package com.ibm.ws.wim.registry.util;

import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.Result;
import com.ibm.websphere.wim.Service;
import com.ibm.websphere.wim.exception.EntityNotFoundException;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.ras.WIMLogger;
import com.ibm.websphere.wim.ras.WIMMessageHelper;
import com.ibm.websphere.wim.ras.WIMTraceHelper;
import com.ibm.websphere.wim.util.PasswordUtil;
import com.ibm.ws.wim.SPIServiceProvider;
import com.ibm.ws.wim.adapter.ldap.LdapConstants;
import com.ibm.ws.wim.config.ConfigUtils;
import com.ibm.ws.wim.configmodel.ConfigurationProviderType;
import com.ibm.ws.wim.configmodel.RealmConfigurationType;
import com.ibm.ws.wim.configmodel.RealmType;
import com.ibm.ws.wim.registry.dataobject.IDAndRealm;
import com.ibm.ws.wim.security.authz.SDOHelper;
import commonj.sdo.DataObject;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/ws/wim/registry/util/UserRegistryValidator.class */
public class UserRegistryValidator {
    private static final String COPYRIGHT_NOTICE = "(c) Copyright International Business Machines Corporation 2005";
    private static final String CLASSNAME = UserRegistryValidator.class.getName();
    private static final Logger trcLogger = WIMLogger.getTraceLogger(CLASSNAME);
    public static final String SESSION_ID = "SESSIONID";
    private BridgeUtils mappingUtils = BridgeUtils.singleton();
    private Service SPIService = null;
    private ConfigurationProviderType configDO = null;
    private RealmConfigurationType realmConfig = null;
    private String defaultRealm = null;
    private String defaultRealmDelimiter = null;
    private Set virtualRealms = new HashSet();
    private Map virtualRealmsDelimiter = new HashMap();

    public UserRegistryValidator(String str) throws CustomRegistryException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "<init>", "sessionId = " + str);
        }
        Properties properties = new Properties();
        properties.put(SESSION_ID, str);
        initialize(properties);
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.exiting(CLASSNAME, "<init>");
        }
    }

    public void initialize(Properties properties) throws CustomRegistryException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "initialize", "inputProperties = " + properties);
        }
        try {
            this.SPIService = new SPIServiceProvider((String) properties.get(SESSION_ID));
            trcLogger.logp(Level.FINE, CLASSNAME, "initialize", "SPIService initialized: " + this.SPIService);
            this.configDO = this.SPIService.getConfig();
            this.realmConfig = this.configDO.getRealmConfiguration();
            this.defaultRealm = this.realmConfig.getDefaultRealm();
            trcLogger.logp(Level.FINE, CLASSNAME, "initialize", "default realm=" + this.defaultRealm);
            List realms = this.realmConfig.getRealms();
            for (int i = 0; i < realms.size(); i++) {
                RealmType realmType = (RealmType) realms.get(i);
                if (this.defaultRealm.equals(realmType.getName())) {
                    this.defaultRealmDelimiter = realmType.getDelimiter();
                }
                this.virtualRealms.add(realmType.getName());
                this.virtualRealmsDelimiter.put(realmType.getName(), realmType.getDelimiter());
            }
            trcLogger.logp(Level.FINE, CLASSNAME, "initialize", "realms=" + this.virtualRealms);
            trcLogger.logp(Level.FINE, CLASSNAME, "initialize", "realmsDelimiter=" + this.virtualRealmsDelimiter);
            if (trcLogger.isLoggable(Level.FINER)) {
                trcLogger.exiting(CLASSNAME, "initialize");
            }
        } catch (WIMException e) {
            throw new CustomRegistryException(e);
        }
    }

    public String checkPassword(String str, String str2) throws PasswordCheckFailedException, CustomRegistryException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "checkPassword", "inputUser = \"" + str + "\", inputPassword = *");
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            this.mappingUtils.validateId(str);
            IDAndRealm seperateIDAndRealm = this.mappingUtils.seperateIDAndRealm(str, this.defaultRealm, this.defaultRealmDelimiter, this.virtualRealms, this.virtualRealmsDelimiter);
            DataObject createRootDataObject = this.SPIService.createRootDataObject();
            if (seperateIDAndRealm.isRealmDefined()) {
                this.mappingUtils.createRealmDataObject(createRootDataObject, seperateIDAndRealm.getRealm());
            }
            if (!this.mappingUtils.isIdentifierTypeProperty(getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                this.mappingUtils.createLoginControlDataObject(createRootDataObject, getOutputUserSecurityName(seperateIDAndRealm.getRealm()));
            }
            DataObject createDataObject = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_ENTITIES, SDOHelper.NAMESPACE, "LoginAccount");
            trcLogger.logp(Level.FINE, CLASSNAME, "checkPassword", "DataObject with LoginAccount=" + WIMTraceHelper.printDataGraph(createRootDataObject));
            createDataObject.set("principalName", seperateIDAndRealm.getId());
            createDataObject.set("password", PasswordUtil.getByteArrayPassword(str2));
            trcLogger.logp(Level.FINE, CLASSNAME, "checkPassword", "DataObject before login=" + WIMTraceHelper.printDataGraph(createRootDataObject));
            DataObject login = this.SPIService.login(createRootDataObject);
            trcLogger.logp(Level.FINE, CLASSNAME, "checkPassword", "DataObject after login=" + WIMTraceHelper.printDataGraph(login));
            List list = login.getList(SDOHelper.PROPERTY_ROOT_ENTITIES);
            if (list.isEmpty()) {
                throw new com.ibm.websphere.wim.exception.PasswordCheckFailedException("ENTITY_NOT_FOUND", WIMMessageHelper.generateMsgParms(str), CLASSNAME, "checkPassword");
            }
            DataObject dataObject = (DataObject) list.get(0);
            if (this.mappingUtils.isIdentifierTypeProperty(getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                stringBuffer.append(dataObject.getString("identifier/" + getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            } else {
                stringBuffer.append(dataObject.getString(getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
            }
            if (seperateIDAndRealm.isRealmDefined() && !this.defaultRealm.equals(seperateIDAndRealm.getRealm())) {
                stringBuffer.append(seperateIDAndRealm.getDelimiter() + seperateIDAndRealm.getRealm());
            }
            if (trcLogger.isLoggable(Level.FINER)) {
                trcLogger.exiting(CLASSNAME, "checkPassword", "returnValue = \"" + ((Object) stringBuffer) + "\"");
            }
            return stringBuffer.toString();
        } catch (WIMException e) {
            this.mappingUtils.logException(e, CLASSNAME);
            if (e instanceof com.ibm.websphere.wim.exception.PasswordCheckFailedException) {
                throw new PasswordCheckFailedException(e);
            }
            if (e instanceof EntityNotFoundException) {
                throw new PasswordCheckFailedException(e);
            }
            throw new CustomRegistryException(e);
        }
    }

    public Result getUsers(String str, int i) throws CustomRegistryException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "getUsers", "inputPattern = \"" + str + "\", inputLimit = \"" + Integer.toString(i) + "\"");
        }
        Result result = new Result();
        try {
            this.mappingUtils.validateId(str);
            IDAndRealm seperateIDAndRealm = this.mappingUtils.seperateIDAndRealm(str, this.defaultRealm, this.defaultRealmDelimiter, this.virtualRealms, this.virtualRealmsDelimiter);
            DataObject createRootDataObject = this.SPIService.createRootDataObject();
            if (seperateIDAndRealm.isRealmDefined()) {
                this.mappingUtils.createRealmDataObject(createRootDataObject, seperateIDAndRealm.getRealm());
            }
            DataObject createDataObject = createRootDataObject.createDataObject(SDOHelper.PROPERTY_ROOT_CONTROLS, SDOHelper.NAMESPACE, "SearchControl");
            if (!this.mappingUtils.isIdentifierTypeProperty(getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                createDataObject.getList(SDOHelper.PROPERTY_PROPERTYCTRL_PROPERTIES).add(getOutputUserSecurityName(seperateIDAndRealm.getRealm()));
            }
            String id = seperateIDAndRealm.getId();
            String str2 = id.indexOf("'") != -1 ? "\"" : "'";
            createDataObject.setString("expression", "//entities[@xsi:type='LoginAccount' and " + getInputUserSecurityName(seperateIDAndRealm.getRealm()) + "=" + str2 + id + str2 + "]");
            if (i > 0) {
                createDataObject.setString("countLimit", Integer.toString(i + 1));
            } else {
                createDataObject.setString("countLimit", Integer.toString(i));
            }
            trcLogger.logp(Level.FINE, CLASSNAME, "getUsers", "DataObject before search=" + WIMTraceHelper.printDataGraph(createRootDataObject));
            DataObject search = this.SPIService.search(createRootDataObject);
            trcLogger.logp(Level.FINE, CLASSNAME, "getUsers", "DataObject after search=" + WIMTraceHelper.printDataGraph(search));
            List list = search.getList(SDOHelper.PROPERTY_ROOT_ENTITIES);
            if (list.isEmpty()) {
                result.setList(new ArrayList());
            } else {
                ArrayList arrayList = new ArrayList();
                int i2 = 0;
                while (true) {
                    if (i2 < list.size()) {
                        if (i > 0 && i2 == i) {
                            result.setHasMore();
                            break;
                        }
                        DataObject dataObject = (DataObject) list.get(i2);
                        if (this.mappingUtils.isIdentifierTypeProperty(getOutputUserSecurityName(seperateIDAndRealm.getRealm()))) {
                            arrayList.add(dataObject.getString("identifier/" + getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
                        } else {
                            arrayList.add(dataObject.getString(getOutputUserSecurityName(seperateIDAndRealm.getRealm())));
                        }
                        i2++;
                    } else {
                        break;
                    }
                }
                result.setList(arrayList);
            }
        } catch (WIMException e) {
            if (!(e instanceof EntityNotFoundException)) {
                this.mappingUtils.logException(e, CLASSNAME);
                throw new CustomRegistryException(e);
            }
            result.setList(new ArrayList());
        }
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.exiting(CLASSNAME, "getUsers", "returnValue = \"" + result.getList() + "\"");
        }
        return result;
    }

    private String getOutputUserSecurityName(String str) throws WIMException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "getOutputUserSecurityName", "realmName=" + str);
        }
        String propertyForOutput = ConfigUtils.getRealm(str, this.SPIService.getConfig().getRealmConfiguration(), true).getUserSecurityNameMapping().getPropertyForOutput();
        if (propertyForOutput == null || propertyForOutput.equals(LdapConstants.ROOT_DSE_BASE)) {
            propertyForOutput = "principalName";
        }
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.exiting(CLASSNAME, "getOutputUserSecurityName", "returnValue=" + propertyForOutput);
        }
        return propertyForOutput;
    }

    private String getInputUserSecurityName(String str) throws WIMException, RemoteException {
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.entering(CLASSNAME, "getInputUserSecurityName", "realmName=" + str);
        }
        String propertyForInput = ConfigUtils.getRealm(str, this.SPIService.getConfig().getRealmConfiguration(), true).getUserSecurityNameMapping().getPropertyForInput();
        if (propertyForInput == null || propertyForInput.equals(LdapConstants.ROOT_DSE_BASE)) {
            propertyForInput = "principalName";
        }
        if (trcLogger.isLoggable(Level.FINER)) {
            trcLogger.exiting(CLASSNAME, "getInputUserSecurityName", "returnValue=" + propertyForInput);
        }
        return propertyForInput;
    }
}
