package com.ibm.wsspi.aries.utils;

import com.ibm.ISecurityUtilityImpl.InvalidPasswordDecodingException;
import com.ibm.ISecurityUtilityImpl.InvalidPasswordEncodingException;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ISecurityUtilityImpl.UnsupportedCryptoAlgorithmException;
import com.ibm.ejs.models.base.bindings.commonbnd.BasicAuthData;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.eba.application.security.WASApplicationSecurityManagerImpl;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.workspace.RepositoryContext;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import com.ibm.wsspi.aries.application.metadata.AppConstants;
import com.ibm.wsspi.aries.application.metadata.WASApplicationSecurityManager;
import com.ibm.wsspi.aries.application.metadata.WASApplicationSecurityRoleMappingFactory;
import com.ibm.wsspi.aries.application.metadata.WASApplicationSecurityRoleMappingMetadata;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.aries.util.io.IOUtils;

/* loaded from: input_file:com/ibm/wsspi/aries/utils/WASSecurityBindingUtils.class */
public class WASSecurityBindingUtils {
    private static final String PROP_MODULE_NAME = ".name";
    private static final String PROP_MODULE_IDENT = ".module.";
    private static final String PROP_MODULE_ROLE_IDENT = ".role.";
    private static final String PROP_USER_IDENT = ".user.";
    private static final String PROP_GROUP_IDENT = ".group.";
    private static final String PROP_SPECIAL_SUBJECT_IDENT = ".specialsubject";
    private static final String PROP_RUNAS = ".runas";
    private static final String PROP_RUNAS_BASICAUTH_USERID = ".runas.basicauth.userid";
    private static final String PROP_RUNAS_BASICAUTH_PASSWORD = ".runas.basicauth.password";
    private static final TraceComponent tc = Tr.register(WASSecurityBindingUtils.class, AppConstants.TRACE_GROUP, AppConstants.RESOURCE_BUNDLE);
    private static final String sep = System.getProperty("file.separator");
    public static final String RC_RELATIVE_METADATA_FILE_PATH = AppConstants.BINDINGS_LOCATION_META_INF + sep + "APPLICATION_SECURITY_BINDING.properties";
    private static final String RC_RELATIVE_METADATA_FILE_PATH_WITH_META_PREFIX = AppConstants.BINDINGS_LOCATION_META + sep + RC_RELATIVE_METADATA_FILE_PATH;
    private static final Pattern appRolePattern = Pattern.compile("(.*).module.([0-9]+).name");
    private static final Pattern moduleRolePattern = Pattern.compile("(.*).module.([0-9]+).role.[0-9]+");
    private static final Pattern userRolePattern = Pattern.compile("(.*).user.[0-9]+");
    private static final Pattern groupRolePattern = Pattern.compile("(.*).group.[0-9]+");
    private static final Pattern specialSubjectPattern = Pattern.compile("(.*).specialsubject");
    private static final Pattern runAsPattern = Pattern.compile("(.*).runas");
    private static final Pattern basicAuthUIDPattern = Pattern.compile("(.*).runas.basicauth.userid");
    private static final Pattern basicAuthPwdPattern = Pattern.compile("(.*).runas.basicauth.password");

    public static WASApplicationSecurityRoleMappingMetadata loadConfig(RepositoryContext repositoryContext, String str) throws WorkSpaceException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadConfig", new Object[]{repositoryContext, str});
        }
        WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata = null;
        InputStream inputStream = null;
        String str2 = RC_RELATIVE_METADATA_FILE_PATH_WITH_META_PREFIX;
        if (repositoryContext.isAvailable(str2)) {
            if (repositoryContext.isExtracted(str2)) {
                if (repositoryContext.getFile(str2) != null) {
                    try {
                        inputStream = repositoryContext.getInputStream(str2);
                    } catch (WorkSpaceException e) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception thrown accessing the workspace file " + str2 + ": " + e, new Object[0]);
                        }
                        FFDCFilter.processException(e, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.loadConfig", "102");
                        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                            Tr.exit(tc, "loadConfig", e);
                        }
                        throw e;
                    }
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to access the workspace file " + str2, new Object[0]);
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Workspace file " + str2 + " not found in the Repository Context", new Object[0]);
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Workspace file " + str2 + "is not available", new Object[0]);
        }
        if (inputStream == null) {
            String str3 = str + sep + RC_RELATIVE_METADATA_FILE_PATH;
            File file = new File(str3);
            if (file.exists()) {
                try {
                    inputStream = new FileInputStream(file);
                } catch (FileNotFoundException e2) {
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Workspace file " + str3 + "is not available", new Object[0]);
            }
        }
        if (inputStream != null) {
            wASApplicationSecurityRoleMappingMetadata = processConfigFile(inputStream);
            IOUtils.close(inputStream);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Unable to find file in workspace or in the config tree.", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadConfig", wASApplicationSecurityRoleMappingMetadata);
        }
        return wASApplicationSecurityRoleMappingMetadata;
    }

    private static WASApplicationSecurityRoleMappingMetadata processConfigFile(InputStream inputStream) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "processConfigFile", new Object[]{inputStream});
        }
        WASApplicationSecurityRoleMappingMetadata roleMappingMetadata = WASApplicationSecurityRoleMappingFactory.getRoleMappingMetadata();
        Properties properties = new Properties();
        try {
            properties.load(inputStream);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.processConfigFile", "181");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            Matcher matcher = appRolePattern.matcher(str);
            if (matcher.matches()) {
                String group = matcher.group(1);
                roleMappingMetadata.addApplicationRole(group);
                try {
                    Integer num = new Integer(matcher.group(2));
                    if (!hashMap.containsKey(group)) {
                        hashMap.put(group, new HashMap());
                    }
                    Map map = (Map) hashMap.get(group);
                    if (!map.containsKey(num)) {
                        map.put(num, str2);
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Module ID " + num + " has already been mapped for Application Role " + group, new Object[0]);
                    }
                } catch (NumberFormatException e2) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Property Key has an incorrect format: " + str + ". Ignoring this entry", new Object[0]);
                    }
                }
            }
        }
        for (Map.Entry entry2 : properties.entrySet()) {
            String str3 = (String) entry2.getKey();
            String str4 = (String) entry2.getValue();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Current property key: " + str3 + "  Property Value: " + str4, new Object[0]);
            }
            Matcher matcher2 = moduleRolePattern.matcher(str3);
            Matcher matcher3 = userRolePattern.matcher(str3);
            Matcher matcher4 = groupRolePattern.matcher(str3);
            Matcher matcher5 = specialSubjectPattern.matcher(str3);
            Matcher matcher6 = runAsPattern.matcher(str3);
            Matcher matcher7 = basicAuthUIDPattern.matcher(str3);
            Matcher matcher8 = basicAuthPwdPattern.matcher(str3);
            if (matcher2.matches()) {
                try {
                    String group2 = matcher2.group(1);
                    Integer num2 = new Integer(matcher2.group(2));
                    if (hashMap.containsKey(group2)) {
                        Map map2 = (Map) hashMap.get(group2);
                        if (map2.containsKey(num2)) {
                            roleMappingMetadata.addModuleRole(matcher2.group(1), str4, (String) map2.get(num2));
                        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Can not find an entry for Module ID : " + num2 + " for Property Key " + str3 + ". Ignoring this entry", new Object[0]);
                        }
                    }
                } catch (NumberFormatException e3) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Property Key has an incorrect format: " + str3 + ". Ignoring this entry", new Object[0]);
                    }
                }
            } else if (matcher3.matches()) {
                roleMappingMetadata.mapUserToApplicationRole(matcher3.group(1), str4);
            } else if (matcher4.matches()) {
                roleMappingMetadata.mapGroupToApplicationRole(matcher4.group(1), str4);
            } else if (matcher5.matches()) {
                roleMappingMetadata.mapSpecialSubjectToApplicationRole(matcher5.group(1), str4);
            } else if (matcher6.matches()) {
                roleMappingMetadata.setIsRunAsRole(matcher6.group(1), Boolean.valueOf(str4).booleanValue());
            } else if (matcher7.matches()) {
                roleMappingMetadata.setRunAsRoleUserid(matcher7.group(1), str4);
            } else if (matcher8.matches()) {
                String str5 = AppConstants.EMPTY_STRING;
                try {
                    str5 = PasswordUtil.decode(str4);
                } catch (UnsupportedCryptoAlgorithmException e4) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception thrown trying decode Runas Password: " + e4, new Object[0]);
                    }
                    FFDCFilter.processException(e4, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.processConfigFile", "350");
                } catch (InvalidPasswordDecodingException e5) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception thrown trying decode Runas Password: " + e5, new Object[0]);
                    }
                    FFDCFilter.processException(e5, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.processConfigFile", "344");
                }
                roleMappingMetadata.setRunAsRolePassword(matcher8.group(1), str5);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "processConfigFile", roleMappingMetadata);
        }
        return roleMappingMetadata;
    }

    public static WASApplicationSecurityRoleMappingMetadata loadConfig(String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadConfig", new Object[]{str});
        }
        WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata = null;
        String str2 = str + sep + RC_RELATIVE_METADATA_FILE_PATH;
        File file = new File(str2);
        if (file.exists()) {
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(file);
                    wASApplicationSecurityRoleMappingMetadata = processConfigFile(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (FileNotFoundException e2) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, str2 + " does not exist", new Object[0]);
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e3) {
                        }
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e4) {
                    }
                }
                throw th;
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "File " + str2 + "does not exist in Config directory", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadConfig", wASApplicationSecurityRoleMappingMetadata);
        }
        return wASApplicationSecurityRoleMappingMetadata;
    }

    public static void saveConfig(RepositoryContext repositoryContext, String str, WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata) throws WorkSpaceException, IOException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "saveConfig", new Object[]{repositoryContext, str, wASApplicationSecurityRoleMappingMetadata});
        }
        String str2 = RC_RELATIVE_METADATA_FILE_PATH_WITH_META_PREFIX;
        OutputStream outputStream = null;
        if (repositoryContext.isAvailable(str2)) {
            if (!repositoryContext.isExtracted(str2)) {
                repositoryContext.extract(str2, false);
            }
            if (repositoryContext.getFile(str2) != null) {
                try {
                    outputStream = repositoryContext.getOutputStream(str2);
                } catch (WorkSpaceException e) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception thrown accessing the workspace file " + str2 + ": " + e, new Object[0]);
                    }
                    FFDCFilter.processException(e, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.saveConfig", "289");
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "saveConfig", e);
                    }
                    throw e;
                }
            }
        }
        if (outputStream == null) {
            File file = new File(repositoryContext.getPath(), str2);
            if (file.getParentFile().isDirectory() || file.getParentFile().mkdirs()) {
                if (file.createNewFile()) {
                    repositoryContext.notifyChanged(0, str2);
                    outputStream = repositoryContext.getOutputStream(str2);
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to create file", new Object[]{str2});
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to create directory", new Object[0]);
            }
        }
        try {
            if (outputStream != null) {
                try {
                    writeRoleMappingsToFile(outputStream, wASApplicationSecurityRoleMappingMetadata);
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e2) {
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception thrown trying to close the output stream for " + str2 + ": " + e2, new Object[0]);
                            }
                            FFDCFilter.processException(e2, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.saveConfig", "363");
                        }
                    }
                } catch (IOException e3) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception thrown writing the workspace file " + str2 + ": " + e3, new Object[0]);
                    }
                    FFDCFilter.processException(e3, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.saveConfig", "322");
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "saveConfig", e3);
                    }
                    throw e3;
                }
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Couldn't create new Security Binding file " + str2, new Object[0]);
                }
                Tr.error(tc, "APPUTILS0037E", new Object[]{str2});
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "saveConfig");
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (IOException e4) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception thrown trying to close the output stream for " + str2 + ": " + e4, new Object[0]);
                    }
                    FFDCFilter.processException(e4, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.saveConfig", "363");
                }
            }
            throw th;
        }
    }

    private static void writeRoleMappingsToFile(OutputStream outputStream, WASApplicationSecurityRoleMappingMetadata wASApplicationSecurityRoleMappingMetadata) throws IOException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "writeRoleMappingsToFile", new Object[]{outputStream, wASApplicationSecurityRoleMappingMetadata});
        }
        Properties properties = new Properties();
        for (String str : wASApplicationSecurityRoleMappingMetadata.getAllApplicationRoles()) {
            int i = 0;
            for (String str2 : wASApplicationSecurityRoleMappingMetadata.getAllModuleNamesMappedToApplicationRole(str)) {
                properties.setProperty(str + PROP_MODULE_IDENT + i + PROP_MODULE_NAME, str2);
                int i2 = 0;
                Iterator<String> it = wASApplicationSecurityRoleMappingMetadata.getAllModuleRolesMappedToApplicationRoleForModule(str, str2).iterator();
                while (it.hasNext()) {
                    properties.setProperty(str + PROP_MODULE_IDENT + i + PROP_MODULE_ROLE_IDENT + i2, it.next());
                    i2++;
                }
                i++;
            }
            int i3 = 0;
            Iterator<String> it2 = wASApplicationSecurityRoleMappingMetadata.getUsersMappedToApplicationRole(str).iterator();
            while (it2.hasNext()) {
                properties.setProperty(str + PROP_USER_IDENT + i3, it2.next());
                i3++;
            }
            int i4 = 0;
            Iterator<String> it3 = wASApplicationSecurityRoleMappingMetadata.getGroupsMappedToApplicationRole(str).iterator();
            while (it3.hasNext()) {
                properties.setProperty(str + PROP_GROUP_IDENT + i4, it3.next());
                i4++;
            }
            String specialSubjectMappedToApplicationRole = wASApplicationSecurityRoleMappingMetadata.getSpecialSubjectMappedToApplicationRole(str);
            if (specialSubjectMappedToApplicationRole != null) {
                properties.setProperty(str + PROP_SPECIAL_SUBJECT_IDENT, specialSubjectMappedToApplicationRole);
            }
            if (wASApplicationSecurityRoleMappingMetadata.isRunAsRole(str)) {
                properties.setProperty(str + PROP_RUNAS, Boolean.toString(wASApplicationSecurityRoleMappingMetadata.isRunAsRole(str)));
                BasicAuthData basicAuthForRunAsRole = wASApplicationSecurityRoleMappingMetadata.getBasicAuthForRunAsRole(str);
                if (basicAuthForRunAsRole != null) {
                    properties.setProperty(str + PROP_RUNAS_BASICAUTH_USERID, basicAuthForRunAsRole.getUserId());
                    String password = basicAuthForRunAsRole.getPassword();
                    String str3 = AppConstants.EMPTY_STRING;
                    try {
                        str3 = PasswordUtil.encode(password);
                    } catch (InvalidPasswordEncodingException e) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception thrown trying encode Runas Password for Userid " + basicAuthForRunAsRole.getUserId() + ": " + e, new Object[0]);
                        }
                        FFDCFilter.processException(e, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.writeRoleMappingsToFile", "561");
                    } catch (UnsupportedCryptoAlgorithmException e2) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception thrown trying encode Runas Password for Userid " + basicAuthForRunAsRole.getUserId() + ": " + e2, new Object[0]);
                        }
                        FFDCFilter.processException(e2, "com.ibm.wsspi.aries.utils.WASSecurityBindingUtils.writeRoleMappingsToFile", "568");
                    }
                    properties.setProperty(str + PROP_RUNAS_BASICAUTH_PASSWORD, str3);
                }
            }
        }
        properties.store(outputStream, "WebSphere Application Security Role Mappings");
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "writeRoleMappingsToFile");
        }
    }

    public static WASApplicationSecurityManager createSecurityManager() {
        return new WASApplicationSecurityManagerImpl();
    }
}
