package com.ibm.ws.security.config;

import com.ibm.CSIv2Security.NotForwardableMechOID;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ejs.ras.SharedLogConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.security.krb5.internal.Config;
import com.ibm.security.krb5.internal.ktab.KeyTab;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.models.config.security.SecurityPackage;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.kerberos.admintask.SpnegoCommandProviderImpl;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.ConfigUtils;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
import org.eclipse.hyades.logging.events.cbe.ExtendedDataElement;
import org.eclipse.xsd.util.XSDConstants;

/* loaded from: input_file:com/ibm/ws/security/config/AuthMechanismConfigImpl.class */
public class AuthMechanismConfigImpl extends GenericConfigHelperImpl implements AuthMechanismConfig {
    private static final String SINGLE_SIGNON = "singleSignon";
    private static final String FILTERS = "filters";
    private SingleSignonConfig sso;
    private String type;
    private LinkedList<FiltersConfig> filters;
    private Properties filterProps;
    private boolean initializeRSAPropertiesCalled;
    private boolean krbAllowLTPAAuth;
    private String authMechOID;
    private SecurityConfigObject domainSCO;
    private int KRB5_CLOCK_SKEW;
    private static TraceComponent tc = Tr.register((Class<?>) AuthMechanismConfigImpl.class, "SecurityConfig", AdminConstants.MSG_BUNDLE_NAME);
    private static String LIBDEFAULTS = "libdefaults";

    private void commonConstructor(SecurityConfigObject securityConfigObject, GenericConfigHelperImpl genericConfigHelperImpl, String str) {
        super.initialize(securityConfigObject, genericConfigHelperImpl, str);
        initialize_defaults();
        addXMLAttributes();
    }

    AuthMechanismConfigImpl() {
        this.sso = null;
        this.type = null;
        this.filters = null;
        this.filterProps = null;
        this.initializeRSAPropertiesCalled = false;
        this.krbAllowLTPAAuth = true;
        this.authMechOID = null;
        this.domainSCO = null;
        this.KRB5_CLOCK_SKEW = SharedLogConstants.STALE_LOCK_TIMEOUT;
        commonConstructor(null, null, "UnitTestConstructor");
    }

    public AuthMechanismConfigImpl(SecurityConfigObject securityConfigObject, GenericConfigHelperImpl genericConfigHelperImpl, String str) {
        this.sso = null;
        this.type = null;
        this.filters = null;
        this.filterProps = null;
        this.initializeRSAPropertiesCalled = false;
        this.krbAllowLTPAAuth = true;
        this.authMechOID = null;
        this.domainSCO = null;
        this.KRB5_CLOCK_SKEW = SharedLogConstants.STALE_LOCK_TIMEOUT;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "ctor " + str, new Object[]{securityConfigObject, genericConfigHelperImpl});
        }
        commonConstructor(securityConfigObject, genericConfigHelperImpl, str);
        initialization();
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "ctor " + this.cacheKey, this);
        }
    }

    public AuthMechanismConfigImpl(SecurityConfigObject securityConfigObject, SecurityConfigObject securityConfigObject2, GenericConfigHelperImpl genericConfigHelperImpl, String str) {
        this.sso = null;
        this.type = null;
        this.filters = null;
        this.filterProps = null;
        this.initializeRSAPropertiesCalled = false;
        this.krbAllowLTPAAuth = true;
        this.authMechOID = null;
        this.domainSCO = null;
        this.KRB5_CLOCK_SKEW = SharedLogConstants.STALE_LOCK_TIMEOUT;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "ctor " + str, new Object[]{securityConfigObject, securityConfigObject2, genericConfigHelperImpl});
        }
        commonConstructor(securityConfigObject, genericConfigHelperImpl, str);
        this.domainSCO = securityConfigObject2;
        initialization();
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "ctor " + this.cacheKey, this);
        }
    }

    private void initialize_defaults() {
        this.defaults.put(AuthMechanismConfig.OID, null);
        this.defaults.put(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, null);
        this.defaults.put(AuthMechanismConfig.AUTH_CONFIG, null);
        this.defaults.put(AuthMechanismConfig.SIMPLE_AUTH_CONFIG, null);
        this.defaults.put(AuthMechanismConfig.AUTH_VALIDATION_CONFIG, null);
        this.defaults.put("timeout", 0L);
        this.defaults.put("password", null);
        this.defaults.put(AuthMechanismConfig.KEY_SET_GROUP, null);
        this.defaults.put("trimUserName", Boolean.FALSE);
        this.defaults.put("enabledGssCredDelegate", Boolean.FALSE);
        this.defaults.put("krb5Realm", null);
        this.defaults.put("krb5Config", null);
        this.defaults.put("krb5Keytab", null);
        this.defaults.put(AuthMechanismConfig.KRB5_SPN, null);
        this.defaults.put(AuthMechanismConfig.KRB5_SPN_PASSWORD, null);
        this.defaults.put(AuthMechanismConfig.ALLOW_LTPA_AUTH, Boolean.TRUE);
        this.defaults.put(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.TRUE);
    }

    private void addXMLAttributes() {
        this.xmlAttributes.add(AuthMechanismConfig.OID);
        this.xmlAttributes.add(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS);
        this.xmlAttributes.add(AuthMechanismConfig.AUTH_CONFIG);
        this.xmlAttributes.add(AuthMechanismConfig.SIMPLE_AUTH_CONFIG);
        this.xmlAttributes.add(AuthMechanismConfig.AUTH_VALIDATION_CONFIG);
        this.xmlAttributes.add(AuthMechanismConfig.FORWARDABLE_CRED);
        this.xmlAttributes.add("timeout");
        this.xmlAttributes.add("password");
        this.xmlAttributes.add(AuthMechanismConfig.KEY_SET_GROUP);
        this.xmlAttributes.add("krb5Realm");
        this.xmlAttributes.add("krb5Config");
        this.xmlAttributes.add("krb5Keytab");
        this.xmlAttributes.add(AuthMechanismConfig.KRB5_SPN);
        this.xmlAttributes.add(AuthMechanismConfig.KRB5_SPN_PASSWORD);
        this.xmlAttributes.add("trimUserName");
        this.xmlAttributes.add("enabledGssCredDelegate");
    }

    private void initializeRSA() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeRSA " + this.cacheKey);
        }
        String string = this.sco.getString(AuthMechanismConfig.OID, null);
        if (string != null) {
            setString(AuthMechanismConfig.OID, string);
        }
        String string2 = this.sco.getString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, null);
        if (string2 != null) {
            setString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, string2);
        }
        Long rsaPropagatinTokenExpiration = getRsaPropagatinTokenExpiration();
        if (rsaPropagatinTokenExpiration != null) {
            setLong(AuthMechanismConfig.RSA_TOKEN_EXPIRATION, rsaPropagatinTokenExpiration);
        }
        Long rsaNoneCacheTimeout = getRsaNoneCacheTimeout();
        if (rsaNoneCacheTimeout != null) {
            setLong(AuthMechanismConfig.RSA_TOKEN_NONCE_CACHE_TIMEOUT, rsaNoneCacheTimeout);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Admin RSA token OID: " + string);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Admin RSA token context impl class: " + string2);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Admin RSA token expiration: " + rsaPropagatinTokenExpiration);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Admin RSA token nonce cache timeout: " + rsaNoneCacheTimeout);
        }
        SecurityConfigObject object = this.sco.getObject("adminCertificate");
        if (object == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RSA propagation is enabled but admin personal certificate is not specified in the security.xml.");
            }
            throw new IllegalArgumentException("Admin rsa propagation is enabled but the admin certificate is not configured.");
        }
        try {
            String string3 = object.getString("alias");
            if (string3 != null) {
                setString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS, string3);
            }
            String string4 = object.getObject(CommandConstants.KEY_STORE).getString("name");
            if (string4 != null) {
                setString(AuthMechanismConfig.RSA_TOKEN_KEY_STORE_NAME, string4);
            }
            String unexpandedString = object.getObject(CommandConstants.KEY_STORE).getUnexpandedString("password");
            if (unexpandedString != null && unexpandedString.length() > 0) {
                setObject(AuthMechanismConfig.RSA_TOKEN_KEY_STORE_PASSWORD, PasswordUtil.passwordDecode(unexpandedString).toCharArray());
            }
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Admin personal keystore name is: " + string4);
            }
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Admin personal certificate alias is: " + string3);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting the admin certificate.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.config.AuthMechanismConfigImpl.initializeRSA", "190", this);
        }
        try {
            String string5 = this.sco.getObject("adminCertificateTrustStore").getString("name");
            setString(AuthMechanismConfig.RSA_TOKEN_TRUST_STORE_NAME, string5);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Admin trust store name is: " + string5);
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RSA propagation is enabled but admin trust store is not specified in the security.xml.", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.config.AuthMechanismConfigImpl.initializeRSA", "209", this);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeRSA " + this.cacheKey);
        }
    }

    private Long getRsaNoneCacheTimeout() {
        Long l = this.sco.getLong("nonceCacheTimeout", 0L);
        if (l.longValue() == 0) {
            return 1200L;
        }
        return l;
    }

    private Long getRsaPropagatinTokenExpiration() {
        Long l = this.sco.getLong("tokenExpiration", 0L);
        if (l.longValue() == 0) {
            return 600L;
        }
        return l;
    }

    private void initializeSPNEGOProperties() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSPNEGOProperties " + this.cacheKey);
        }
        String string = this.sco.getString(AuthMechanismConfig.OID, null);
        if (string != null) {
            setString(AuthMechanismConfig.OID, string);
        }
        String string2 = this.sco.getString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, null);
        if (string2 != null) {
            setString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, string2);
        }
        Boolean bool = this.sco.getBoolean("enabled");
        setBoolean(AuthMechanismConfig.SPNEGO_ENABLED, bool);
        setBoolean(AuthMechanismConfig.SPNEGO_ALLOW_APP_AUTH_METHOD_FALLBACK, this.sco.getBoolean(SpnegoCommandProviderImpl.ALLOW_APP_AUTH_METHOD_FALLBACK));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SPNEGO OID: " + string);
            Tr.debug(tc, "spnegoAuthContextImplClass: " + string2);
            Tr.debug(tc, "spnegoEnabled: " + bool);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeSPNEGOProperties " + this.cacheKey);
        }
    }

    private void initializeLTPAProperties() {
        SecurityConfigObject object = this.sco.getObject(AbstractAdminCommand.PRIVATE_CUSTOM_TAG);
        if (object != null) {
            setString("com.ibm.websphere.ltpa.PrivateKey", object.getString(ExtendedDataElement.TYPE_BYTE_ARRAY));
        }
        SecurityConfigObject object2 = this.sco.getObject(XSDConstants.PUBLIC_ATTRIBUTE);
        if (object2 != null) {
            setString("com.ibm.websphere.ltpa.PublicKey", object2.getString(ExtendedDataElement.TYPE_BYTE_ARRAY));
        }
        SecurityConfigObject object3 = this.sco.getObject("shared");
        if (object3 != null) {
            setString("com.ibm.websphere.ltpa.3DESKey", object3.getString(ExtendedDataElement.TYPE_BYTE_ARRAY));
        }
        if (!this.parent.getSCO().isDomainConfig() || this.sco.isDomainConfig()) {
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "This LTPA authMech is defined within a multi domain environment, checking for domain LTPA timeout value");
        }
        if (this.domainSCO == null) {
            AuthMechanismConfig authMechanism = ((SecurityConfig) this.parent).getAuthMechanism("LTPA");
            if (authMechanism != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found domain LTPA with timeout: " + authMechanism.getLong("timeout"));
                }
                setLong("timeout", authMechanism.getLong("timeout"));
                return;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No domain LTPA found");
                    return;
                }
                return;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Loading for list");
        }
        if (this.domainSCO.isSet("timeout")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Domain LTPA with timeout: " + this.domainSCO.getLong("timeout"));
            }
            setLong("timeout", this.domainSCO.getLong("timeout"));
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Domain LTPA does not defined timeout, ignoring");
        }
    }

    private void initializeKerberosProperties() {
        String string = this.sco.getString(AuthMechanismConfig.OID, null);
        if (string != null) {
            setString(AuthMechanismConfig.OID, string);
        }
        String string2 = this.sco.getString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, null);
        if (string2 != null) {
            setString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, string2);
        }
        String str = null;
        String str2 = null;
        try {
            str = getUnexpandedString("krb5Config");
            if (str != null) {
                str2 = ConfigUtils.expandKrbFile(str);
                if (str2 != null) {
                    setString("krb5Config", str2);
                    setKrbConfigProp(str2);
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception expanding kerberos variables.", new Object[]{e});
            }
        }
        String string3 = this.sco.getString("krb5Keytab", null);
        String string4 = this.sco.getString("krb5Realm", null);
        try {
            setUseAllCredsProp();
            if ((string3 == null || string3.length() == 0) && str2 != null && str2.length() != 0) {
                string3 = getDefaultKeytab(str2);
            }
            if (string3 != null) {
                setString("krb5Keytab", string3);
                setKrbKeytabProp(string3);
            }
            if ((string4 == null || string4.length() == 0) && str2 != null && str2.length() != 0) {
                string4 = getDefaultRealm(str2);
            }
            if (string4 != null) {
                setString("krb5Realm", string4);
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting the Kerberos configuration.", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.krb5.readConfiguration", "331", this);
        }
        Boolean bool = this.sco.getBoolean("trimUserName");
        setBoolean("trimUserName", bool);
        Boolean bool2 = this.sco.getBoolean("enabledGssCredDelegate");
        setBoolean("enabledGssCredDelegate", bool2);
        this.krbAllowLTPAAuth = ((SecurityConfig) this.parent).getPropertyBool("com.ibm.websphere.security.krb.allowLTPAAuth");
        setBoolean(AuthMechanismConfig.ALLOW_LTPA_AUTH, this.krbAllowLTPAAuth);
        AuthMechanismConfig authMechanism = ((SecurityConfig) this.parent).getAuthMechanism("LTPA");
        if (authMechanism != null) {
            setLong("timeout", authMechanism.getLong("timeout"));
        }
        String unexpandedString = getUnexpandedString(AuthMechanismConfig.KRB5_SPN);
        try {
            setString(AuthMechanismConfig.KRB5_SPN, ConfigUtils.expandHost((SecurityConfig) this.parent, unexpandedString, null));
        } catch (Exception e3) {
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KRB5 OID: " + string);
            Tr.debug(tc, "krb5AuthContextImplClass: " + string2);
            Tr.debug(tc, "spn: " + unexpandedString);
            Tr.debug(tc, "expand spn: " + getString(AuthMechanismConfig.KRB5_SPN));
            Tr.debug(tc, "krb5Config: " + str);
            Tr.debug(tc, "expand krb5Config: " + str2);
            Tr.debug(tc, "krb5Keytab: " + string3);
            Tr.debug(tc, "krb5Realm: " + string4);
            Tr.debug(tc, "trimUserName: " + bool);
            Tr.debug(tc, "enabledGssCredDelegate: " + bool2);
            Tr.debug(tc, "krbAllowLTPAAuth: " + this.krbAllowLTPAAuth);
        }
    }

    private void initialization() {
        handleRCSDefaultValues();
        String type = getType();
        if (type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, false);
        } else if (type.equals("LTPA")) {
            initializeLTPAProperties();
            setString(AuthMechanismConfig.KEY_SET_GROUP, getKeySetGroupName(false));
        } else if (type.equals(AuthMechanismConfig.TYPE_RSATOKEN)) {
            initializeRSA();
        } else if (type.equals(AuthMechanismConfig.TYPE_KERBEROS)) {
            if (this.krbAllowLTPAAuth) {
                initializeKerberosProperties();
                setString(AuthMechanismConfig.KEY_SET_GROUP, getKeySetGroupName(true));
            } else {
                setString(AuthMechanismConfig.KEY_SET_GROUP, getKeySetGroupName(false));
            }
        } else if (type.equals(AuthMechanismConfig.TYPE_SPNEGO)) {
            initializeSPNEGOProperties();
        }
        if (type.equals("LTPA")) {
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.TRUE);
        } else if (type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            String string = this.sco.getString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, null);
            if (string == null) {
                string = "";
            }
            setString(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, string);
            setString(AuthMechanismConfig.OID, NotForwardableMechOID.value);
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.FALSE);
        } else if (type.equals(AuthMechanismConfig.TYPE_RSATOKEN)) {
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.TRUE);
        } else if (type.equals("CUSTOM")) {
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.TRUE);
        } else if (type.equals(AuthMechanismConfig.TYPE_KERBEROS)) {
            setBoolean(AuthMechanismConfig.FORWARDABLE_CRED, Boolean.TRUE);
        }
        if (!type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            String property = ((SecurityConfig) this.parent).getProperty("com.ibm.ws.security.defaultLoginConfig");
            if (property == null || property.equals("")) {
                property = "system.LTPA";
            }
            setString(AuthMechanismConfig.AUTH_CONFIG, property);
            setString(AuthMechanismConfig.SIMPLE_AUTH_CONFIG, property);
            setString(AuthMechanismConfig.AUTH_VALIDATION_CONFIG, property);
        }
        if (this.sco.getDescriptor().contains("activeAuthMechanism") && type.equals(AuthMechanismConfig.TYPE_SWAM)) {
            String property2 = ((SecurityConfig) this.parent).getProperty(SecurityConfig.SWAM_LOGIN_CONFIG);
            String str = "system.SWAM";
            if (property2 != null && !property2.equals("")) {
                str = property2;
            }
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.CSI.rmiOutboundPropagationEnabled", "false");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.CSI.rmiInboundPropagationEnabled", "false");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.CSI.rmiOutboundLoginEnabled", "false");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.ws.security.webInboundPropagationEnabled", "false");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.ws.security.ssoInteropModeEnabled", "true");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.CSI.rmiInboundLoginConfig", str);
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.CSI.rmiOutboundLoginConfig", "system.RMI_OUTBOUND");
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.ws.security.webInboundLoginConfig", str);
            ((SecurityConfigImpl) this.parent).setProperty("com.ibm.ws.security.defaultLoginConfig", str);
        }
    }

    private void handleRCSDefaultValues() {
        boolean z = TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled();
        SecurityConfigObject sco = getSCO();
        String string = sco.getString(AuthMechanismConfig.AUTH_CONFIG);
        if (z) {
            Tr.debug(tc, "handleRCSDefaultValues for AUTH_CONFIG = " + string);
        }
        if (!"system.LTPA".equals(string)) {
            if (z) {
                Tr.debug(tc, "handleRCSDefaultValues - USING DEFAULT LTPA-timeout = 120");
            }
            setLong("timeout", (Long) 120L);
            return;
        }
        long longValue = sco.getLong("timeout").longValue();
        if (z) {
            Tr.debug(tc, "handleRCSDefaultValues - LTPA-timeout = " + longValue);
        }
        if (longValue == 0) {
            setLong("timeout", 120L);
        } else {
            setLong("timeout", longValue);
        }
    }

    private String getKeySetGroupName(boolean z) {
        AuthMechanismConfigImpl authMechanismConfigImpl;
        SecurityConfigObject object;
        SecurityConfigObject sco = getSCO();
        String string = sco.getString(AuthMechanismConfig.AUTH_CONFIG);
        String str = null;
        if ("system.LTPA".equals(string)) {
            SecurityConfigObject object2 = sco.getObject(AuthMechanismConfig.KEY_SET_GROUP);
            if (object2 != null) {
                str = object2.getString("name");
            }
        } else if ("system.KRB5".equals(string) && z && (authMechanismConfigImpl = (AuthMechanismConfigImpl) ((SecurityConfig) this.parent).getAuthMechanism("LTPA")) != null && (object = authMechanismConfigImpl.getSCO().getObject(AuthMechanismConfig.KEY_SET_GROUP)) != null) {
            str = object.getString("name");
        }
        return str;
    }

    private synchronized void do_initializeRSAProperties() {
        WSKeyStore keyStore;
        WSKeyStore keyStore2;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeRSAProperties");
        }
        if (this.initializeRSAPropertiesCalled) {
            if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
                Tr.exit(tc, "RSA properties already initialized.");
                return;
            }
            return;
        }
        this.initializeRSAPropertiesCalled = true;
        try {
            keyStore = KeyStoreManager.getInstance().getKeyStore(getString(AuthMechanismConfig.RSA_TOKEN_KEY_STORE_NAME));
            keyStore2 = KeyStoreManager.getInstance().getKeyStore(getString(AuthMechanismConfig.RSA_TOKEN_TRUST_STORE_NAME));
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting the admin certificate.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.rsatoken.RSAPropagationManager.readConfiguration", "314", this);
        }
        if (!PlatformHelperFactory.getPlatformHelper().isZOS() || (PlatformHelperFactory.getPlatformHelper().isZOS() && !PlatformHelperFactory.getPlatformHelper().isServantJvm())) {
            if (keyStore == null) {
                throw new IllegalArgumentException("The admin keystore alias is not found.");
            }
            SSLConfig sSLConfig = new SSLConfig();
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, AuthMechanismConfig.RSA_TOKEN_KEY_STORE_NAME);
            Certificate checkIfKeyStoreExistsAndCreateIfNot = KeyStoreManager.getInstance().checkIfKeyStoreExistsAndCreateIfNot(keyStore, sSLConfig);
            sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, AuthMechanismConfig.RSA_TOKEN_TRUST_STORE_NAME);
            KeyStoreManager.getInstance().checkIfTrustStoreExistsAndCreateIfNot(keyStore2, sSLConfig, checkIfKeyStoreExistsAndCreateIfNot);
            KeyStore keyStore3 = keyStore.getKeyStore(true, false);
            if (keyStore3 == null) {
                throw new IllegalArgumentException("The admin keystore is not valid.");
            }
            String string = getString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS);
            if (string == null || string.equalsIgnoreCase("")) {
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "RSAToken certificate alias is not set, getting first alias from keystore.");
                }
                Enumeration<String> aliases = keyStore3.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    string = aliases.nextElement();
                    if (keyStore3.isKeyEntry(string)) {
                        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting alias: " + string);
                        }
                        setString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS, string);
                    } else {
                        string = null;
                    }
                }
            }
            if (string == null || string.equalsIgnoreCase("")) {
                throw new IllegalArgumentException("The admin certificate alias could not be determined.");
            }
            Certificate[] certificateChain = keyStore3.getCertificateChain(string);
            Object obj = (PrivateKey) keyStore3.getKey(string, keyStore.getProperty("com.ibm.ssl.keyStorePassword").toCharArray());
            if (certificateChain == null || obj == null) {
                throw new IllegalArgumentException("The admin certificate alias was not found in the admin keystore.");
            }
            for (Certificate certificate : certificateChain) {
                try {
                    ((X509Certificate) certificate).checkValidity();
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception checking the validity of the RSA token ", new Object[]{e2});
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.config.AuthMechanismConfigImpl.do_initializeRSAProperties", "761", this);
                    throw e2;
                }
            }
            setObject(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE, certificateChain);
            setObject(AuthMechanismConfig.RSA_TOKEN_PRIVATE_KEY, obj);
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Set the admin certificate and private key.");
            }
            if (SecurityConfigGlobals.enableVerbose || !tc.isEntryEnabled()) {
            }
            Tr.exit(tc, "initializeRSAProperties");
            return;
        }
        if (keyStore == null) {
            throw new IllegalArgumentException("The admin keystore alias is not found.");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStore);
        if (wSKeyStoreRemotable == null) {
            throw new IllegalArgumentException("The admin keystore is not valid.");
        }
        String string2 = getString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS);
        if (string2 == null || string2.equalsIgnoreCase("")) {
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "RSAToken certificate alias is not set, getting first alias from keystore.");
            }
            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null);
            if (invokeKeyStoreCommand != null) {
                int i = 0;
                while (true) {
                    if (i >= invokeKeyStoreCommand.length) {
                        break;
                    }
                    string2 = (String) invokeKeyStoreCommand[0];
                    if (((Boolean) keyStore.invokeKeyStoreCommand("isKeyEntry", new Object[]{string2})[0]).booleanValue()) {
                        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting alias: " + string2);
                        }
                        setString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS, string2);
                    } else {
                        string2 = null;
                        i++;
                    }
                }
            }
        }
        if (string2 == null || string2.equalsIgnoreCase("")) {
            throw new IllegalArgumentException("The admin certificate alias could not be determined.");
        }
        Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("getKey", new Object[]{string2, keyStore.getProperty("com.ibm.ssl.keyStorePassword").toCharArray()});
        if (invokeKeyStoreCommand2 == null) {
            throw new IllegalArgumentException("The admin certificate alias was not found in the admin keystore.");
        }
        Object obj2 = (PrivateKey) invokeKeyStoreCommand2[0];
        setObject(AuthMechanismConfig.RSA_TOKEN_PRIVATE_KEY, obj2);
        Object[] invokeKeyStoreCommand3 = wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificateChain", new Object[]{string2});
        if (invokeKeyStoreCommand3 == null) {
            throw new IllegalArgumentException("The admin certificate alias was not found in the admin keystore.");
        }
        Certificate[] certificateArr = (Certificate[]) invokeKeyStoreCommand3[0];
        try {
            if (invokeKeyStoreCommand3.length > 0) {
                for (Certificate certificate2 : certificateArr) {
                    ((X509Certificate) certificate2).checkValidity();
                }
            }
            setObject(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE, certificateArr);
            if (certificateArr == null || obj2 == null) {
                throw new IllegalArgumentException("The admin certificate alias was not found in the admin keystore.");
            }
            if (SecurityConfigGlobals.enableVerbose) {
            }
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception checking the validity of the RSA token ", new Object[]{e3});
            }
            FFDCFilter.processException(e3, "com.ibm.ws.security.config.AuthMechanismConfigImpl.do_initializeRSAProperties", "872", this);
            throw e3;
        }
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public void initializeRSAProperties() {
        if (!this.initializeRSAPropertiesCalled) {
            do_initializeRSAProperties();
        } else if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "RSA properties already initialized.");
        }
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public void reinitializeRSAProperties() {
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Reinitialize the RSA certificate/RSA token.");
        }
        super.unsetString(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE_ALIAS);
        super.unsetObject(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE);
        super.unsetObject(AuthMechanismConfig.RSA_TOKEN_PRIVATE_KEY);
        this.initializeRSAPropertiesCalled = false;
        do_initializeRSAProperties();
    }

    @Override // com.ibm.ws.security.config.GenericConfigHelperImpl, com.ibm.ws.security.config.GenericConfigHelper
    public Object getObject(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getObject" + this.cacheKey, str);
        }
        Object object = super.getObject(str);
        if ((!str.equals(AuthMechanismConfig.RSA_TOKEN_CERTIFICATE) && !str.equals(AuthMechanismConfig.RSA_TOKEN_PRIVATE_KEY)) || object != null) {
            if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
                Tr.exit(tc, "getObject" + this.cacheKey, object);
            }
            return object;
        }
        this.initializeRSAPropertiesCalled = false;
        initializeRSAProperties();
        Object object2 = super.getObject(str);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getObject" + this.cacheKey, object2);
        }
        return object2;
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public String getType() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getType" + this.cacheKey);
        }
        if (this.type == null) {
            if (this.sco.instanceOf(SecurityPackage.eNS_URI, "LTPA")) {
                this.type = "LTPA";
            } else if (this.sco.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_SPNEGO)) {
                this.type = AuthMechanismConfig.TYPE_SPNEGO;
            } else if (this.sco.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_KERBEROS)) {
                this.type = AuthMechanismConfig.TYPE_KERBEROS;
            } else if (this.sco.instanceOf(SecurityPackage.eNS_URI, "RSAToken")) {
                this.type = AuthMechanismConfig.TYPE_RSATOKEN;
            } else if (this.sco.instanceOf(SecurityPackage.eNS_URI, "SWAMAuthentication")) {
                this.type = AuthMechanismConfig.TYPE_SWAM;
            } else if (this.sco.instanceOf(SecurityPackage.eNS_URI, "CustomAuthMechanism")) {
                this.type = "CUSTOM";
            } else if (tc.isDebugEnabled()) {
                Tr.error(tc, "Unknown authMechanism type");
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getType" + this.cacheKey, this.type);
        }
        return this.type;
    }

    private SingleSignonConfig getLTPASingleSignon() {
        AuthMechanismConfigImpl authMechanismConfigImpl = (AuthMechanismConfigImpl) ((SecurityConfig) this.parent).getAuthMechanism("LTPA");
        if (authMechanismConfigImpl != null) {
            SecurityConfigObject object = authMechanismConfigImpl.getSCO().getObject(SINGLE_SIGNON, false);
            if (object == null) {
                return null;
            }
            this.sso = new SingleSignonConfigImpl(object, this, this.cacheKey);
        }
        return this.sso;
    }

    private synchronized void do_getSingleSignon() {
        if (this.sso == null) {
            SecurityConfigObject object = this.sco.getObject(SINGLE_SIGNON, false);
            if (object != null) {
                this.sso = new SingleSignonConfigImpl(object, this, this.cacheKey);
            } else if (getType().equals(AuthMechanismConfig.TYPE_KERBEROS) && this.krbAllowLTPAAuth) {
                this.sso = getLTPASingleSignon();
            }
        }
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public SingleSignonConfig getSingleSignon() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSingleSignon" + this.cacheKey);
        }
        if (this.sso == null) {
            do_getSingleSignon();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSingleSignon" + this.cacheKey, this.sso);
        }
        return this.sso;
    }

    private synchronized void do_getFilters() {
        if (this.filters == null) {
            SecurityConfigObjectList objectList = this.sco.getObjectList(FILTERS);
            int size = objectList.size();
            this.filters = new LinkedList<>();
            for (int i = 0; i < size; i++) {
                this.filters.add(new FiltersConfigImpl(objectList.get(i), this, this.cacheKey));
            }
        }
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public List<FiltersConfig> getFilters() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getFilters" + this.cacheKey);
        }
        if (this.filters == null) {
            do_getFilters();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getFilters" + this.cacheKey, this.filters);
        }
        return this.filters;
    }

    private synchronized void do_getSpnegoFilterProps() {
        if (this.filterProps == null) {
            this.filterProps = new Properties();
            List<FiltersConfig> filters = getFilters();
            for (int i = 0; i < filters.size(); i++) {
                int i2 = i + 1;
                FiltersConfigImpl filtersConfigImpl = (FiltersConfigImpl) filters.get(i);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "filter: " + filtersConfigImpl);
                }
                String string = filtersConfigImpl.getString(FiltersConfig.HOSTNAME);
                if (string != null && string.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + "." + FiltersConfig.HOSTNAME, string);
                }
                String string2 = filtersConfigImpl.getString("krb5Realm");
                if (string2 != null && string2.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + ".krb5Realm", string2);
                }
                String string3 = filtersConfigImpl.getString("filterClass");
                if (string3 != null && string3.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + ".filterClass", string3);
                }
                String string4 = filtersConfigImpl.getString("filterCriteria");
                if (string4 != null && string4.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + ".filter", string4);
                }
                this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + ".enableCredDelegate", Boolean.valueOf(filtersConfigImpl.getBoolean("enabledGssCredDelegate")).toString());
                String string5 = filtersConfigImpl.getString(FiltersConfig.SPNEGO_NOT_SUPPORTED_PAGE);
                if (string5 != null && string5.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + "." + FiltersConfig.SPNEGO_NOT_SUPPORTED_PAGE, string5);
                }
                String string6 = filtersConfigImpl.getString(FiltersConfig.NTLM_TOKEN_RECEIVED_PAGE);
                if (string6 != null && string6.length() != 0) {
                    this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + "." + FiltersConfig.NTLM_TOKEN_RECEIVED_PAGE, string6);
                }
                this.filterProps.setProperty(com.ibm.ws.security.spnego.Constants.KEY_TAI_SPN_ID + i2 + ".trimUserName", Boolean.valueOf(filtersConfigImpl.getBoolean("trimUserName")).toString());
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPN" + i2 + ": " + this.filterProps);
                }
            }
        }
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public Properties getSpnegoFilterProps() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSpnegoFilterProps");
        }
        if (this.filterProps == null) {
            do_getSpnegoFilterProps();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSpnegoFilterProps " + this.filterProps);
        }
        return this.filterProps;
    }

    @Override // com.ibm.ws.security.config.GenericConfigHelperImpl, com.ibm.ws.security.config.GenericConfigHelper
    public String getString(String str) {
        String str2;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getString() key=" + str + RASFormatter.DEFAULT_SEPARATOR + this.cacheKey);
        }
        if (str != AuthMechanismConfig.OID && !str.equals(AuthMechanismConfig.OID)) {
            str2 = super.getString(str);
        } else if (this.authMechOID == null || this.authMechOID.equals("")) {
            String string = super.getString(str);
            this.authMechOID = string;
            str2 = string;
        } else {
            str2 = this.authMechOID;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getString" + this.cacheKey, str2);
        }
        return str2;
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x001c, code lost:
    
        if (r8.length() == 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getDefaultRealm(java.lang.String r8) throws java.lang.Exception {
        /*
            r7 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L12
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            java.lang.String r1 = "getDefaultRealm"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        L12:
            r0 = 0
            r9 = r0
            r0 = r8
            if (r0 == 0) goto L1f
            r0 = r8
            int r0 = r0.length()     // Catch: java.lang.Exception -> L4f
            if (r0 != 0) goto L31
        L1f:
            com.ibm.ws.security.config.SecurityConfig r0 = com.ibm.ws.security.config.SecurityObjectLocator.getSecurityConfig()     // Catch: java.lang.Exception -> L4f
            java.lang.String r1 = "KRB5"
            com.ibm.ws.security.config.AuthMechanismConfig r0 = r0.getAuthMechanism(r1)     // Catch: java.lang.Exception -> L4f
            java.lang.String r1 = "krb5Config"
            java.lang.String r0 = r0.getString(r1)     // Catch: java.lang.Exception -> L4f
            r8 = r0
        L31:
            r0 = r8
            if (r0 == 0) goto L4c
            r0 = r8
            int r0 = r0.length()     // Catch: java.lang.Exception -> L4f
            if (r0 <= 0) goto L4c
            com.ibm.security.krb5.internal.Config r0 = com.ibm.security.krb5.internal.Config.getInstance()     // Catch: java.lang.Exception -> L4f
            r10 = r0
            com.ibm.security.krb5.internal.Config.refresh()     // Catch: java.lang.Exception -> L4f
            com.ibm.security.krb5.internal.Config r0 = com.ibm.security.krb5.internal.Config.getInstance()     // Catch: java.lang.Exception -> L4f
            r10 = r0
            r0 = r10
            java.lang.String r0 = r0.getDefaultRealm()     // Catch: java.lang.Exception -> L4f
            r9 = r0
        L4c:
            goto L77
        L4f:
            r10 = move-exception
            r0 = r10
            java.lang.String r1 = "com.ibm.ws.security.config.AuthMechanismConfigImpl.getDefaultRealm"
            java.lang.String r2 = "1191"
            com.ibm.ws.ffdc.FFDCFilter.processException(r0, r1, r2)
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L75
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            r1 = r10
            java.lang.String r1 = r1.getMessage()
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r3 = r2
            r4 = 0
            r5 = r10
            r3[r4] = r5
            com.ibm.ejs.ras.Tr.debug(r0, r1, r2)
        L75:
            r0 = r10
            throw r0
        L77:
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L9a
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.config.AuthMechanismConfigImpl.tc
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "getDefaultRealm "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r9
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            com.ibm.ejs.ras.Tr.exit(r0, r1)
        L9a:
            r0 = r9
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.config.AuthMechanismConfigImpl.getDefaultRealm(java.lang.String):java.lang.String");
    }

    /* JADX WARN: Code restructure failed: missing block: B:54:0x001e, code lost:
    
        if (r8.length() == 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getDefaultKeytab(java.lang.String r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 323
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.config.AuthMechanismConfigImpl.getDefaultKeytab(java.lang.String):java.lang.String");
    }

    public void setKrbConfigProp(final String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setKrbConfigProp");
        }
        if (str != null && str.length() != 0) {
            String str2 = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.security.config.AuthMechanismConfigImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    String property = System.getProperty("java.security.krb5.conf");
                    System.setProperty("java.security.krb5.conf", str);
                    return property;
                }
            });
            try {
                Config.getInstance();
                Config.refresh();
                Config.getInstance();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Reloaded the kerberos config file.");
                }
                int clockSkew = getClockSkew();
                if (clockSkew > 0) {
                    this.KRB5_CLOCK_SKEW = clockSkew * 1000;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The kerberos clock skew in milliseconds is " + this.KRB5_CLOCK_SKEW);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.config.AuthMechanismConfigImpl.setKrbConfigProp", "1300");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, e.getMessage(), new Object[]{e});
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "java.security.krb5.conf property previous: " + (str2 != null ? str2 : "<null>") + " and now: " + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setKrbConfigProp");
        }
    }

    public static void setUseAllCredsProp() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setUseAllCredsProp");
        }
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.security.config.AuthMechanismConfigImpl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                String property = System.getProperty("javax.security.auth.useAllCreds");
                System.setProperty("javax.security.auth.useAllCreds", "true");
                return property;
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "javax.security.auth.useAllCreds property previous: " + (str != null ? str : "<null>") + " and now: true");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setUseAllCredsProp");
        }
    }

    public static void setKrbKeytabProp(final String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setKrbKeytabProp");
        }
        if (str != null && str.length() != 0) {
            String str2 = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.config.AuthMechanismConfigImpl.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    String property = System.getProperty("KRB5_KTNAME");
                    System.setProperty("KRB5_KTNAME", str);
                    return property;
                }
            });
            try {
                KeyTab.getInstance(str);
                KeyTab.refresh();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Reloaded the keytab file");
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.config.AuthMechanismConfigImpl.setKrbKeytabProp", "1363");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, e.getMessage(), new Object[]{e});
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KRB5_KTNAME property previous: " + (str2 != null ? str2 : "<null>") + " and now: " + str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setKrbKeytabProp");
        }
    }

    @Override // com.ibm.ws.security.config.GenericConfigHelperImpl
    public String toString() {
        return "type=" + this.type + RASFormatter.DEFAULT_SEPARATOR + super.toString();
    }

    @Override // com.ibm.ws.security.config.AuthMechanismConfig
    public int getKrb5ClockSkew() {
        return this.KRB5_CLOCK_SKEW;
    }

    public int getClockSkew() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getClockSkew");
        }
        Integer num = 300;
        try {
            Object krb5ConfigObj = ConfigUtils.getKrb5ConfigObj();
            if (ConfigUtils.isJava8OrLater()) {
                Method declaredMethod = krb5ConfigObj.getClass().getDeclaredMethod("getIntValue", String[].class);
                declaredMethod.setAccessible(true);
                num = (Integer) declaredMethod.invoke(krb5ConfigObj, new String[]{LIBDEFAULTS, "clockskew"});
            } else {
                Method declaredMethod2 = krb5ConfigObj.getClass().getDeclaredMethod("getDefaultIntValue", String.class);
                declaredMethod2.setAccessible(true);
                num = (Integer) declaredMethod2.invoke(krb5ConfigObj, "clockskew");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.config.AuthMechanismConfigImpl.getClockSkew", "1402");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, e.getMessage(), new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getClockSkew", num);
        }
        return num.intValue();
    }
}
