package com.ibm.wbimonitor.security;

import com.ibm.wbimonitor.rest.util.MemberHelper;
import com.ibm.websphere.logging.WsLevel;
import com.ibm.websphere.wim.client.LocalServiceProvider;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.util.SDOHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.core.ContextManagerFactory;
import commonj.sdo.DataObject;
import java.rmi.RemoteException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

/* loaded from: input_file:library_jars/com.ibm.wbimonitor.repository.jar:com/ibm/wbimonitor/security/FGSAttributeUtility.class */
public class FGSAttributeUtility {
    public static final String COPYRIGHT = "Copyright IBM Corporation 2010, 2011.";
    private static final Logger logger = Logger.getLogger("com.ibm.wbimonitor.security.FGSAttributeUtility");
    private static final String CLASSNAME = FGSAttributeUtility.class.getName();
    private static DirContext ldapContext = null;
    private static String ATTR_PREFIX = "$account";
    private static String PARAMETERS_PREFIX = "parameters";
    private static String USER_ID = "userID";
    private static String USER_DN = "userDN";
    private static String GROUP_CN = "groupCNs";
    private static String GROUP_DN = "groupDNs";

    public static String getAttributeFromUserDN(String str, String str2) throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeFromUserDN(String userDN, String attributeExpression)", new Object[]{str, str2});
        }
        if (str == null || str.isEmpty() || str2 == null || str2.trim().isEmpty()) {
            throw new Exception("Wrong input to get user attribute. UserDN: " + str + " Attribute expression: " + str2);
        }
        String str3 = null;
        Object attributeObjectFromUserDN = getAttributeObjectFromUserDN(str, getAttributeName(str2.trim()));
        if (attributeObjectFromUserDN != null) {
            if (attributeObjectFromUserDN instanceof List) {
                List list = (List) attributeObjectFromUserDN;
                str3 = list.size() > 0 ? list.get(0).toString() : null;
            } else {
                str3 = attributeObjectFromUserDN.toString();
            }
        }
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeFromUserDN(String userDN, String attributeExpression)", str3);
        }
        return str3;
    }

    public static List<String> getAttributeListFromUserDN(String str, String str2) throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeListFromUserDN(String userDN, String attributeExpression)", new Object[]{str, str2});
        }
        if (str == null || str.isEmpty() || str2 == null || str2.trim().isEmpty()) {
            throw new Exception("Wrong input to get user attribute. UserDN: " + str + " Attribute expression: " + str2);
        }
        ArrayList arrayList = new ArrayList();
        Object attributeObjectFromUserDN = getAttributeObjectFromUserDN(str, getAttributeName(str2.trim()));
        if (attributeObjectFromUserDN != null) {
            if (attributeObjectFromUserDN instanceof List) {
                Iterator it = ((List) attributeObjectFromUserDN).iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().toString());
                }
            } else {
                arrayList.add(attributeObjectFromUserDN.toString());
            }
        }
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeListFromUserDN(String userDN, String attributeExpression)", arrayList);
        }
        return arrayList;
    }

    private static String getAttributeName(String str) throws Exception {
        String substring;
        int indexOf;
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeName(String attributeExpression)", new Object[]{str});
        }
        String str2 = null;
        int indexOf2 = str.indexOf(".");
        if (indexOf2 > 0 && ATTR_PREFIX.equalsIgnoreCase(str.substring(0, indexOf2)) && (indexOf = (substring = str.substring(indexOf2 + 1)).indexOf(".")) > 0 && PARAMETERS_PREFIX.equalsIgnoreCase(substring.substring(0, indexOf))) {
            str2 = substring.substring(indexOf + 1);
        }
        if (str2 == null || str2.isEmpty()) {
            throw new Exception("Attribute expression with wrong format. Attribute expression: " + str);
        }
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeName(String attributeExpression)", str2);
        }
        return str2;
    }

    private static Object getAttributeObjectFromUserDN(String str, String str2) throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeObjectFromUserDN(String userDN, String attribute)", new Object[]{str, str2});
        }
        Object obj = null;
        if (str2.equalsIgnoreCase(USER_ID)) {
            obj = MemberHelper.getUIDFromUserDN(str);
        } else if (str2.equalsIgnoreCase(USER_DN)) {
            obj = str;
        } else if (str2.equalsIgnoreCase(GROUP_CN)) {
            obj = MemberHelper.getGroupCNsFromUserDN(str);
        } else if (str2.equalsIgnoreCase(GROUP_DN)) {
            obj = MemberHelper.getGroupDNsFromUserDN(str);
        } else if (MemberHelper.isVMMConfigured()) {
            obj = getAttributeFromVMM(str, str2);
        } else {
            if (!MemberHelper.isLDAPConfigured()) {
                throw new Exception("The user attribute is not supported. Attribute: " + str2);
            }
            Attribute attributeFromLDAP = getAttributeFromLDAP(str, str2);
            if (attributeFromLDAP != null && attributeFromLDAP.size() > 0) {
                obj = new ArrayList();
                for (int i = 0; i < attributeFromLDAP.size(); i++) {
                    ((List) obj).add(attributeFromLDAP.get(i));
                }
            }
        }
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeObjectFromUserDN(String userDN, String attribute)", obj);
        }
        return obj;
    }

    private static Object getAttributeFromVMM(String str, String str2) throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeFromVMM(String userDN, String attribute)", new Object[]{str, str2});
        }
        final LocalServiceProvider localServiceProvider = new LocalServiceProvider((Hashtable) null);
        final DataObject createRootDataObject = SDOHelper.createRootDataObject();
        SDOHelper.createEntityDataObject(createRootDataObject, (String) null, "PersonAccount").createDataObject("identifier").setString("uniqueName", str);
        SDOHelper.createControlDataObject(createRootDataObject, (String) null, "PropertyControl").getList("properties").add(str2);
        Object obj = null;
        List list = ((DataObject) ContextManagerFactory.getInstance().runAsSystem(new PrivilegedExceptionAction() { // from class: com.ibm.wbimonitor.security.FGSAttributeUtility.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws RemoteException, WIMException {
                return localServiceProvider.get(createRootDataObject);
            }
        })).getList("entities");
        if (list != null && list.size() > 0) {
            obj = ((DataObject) list.get(0)).get(str2);
        }
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeFromVMM(String userDN, String attribute)", obj);
        }
        return obj;
    }

    private static Attribute getAttributeFromLDAP(String str, String str2) throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getAttributeFromLDAP(String userDN, String attribute)", new Object[]{str, str2});
        }
        Attribute attribute = getLDAPContext().getAttributes(str, new String[]{str2}).get(str2);
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getAttributeFromLDAP(String userDN, String attribute)", attribute);
        }
        return attribute;
    }

    private static DirContext getLDAPContext() throws Exception {
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.entering(CLASSNAME, "getLDAPContext()");
        }
        if (ldapContext != null) {
            if (logger.isLoggable(WsLevel.FINER)) {
                logger.exiting(CLASSNAME, "getLDAPContext()", ldapContext);
            }
            return ldapContext;
        }
        UserRegistryConfig activeUserRegistry = SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry();
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", activeUserRegistry.getProperty("java.naming.provider.url"));
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.referral", "follow");
        if (activeUserRegistry.getBoolean("sslEnabled")) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        String property = activeUserRegistry.getProperty("java.naming.security.principal");
        if (property != null) {
            hashtable.put("java.naming.security.principal", property);
        }
        String property2 = activeUserRegistry.getProperty("java.naming.security.credentials");
        if (property2 != null) {
            hashtable.put("java.naming.security.credentials", property2);
        }
        ldapContext = new InitialDirContext(hashtable);
        if (logger.isLoggable(WsLevel.FINER)) {
            logger.exiting(CLASSNAME, "getLDAPContext()", ldapContext);
        }
        return ldapContext;
    }
}
