package com.ibm.ws.migration.postupgrade.common;

import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.ipc.ssl.CryptoHardwareToken;
import com.ibm.websphere.models.config.ipc.ssl.KeyFileFormatKind;
import com.ibm.websphere.models.config.ipc.ssl.KeyManager;
import com.ibm.websphere.models.config.ipc.ssl.KeySetGroup;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.ipc.ssl.ManagementScope;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.ipc.ssl.SslFactory;
import com.ibm.websphere.models.config.ipc.ssl.SslPackage;
import com.ibm.websphere.models.config.ipc.ssl.TrustManager;
import com.ibm.websphere.models.config.ipc.ssl.WSSchedule;
import com.ibm.websphere.models.config.jaaslogin.JAASAuthData;
import com.ibm.websphere.models.config.jaaslogin.JAASConfigurationEntry;
import com.ibm.websphere.models.config.jaaslogin.JAASLoginModule;
import com.ibm.websphere.models.config.properties.PropertiesFactory;
import com.ibm.websphere.models.config.properties.PropertiesPackage;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.AuthMechanism;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.models.config.security.LocalOSUserRegistry;
import com.ibm.websphere.models.config.security.SSLConfig;
import com.ibm.websphere.models.config.security.SSLType;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.models.config.security.UserRegistry;
import com.ibm.websphere.models.config.topology.nodegroup.NodeGroup;
import com.ibm.websphere.models.config.variables.VariableMap;
import com.ibm.websphere.models.config.variables.VariableSubstitutionEntry;
import com.ibm.ws.migration.common.Configuration;
import com.ibm.ws.migration.common.OSInfoFactory;
import com.ibm.ws.migration.common.UpgradeBase;
import com.ibm.ws.migration.common.WCCMDocumentReflector;
import com.ibm.ws.migration.postupgrade.Federated.DMgrConnectionInfo;
import com.ibm.ws.migration.postupgrade.WASPostUpgrade;
import com.ibm.ws.migration.utility.LoggerImpl;
import com.ibm.ws.migration.utility.ReleaseVersionImpl;
import com.ibm.ws.migration.utility.UtilityImpl;
import com.ibm.wsspi.migration.document.Document;
import com.ibm.wsspi.migration.document.TransformMappingKey;
import com.ibm.wsspi.migration.document.wccm.WCCMDocument;
import com.ibm.wsspi.migration.document.wccm.WCCMDocumentProcessorHelper;
import com.ibm.wsspi.migration.transform.DocumentTransform;
import com.ibm.wsspi.migration.utility.Profile;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.eclipse.emf.common.util.BasicEList;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:com/ibm/ws/migration/postupgrade/common/SecurityConfig.class */
public class SecurityConfig extends SecurityConfigCommon {
    protected String _authConfig;
    protected boolean _systemSSL;
    protected boolean _daemonConfig;
    protected SSLConfig[] _sslConfigList;
    protected int _sslConfigCount;
    public SSLConfig _defaultSSLConfig;
    private static String zOS_DOMAINTYPE;
    private static String zOS_DOMAINNAME;
    private static String zOS_CELLQUALIFIED_DOMAINTYPE;
    private static String SAF_PROFILEPREFIX;
    private static TraceComponent _tc = Tr.register(SecurityConfig.class, "Migration.Flow", "com.ibm.ws.migration.WASUpgrade");
    protected static ManagementScope _managementScope = null;
    protected static KeyManager _keyManager = null;
    protected static TrustManager _trustManager = null;
    protected static EList _keyStoreList = null;
    protected static EList _customProperties = null;
    protected static String _keyStoreName = "SSLConfigAlias_KeyStore_";
    protected static int _keyStoreCount = 0;
    private static String inbound_transport_sslconfig = "was.com.ibm.websphere.security.zos.csiv2.inbound.transport.sslconfig";
    private static String outbound_transport_sslconfig = "was.com.ibm.websphere.security.zos.csiv2.outbound.transport.sslconfig";
    private static Map<String, String> SAF_propertiesToTop = new HashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ws.migration.postupgrade.common.SecurityConfigCommon
    public void addOverrides() throws Exception {
        super.addOverrides();
        getProcessorHelper().addOverride(Property.class, "setName", new Class[]{String.class});
        getProcessorHelper().addOverride(Security.class, "setEnabled", new Class[]{Boolean.TYPE});
        getProcessorHelper().addOverride(AuthMechanism.class, "getAuthConfig", new Class[0]);
        getProcessorHelper().addOverride(AuthMechanism.class, "setAuthContextImplClass", new Class[]{String.class});
        ReleaseVersionImpl releaseVersionImpl = (ReleaseVersionImpl) getTransform().getScenario().getOldProductImage().getReleaseVersion();
        if (releaseVersionImpl.isR51() || releaseVersionImpl.isR60()) {
            getProcessorHelper().addOverride(UserRegistry.class, "setUseRegistryServerId", new Class[]{Boolean.TYPE});
        }
        ((WCCMDocumentReflector) getProcessorHelper()).addMultipleCrossReferenceMethod(SecureSocketLayer.class, "getTrustManager");
        ((WCCMDocumentReflector) getProcessorHelper()).addMultipleCrossReferenceMethod(KeySetGroup.class, "getKeySet");
        getProcessorHelper().addOverride(LTPA.class, "getPassword", new Class[0]);
        getProcessorHelper().addOverride(LTPA.class, "getPrivate", new Class[0]);
        getProcessorHelper().addOverride(LTPA.class, "getPublic", new Class[0]);
        getProcessorHelper().addOverride(LTPA.class, "getShared", new Class[0]);
        getProcessorHelper().addOverride(Security.class, "getRepertoire", new Class[0]);
        if (releaseVersionImpl.isR51() || releaseVersionImpl.isR60() || releaseVersionImpl.isR61() || releaseVersionImpl.isR70()) {
            getProcessorHelper().addOverride(SecureSocketLayer.class, "getKeyFileFormat", new Class[0]);
            getProcessorHelper().addOverride(SecureSocketLayer.class, "getTrustFileFormat", new Class[0]);
        }
        if (WASPostUpgrade.is_scriptCompatibility()) {
            return;
        }
        getProcessorHelper().addOverride(SSLConfig.class, "getManagementScope", new Class[0]);
        getProcessorHelper().addOverride(SecureSocketLayer.class, "getSslProtocol", new Class[0]);
        getProcessorHelper().addOverride(SecureSocketLayer.class, "getJsseProvider", new Class[0]);
        getProcessorHelper().addOverride(SecureSocketLayer.class, "getEnabledCiphers", new Class[0]);
        if (releaseVersionImpl.isR51() || releaseVersionImpl.isR60() || releaseVersionImpl.isR61() || releaseVersionImpl.isR70()) {
            getProcessorHelper().addOverride(SecureSocketLayer.class, "getKeyStore", new Class[0]);
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setKeyStore", new Class[]{KeyStore.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "getTrustStore", new Class[0]);
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setTrustStore", new Class[]{KeyStore.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setKeyFileName", new Class[]{String.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setKeyFilePassword", new Class[]{String.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setTrustFileName", new Class[]{String.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setTrustFilePassword", new Class[]{String.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setCryptoHardware", new Class[]{CryptoHardwareToken.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "setKeyFileFormat", new Class[]{KeyFileFormatKind.class});
            getProcessorHelper().addOverride(SecureSocketLayer.class, "getKeyManager", new Class[0]);
        }
        getProcessorHelper().addOverride(SSLConfig.class, "getType", new Class[0]);
        getProcessorHelper().addOverride(SecureSocketLayer.class, "setEnableCryptoHardwareSupport", new Class[]{Boolean.TYPE});
    }

    public SecurityConfig(DocumentTransform documentTransform, TransformMappingKey transformMappingKey, WCCMDocumentProcessorHelper wCCMDocumentProcessorHelper) throws Exception {
        super(documentTransform, transformMappingKey, wCCMDocumentProcessorHelper);
        this._authConfig = null;
        this._systemSSL = false;
        this._daemonConfig = false;
        this._sslConfigList = new SSLConfig[100];
        this._sslConfigCount = 0;
        this._defaultSSLConfig = null;
    }

    @Override // com.ibm.ws.migration.postupgrade.common.SecurityConfigCommon, com.ibm.wsspi.migration.document.wccm.WCCMDocumentProcessor
    public Document getTemplateDocument() {
        return null;
    }

    public void setAuthContextImplClass(AuthMechanism authMechanism, String str) {
        Tr.entry(_tc, "setAuthContextImplClass", str);
        if (this._authConfig == null || !this._authConfig.equals("system.ICSF")) {
            authMechanism.setAuthContextImplClass(str);
        } else if (str.equals("null")) {
            authMechanism.setAuthContextImplClass("com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextICSFImpl");
        } else {
            authMechanism.setAuthContextImplClass(str);
        }
        this._authConfig = null;
    }

    public String getAuthConfig(boolean z, AuthMechanism authMechanism) {
        Tr.entry(_tc, "getAuthConfig", authMechanism);
        if (z) {
            this._authConfig = authMechanism.getAuthConfig();
        }
        return authMechanism.getAuthConfig();
    }

    public void setName(Property property, String str) {
        Tr.entry(_tc, "setName", str);
        if (!OSInfoFactory.isZSeries() && str != null && str.equals("com.ibm.ssl.contextProvider")) {
            property.setValue("IBMJSSE2");
        }
        property.setName(str);
    }

    public void setEnabled(Security security, boolean z) {
        Tr.entry(_tc, "setEnabled", new Object[]{security, new Boolean(z)});
        security.setEnabled(z);
        ReleaseVersionImpl releaseVersionImpl = (ReleaseVersionImpl) getTransform().getScenario().getOldProductImage().getReleaseVersion();
        if (releaseVersionImpl.isR51() || releaseVersionImpl.isR60()) {
            security.setAppEnabled(z);
        }
        initializeSSLVariables(security);
    }

    public void setCryptoHardware(SecureSocketLayer secureSocketLayer, CryptoHardwareToken cryptoHardwareToken) {
        Tr.entry(_tc, "setCryptoHardware", new Object[]{cryptoHardwareToken, secureSocketLayer});
        secureSocketLayer.setCryptoHardware((CryptoHardwareToken) null);
    }

    public void setKeyFileName(SecureSocketLayer secureSocketLayer, String str) {
        Tr.entry(_tc, "setKeyFileName", new Object[]{str, secureSocketLayer});
        secureSocketLayer.setKeyFileName((String) null);
    }

    public KeyFileFormatKind getKeyFileFormat(boolean z, SecureSocketLayer secureSocketLayer) {
        Tr.entry(_tc, "getKeyFileFormat", new Object[]{new Boolean(z), secureSocketLayer});
        if (WASPostUpgrade.is_scriptCompatibility() && secureSocketLayer.isSetKeyFileFormat()) {
            return secureSocketLayer.getKeyFileFormat();
        }
        return null;
    }

    public void setKeyFileFormat(SecureSocketLayer secureSocketLayer, KeyFileFormatKind keyFileFormatKind) {
        secureSocketLayer.setKeyFileFormat((KeyFileFormatKind) null);
    }

    public KeyFileFormatKind getTrustFileFormat(boolean z, SecureSocketLayer secureSocketLayer) {
        Tr.entry(_tc, "getTrustFileFormat", new Object[]{new Boolean(z), secureSocketLayer});
        if (WASPostUpgrade.is_scriptCompatibility() && secureSocketLayer.isSetTrustFileFormat()) {
            return secureSocketLayer.getTrustFileFormat();
        }
        return null;
    }

    public String getPublic(boolean z, LTPA ltpa) throws Exception {
        Tr.entry(_tc, "getPublic", new Object[]{new Boolean(z), ltpa});
        return null;
    }

    public String getPrivate(boolean z, LTPA ltpa) throws Exception {
        Tr.entry(_tc, "getPrivate", new Object[]{new Boolean(z), ltpa});
        return null;
    }

    public String getPassword(boolean z, LTPA ltpa) throws Exception {
        Tr.entry(_tc, "getPassword", new Object[]{new Boolean(z), ltpa});
        return null;
    }

    public String getShared(boolean z, LTPA ltpa) throws Exception {
        Tr.entry(_tc, "getShared", new Object[]{new Boolean(z), ltpa});
        return null;
    }

    public void setKeyFilePassword(SecureSocketLayer secureSocketLayer, String str) {
        Tr.entry(_tc, "setKeyFilePassword", new Object[]{str, secureSocketLayer});
        secureSocketLayer.setKeyFilePassword((String) null);
    }

    public void setTrustFileName(SecureSocketLayer secureSocketLayer, String str) {
        Tr.entry(_tc, "setTrustFileName", new Object[]{str, secureSocketLayer});
        secureSocketLayer.setTrustFileName((String) null);
    }

    public void setTrustFilePassword(SecureSocketLayer secureSocketLayer, String str) {
        Tr.entry(_tc, "setTrustFilePassword", new Object[]{str, secureSocketLayer});
        secureSocketLayer.setTrustFilePassword((String) null);
    }

    public void setKeyStore(SecureSocketLayer secureSocketLayer, KeyStore keyStore) throws Exception {
        Tr.entry(_tc, "setKeyStore", new Object[]{keyStore, secureSocketLayer});
        if (keyStore != null) {
            _keyStoreList.add(keyStore);
        }
        secureSocketLayer.setKeyStore(keyStore);
    }

    public void setTrustStore(SecureSocketLayer secureSocketLayer, KeyStore keyStore) throws Exception {
        Tr.entry(_tc, "setTrustStore", new Object[]{keyStore, secureSocketLayer});
        if (keyStore != null) {
            _keyStoreList.add(keyStore);
        }
        secureSocketLayer.setTrustStore(keyStore);
    }

    private String removeProperty(String str, EList eList) {
        for (int i = 0; i < eList.size(); i++) {
            Property property = (Property) eList.get(i);
            if (property.getName().equals(str)) {
                eList.remove(i);
                return property.getValue();
            }
        }
        return null;
    }

    public String getSslProtocol(boolean z, SecureSocketLayer secureSocketLayer) throws Exception {
        Tr.entry(_tc, "getSslProtocol", new Object[]{new Boolean(z), secureSocketLayer});
        String sslProtocol = secureSocketLayer.getSslProtocol();
        return sslProtocol == null ? z ? removeProperty("com.ibm.ssl.protocol", secureSocketLayer.getProperties()) : null : sslProtocol;
    }

    public String getJsseProvider(boolean z, SecureSocketLayer secureSocketLayer) throws Exception {
        Tr.entry(_tc, "getJsseProvider", new Object[]{new Boolean(z), secureSocketLayer});
        String jsseProvider = secureSocketLayer.getJsseProvider();
        return jsseProvider == null ? z ? removeProperty("com.ibm.ssl.contextProvider", secureSocketLayer.getProperties()) : null : jsseProvider;
    }

    public String getEnabledCiphers(boolean z, SecureSocketLayer secureSocketLayer) throws Exception {
        Tr.entry(_tc, "getEnabledCiphers", new Object[]{new Boolean(z), secureSocketLayer});
        String enabledCiphers = secureSocketLayer.getEnabledCiphers();
        return enabledCiphers == null ? z ? removeProperty("com.ibm.ssl.enabledCipherSuites", secureSocketLayer.getProperties()) : null : enabledCiphers;
    }

    public ManagementScope getManagementScope(boolean z, SSLConfig sSLConfig) throws Exception {
        Tr.entry(_tc, "getManagementScope", new Object[]{new Boolean(z), sSLConfig});
        ManagementScope managementScope = sSLConfig.getManagementScope();
        if (z) {
            this._systemSSL = false;
            this._daemonConfig = false;
            if (sSLConfig.getType().equals(SSLType.SSSL_LITERAL)) {
                this._systemSSL = true;
                this._daemonConfig = checkDaemonSSLConfig(sSLConfig);
            }
        }
        return managementScope == null ? _managementScope : managementScope;
    }

    public SSLType getType(boolean z, SSLConfig sSLConfig) {
        Tr.entry(_tc, "getType", new Object[]{new Boolean(z), sSLConfig});
        SSLType type = sSLConfig.getType();
        if (z && getSystemSSL() && !getDaemonConfig()) {
            type = SSLType.JSSE_LITERAL;
        }
        return type;
    }

    public void setEnableCryptoHardwareSupport(SecureSocketLayer secureSocketLayer, boolean z) {
        Tr.entry(_tc, "setEnableCryptoHardwareSupport", new Object[]{secureSocketLayer});
        secureSocketLayer.setEnableCryptoHardwareSupport(false);
    }

    public KeyManager getKeyManager(boolean z, SecureSocketLayer secureSocketLayer) {
        Tr.entry(_tc, "getKeyManager", new Object[]{new Boolean(z), secureSocketLayer});
        KeyManager keyManager = secureSocketLayer.getKeyManager();
        return keyManager == null ? _keyManager : keyManager;
    }

    private void removeSSSLTrustManagers(List<?> list) {
        Iterator<?> it = list.iterator();
        while (it.hasNext()) {
            SSLConfig sSLConfig = (SSLConfig) it.next();
            if (SSLType.SSSL_LITERAL.equals(sSLConfig.getType())) {
                sSLConfig.getSetting().getTrustManager().clear();
            }
        }
    }

    public List getRepertoire(boolean z, Security security) throws Exception {
        Tr.entry(_tc, "getRepertoire", new Object[]{new Boolean(z), security});
        List repertoire = security.getRepertoire();
        removeSSSLTrustManagers(repertoire);
        if (z) {
            if (OSInfoFactory.isZSeries()) {
                repertoire = updateRepertoireList(repertoire);
            }
            String owningNodeName = getTransform().getScenario().getOldProductImage().getProfile().getOwningNodeName();
            Iterator<?> it = repertoire.iterator();
            while (it.hasNext()) {
                SSLConfig sSLConfig = (SSLConfig) it.next();
                String alias = sSLConfig.getAlias();
                if (checkDaemonConfig(sSLConfig) || isBacklevelNodeSSSL(security, sSLConfig, owningNodeName, alias)) {
                    it.remove();
                    if (!getTransform().getScenario().getOldProductImage().getProfile().isNodeFederated() && WASPostUpgrade.is_wasPostUpgrade()) {
                        this._sslConfigList[this._sslConfigCount] = sSLConfig;
                        this._sslConfigCount++;
                    }
                } else {
                    int indexOf = alias.indexOf("/");
                    if ((indexOf != -1 ? alias.substring(0, indexOf) : alias).equals(owningNodeName)) {
                        if (!OSInfoFactory.isZSeries() && alias.equals(owningNodeName + "/DefaultSSLSettings")) {
                            this._defaultSSLConfig = sSLConfig;
                        } else if (OSInfoFactory.isZSeries() && alias.equals(owningNodeName + "/RACFJSSESettings")) {
                            this._defaultSSLConfig = sSLConfig;
                        } else if (this._defaultSSLConfig == null) {
                            this._defaultSSLConfig = sSLConfig;
                        }
                    }
                }
            }
        } else {
            for (int i = 0; i < this._sslConfigCount; i++) {
                repertoire.add(this._sslConfigList[i]);
            }
        }
        return repertoire;
    }

    public List updateRepertoireList(List list) {
        Tr.entry(_tc, "getRepertoire", list);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            SSLConfig sSLConfig = (SSLConfig) it.next();
            SecureSocketLayer setting = sSLConfig.getSetting();
            if (sSLConfig.getType().equals(SSLType.JSSE_LITERAL) && setting.isEnableCryptoHardwareSupport()) {
                String keyFileName = setting.getKeyFileName();
                String trustFileName = setting.getTrustFileName();
                EList properties = setting.getProperties();
                PropertiesFactory propertiesFactory = PropertiesPackage.eINSTANCE.getPropertiesFactory();
                if (keyFileName != null && keyFileName.startsWith("safkeyring:///")) {
                    setting.setKeyFileName(keyFileName.replaceFirst("safkeyring", "safkeyringhw"));
                    setting.setEnableCryptoHardwareSupport(false);
                    Property createProperty = propertiesFactory.createProperty();
                    createProperty.setName(DMgrConnectionInfo.keystoreTypeKey);
                    createProperty.setValue("JCE4758RACFKS");
                    properties.add(createProperty);
                }
                if (trustFileName != null && trustFileName.startsWith("safkeyring:///")) {
                    setting.setTrustFileName(trustFileName.replaceFirst("safkeyring", "safkeyringhw"));
                    setting.setEnableCryptoHardwareSupport(false);
                    Property createProperty2 = propertiesFactory.createProperty();
                    createProperty2.setName(DMgrConnectionInfo.truststoreTypeKey);
                    createProperty2.setValue("JCE4758RACFKS");
                    properties.add(createProperty2);
                }
            }
        }
        return list;
    }

    protected boolean checkDaemonConfig(SSLConfig sSLConfig) throws Exception {
        boolean z = false;
        if (sSLConfig.getType().equals(SSLType.SSSL_LITERAL)) {
            z = checkDaemonSSLConfig(sSLConfig);
        }
        return z;
    }

    public void logProgressMessage(Security security, Boolean bool) {
        Tr.entry(_tc, "logProgressMessage", new Object[]{security});
        if (bool.booleanValue()) {
            return;
        }
        Tr.event(_tc, "The Security Attribute isEnabled is set to: " + security.isEnabled());
        if (security.isEnabled()) {
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.updating.authmech", new Object[]{"Active"}, "Updating attributes of the {0} AuthMechanism."));
            if (security == null || security.getActiveUserRegistry() == null || security.getActiveUserRegistry().getServerId() == null) {
                return;
            }
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.updating.userreg", new Object[]{"Active", security.getActiveUserRegistry().getServerId()}, "Updating attributes of the {0} UserRegistry to reflect the information for serverId {1}."));
        }
    }

    public void logProgressMessage(SSLConfig sSLConfig, Boolean bool) {
        Tr.entry(_tc, "logProgressMessage", new Object[]{sSLConfig});
        String alias = sSLConfig.getAlias();
        if (bool.booleanValue()) {
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.adding.element", new Object[]{"SSLConfig", alias}, "Adding {0} entry {1} to the model."));
        } else {
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.updating.entry", new Object[]{"SSLConfig", alias}, "Updating attributes of {0} entry {1}, it is already defined in the existing model."));
        }
    }

    public void logProgressMessage(JAASAuthData jAASAuthData, Boolean bool) {
        Tr.entry(_tc, "logProgressMessage", new Object[]{jAASAuthData});
        String alias = jAASAuthData.getAlias();
        if (bool.booleanValue()) {
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.adding.element", new Object[]{"JAASAuthData", alias}, "Adding {0} entry {1} to the model."));
        } else {
            UpgradeBase.get_logger().println(LoggerImpl.get_nls().getFormattedMessage("advise.logging.updating.entry", new Object[]{"JAASAuthData", alias}, "Updating attributes of {0} entry {1}, it is already defined in the existing model."));
        }
    }

    public void setUseRegistryServerId(UserRegistry userRegistry, boolean z) {
        Tr.entry(_tc, "setUseRegistryServerId", new Object[]{userRegistry, new Boolean(z)});
        userRegistry.setUseRegistryServerId(true);
    }

    protected KeyStore convertCryptoHardwareToken(SecureSocketLayer secureSocketLayer) {
        return convertCryptoHardwareToken(secureSocketLayer, SslPackage.eINSTANCE.getSslFactory().createKeyStore());
    }

    protected KeyStore convertCryptoHardwareToken(SecureSocketLayer secureSocketLayer, KeyStore keyStore) {
        Tr.entry(_tc, "convertCryptoHardwareToken", secureSocketLayer);
        CryptoHardwareToken cryptoHardware = secureSocketLayer.getCryptoHardware();
        String libraryFile = cryptoHardware.getLibraryFile();
        _keyStoreCount++;
        int i = 0;
        while (i < _customProperties.size()) {
            Property property = (Property) _customProperties.get(i);
            if (property.getName().equals("com.ibm.ssl.tokenSlot")) {
                String value = property.getValue();
                _customProperties.remove(i);
                libraryFile = libraryFile + ":" + value;
                i--;
            }
            i++;
        }
        String str = !OSInfoFactory.isZSeries() ? "IBMPKCS11Impl" : "JCE4758KS";
        keyStore.setLocation(libraryFile);
        keyStore.setPassword(cryptoHardware.getPassword());
        keyStore.setType(cryptoHardware.getTokenType());
        keyStore.setProvider(str);
        keyStore.setFileBased(false);
        keyStore.setInitializeAtStartup(false);
        keyStore.setManagementScope(_managementScope);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(_keyStoreName);
        stringBuffer.append("_");
        stringBuffer.append(_keyStoreCount);
        keyStore.setName(stringBuffer.toString());
        return keyStore;
    }

    protected void initializeSSLVariables(Security security) {
        Tr.entry(_tc, "initializeSecurityVariables", security);
        EList managementScopes = security.getManagementScopes();
        if (managementScopes.size() > 0) {
            _managementScope = (ManagementScope) managementScopes.get(0);
        }
        _keyStoreList = security.getKeyStores();
        EList keyManagers = security.getKeyManagers();
        EList trustManagers = security.getTrustManagers();
        for (int i = 0; i < keyManagers.size(); i++) {
            _keyManager = (KeyManager) keyManagers.get(i);
            if (_keyManager.getName().equals("IbmX509")) {
                break;
            }
        }
        for (int i2 = 0; i2 < trustManagers.size(); i2++) {
            _trustManager = (TrustManager) trustManagers.get(i2);
            if (_trustManager.getName().equals("IbmX509")) {
                break;
            }
        }
        _customProperties = security.getProperties();
    }

    protected boolean getSystemSSL() {
        Tr.entry(_tc, "getSystemSSL");
        return this._systemSSL;
    }

    protected boolean getDaemonConfig() {
        Tr.entry(_tc, "getDaemonConfig");
        return this._daemonConfig;
    }

    protected boolean checkDaemonSSLConfig(SSLConfig sSLConfig) throws Exception {
        Tr.entry(_tc, "checkDaemonSSLConfig", sSLConfig);
        boolean z = false;
        String alias = sSLConfig.getAlias();
        if (((ReleaseVersionImpl) getTransform().getScenario().getOldProductImage().getReleaseVersion()).isR51()) {
            WCCMDocument wCCMDocument = (WCCMDocument) getTransform().getScenario().getOldProductImage().getProfile().getCellDocumentCollection().openDocument("variables.xml", WCCMDocument.class, false, true);
            Iterator it = ((VariableMap) UtilityImpl.locateConfigFileObject(wCCMDocument, VariableMap.class)).getEntries().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                VariableSubstitutionEntry variableSubstitutionEntry = (VariableSubstitutionEntry) it.next();
                if (variableSubstitutionEntry.getSymbolicName().contains("DAEMON") && variableSubstitutionEntry.getValue() != null && variableSubstitutionEntry.getValue().equals(alias)) {
                    z = true;
                    break;
                }
            }
            wCCMDocument.close();
        } else {
            WCCMDocument wCCMDocument2 = (WCCMDocument) getTransform().getScenario().getOldProductImage().getProfile().getCellDocumentCollection().getChild("nodegroups").getChild("DefaultNodeGroup").openDocument("nodegroup.xml", WCCMDocument.class, false, true);
            Iterator it2 = ((NodeGroup) UtilityImpl.locateConfigFileObject(wCCMDocument2, NodeGroup.class)).getProperties().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Property property = (Property) it2.next();
                if (property.getName().contains("DAEMON") && property.getValue() != null && property.getValue().equals(alias)) {
                    z = true;
                    break;
                }
            }
            wCCMDocument2.close();
        }
        return z;
    }

    @Override // com.ibm.wsspi.migration.document.wccm.BasicWCCMDocumentProcessor, com.ibm.wsspi.migration.document.wccm.WCCMDocumentProcessor
    public void processContents(List list, List list2) throws Exception {
        Tr.entry(_tc, "processContents");
        super.processContents(list, list2);
        processSecurityUpdates(list, list2);
    }

    protected void processSecurityUpdates(List list, List list2) throws Exception {
        UserRegistry activeUserRegistry;
        String realm;
        Tr.entry(_tc, "processSecurityUpdates", new Object[]{list, list2});
        Profile profile = getTransform().getScenario().getOldProductImage().getProfile();
        Security security = (Security) list2.get(0);
        Security security2 = (Security) list.get(0);
        if (WASPostUpgrade.is_wasPostUpgrade()) {
            super.copyKeystores(security2);
        }
        AuthMechanism activeAuthMechanism = security.getActiveAuthMechanism();
        if (activeAuthMechanism != null && OID.compareOIDs(activeAuthMechanism.getOID(), "oid:1.2.840.113554.1.2.2")) {
            reorderJAASLoginModules(security);
        }
        if ("servers".equals(getTransform().getParent().getName())) {
            Security security3 = (Security) list.get(0);
            if (!security3.isSetEnabled()) {
                security.unsetEnabled();
            }
            if (!security3.isSetAppEnabled()) {
                if (security3.isSetEnabled()) {
                    security.setAppEnabled(security3.isEnabled());
                } else {
                    security.unsetAppEnabled();
                }
            }
            if (!security3.isSetUseLocalSecurityServer()) {
                security.unsetUseLocalSecurityServer();
            }
            if (!security3.isSetUseDomainQualifiedUserNames()) {
                security.unsetUseDomainQualifiedUserNames();
            }
            if (!security3.isSetCacheTimeout()) {
                security.unsetCacheTimeout();
            }
            if (!security3.isSetIssuePermissionWarning()) {
                security.unsetIssuePermissionWarning();
            }
            if (!security3.isSetAllowAllPermissionForApplication()) {
                security.unsetAllowAllPermissionForApplication();
            }
            if (!security3.isSetActiveProtocol()) {
                security.unsetActiveProtocol();
            }
            if (!security3.isSetEnforceJava2Security()) {
                security.unsetEnforceJava2Security();
            }
            if (!security3.isSetEnableJava2SecRuntimeFiltering()) {
                security.unsetEnableJava2SecRuntimeFiltering();
            }
            if (!security3.isSetEnforceFineGrainedJCASecurity()) {
                security.unsetEnforceFineGrainedJCASecurity();
            }
        }
        if (!profile.isNodeFederated() && WASPostUpgrade.is_wasPostUpgrade() && getTransform().getNewDocumentCollection().getParent().getName().equals("cells")) {
            Tr.event(_tc, "Replacing P12 KeyStores");
            if (this._defaultSSLConfig != null) {
                replaceNewKeyStores(security);
            }
        }
        if (profile.isDeploymentManager() && ((ReleaseVersionImpl) getTransform().getScenario().getOldProductImage().getReleaseVersion()).isR51()) {
            for (int i = 0; i < _customProperties.size(); i++) {
                Property property = (Property) _customProperties.get(i);
                if (property.getName().equals("com.ibm.ws.security.webInboundPropagationEnabled") && property.getValue().equals("true")) {
                    Tr.event(_tc, "Update com.ibm.ws.security.webInboundPropagationEnabled with value false");
                    property.setValue("false");
                }
            }
        }
        if (!WASPostUpgrade.is_wasPostUpgrade()) {
            removeOldSSLProperties(security);
        }
        if (!profile.isNodeFederated()) {
            if (!WASPostUpgrade.is_scriptCompatibility()) {
                Tr.event(_tc, "Adding TrustStores to JSSE SSLConfigs");
                addTrustStores(security);
            }
            if (getTransform().getNewDocumentCollection().getParent().getName().equals("cells")) {
                _oldSecurityObject = (Security) list.get(0);
                _newSecurityObject = (Security) list2.get(0);
            }
            moveSAFPropertiesTop(security);
        }
        if (!WASPostUpgrade.is_scriptCompatibility()) {
            convertDomainPropertiesToSAF(security);
        }
        if (security2.getDynamicReload() != null) {
            security.setDynamicReload(security2.getDynamicReload());
        }
        if (OSInfoFactory.isZSeries()) {
            unsetFileBasedForZ(security);
            if ((security2.getActiveUserRegistry() instanceof LocalOSUserRegistry) && (realm = (activeUserRegistry = security.getActiveUserRegistry()).getRealm()) != null && realm.length() > 0) {
                activeUserRegistry.setRealm("");
            }
        }
        if (((ReleaseVersionImpl) getTransform().getScenario().getOldProductImage().getReleaseVersion()).isR60()) {
            UserRegistry activeUserRegistry2 = security2.getActiveUserRegistry();
            UserRegistry activeUserRegistry3 = security.getActiveUserRegistry();
            String serverId = activeUserRegistry2.getServerId();
            if (serverId != null && serverId.length() > 0) {
                setUseRegistryServerId(activeUserRegistry3, true);
            }
            if (OSInfoFactory.isZSeries() && getTransform().getScenario().getOldProductImage().getProfile().isDeploymentManager() && (security2.getActiveUserRegistry() instanceof LocalOSUserRegistry)) {
                setUseRegistryServerId(activeUserRegistry3, true);
            }
        }
        preserveWSSchedule(security2, security);
        preserveTrustManagers(security.getRepertoire(), security2.getRepertoire());
    }

    private void preserveWSSchedule(Security security, Security security2) {
        EList wsSchedules = security.getWsSchedules();
        EList wsSchedules2 = security2.getWsSchedules();
        String str = null;
        int i = 99;
        for (Object obj : wsSchedules) {
            if (obj instanceof WSSchedule) {
                str = ((WSSchedule) obj).getName();
                i = ((WSSchedule) obj).getDayOfWeek();
            }
            for (Object obj2 : wsSchedules2) {
                if (obj2 instanceof WSSchedule) {
                    if (str.equals(((WSSchedule) obj2).getName())) {
                        ((WSSchedule) obj2).setDayOfWeek(i);
                    }
                }
            }
        }
    }

    private void preserveTrustManagers(List<?> list, List<?> list2) {
        Tr.entry(_tc, "preserveTrustManagers", new Object[]{list2, list});
        for (Object obj : list2) {
            EList eList = null;
            String str = null;
            String str2 = null;
            if ((obj instanceof SSLConfig) && ((SSLConfig) obj).getType() == SSLType.JSSE_LITERAL) {
                if (((SSLConfig) obj).getManagementScope() != null) {
                    str2 = ((SSLConfig) obj).getManagementScope().getScopeName();
                    if (str2 != null) {
                        str = ((SSLConfig) obj).getAlias();
                        eList = ((SSLConfig) obj).getSetting().getTrustManager();
                    }
                } else {
                    Tr.event(_tc, "A source SSLConfig of type JSSE is missing the ManagementScope attribute.");
                }
            }
            if (eList != null) {
                EList eList2 = null;
                Iterator<?> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Object next = it.next();
                    if ((next instanceof SSLConfig) && ((SSLConfig) next).getType() == SSLType.JSSE_LITERAL) {
                        if (((SSLConfig) next).getManagementScope() != null) {
                            String scopeName = ((SSLConfig) next).getManagementScope().getScopeName();
                            if (scopeName != null && str.equals(((SSLConfig) next).getAlias()) && str2.equals(scopeName)) {
                                eList2 = ((SSLConfig) next).getSetting().getTrustManager();
                                break;
                            }
                        } else {
                            Tr.event(_tc, "A target SSLConfig of type JSSE is missing its ManagementScope attribute.");
                        }
                    }
                }
                if (eList2 != null) {
                    BasicEList basicEList = new BasicEList();
                    for (int i = 0; i < eList.size(); i++) {
                        TrustManager trustManager = (TrustManager) eList.get(i);
                        String name = trustManager.getName();
                        if (trustManager.getManagementScope() != null) {
                            String scopeName2 = trustManager.getManagementScope().getScopeName();
                            if (scopeName2 != null) {
                                int i2 = 0;
                                while (true) {
                                    if (i2 < eList2.size()) {
                                        TrustManager trustManager2 = (TrustManager) eList2.get(i2);
                                        if (trustManager2.getManagementScope() != null) {
                                            String scopeName3 = trustManager2.getManagementScope().getScopeName();
                                            if (scopeName3 != null) {
                                                if (name.equals(trustManager2.getName()) && scopeName2.equals(scopeName3)) {
                                                    basicEList.add(trustManager2);
                                                    break;
                                                }
                                            } else {
                                                Tr.event(_tc, "A target TrustManager is missing its ManagementScope attribute.");
                                            }
                                        }
                                        i2++;
                                    }
                                }
                            }
                        } else {
                            Tr.event(_tc, "A source TrustManager is missing its ManagementScope attribute.");
                        }
                    }
                    eList2.clear();
                    eList2.addAll(basicEList);
                } else {
                    Tr.event(_tc, "WARNING: Unexpected failure the trustManager list was not migrated from: " + str);
                }
            }
        }
        Tr.exit(_tc, "preserveTrustManagers");
    }

    protected void unsetFileBasedForZ(Security security) {
        Tr.entry(_tc, "unsetFileBasedForZ", security);
        EList keyStores = security.getKeyStores();
        for (int i = 0; i < keyStores.size(); i++) {
            KeyStore keyStore = (KeyStore) keyStores.get(i);
            if (keyStore.getType().equals("JCERACFKS")) {
                keyStore.setFileBased(false);
            }
        }
    }

    protected void addTrustStores(Security security) {
        Tr.entry(_tc, "addTrustStores", security);
        EList repertoire = security.getRepertoire();
        for (int i = 0; i < repertoire.size(); i++) {
            SecureSocketLayer setting = ((SSLConfig) repertoire.get(i)).getSetting();
            if (setting.getTrustStore() == null) {
                setting.setTrustStore(setting.getKeyStore());
            }
        }
    }

    protected void removeOldSSLProperties(Security security) throws Exception {
        Tr.entry(_tc, "removeOldSSLProperties", security);
        EList repertoire = security.getRepertoire();
        for (int i = 0; i < repertoire.size(); i++) {
            SecureSocketLayer setting = ((SSLConfig) repertoire.get(i)).getSetting();
            setting.setKeyFileFormat((KeyFileFormatKind) null);
            setting.setTrustFileFormat((KeyFileFormatKind) null);
            EList properties = setting.getProperties();
            int i2 = 0;
            while (i2 < properties.size()) {
                Property property = (Property) properties.get(i2);
                if (property.getName().equals("com.ibm.ssl.protocol") || property.getName().equals("com.ibm.ssl.contextProvider") || property.getName().equals("com.ibm.ssl.enabledCipherSuites")) {
                    properties.remove(i2);
                    i2--;
                }
                i2++;
            }
        }
    }

    protected void moveSAFPropertiesTop(Security security) throws Exception {
        Tr.entry(_tc, "moveSAFPropertiesTop", security);
        if (security == null || security.getActiveUserRegistry() == null) {
            return;
        }
        EList properties = security.getActiveUserRegistry().getProperties();
        EList properties2 = security.getProperties();
        int i = 0;
        while (i < properties.size()) {
            Property property = (Property) properties.get(i);
            String name = property.getName();
            if (SAF_propertiesToTop.containsKey(name)) {
                property.setName(SAF_propertiesToTop.get(name));
                properties2.add(property);
                if (equals(property.getName(), name)) {
                    Tr.event(_tc, "Moved property '" + name + "' from active UserRegistry to top level.");
                } else {
                    Tr.event(_tc, "Moved property '" + name + "' from active UserRegistry to '" + property.getName() + "' at the top level.");
                }
                i--;
            }
            i++;
        }
    }

    protected void convertDomainPropertiesToSAF(Security security) throws Exception {
        Tr.entry(_tc, "convertDomainPropertiesToSAF", security);
        if (WASPostUpgrade.is_scriptCompatibility()) {
            Tr.exit(_tc, "convertDomainPropertiesToSAF - script compatibility true so we do not modify properties", security);
            return;
        }
        EList<Property> properties = security.getProperties();
        Property property = null;
        Property property2 = null;
        for (Property property3 : properties) {
            if (zOS_DOMAINNAME.equals(property3.getName())) {
                property = property3;
            } else if (zOS_DOMAINTYPE.equals(property3.getName())) {
                property2 = property3;
            }
        }
        if (property2 != null) {
            if (zOS_CELLQUALIFIED_DOMAINTYPE.equals(property2.getValue()) && property != null && property.getValue() != null && !property.getValue().equals("")) {
                property.setName(SAF_PROFILEPREFIX);
                property = null;
            }
            properties.remove(property2);
            if (property != null) {
                properties.remove(property);
            }
        }
    }

    protected boolean isBacklevelNodeSSSL(Security security, SSLConfig sSLConfig, String str, String str2) throws Exception {
        Tr.entry(_tc, "isBacklevelNodeSSSL", new Object[]{security, sSLConfig, str, str2});
        boolean z = false;
        if (getTransform().getScenario().getOldProductImage().getProfile().isDeploymentManager() && sSLConfig.getType().equals(SSLType.SSSL_LITERAL) && !Pattern.matches(".*\\b" + Pattern.quote(str) + "\\b.*", str2) && (str2.endsWith("DefaultIIOPSSL") || str2.endsWith("DefaultHTTPS") || isZOSTransportSSLconfig(security, str2))) {
            z = true;
            Tr.debug(_tc, "The repertoire with alias name: " + str2 + " will not be convert from SSSL to JSSE.");
        }
        return z;
    }

    protected boolean isZOSTransportSSLconfig(Security security, String str) throws Exception {
        Tr.entry(_tc, "isZOSTransportSSLconfig", new Object[]{security, str});
        for (Property property : security.getProperties()) {
            String name = property.getName();
            if (name.equals(inbound_transport_sslconfig) || name.equals(outbound_transport_sslconfig)) {
                if (str.equals(property.getValue())) {
                    Tr.debug(_tc, "repertoire's alias name " + str + " is referenced by: " + name + " will not be converted to JSSE");
                    return true;
                }
            }
        }
        return false;
    }

    public boolean shouldConvertThisKeystore(Security security, KeyStore keyStore) throws Exception {
        String location = keyStore.getLocation();
        return (location == null || location.endsWith(Configuration.KEYSTORE_P12_DEFAULT) || location.endsWith(Configuration.TRUSTSTORE_P12_DEFAULT)) && isCellDefaultSSLSettingsKeyStore(security, keyStore);
    }

    public boolean shouldEnableCryptoHardware(KeyStore keyStore, SecureSocketLayer secureSocketLayer) {
        return keyStore.getLocation() != null && keyStore.getLocation().endsWith(Configuration.KEYSTORE_P12_DEFAULT) && secureSocketLayer.isEnableCryptoHardwareSupport();
    }

    protected void replaceNewKeyStores(Security security) throws Exception {
        Tr.entry(_tc, "replaceNewKeyStores", security);
        EList keyStores = security.getKeyStores();
        for (int i = 0; i < keyStores.size(); i++) {
            KeyStore keyStore = (KeyStore) keyStores.get(i);
            if (shouldConvertThisKeystore(security, keyStore)) {
                SecureSocketLayer setting = this._defaultSSLConfig.getSetting();
                EList repertoire = security.getRepertoire();
                String str = null;
                int i2 = 0;
                while (true) {
                    if (i2 >= repertoire.size()) {
                        break;
                    }
                    SecureSocketLayer setting2 = ((SSLConfig) repertoire.get(i2)).getSetting();
                    KeyStore keyStore2 = setting2.getKeyStore();
                    KeyStore trustStore = setting2.getTrustStore();
                    if (keyStore == keyStore2) {
                        str = UtilityImpl.fixUpPath(setting.getKeyFileName(), this._oldCurrentLevelVariables, this._newCurrentLevelVariables);
                        break;
                    } else {
                        if (keyStore == trustStore) {
                            str = UtilityImpl.fixUpPath(setting.getTrustFileName(), this._oldCurrentLevelVariables, this._newCurrentLevelVariables);
                            break;
                        }
                        i2++;
                    }
                }
                if (str == null) {
                    Tr.event(_tc, "SSL location was null, skipping this .p12");
                    return;
                }
                Tr.event(_tc, "found .p12 file, will update with old values");
                if (shouldEnableCryptoHardware(keyStore, setting)) {
                    convertCryptoHardwareToken(setting, keyStore);
                } else {
                    if (this._defaultSSLConfig.getType().equals(SSLType.SSSL_LITERAL)) {
                        this._systemSSL = true;
                        this._daemonConfig = checkDaemonSSLConfig(this._defaultSSLConfig);
                    }
                    generateKeystore(setting, keyStore, str);
                }
            }
        }
    }

    public boolean isConvertableTruststorePresent(SecureSocketLayer secureSocketLayer) {
        boolean z = false;
        if (secureSocketLayer.getTrustFileName() != null) {
            z = secureSocketLayer.getTrustFilePassword() != null;
        }
        return z;
    }

    public boolean isConvertableKeystorePresent(SecureSocketLayer secureSocketLayer) {
        boolean z = false;
        if (secureSocketLayer.getKeyFileName() != null) {
            z = secureSocketLayer.getKeyFilePassword() != null;
        }
        return z;
    }

    public KeyStore generateKeystore(SecureSocketLayer secureSocketLayer) {
        return generateKeystore(secureSocketLayer, false);
    }

    private KeyStore generateKeystore(SecureSocketLayer secureSocketLayer, boolean z) {
        KeyStore keyStore = null;
        String trustFileName = z ? secureSocketLayer.getTrustFileName() : secureSocketLayer.getKeyFileName();
        if (trustFileName != null) {
            SslFactory sslFactory = SslPackage.eINSTANCE.getSslFactory();
            _keyStoreCount++;
            keyStore = generateKeystore(secureSocketLayer, sslFactory.createKeyStore(), trustFileName);
        }
        return keyStore;
    }

    public KeyStore generateKeystore(SecureSocketLayer secureSocketLayer, KeyStore keyStore, String str) {
        keyStore.setType(secureSocketLayer.getKeyFileFormat().getName());
        keyStore.setPassword(secureSocketLayer.getKeyFilePassword());
        int lastIndexOf = str.lastIndexOf("/");
        if (keyStore.getName() == null || keyStore.getName().equals("")) {
            keyStore.setName(str.substring(lastIndexOf + 1));
        }
        if (getSystemSSL() && !getDaemonConfig()) {
            if (str != null && !str.startsWith("safkeyring:")) {
                str = "safkeyring:///" + str;
            }
            keyStore.setPassword("password");
            keyStore.setType(KeyFileFormatKind.JCERACFKS_LITERAL.toString());
        }
        keyStore.setLocation(str);
        boolean z = (secureSocketLayer.isEnableCryptoHardwareSupport() || equals("JCERACFKS", keyStore.getType()) || equals(keyStore.getType(), "JCE4758KS")) ? false : true;
        keyStore.setFileBased(z);
        keyStore.setReadOnly(!z);
        keyStore.setInitializeAtStartup(false);
        keyStore.setManagementScope(_managementScope);
        return keyStore;
    }

    public KeyStore getKeyStore(boolean z, SecureSocketLayer secureSocketLayer) throws Exception {
        Tr.entry(_tc, "getKeyStore", new Object[]{new Boolean(z), secureSocketLayer});
        KeyStore keyStore = secureSocketLayer.getKeyStore();
        if (z && isConvertableKeystorePresent(secureSocketLayer)) {
            keyStore = secureSocketLayer.isEnableCryptoHardwareSupport() ? convertCryptoHardwareToken(secureSocketLayer) : generateKeystore(secureSocketLayer, false);
        }
        return keyStore;
    }

    public KeyStore getTrustStore(boolean z, SecureSocketLayer secureSocketLayer) throws Exception {
        Tr.entry(_tc, "getTrustStore", new Object[]{new Boolean(z), secureSocketLayer});
        KeyStore trustStore = secureSocketLayer.getTrustStore();
        if (z && isConvertableTruststorePresent(secureSocketLayer)) {
            trustStore = generateKeystore(secureSocketLayer, true);
        }
        return trustStore;
    }

    protected boolean isCellDefaultSSLSettingsKeyStore(Security security, KeyStore keyStore) throws Exception {
        Tr.entry(_tc, "isCellDefaultSSLSettingsKeyStore", new Object[]{security, keyStore});
        for (SSLConfig sSLConfig : security.getRepertoire()) {
            if (sSLConfig.getAlias().equals("CellDefaultSSLSettings")) {
                Tr.debug(_tc, "repertiore keystore is " + sSLConfig.getSetting().getKeyStore());
                if (sSLConfig.getSetting().getKeyStore() == keyStore || sSLConfig.getSetting().getTrustStore() == keyStore) {
                    Tr.debug(_tc, "found CellDefaultSSLSettings KeyStore ", keyStore.getName());
                    return true;
                }
            }
        }
        Tr.exit(_tc, "isCellDefaultSSLSettingsKeyStore false");
        return false;
    }

    protected void reorderJAASLoginModules(Security security) {
        Tr.entry(_tc, "reorderJAASLoginModules", new Object[]{security});
        for (JAASConfigurationEntry jAASConfigurationEntry : security.getSystemLoginConfig().getEntries()) {
            String alias = jAASConfigurationEntry.getAlias();
            if (alias.equals("WEB_INBOUND") || alias.equals("RMI_INBOUND") || alias.equals("DEFAULT")) {
                EList loginModules = jAASConfigurationEntry.getLoginModules();
                Iterator it = loginModules.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    JAASLoginModule jAASLoginModule = (JAASLoginModule) it.next();
                    if (jAASLoginModule.getModuleClassName().equals("com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper")) {
                        loginModules.move(0, jAASLoginModule);
                        break;
                    }
                }
                EList loginModules2 = jAASConfigurationEntry.getLoginModules();
                Iterator it2 = loginModules2.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        JAASLoginModule jAASLoginModule2 = (JAASLoginModule) it2.next();
                        if (jAASLoginModule2.getModuleClassName().equals("com.ibm.ws.security.auth.kerberos.WSKrb5LoginModule")) {
                            loginModules2.move(1, jAASLoginModule2);
                            break;
                        }
                    }
                }
            }
        }
        Tr.exit(_tc, "reorderJAASLoginModules");
    }

    static {
        SAF_propertiesToTop.put("com.ibm.security.SAF.unauthenticatedId", "com.ibm.security.SAF.unauthenticated");
        SAF_propertiesToTop.put("com.ibm.security.SAF.unauthenticated", "com.ibm.security.SAF.unauthenticated");
        SAF_propertiesToTop.put("com.ibm.security.SAF.useEJBROLEAuthz", "com.ibm.security.SAF.authorization");
        SAF_propertiesToTop.put("com.ibm.security.SAF.authorization", "com.ibm.security.SAF.authorization");
        SAF_propertiesToTop.put("com.ibm.security.SAF.useEJBROLEDelegation", "com.ibm.security.SAF.delegation");
        SAF_propertiesToTop.put("com.ibm.security.SAF.delegation", "com.ibm.security.SAF.delegation");
        zOS_DOMAINTYPE = "security.zOS.domainType";
        zOS_DOMAINNAME = "security.zOS.domainName";
        zOS_CELLQUALIFIED_DOMAINTYPE = "cellQualified";
        SAF_PROFILEPREFIX = "com.ibm.security.SAF.profilePrefix";
    }
}
