package com.ibm.ws.wim.registry.util;

import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.CertificateMapNotSupportedException;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.wim.exception.EntityNotFoundException;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.ras.WIMLogger;
import com.ibm.websphere.wim.ras.WIMMessageHelper;
import com.ibm.websphere.wim.util.PasswordUtil;
import com.ibm.ws.wim.RealmManager;
import com.ibm.ws.wim.adapter.ldap.LdapConstants;
import com.ibm.ws.wim.registry.dataobject.IDAndRealm;
import com.ibm.ws.wim.security.authz.SDOHelper;
import com.ibm.ws.wim.util.StringUtil;
import commonj.sdo.DataObject;
import java.rmi.RemoteException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/ws/wim/registry/util/LoginBridge.class */
public class LoginBridge {
    private static final String COPYRIGHT_NOTICE = "(c) Copyright International Business Machines Corporation 2005";
    private final String className = LoginBridge.class.getName();
    private Logger loginBridgeTrace = WIMLogger.getTraceLogger(this.className);
    private TypeMappings propertyMap = new TypeMappings();
    private BridgeUtils mappingUtils = BridgeUtils.singleton();

    public LoginBridge() {
        if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
            this.loginBridgeTrace.entering(this.className, "LoginBridge");
        }
        if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
            this.loginBridgeTrace.exiting(this.className, "LoginBridge");
        }
    }

    public String checkPassword(String str, String str2) throws PasswordCheckFailedException, CustomRegistryException, RemoteException {
        if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
            this.loginBridgeTrace.entering(this.className, "checkPassword", "inputUser = \"" + str + "\", inputPassword = *");
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            this.mappingUtils.validateId(str);
            IDAndRealm seperateIDAndRealm = this.mappingUtils.seperateIDAndRealm(str);
            DataObject createRootDataObject = this.mappingUtils.getWimService().createRootDataObject();
            if (seperateIDAndRealm.isRealmDefined()) {
                this.mappingUtils.createRealmDataObject(createRootDataObject, seperateIDAndRealm.getRealm());
                DataObject createDataObject = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_CONTEXTS);
                createDataObject.set(SDOHelper.PROPERTY_CONTEXT_KEY, "allowOperationIfReposDown");
                createDataObject.set(SDOHelper.PROPERTY_CONTEXT_VALUE, Boolean.valueOf(RealmManager.singleton().getAllowOperationIfReposDown(seperateIDAndRealm.getRealm())));
            }
            BridgeUtils bridgeUtils = this.mappingUtils;
            boolean booleanValue = BridgeUtils.allowDNAsPrincipalName.booleanValue();
            if (booleanValue) {
                DataObject createDataObject2 = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_CONTEXTS);
                createDataObject2.set(SDOHelper.PROPERTY_CONTEXT_KEY, "allowDNPrincipalNameAsLiteral");
                createDataObject2.set(SDOHelper.PROPERTY_CONTEXT_VALUE, Boolean.valueOf(booleanValue));
            }
            if (!this.mappingUtils.isIdentifierTypeProperty(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                this.mappingUtils.createLoginControlDataObject(createRootDataObject, this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()));
            }
            DataObject createDataObject3 = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_ENTITIES, SDOHelper.NAMESPACE, "LoginAccount");
            createDataObject3.set("principalName", StringUtil.escapeSearchExpression(booleanValue ? str : seperateIDAndRealm.getId()));
            createDataObject3.set("password", PasswordUtil.getByteArrayPassword(str2));
            List list = this.mappingUtils.getWimService().login(createRootDataObject).getList(SDOHelper.PROPERTY_ROOT_ENTITIES);
            if (list.isEmpty()) {
                throw new com.ibm.websphere.wim.exception.PasswordCheckFailedException("ENTITY_NOT_FOUND", WIMMessageHelper.generateMsgParms(str), this.className, "checkPassword");
            }
            DataObject dataObject = (DataObject) list.get(0);
            if (this.mappingUtils.isIdentifierTypeProperty(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                stringBuffer.append(dataObject.getString("identifier/" + this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            } else {
                stringBuffer.append(dataObject.getString(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            }
            if (seperateIDAndRealm.isRealmDefined() && !RealmManager.singleton().getDefaultRealmName().equals(seperateIDAndRealm.getRealm())) {
                stringBuffer.append(seperateIDAndRealm.getDelimiter() + seperateIDAndRealm.getRealm());
            }
            if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
                this.loginBridgeTrace.exiting(this.className, "checkPassword", "returnValue = \"" + ((Object) stringBuffer) + "\"");
            }
            return stringBuffer.toString();
        } catch (WIMException e) {
            this.mappingUtils.logException(e, this.className);
            if (e instanceof com.ibm.websphere.wim.exception.PasswordCheckFailedException) {
                throw new PasswordCheckFailedException(e.getMessage(), e);
            }
            if (e instanceof EntityNotFoundException) {
                throw new PasswordCheckFailedException(e.getMessage(), e);
            }
            throw new CustomRegistryException(e);
        }
    }

    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapNotSupportedException, CertificateMapFailedException, CustomRegistryException, RemoteException {
        if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
            this.loginBridgeTrace.entering(this.className, "mapCertificate", "inputCertificates = \"" + x509CertificateArr + "\"");
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            this.mappingUtils.validateCertificateArray(x509CertificateArr);
            IDAndRealm seperateIDAndRealm = this.mappingUtils.seperateIDAndRealm(LdapConstants.ROOT_DSE_BASE);
            DataObject createRootDataObject = this.mappingUtils.getWimService().createRootDataObject();
            if (!this.mappingUtils.isIdentifierTypeProperty(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                this.mappingUtils.createLoginControlDataObject(createRootDataObject, this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()));
            }
            createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_ENTITIES, SDOHelper.NAMESPACE, "LoginAccount").getList("certificate").add(x509CertificateArr[0].getEncoded());
            List list = this.mappingUtils.getWimService().login(createRootDataObject).getList(SDOHelper.PROPERTY_ROOT_ENTITIES);
            if (list.isEmpty()) {
                throw new com.ibm.websphere.wim.exception.CertificateMapFailedException();
            }
            DataObject dataObject = (DataObject) list.get(0);
            if (this.mappingUtils.isIdentifierTypeProperty(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                stringBuffer.append(dataObject.getString("identifier/" + this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            } else {
                stringBuffer.append(dataObject.getString(this.propertyMap.getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            }
            if (seperateIDAndRealm.isRealmDefined() && !RealmManager.singleton().getDefaultRealmName().equals(seperateIDAndRealm.getRealm())) {
                stringBuffer.append(seperateIDAndRealm.getDelimiter() + seperateIDAndRealm.getRealm());
            }
            if (this.loginBridgeTrace.isLoggable(Level.FINER)) {
                this.loginBridgeTrace.exiting(this.className, "mapCertificate", "returnValue = \"" + ((Object) stringBuffer) + "\"");
            }
            return stringBuffer.toString();
        } catch (WIMException e) {
            this.mappingUtils.logException(e, this.className);
            if (e instanceof com.ibm.websphere.wim.exception.CertificateMapNotSupportedException) {
                throw new CertificateMapNotSupportedException(e);
            }
            if (e instanceof com.ibm.websphere.wim.exception.CertificateMapFailedException) {
                throw new CertificateMapFailedException(e);
            }
            throw new CustomRegistryException(e);
        } catch (CertificateEncodingException e2) {
            this.mappingUtils.logException(e2, this.className);
            throw new CustomRegistryException(e2);
        }
    }
}
