package com.ibm.ws.wssecurity.token;

import com.ibm.ws.wssecurity.platform.auth.WSSContextManager;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManagerFactory;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import java.security.Permission;
import java.security.SecurityPermission;
import java.security.cert.X509Certificate;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/ibm/ws/wssecurity/token/WSSUserRegistryProcessor.class */
public class WSSUserRegistryProcessor {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(WSSUserRegistryProcessor.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSSUserRegistryProcessor.class.getName();
    private static WSSContextManager manager = WSSContextManagerFactory.getInstance();
    private static final Permission PERM = new SecurityPermission("wssecurity.WSUserRegistry.mapCertificate");

    public static boolean checkRegistry(String str, char[] cArr) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkRegistry()");
        }
        String str2 = null;
        try {
            if (manager != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Username [" + str + "], password [" + (cArr == null ? "null" : "not mull") + "]");
                }
                str = removeRealm(manager.getDefaultRealm(), str);
                str2 = manager.getRegistry(manager.getDefaultRealm()).checkPassword(str, new String(cArr));
            }
            boolean z = str2 != null;
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkRegistry() returns boolean[" + z + "]");
            }
            return z;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".checkRegistry", "%C");
            Tr.error(tc, "security.wssecurity.WSSUserRegistryProcessor.s01", new Object[]{str, e});
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSSUserRegistryProcessor.s01", new String[]{str, e.toString()}));
        }
    }

    public static boolean checkUsername(String str) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkUsername(String username[" + str + "])");
        }
        try {
            str = removeRealm(manager.getDefaultRealm(), str);
            String uniqueUserId = manager.getRegistry(manager.getDefaultRealm()).getUniqueUserId(str);
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "checkUsername(String username) returns [" + uniqueUserId + "]");
            return true;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".checkUsername", "%C");
            Tr.error(tc, "security.wssecurity.WSSUserRegistryProcessor.s02", new Object[]{str, e});
            throw new LoginException(ConfigUtil.getMessage("security.wssecurity.WSSUserRegistryProcessor.s02", new String[]{str, e.toString()}));
        }
    }

    public static String mapCertificate(X509Certificate x509Certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate(X509Certificate [" + x509Certificate + "])");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(PERM);
        }
        String str = null;
        if (manager != null) {
            try {
                str = manager.getUserMapping().mapCertificateToName(new X509Certificate[]{x509Certificate});
            } catch (Exception e) {
                Tr.processException(e, clsName + ".mapCertificate", "%C");
                Tr.warning(tc, "security.wssecurity.WSEC5185W", new Object[]{x509Certificate.getSubjectDN().getName(), e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapCertificate(X509Certificate) returns " + str);
        }
        return str;
    }

    public static String removeRealm(String str, String str2) {
        return (str == null || str.length() == 0 || str2 == null || str2.length() == 0) ? str2 : !str2.startsWith(new StringBuilder().append(str).append("/").toString()) ? str2 : str2.substring(str.length() + 1);
    }
}
