package com.ibm.ws.wim.adapter.file.was.commands;

import com.ibm.websphere.management.cmdframework.InvalidParameterNameException;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider;
import com.ibm.websphere.wim.copyright.IBMCopyright;
import com.ibm.websphere.wim.exception.InvalidArgumentException;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.ras.WIMLogger;
import com.ibm.websphere.wim.ras.WIMMessageHelper;
import com.ibm.websphere.wim.ras.WIMTraceHelper;
import com.ibm.websphere.wim.security.authz.Entitlement;
import com.ibm.websphere.wim.util.PasswordUtil;
import com.ibm.ws.wim.ConfigManager;
import com.ibm.ws.wim.SchemaManager;
import com.ibm.ws.wim.adapter.file.was.FileAdapter;
import com.ibm.ws.wim.config.ConfigUtils;
import com.ibm.ws.wim.config.SupportedEntityTypeConfigHelper;
import com.ibm.ws.wim.configmodel.ConfigurationProviderType;
import com.ibm.ws.wim.configmodel.SupportedEntityTypesType;
import com.ibm.ws.wim.management.helpers.CommandConstants;
import com.ibm.ws.wim.registry.util.UserRegistryValidator;
import com.ibm.ws.wim.security.authz.ProfileSecurityManager;
import com.ibm.ws.wim.util.DomainManagerUtils;
import commonj.sdo.DataObject;
import java.text.MessageFormat;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/ws/wim/adapter/file/was/commands/FileRegistryCommandsProvider.class */
public class FileRegistryCommandsProvider extends SimpleCommandProvider {
    static final String COPYRIGHT_NOTICE = IBMCopyright.COPYRIGHT_NOTICE_LONG_2005_2010;
    private static final String CLASSNAME = FileRegistryCommandsProvider.class.getName();
    private static final Logger trcLogger = WIMLogger.getTraceLogger(CLASSNAME);
    static final String RB = "com.ibm.websphere.wim.ras.properties.CWWIMMessages";
    private String userId;
    private String uniqueName;
    private String parent;
    private String fullName;
    private String groupName;
    private String groupDesc;
    private byte[] password;
    private FileAdapter fileAdapter;
    private String PROP_PERSON_ACCOUNT_RDN = CommandConstants.UID;
    private String DEFAULT_PARENT = "o=defaultWIMFileBasedRealm";
    private String accountUniqueName = null;
    private String groupUniqueName = null;
    private SchemaManager schemaManager = null;

    public String addFileRegistryAccount(AbstractAdminCommand abstractAdminCommand) throws WIMException {
        try {
            try {
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                if ("admin".equals(str)) {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                } else if (DomainManagerUtils.isSetUseGlobalFedRepos(str) || DomainManagerUtils.isSetUseGlobalSecuritySettings(str)) {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI("admin");
                } else {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                }
                this.userId = getAndValidateStringParam(abstractAdminCommand, "userId");
                if (getAndValidateStringParam(abstractAdminCommand, CommandConstants.PASSWORD) != null) {
                    this.password = getAndValidateStringParam(abstractAdminCommand, CommandConstants.PASSWORD).getBytes();
                }
                this.parent = getAndValidateStringParam(abstractAdminCommand, CommandConstants.PARENT);
                this.fullName = getAndValidateStringParam(abstractAdminCommand, "fullName");
                trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryAccount", "userId=" + this.userId + ", fullName=" + this.fullName + ", parent=" + this.parent);
                trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryAccount", "Check caller's permission to create account.");
                ProfileSecurityManager.singleton().checkPermission_SuperUser(new Entitlement("ADDFILEREGISTRYACCOUNT"));
                initialize(abstractAdminCommand);
                trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryAccount", "Proceed to create PersonAccount");
                this.fileAdapter.create(getCreateDO());
                if (this.password != null) {
                    PasswordUtil.erasePassword(this.password);
                }
                String localizedMessage = getLocalizedMessage("FILE_REGISTRY_ACCOUNT_ADDED", this.userId + "(" + this.accountUniqueName + ")");
                DomainManagerUtils.cleanUpVMMThreadDomainContext();
                return localizedMessage;
            } catch (WIMException e) {
                throw e;
            } catch (Exception e2) {
                throw new WIMException("GENERIC", WIMMessageHelper.generateMsgParms(e2.getLocalizedMessage()), CLASSNAME, "addFileRegistryAccount");
            }
        } catch (Throwable th) {
            DomainManagerUtils.cleanUpVMMThreadDomainContext();
            throw th;
        }
    }

    public String addFileRegistryGroup(AbstractAdminCommand abstractAdminCommand) throws WIMException {
        try {
            try {
                try {
                    String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                    if ("admin".equals(str)) {
                        DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                    } else if (DomainManagerUtils.isSetUseGlobalFedRepos(str) || DomainManagerUtils.isSetUseGlobalSecuritySettings(str)) {
                        DomainManagerUtils.setVMMThreadDomainContextForCLI("admin");
                    } else {
                        DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                    }
                    this.groupName = getAndValidateStringParam(abstractAdminCommand, CommandConstants.CN);
                    this.groupDesc = getAndValidateStringParam(abstractAdminCommand, CommandConstants.DESCRIPTION);
                    this.parent = getAndValidateStringParam(abstractAdminCommand, CommandConstants.PARENT);
                    trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryGroup", "cn=" + this.groupName + ", desc=" + this.groupDesc + ", parent=" + this.parent);
                    trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryGroup", "Check caller's permission to create group.");
                    ProfileSecurityManager.singleton().checkPermission_SuperUser(new Entitlement("ADDFILEREGISTRYGROUP"));
                    initialize(abstractAdminCommand);
                    trcLogger.logp(Level.FINER, CLASSNAME, "addFileRegistryGroup", "Proceed to create Group");
                    this.fileAdapter.create(getCreateGroupDO());
                    String str2 = this.groupUniqueName;
                    DomainManagerUtils.cleanUpVMMThreadDomainContext();
                    return str2;
                } catch (Exception e) {
                    throw new WIMException("GENERIC", WIMMessageHelper.generateMsgParms(e.getLocalizedMessage()), CLASSNAME, "addFileRegistryGroup");
                }
            } catch (WIMException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            DomainManagerUtils.cleanUpVMMThreadDomainContext();
            throw th;
        }
    }

    public String changeFileRegistryAccountPassword(AbstractAdminCommand abstractAdminCommand) throws WIMException {
        try {
            try {
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                if ("admin".equals(str)) {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                } else if (DomainManagerUtils.isSetUseGlobalFedRepos(str) || DomainManagerUtils.isSetUseGlobalSecuritySettings(str)) {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI("admin");
                } else {
                    DomainManagerUtils.setVMMThreadDomainContextForCLI(abstractAdminCommand);
                }
                this.userId = getAndValidateStringParam(abstractAdminCommand, "userId");
                if (getAndValidateStringParam(abstractAdminCommand, CommandConstants.PASSWORD) != null) {
                    this.password = getAndValidateStringParam(abstractAdminCommand, CommandConstants.PASSWORD).getBytes();
                }
                this.uniqueName = getAndValidateStringParam(abstractAdminCommand, CommandConstants.UNIQUE_NAME);
                trcLogger.logp(Level.FINER, CLASSNAME, "changeFileRegistryAccountPassword", "userId=" + this.userId + ", uniqueName=" + this.uniqueName);
                trcLogger.logp(Level.FINER, CLASSNAME, "changeFileRegistryAccountPassword", "Check caller's permission to update account.");
                ProfileSecurityManager.singleton().checkPermission_SuperUser(new Entitlement("CHANGEFILEREGISTRYACCOUNTPASSWORD"));
                initialize(abstractAdminCommand);
                trcLogger.logp(Level.FINER, CLASSNAME, "changeFileRegistryAccountPassword", "Proceed to update PersonAccount");
                updateAccount();
                if (this.password != null) {
                    PasswordUtil.erasePassword(this.password);
                }
                String localizedMessage = getLocalizedMessage("FILE_REGISTRY_ACCOUNT_PASSWORD_CHANGED", this.userId + "(" + this.accountUniqueName + ")");
                DomainManagerUtils.cleanUpVMMThreadDomainContext();
                return localizedMessage;
            } catch (WIMException e) {
                throw e;
            } catch (Exception e2) {
                throw new WIMException("GENERIC", WIMMessageHelper.generateMsgParms(e2.getLocalizedMessage()), CLASSNAME, "changeFileRegistryAccountPassword");
            }
        } catch (Throwable th) {
            DomainManagerUtils.cleanUpVMMThreadDomainContext();
            throw th;
        }
    }

    private void initialize(AbstractAdminCommand abstractAdminCommand) throws Exception {
        SupportedEntityTypesType supportEntityTypeByName;
        String session = abstractAdminCommand.getConfigSession().toString();
        trcLogger.entering(CLASSNAME, "initialize", "session " + session);
        ConfigManager.singleton();
        this.schemaManager = SchemaManager.singleton();
        ConfigurationProviderType configProvider = ConfigUtils.getConfigProvider(session);
        if (configProvider != null && (supportEntityTypeByName = SupportedEntityTypeConfigHelper.getSupportEntityTypeByName(configProvider.getSupportedEntityTypes(), CommandConstants.PERSON_ACCOUNT)) != null) {
            List rdnProperties = supportEntityTypeByName.getRdnProperties();
            trcLogger.logp(Level.FINER, CLASSNAME, "initialize", "RDNs of PersonAccount=" + rdnProperties);
            if (rdnProperties != null && rdnProperties.size() > 0) {
                this.PROP_PERSON_ACCOUNT_RDN = (String) rdnProperties.get(0);
            }
        }
        DataObject repositoryById = ConfigUtils.getRepositoryById(session, "InternalFileRepository", false);
        trcLogger.logp(Level.FINER, CLASSNAME, "initialize", "Using " + this.PROP_PERSON_ACCOUNT_RDN + " as RDN of PersonAccount");
        this.fileAdapter = new FileAdapter(session, ConfigUtils.getConfigProvider(session), repositoryById);
        List baseEntries = this.fileAdapter.getBaseEntries();
        trcLogger.logp(Level.FINER, CLASSNAME, "initialize", "baseEntries of File Repository=" + baseEntries);
        if (baseEntries != null && baseEntries.size() > 0) {
            this.DEFAULT_PARENT = (String) baseEntries.get(0);
        }
        trcLogger.logp(Level.FINER, CLASSNAME, "initialize", "Using " + this.DEFAULT_PARENT + " as parent of PersonAccount.");
        trcLogger.exiting(CLASSNAME, "initialize");
    }

    private String getLocalizedMessage(String str, String str2) {
        try {
            return MessageFormat.format(ResourceBundle.getBundle("com.ibm.websphere.wim.ras.properties.CWWIMMessages", Locale.getDefault()).getString(str), str2);
        } catch (Exception e) {
            e.printStackTrace();
            return str;
        }
    }

    private DataObject getCreateDO() throws Exception {
        trcLogger.entering(CLASSNAME, "getCreateDO");
        DataObject createRootDataObject = this.schemaManager.createRootDataObject();
        DataObject createDataObject = createRootDataObject.createDataObject("entities", "http://www.ibm.com/websphere/wim", CommandConstants.PERSON_ACCOUNT);
        createDataObject.set(this.PROP_PERSON_ACCOUNT_RDN, this.userId);
        createDataObject.set(CommandConstants.PASSWORD, this.password);
        if (this.fullName != null) {
            createDataObject.set(CommandConstants.CN, this.fullName);
        } else {
            createDataObject.set(CommandConstants.CN, this.userId);
        }
        createDataObject.set(CommandConstants.SN, this.userId);
        if (this.parent != null) {
            this.DEFAULT_PARENT = this.parent;
        }
        createDataObject.createDataObject(CommandConstants.PARENT).createDataObject(CommandConstants.IDENTIFIER).setString(CommandConstants.UNIQUE_NAME, this.DEFAULT_PARENT);
        this.accountUniqueName = this.PROP_PERSON_ACCOUNT_RDN + "=" + this.userId + "," + this.DEFAULT_PARENT;
        createDataObject.createDataObject(CommandConstants.IDENTIFIER).setString(CommandConstants.UNIQUE_NAME, this.accountUniqueName);
        trcLogger.exiting(CLASSNAME, "getCreateDO", WIMTraceHelper.printDataGraph(createRootDataObject));
        return createRootDataObject;
    }

    private DataObject getCreateGroupDO() throws Exception {
        trcLogger.entering(CLASSNAME, "getCreateGroupDO");
        DataObject createRootDataObject = this.schemaManager.createRootDataObject();
        DataObject createDataObject = createRootDataObject.createDataObject("entities", "http://www.ibm.com/websphere/wim", CommandConstants.GROUP);
        createDataObject.set(CommandConstants.CN, this.groupName);
        if (this.groupDesc != null) {
            createDataObject.getList(CommandConstants.DESCRIPTION).add(this.groupDesc);
        }
        if (this.parent != null) {
            this.DEFAULT_PARENT = this.parent;
        }
        createDataObject.createDataObject(CommandConstants.PARENT).createDataObject(CommandConstants.IDENTIFIER).setString(CommandConstants.UNIQUE_NAME, this.DEFAULT_PARENT);
        this.groupUniqueName = "cn=" + this.groupName + "," + this.DEFAULT_PARENT;
        createDataObject.createDataObject(CommandConstants.IDENTIFIER).setString(CommandConstants.UNIQUE_NAME, this.groupUniqueName);
        trcLogger.exiting(CLASSNAME, "getCreateGroupDO", WIMTraceHelper.printDataGraph(createRootDataObject));
        return createRootDataObject;
    }

    private void updateAccount() throws Exception {
        this.fileAdapter.update(getUpdateDO());
    }

    private DataObject getUpdateDO() throws Exception {
        trcLogger.entering(CLASSNAME, "getUpdateDO");
        DataObject createRootDataObject = this.schemaManager.createRootDataObject();
        if (this.uniqueName == null) {
            this.accountUniqueName = this.PROP_PERSON_ACCOUNT_RDN + "=" + this.userId + "," + this.DEFAULT_PARENT;
            trcLogger.logp(Level.FINER, CLASSNAME, "getUpdateDO", "uniqueName=" + this.accountUniqueName);
        } else {
            this.accountUniqueName = this.uniqueName;
        }
        DataObject createDataObject = createRootDataObject.createDataObject("entities", "http://www.ibm.com/websphere/wim", CommandConstants.PERSON_ACCOUNT);
        createDataObject.createDataObject(CommandConstants.IDENTIFIER).setString(CommandConstants.UNIQUE_NAME, this.accountUniqueName);
        createDataObject.set(CommandConstants.PASSWORD, this.password);
        trcLogger.exiting(CLASSNAME, "getUpdateDO", WIMTraceHelper.printDataGraph(createRootDataObject));
        return createRootDataObject;
    }

    private String getAndValidateStringParam(AbstractAdminCommand abstractAdminCommand, String str) throws WIMException {
        String str2 = null;
        try {
            str2 = (String) abstractAdminCommand.getParameter(str);
        } catch (InvalidParameterNameException e) {
            e.printStackTrace();
        }
        if (str2 == null || str2.trim().length() != 0) {
            return str2;
        }
        throw new InvalidArgumentException("INVALID_PARAMETER_VALUE", WIMMessageHelper.generateMsgParms(str));
    }

    private void validateUserIdAndPassword(String str) throws Exception {
        System.out.println("Initializing user registry validator for sessionId=" + str);
        UserRegistryValidator userRegistryValidator = new UserRegistryValidator(str);
        System.out.println("Validating userId " + this.userId);
        System.out.println("getUsers=" + userRegistryValidator.getUsers(this.userId, 1));
        System.out.println("Validating userId " + this.userId + " and password " + new String(this.password));
        System.out.println("checkPassword=" + userRegistryValidator.checkPassword(this.userId, new String(this.password)));
    }
}
