package com.ibm.ws.security.admintask.securityDomain;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.xml.soapsec.Constants;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.management.ObjectName;

/* loaded from: input_file:com/ibm/ws/security/admintask/securityDomain/SecurityConfigProviderHelper.class */
public class SecurityConfigProviderHelper {
    private static TraceComponent tc = Tr.register((Class<?>) SecurityConfigProvider.class, "security", "com.ibm.ws.security.admintask.securityDomain");
    private static String BUNDLE_NAME = AdminConstants.MSG_BUNDLE_NAME;
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());

    public static boolean isValidUserRegType(String str) {
        if (str != null) {
            return str.equalsIgnoreCase("LDAPUserRegistry") || str.equalsIgnoreCase("WIMUserRegistry") || str.equalsIgnoreCase("CustomUserRegistry") || str.equalsIgnoreCase("LocalOSUserRegistry");
        }
        return false;
    }

    public ObjectName getUserRegistryObject(ConfigService configService, Session session, ObjectName objectName, String str, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException, Exception {
        ObjectName objectName2 = null;
        if (str != null && !str.equals("")) {
            if (!isValidUserRegType(str)) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.InvalidUserRegType", null));
            }
            objectName2 = secConfigTaskHelper.getRegistryObject(session, configService, objectName, str);
        }
        return objectName2;
    }

    public ObjectName getActiveUserRegistryObject(ConfigService configService, Session session, ObjectName objectName, Boolean bool, ObjectName objectName2, String str, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException, Exception {
        if (bool.booleanValue()) {
            if (str != null && str.equals("")) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.unsetActiveUserRegistry.SECJ7727E", null));
            }
            if (objectName2 == null) {
                objectName2 = (ObjectName) configService.getAttribute(session, objectName, "activeUserRegistry");
            }
            if (objectName2 == null) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.noActiveUserRegistsry.SECJ7720E", null));
            }
        }
        return objectName2;
    }

    public void validateRegistryObject(ConfigService configService, Session session, ObjectName objectName, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException, Exception {
        if (objectName != null && !secConfigTaskHelper.isRegistryGood(session, configService, objectName)) {
            throw new CommandValidationException(getMsg(resBundle, "security.admintask.verifyUserRegistry.SECJ7724E", null));
        }
    }

    public static boolean isValidAuthMechanismType(String str) {
        if (str != null) {
            return str.equalsIgnoreCase(AuthMechanismConfig.TYPE_KERBEROS) || str.equalsIgnoreCase("LTPA") || str.equalsIgnoreCase("RSAToken") || str.equalsIgnoreCase(Constants.STR_BASIC) || str.equalsIgnoreCase("Custom");
        }
        return false;
    }

    protected boolean krb5IsConfigured() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "krb5IsConfigured");
        }
        Boolean bool = Boolean.FALSE;
        try {
            AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("validateKrbConfig");
            createCommand.setParameter("checkConfigOnly", false);
            createCommand.setParameter("validateKrbRealm", true);
            createCommand.setParameter("useGlobalSecurityConfig", true);
            createCommand.setConfigSession(new Session());
            createCommand.execute();
            CommandResult commandResult = createCommand.getCommandResult();
            if (commandResult.isSuccessful()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "krb5IsConfigured");
                }
                bool = (Boolean) commandResult.getResult();
            } else {
                Throwable exception = commandResult.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "verifyKrbConfig did not execute.", new Object[]{exception});
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "krb5IsConfigured");
            }
            return bool.booleanValue();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "verifyKrbConfig did not execute.", new Object[]{e});
            }
            throw e;
        }
    }

    public ObjectName getAuthMechanismObject(ConfigService configService, Session session, ObjectName objectName, String str, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException, Exception {
        ObjectName objectName2 = null;
        if (str != null) {
            if (!isValidAuthMechanismType(str)) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.authMechanismNotValid.SECJ7721E", null));
            }
            objectName2 = secConfigTaskHelper.getAuthMechanismObject(session, configService, objectName, str);
            if (objectName2 == null) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.noAuthMechanismObj.SECJ7722E", null));
            }
            if (str.equalsIgnoreCase(AuthMechanismConfig.TYPE_KERBEROS)) {
                try {
                    if (!krb5IsConfigured()) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.authMechNotConfigured.SECJ7766E", null));
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityConfigProvider", "%");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "exception caught", e);
                    }
                    throw e;
                }
            }
        }
        return objectName2;
    }

    public ObjectName getAdminPreferedAuthMechanismObject(ConfigService configService, Session session, ObjectName objectName, String str, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException {
        ObjectName objectName2 = null;
        if (str != null && str.length() > 0) {
            if (!str.equalsIgnoreCase("RSAToken")) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.authMechanismNotValid.SECJ7721E", null));
            }
            objectName2 = secConfigTaskHelper.getAuthMechanismObject(session, configService, objectName, str);
            if (objectName2 == null) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.noAuthMechanismObj.SECJ7722E", null));
            }
        }
        return objectName2;
    }

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    public void validateCacheTimeout(ConfigService configService, Session session, ObjectName objectName, Integer num, SecConfigTaskHelper secConfigTaskHelper) throws CommandValidationException, Exception {
        if (num == null || num.equals("")) {
            return;
        }
        if (Long.valueOf(num.intValue()).longValue() > Long.valueOf(60 * ((Long) configService.getAttribute(session, getAuthMechanismObject(configService, session, objectName, "LTPA", secConfigTaskHelper), "timeout")).longValue()).longValue()) {
            throw new CommandValidationException(getMsg(resBundle, "security.admintask.authCacheTimeout.SECJ8022E", null));
        }
    }
}
