) != -1) {
                str = str.substring(indexOf + 1);
            }
            String userSecurityName = "true".equalsIgnoreCase(this.useLoggedInSecName) ? str : this.custImpl.getUserSecurityName(uniqueUserId);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "securityName used in the credential is: ", userSecurityName);
            }
            final String str4 = userSecurityName;
            final String str5 = str3 != null ? str3 : "";
            try {
                return (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction<WSCredential>() { // from class: com.ibm.ws.security.registry.UserRegistryImpl.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public WSCredential run() throws Exception {
                        return new WSCredentialImpl(realm, str4, uniqueUserId, str5, appendRealm, null, arrayList);
                    }
                });
            } catch (PrivilegedActionException e2) {
                throw e2.getException();
            }
        } catch (CustomRegistryException e3) {
            Tr.debug(tc, "CustomRegistryException creating credential: " + e3.getMessage());
            Tr.error(tc, "security.registry.createcredential.error", new Object[]{str, e3});
            FFDCFilter.processException(e3, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "990", this);
            throw new CustomRegistryException(e3.getMessage(), e3);
        } catch (Exception e4) {
            Tr.debug(tc, "Exception creating credential.", new Object[]{e4});
            FFDCFilter.processException(e4, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "996", this);
            throw new RemoteException(e4.getMessage(), e4);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getRealm() throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        if (this.realm == null) {
            String realm = this.custImpl.getRealm();
            if (RegistryUtil.isStringNullEmptyOrBlank(realm)) {
                realm = CUSTOM_REALM;
            }
            this.realm = realm.trim();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", this.realm);
        }
        return this.realm;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List<String> getUniqueGroupIds(String str) throws EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupIds", str);
        }
        if (authorizer == null || authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getUniqueGroupIds")) {
            List<String> uniqueGroupIds = this.custImpl.getUniqueGroupIds(str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueGroupIds", uniqueGroupIds);
            }
            return uniqueGroupIds;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
        return null;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsersForGroup(String str, int i) throws NotImplementedException, EntryNotFoundException, CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsersForGroup", str);
        }
        if (authorizer == null || authorizer.checkAccess(Constants.SECURITY_SERVER_XML, Constants.USER_REGISTRY, "getUsersForGroup")) {
            Result usersForGroup = this.custImpl.getUsersForGroup(str, i);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup", usersForGroup);
            }
            return usersForGroup;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "checkAccess failed", new Exception("Authorization failed"));
        return null;
    }

    public void setConfigurator(RoleBasedConfigurator roleBasedConfigurator) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setConfigurator", roleBasedConfigurator);
        }
        if (roleBasedConfigurator != null) {
            if (authorizer != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "RoleBasedAuthorizer was previously set to: " + authorizer.toString());
            }
            try {
                authorizer = roleBasedConfigurator.getRoleBasedAuthorizer(Constants.ADMIN_APP, "domain");
            } catch (Exception e) {
                Tr.error(tc, "security.init.roleauthz.geterr", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.UserRegistryImpl.setConfigurator", "1075", this);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setConfigurator");
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer(super.toString());
        if (this.custImpl == null) {
            stringBuffer.append(";impl=null");
        } else {
            stringBuffer.append(";impl=").append(this.custImpl.toString());
        }
        stringBuffer.append(";realm=").append(this.realm);
        return stringBuffer.toString();
    }

    public void setCustomImpl(UserRegistry userRegistry) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setCustomImpl, reg=" + userRegistry);
        }
        this.custImpl = userRegistry;
    }

    public UserRegistry getCustomImpl() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getCustomImpl, custImpl=" + this.custImpl);
        }
        return this.custImpl;
    }
}
