package com.ibm.ws.security.oauth20.admintask;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.InvalidParameterNameException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.CommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.exception.ConnectorException;
import com.ibm.ws.security.oauth20.api.Constants;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OAuth20ProviderFactory;
import com.ibm.ws.security.oauth20.exception.OAuthProviderException;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.security.oauth20.util.MessageFormatHelper;
import com.ibm.ws.security.oauth20.util.OAuth20Parameter;
import com.ibm.ws.security.oauth20.util.OAuth20ProviderUtils;
import com.ibm.ws.security.oauth20.util.OAuth20XMLHandler;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/ibm/ws/security/oauth20/admintask/OAuthCommandProviderImpl.class */
public class OAuthCommandProviderImpl extends SimpleCommandProvider {
    public static final String OAUTH_TAI_CLASS_NAME = "com.ibm.ws.security.oauth20.tai.OAuthTAI";
    Logger logger = Logger.getLogger(getClass().getName());
    private static TraceComponent tc = Tr.register(OAuthCommandProviderImpl.class, "OAuthCommandProviderImpl", "com.ibm.ws.security.oauth.admintask");
    private static ResourceBundle resBundle = ResourceBundle.getBundle(Constants.RESOURCE_BUNDLE, Locale.getDefault());

    public AbstractAdminCommand createCommand(CommandMetadata commandMetadata) throws CommandNotFoundException {
        return super.createCommand(commandMetadata);
    }

    public AbstractAdminCommand loadCommand(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        return super.loadCommand(commandData);
    }

    public void enableOAuthTAI(AbstractAdminCommand abstractAdminCommand) throws CommandException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "enableOAuthTAI");
        }
        try {
            addOAuthTAI(abstractAdminCommand);
            this.logger.log(Level.INFO, getMsg("security.oauth20.admin.enableTAI"));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "enableOAuthTAI");
            }
        } catch (OAuthProviderException e) {
            Tr.error(tc, "createOAuthTAI failed", new Object[]{e.getMessage()});
            e.printStackTrace();
            throw new CommandLoadException(e);
        }
    }

    public void createOAuthProvider(AbstractAdminCommand abstractAdminCommand) throws CommandException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createOAuthProvider");
        }
        String str = (String) abstractAdminCommand.getParameter(Constants.PARM_PROVIDER_NAME);
        String str2 = (String) abstractAdminCommand.getParameter(Constants.PARM_CONFIG_FILE);
        validateRunningServer();
        try {
            validateOAuthConfigXML(abstractAdminCommand);
            List<OAuth20Parameter> loadProviderParams = OAuth20ProviderUtils.loadProviderParams(new File(str2));
            for (ObjectInstance objectInstance : getOAuthMBeans()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Bean object name: " + objectInstance.getObjectName());
                }
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "createProvider", new Object[]{str, loadProviderParams}, new String[]{"java.lang.String", "java.util.List"});
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "reloadAllProviders", new Object[0], new String[0]);
            }
            this.logger.log(Level.INFO, getMsg("security.oauth20.admin.createProvider"));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createOAuthProvider");
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new CommandLoadException(e);
        }
    }

    public void deleteOAuthProvider(AbstractAdminCommand abstractAdminCommand) throws CommandException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteOAuthProvider");
        }
        validateRunningServer();
        String str = (String) abstractAdminCommand.getParameter(Constants.PARM_PROVIDER_NAME);
        try {
            for (ObjectInstance objectInstance : getOAuthMBeans()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Bean object name: " + objectInstance.getObjectName());
                }
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "deleteProvider", new Object[]{str}, new String[]{"java.lang.String"});
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "reloadAllProviders", new Object[0], new String[0]);
            }
            this.logger.log(Level.INFO, getMsg("security.oauth20.admin.deleteProvider"));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteOAuthProvider");
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new CommandLoadException(e);
        }
    }

    public void exportOAuthProps(AbstractAdminCommand abstractAdminCommand) throws CommandException {
        validateRunningServer();
        try {
            String str = (String) abstractAdminCommand.getParameter(Constants.PARM_PROVIDER_NAME);
            String str2 = (String) abstractAdminCommand.getParameter(Constants.PARM_CONFIG_FILE);
            OAuth20Provider oAuth20Provider = OAuth20ProviderFactory.getOAuth20Provider(str);
            if (oAuth20Provider == null) {
                throw new CommandException(getMsg("security.oauth20.admin.providerNotFound"));
            }
            File file = new File(str2);
            if (file.exists()) {
                throw new CommandException(getMsg("security.oauth20.admin.fileExists"));
            }
            Properties customizableProperties = oAuth20Provider.getConfiguration().getCustomizableProperties();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            customizableProperties.store(fileOutputStream, "OAuth configuration properties for " + str);
            this.logger.log(Level.INFO, getMsg("security.oauth20.admin.exportProps", new String[]{file.getAbsolutePath()}));
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
            throw new CommandException(e);
        }
    }

    public void importOAuthProps(AbstractAdminCommand abstractAdminCommand) throws CommandException {
        validateRunningServer();
        try {
            String str = (String) abstractAdminCommand.getParameter(Constants.PARM_PROVIDER_NAME);
            String str2 = (String) abstractAdminCommand.getParameter(Constants.PARM_CONFIG_FILE);
            OAuth20Provider oAuth20Provider = OAuth20ProviderFactory.getOAuth20Provider(str);
            if (oAuth20Provider == null) {
                throw new CommandException(getMsg("security.oauth20.admin.providerNotFound"));
            }
            File file = new File(str2);
            if (!file.exists()) {
                throw new CommandException(getMsg("security.oauth20.admin.fileNotFound", new String[]{str2}));
            }
            Properties properties = new Properties();
            FileInputStream fileInputStream = new FileInputStream(file);
            properties.load(fileInputStream);
            fileInputStream.close();
            List<OAuth20Parameter> mergeCustomizedProperties = oAuth20Provider.getConfiguration().mergeCustomizedProperties(properties);
            for (ObjectInstance objectInstance : getOAuthMBeans()) {
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "updateProvider", new Object[]{str, mergeCustomizedProperties}, new String[]{"java.lang.String", "java.util.List"});
                AdminServiceFactory.getAdminService().invoke(objectInstance.getObjectName(), "reloadAllProviders", new Object[0], new String[0]);
            }
            this.logger.log(Level.INFO, getMsg("security.oauth20.admin.importProps"));
        } catch (Exception e) {
            e.printStackTrace();
            throw new CommandException(e);
        }
    }

    protected boolean validateOAuthConfigXML(AbstractAdminCommand abstractAdminCommand) throws OAuthProviderException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateOAuthConfigXML");
        }
        try {
            OAuth20XMLHandler oAuth20XMLHandler = new OAuth20XMLHandler(new File((String) abstractAdminCommand.getParameter(Constants.PARM_CONFIG_FILE)));
            try {
                oAuth20XMLHandler.parse();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Successful configuration input");
                }
                Iterator<OAuth20Parameter> it = oAuth20XMLHandler.getParameters().iterator();
                while (it.hasNext()) {
                    this.logger.log(Level.INFO, it.next() + "");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateOAuthConfigXML");
                }
                return true;
            } catch (IOException e) {
                throw new OAuthProviderException(e);
            } catch (ParserConfigurationException e2) {
                throw new OAuthProviderException(e2);
            } catch (SAXException e3) {
                throw new OAuthProviderException(e3);
            }
        } catch (InvalidParameterNameException e4) {
            throw new OAuthProviderException((Exception) e4);
        }
    }

    protected boolean addOAuthTAI(AbstractAdminCommand abstractAdminCommand) throws OAuthProviderException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addOAuthTAI");
        }
        Session configSession = abstractAdminCommand.getConfigSession();
        try {
            String securityDomain = getSecurityDomain(abstractAdminCommand, configSession);
            configureInterceptor(configSession, securityDomain);
            configureTrustAssociation(configSession, securityDomain, true);
            ConfigService configService = ConfigServiceFactory.getConfigService();
            addSecurityCustomProperties(configSession, configService, ConfigUtils.getSecurityObj(configSession, configService, securityDomain));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addOAuthTAI");
            }
            return true;
        } catch (InvalidParameterNameException e) {
            throw new OAuthProviderException((Exception) e);
        } catch (Exception e2) {
            throw new OAuthProviderException(e2);
        } catch (ConnectorException e3) {
            throw new OAuthProviderException((Exception) e3);
        } catch (CommandException e4) {
            throw new OAuthProviderException((Exception) e4);
        }
    }

    private void addSecurityCustomProperties(Session session, ConfigService configService, ObjectName objectName) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSecurityCustomProperties");
        }
        addSecurityCustomProperty(session, configService, objectName, Constants.INVOKE_TAI_BEFORE_SSO);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSecurityCustomProperties");
        }
    }

    private void addSecurityCustomProperty(Session session, ConfigService configService, ObjectName objectName, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSecurityCustomProperty", new Object[]{objectName, str});
        }
        ArrayList arrayList = new ArrayList();
        String str2 = (String) ConfigUtils.getPropertyValue(session, configService, objectName, "properties", str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "propertyValue: " + str2);
        }
        if (str2 == null || str2.length() == 0) {
            arrayList.add(ConfigUtils.nameAndValueProperty(str, OAUTH_TAI_CLASS_NAME));
        } else if (!str2.contains(OAUTH_TAI_CLASS_NAME)) {
            arrayList.add(ConfigUtils.nameAndValueProperty(str, str2 + "," + OAUTH_TAI_CLASS_NAME));
        }
        if (arrayList.size() > 0) {
            String arrayList2 = arrayList.toString();
            String substring = arrayList2.substring(arrayList2.indexOf("[") + 1, arrayList2.lastIndexOf("]"));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "propValueString: " + substring);
            }
            ConfigUtils.addCustomProperties(session, configService, objectName, substring);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSecurityCustomProperty");
        }
    }

    protected void configureInterceptor(Session session, String str) throws CommandNotFoundException, CommandException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "configureInterceptor");
        }
        AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("configureInterceptor");
        createCommand.setParameter("securityDomainName", str);
        createCommand.setParameter("interceptor", OAUTH_TAI_CLASS_NAME);
        createCommand.setConfigSession(session);
        createCommand.execute();
        CommandResult commandResult = createCommand.getCommandResult();
        if (commandResult.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "configureInterceptor");
            }
        } else {
            Throwable exception = commandResult.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Configure OAuth TAI failed", new Object[]{exception});
            }
            Tr.error(tc, "Configure OAuth TAI failed", new Object[]{exception.getMessage()});
            throw new CommandValidationException(exception.getMessage());
        }
    }

    protected void configureTrustAssociation(Session session, String str, boolean z) throws CommandNotFoundException, CommandException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "configureTrustAssociation");
        }
        AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("configureTrustAssociation");
        createCommand.setParameter("securityDomainName", str);
        createCommand.setParameter("enable", Boolean.valueOf(z));
        createCommand.setConfigSession(session);
        createCommand.execute();
        CommandResult commandResult = createCommand.getCommandResult();
        if (commandResult.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "configureTrustAssociation");
            }
        } else {
            Throwable exception = commandResult.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Enable TAI failed", new Object[]{exception});
            }
            Tr.error(tc, "Enable TAI failed", new Object[]{exception.getMessage()});
            throw new CommandValidationException(exception.getMessage());
        }
    }

    protected String getSecurityDomain(AbstractAdminCommand abstractAdminCommand, Session session) throws InvalidParameterNameException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomain");
        }
        String str = null;
        try {
            str = (String) abstractAdminCommand.getParameter("securityDomainName");
            if (str == null || str.length() < 1) {
                AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("listSecurityDomains");
                createCommand.setConfigSession(session);
                createCommand.execute();
                CommandResult commandResult = createCommand.getCommandResult();
                if (!commandResult.isSuccessful()) {
                    Throwable exception = commandResult.getException();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "listSecurityDomains command failed", new Object[]{exception});
                    }
                } else if (commandResult.getResult() != null) {
                    Tr.warning(tc, "Existing security domain, none specified");
                }
            }
        } catch (CommandException e) {
        } catch (ConnectorException e2) {
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityDomain");
        }
        return str;
    }

    protected Set<ObjectInstance> getOAuthMBeans() throws MalformedObjectNameException {
        int intValue = AdminServiceFactory.getMBeanFactory().getMBeanServer().getMBeanCount().intValue();
        Set<ObjectInstance> queryMBeans = AdminServiceFactory.getAdminService().queryMBeans(new ObjectName("WebSphere:*,type=OAuth20MBean"), (QueryExp) null);
        if (tc.isDebugEnabled()) {
            int size = queryMBeans.size();
            Tr.debug(tc, "total bean count: " + intValue);
            Tr.debug(tc, "num beans: " + size);
        }
        return queryMBeans;
    }

    protected void validateRunningServer() throws CommandException {
        if (AdminServiceFactory.getMBeanFactory() == null) {
            String formattedMessage = MessageFormatHelper.getFormattedMessage(resBundle, "security.oauth20.admin.serverRunningCheck", null);
            this.logger.log(Level.SEVERE, formattedMessage);
            throw new CommandException(formattedMessage);
        }
    }

    protected String getMsg(String str) {
        return MessageFormatHelper.getFormattedMessage(resBundle, str, null);
    }

    protected String getMsg(String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resBundle, str, objArr);
    }
}
