package com.ibm.ws.security.registry.ldap;

import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.xml.soapsec.Constants;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.NoSuchElementException;
import java.util.StringTokenizer;
import java.util.Vector;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/registry/ldap/CertificateMapper.class */
public class CertificateMapper {
    public static final String exactDnMapMode = "exactDNMode";
    public static final String uniqueKeyMapMode = "uniqueKeyMode";
    public static final String filterDescriptorMapMode = "filterDescriptorMode";
    private String mapMode;
    private int searchScope;
    private String mapDesc = null;
    private String[] mapDescEles = null;

    public CertificateMapper() {
        try {
            setLdapMapMode("exactDNMode");
        } catch (CertificateMapperException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.CertificateMapper.CertificateMapper", "61", this);
        }
    }

    public String getLdapMapMode() {
        return this.mapMode;
    }

    public void setLdapMapMode(String str) throws CertificateMapperException {
        this.mapMode = str;
        if (str.equals("exactDNMode")) {
            this.searchScope = 0;
        } else if (str.equals("uniqueKeyMode")) {
            this.searchScope = 2;
        } else {
            if (!str.equals("filterDescriptorMode")) {
                throw new CertificateMapperException("invalid map mode: " + str);
            }
            this.searchScope = 2;
        }
    }

    public String getLdapFilterDescriptor() {
        return this.mapDesc;
    }

    public void setLdapFilterDescriptor(String str) throws CertificateMapperException {
        if (str != null) {
            this.mapDescEles = parseFilterDescriptor(str);
        }
        this.mapDesc = str;
    }

    public String getLdapSearchFilter(X509Certificate x509Certificate) throws CertificateMapperException {
        if (this.mapMode.equals("exactDNMode")) {
            return x509Certificate.getSubjectDN().getName();
        }
        if (this.mapMode.equals("uniqueKeyMode")) {
            return "userCertificate=" + getUniqueKey(x509Certificate);
        }
        if (this.mapMode.equals("filterDescriptorMode")) {
            return getFilterByDescriptor(x509Certificate);
        }
        throw new CertificateMapperException("unknown map mode: " + this.mapMode);
    }

    public int getLdapSearchScope() {
        return this.searchScope;
    }

    public static String getUniqueKey(X509Certificate x509Certificate) {
        StringBuffer stringBuffer = new StringBuffer("subjectDN:");
        stringBuffer.append(x509Certificate.getSubjectDN().getName()).append("issuerDN:").append(x509Certificate.getIssuerDN().getName());
        return Base64Coder.base64Encode(getDigest(stringBuffer.toString()));
    }

    private String getFilterByDescriptor(X509Certificate x509Certificate) throws CertificateMapperException {
        if (this.mapDescEles == null) {
            throw new CertificateMapperException("map descriptor is not set");
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < this.mapDescEles.length; i++) {
            String str = this.mapDescEles[i];
            if (str.charAt(0) != '$') {
                stringBuffer.append(str);
            } else if (str.equals("${UniqueKey}")) {
                stringBuffer.append(getUniqueKey(x509Certificate));
            } else if (str.equals("${PublicKey}")) {
                stringBuffer.append(x509Certificate.getPublicKey().getEncoded());
            } else if (str.equals("${BasicConstraints}")) {
                continue;
            } else if (str.startsWith("${Issuer")) {
                stringBuffer.append(getDnSubField(str.substring(8, str.length() - 1), x509Certificate.getIssuerDN().getName()));
            } else if (!str.equals("${IssuerUniqueID}") && !str.equals("${KeyUsage}")) {
                if (str.equals("${NotAfter}")) {
                    stringBuffer.append(x509Certificate.getNotAfter().toString());
                } else if (str.equals("${NotBefore}")) {
                    stringBuffer.append(x509Certificate.getNotBefore().toString());
                } else if (str.equals("${SerialNumber}")) {
                    stringBuffer.append(x509Certificate.getSerialNumber());
                } else if (str.equals("${SigAlgName}")) {
                    stringBuffer.append(x509Certificate.getSigAlgName());
                } else if (str.equals("${SigAlgOID}")) {
                    stringBuffer.append(x509Certificate.getSigAlgOID());
                } else if (str.equals("${SigAlgParams}")) {
                    stringBuffer.append(x509Certificate.getSigAlgParams());
                } else if (str.equals("${Signature}")) {
                    continue;
                } else if (str.startsWith("${Subject")) {
                    stringBuffer.append(getDnSubField(str.substring(9, str.length() - 1), x509Certificate.getSubjectDN().getName()));
                } else if (str.equals("${SubjectUniqueID}")) {
                    continue;
                } else {
                    if (str.equals("${TBSCertificate}")) {
                        throw new CertificateMapperException("getTBSCertificate() is unsupported");
                    }
                    if (!str.equals("${Version}")) {
                        throw new CertificateMapperException("unknown variable: " + str);
                    }
                    stringBuffer.append(x509Certificate.getVersion());
                }
            }
        }
        return stringBuffer.toString();
    }

    private String[] parseFilterDescriptor(String str) throws CertificateMapperException {
        Vector vector = new Vector();
        int i = 0;
        int i2 = 0;
        int length = str.length();
        while (true) {
            if (i >= length) {
                break;
            }
            int indexOf = str.indexOf("${", i2);
            if (indexOf != -1) {
                if (i2 < indexOf) {
                    vector.addElement(str.substring(i2, indexOf));
                }
                int indexOf2 = str.indexOf("}", indexOf);
                if (indexOf2 == -1) {
                    throw new CertificateMapperException("missing '}'");
                }
                i = indexOf2 + 1;
                vector.addElement(str.substring(indexOf, i));
                i2 = i;
            } else if (i2 < length) {
                vector.addElement(str.substring(i2));
            }
        }
        String[] strArr = new String[vector.size()];
        for (int i3 = 0; i3 < vector.size(); i3++) {
            strArr[i3] = (String) vector.elementAt(i3);
        }
        return strArr;
    }

    private static String getDnSubField(String str, String str2) throws CertificateMapperException {
        String nextToken;
        String nextToken2;
        if (str.equals(Constants.STR_DN)) {
            return str2;
        }
        boolean booleanValue = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getUserRegistry("LDAP").getProperty(UserRegistryConfig.LDAP_COMPOUND_RDN_PARSING_ENABLED)).booleanValue();
        StringTokenizer stringTokenizer = new StringTokenizer(str2);
        do {
            if (booleanValue) {
                try {
                    nextToken = stringTokenizer.nextToken(",=+ ");
                    nextToken2 = stringTokenizer.nextToken(",+");
                } catch (NoSuchElementException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.CertificateMapper.getDnSubField", "264");
                    throw new CertificateMapperException("unknown field of DN: " + str);
                }
            } else {
                nextToken = stringTokenizer.nextToken(",= ");
                nextToken2 = stringTokenizer.nextToken(",");
            }
            if (nextToken2 != null) {
                nextToken2 = nextToken2.substring(1);
            }
        } while (!nextToken.equals(str));
        return nextToken2;
    }

    private static String getDigest(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(StringUtil.getBytes(str));
            return StringUtil.toString(messageDigest.digest());
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.CertificateMapper.getDigest", "282");
            return null;
        }
    }

    private static String removeSpace(String str) {
        if (str == null || str.trim().length() <= 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) != ' ' || (str.charAt(i - 1) != ',' && str.charAt(i - 1) != ' ')) {
                stringBuffer.append(str.charAt(i));
            }
        }
        return stringBuffer.toString();
    }
}
