package com.ibm.ws.security.zOS;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.zOS.authz.AccessLevel;
import com.ibm.ws.security.zOS.authz.SAFAuthorizationManager;
import com.ibm.ws.util.PlatformHelperFactory;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/zOS/NativeConfiguration.class */
public final class NativeConfiguration {
    public static final TraceComponent tc = Tr.register(NativeConfiguration.class, "Security", "com.ibm.ejs.resources.security");
    private static final NativeConfiguration _instance = new NativeConfiguration();

    public static NativeConfiguration getConfig() {
        return _instance;
    }

    private NativeConfiguration() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public void initializeConfiguration() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeConfiguration");
        }
        PlatformCredential createServerCredential = PlatformCredentialManager.instance().createServerCredential();
        String string = SecurityObjectLocator.getAdminData().getString(AdminData.CELL_SHORT_NAME);
        String string2 = SecurityObjectLocator.getAdminData().getString(AdminData.GENERIC_SERVER_SHORT_NAME);
        if (isControllerJvm()) {
            setupTrustedApplications(createServerCredential, string, string2);
            if (ntv_isTrustedApplicationsEnabled()) {
                Tr.audit(tc, "security.zos.trusted.apps.enabled");
            } else {
                Tr.audit(tc, "security.zos.trusted.apps.disabled");
            }
            if (SecurityObjectLocator.getSecurityConfig().getSAFProfilePrefix() != null) {
                setSAFProfilePrefix(SecurityObjectLocator.getSecurityConfig().getSAFProfilePrefix());
            }
        }
        if (isControllerJvm() && isThreadIdentityRequested()) {
            setupThreadIdentity(createServerCredential, string, string2);
            if (isApplicationSyncToThreadEnabled()) {
                Tr.audit(tc, "security.zos.threadid.app.enabled");
            } else if (isApplicationSyncToThreadRequested() && !isApplicationSyncToThreadEnabled()) {
                Tr.audit(tc, "security.zos.threadid.app.denied");
            }
            if (isConnectionManagementThreadIdentityEnabled()) {
                Tr.audit(tc, "security.zos.threadid.connmgmt.enabled");
            } else if (isConnectionManagementThreadIdentityRequested() && !isConnectionManagementThreadIdentityEnabled()) {
                Tr.audit(tc, "security.zos.threadid.connmgmt.denied");
            }
            if (ntv_isSkipSurrogateChecksEnabled()) {
                Tr.audit(tc, "security.zos.threadid.skip.surrogate.enabled");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeConfiguration", this);
        }
    }

    public boolean isConnectionManagementThreadIdentityEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isConnectionManagementThreadIdentityEnabled");
        }
        boolean z = isConnectionManagementThreadIdentityRequested() && ntv_isSyncToThreadEnabled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isConnectionManagementThreadIdentityEnabled", new Boolean(z));
        }
        return z;
    }

    public boolean isApplicationSyncToThreadEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isApplicationSyncToThreadEnabled");
        }
        boolean z = isApplicationSyncToThreadRequested() && ntv_isSyncToThreadEnabled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isApplicationSyncToThreadEnabled", new Boolean(z));
        }
        return z;
    }

    public boolean isMutualAuthCBINDCheckEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isMutualAuthCBINDCheckEnabled");
        }
        boolean ntv_isMutualAuthCBINDCheckEnabled = ntv_isMutualAuthCBINDCheckEnabled();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isMutualAuthCBINDCheckEnabled", new Boolean(ntv_isMutualAuthCBINDCheckEnabled));
        }
        return ntv_isMutualAuthCBINDCheckEnabled;
    }

    private boolean isControllerJvm() {
        return PlatformHelperFactory.getPlatformHelper().isControlJvm();
    }

    private void setupTrustedApplications(PlatformCredential platformCredential, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setupTrustedApplications", new Object[]{platformCredential, str, str2});
        }
        try {
            if (SAFAuthorizationManager.instance().isAuthorized(platformCredential, "FACILITY", "BBO.TRUSTEDAPPS." + str + "." + str2)) {
                setTrustedApplicationsEnabled(true);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not setting trusted apps", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setupTrustedApplications");
        }
    }

    private boolean setTrustedApplicationsEnabled(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTrustedApplicationsEnabled", new Boolean(z));
        }
        boolean ntv_setTrustedApplicationsEnabled = ntv_setTrustedApplicationsEnabled(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTrustedApplicationsEnabled", new Boolean(ntv_setTrustedApplicationsEnabled));
        }
        return ntv_setTrustedApplicationsEnabled;
    }

    private boolean isThreadIdentityRequested() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isThreadIdentityRequested");
        }
        boolean z = isApplicationSyncToThreadRequested() || isConnectionManagementThreadIdentityRequested();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isThreadIdentityRequested", new Boolean(z));
        }
        return z;
    }

    private boolean isConnectionManagementThreadIdentityRequested() {
        SecurityObjectLocator.getSecurityConfig("AppSecurity");
        SecurityObjectLocator.getSecurityConfig("Security");
        boolean propertyBool = SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.ENABLE_RUN_AS_IDENTITY);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isConnectionManagementThreadIdentityRequested", new Boolean(propertyBool));
        }
        return propertyBool;
    }

    private boolean isApplicationSyncToThreadRequested() {
        SecurityObjectLocator.getSecurityConfig("AppSecurity");
        SecurityObjectLocator.getSecurityConfig("Security");
        boolean propertyBool = SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.ENABLE_SYNC_TO_OS_THREAD);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isApplicationSyncToThreadRequested", new Boolean(propertyBool));
        }
        return propertyBool;
    }

    private void setupThreadIdentity(PlatformCredential platformCredential, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setupThreadIdentity", new Object[]{platformCredential, str, str2});
        }
        String str3 = "BBO.SYNC." + str + "." + str2;
        SAFAuthorizationManager instance = SAFAuthorizationManager.instance();
        try {
            if (instance.isAuthorized(platformCredential, "FACILITY", str3, AccessLevel.CONTROL)) {
                setSkipSurrogateChecksEnabled(true);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not setting skip surrogate checks", e);
            }
        }
        try {
            if (instance.isAuthorized(platformCredential, "FACILITY", str3, AccessLevel.READ)) {
                setSyncToThreadEnabled(true);
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not setting thread identity enabled", e2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setupThreadIdentity");
        }
    }

    private boolean setSyncToThreadEnabled(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSyncToThreadEnabled", new Boolean(z));
        }
        boolean ntv_setSyncToThreadEnabled = ntv_setSyncToThreadEnabled(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSyncToThreadEnabled", new Boolean(ntv_setSyncToThreadEnabled));
        }
        return ntv_setSyncToThreadEnabled;
    }

    private boolean setSkipSurrogateChecksEnabled(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSkipSurrogateChecksEnabled", new Boolean(z));
        }
        boolean ntv_setSkipSurrogateChecksEnabled = ntv_setSkipSurrogateChecksEnabled(z);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSkipSurrogateChecksEnabled", new Boolean(ntv_setSkipSurrogateChecksEnabled));
        }
        return ntv_setSkipSurrogateChecksEnabled;
    }

    private boolean setSAFProfilePrefix(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSAFProfilePrefix", new String(str));
        }
        boolean ntv_setSAFProfilePrefix = ntv_setSAFProfilePrefix(str);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSAFProfilePrefix", new Boolean(ntv_setSAFProfilePrefix));
        }
        return ntv_setSAFProfilePrefix;
    }

    private native boolean ntv_setTrustedApplicationsEnabled(boolean z);

    private native boolean ntv_isTrustedApplicationsEnabled();

    private native boolean ntv_setSyncToThreadEnabled(boolean z);

    private native boolean ntv_isSyncToThreadEnabled();

    private native boolean ntv_setSkipSurrogateChecksEnabled(boolean z);

    private native boolean ntv_isSkipSurrogateChecksEnabled();

    private native boolean ntv_isMutualAuthCBINDCheckEnabled();

    private native boolean ntv_setSAFProfilePrefix(String str);
}
