package com.ibm.ws.security.auth.kerberos.admintask;

import com.ibm.ISecurityUtilityImpl.AuthenticationTarget;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.configservice.SystemAttributes;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.kerberos.Krb5Utils;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.CSIv2ConfigData;
import com.ibm.ws.security.config.CSIv2MessageLayerConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:com/ibm/ws/security/auth/kerberos/admintask/DeleteKrbAuthMechanism.class */
public class DeleteKrbAuthMechanism extends AbstractTaskCommand {
    private static String BUNDLE_NAME = AdminConstants.MSG_BUNDLE_NAME;
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private static TraceComponent tc = Tr.register((Class<?>) DeleteKrbAuthMechanism.class, "DeleteKrbAuthMechanism", "com.ibm.ws.security.auth.kerberos.admintask");
    static final String krb5LoginModuleWrapper = "com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper";
    static final String wsKrb5LoginModule = "com.ibm.ws.security.auth.kerberos.WSKrb5LoginModule";
    static final String ltpaLoginModule = "com.ibm.ws.security.server.lm.ltpaLoginModule";
    static final String delimiter = "|";
    String krb5Realm;
    String krb5Config;
    String krb5Keytab;
    String serviceName;
    String krb5Spn;
    Boolean trimUserName;
    Boolean enabledGssCredDelegate;

    public DeleteKrbAuthMechanism(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.krb5Realm = null;
        this.krb5Config = null;
        this.krb5Keytab = null;
        this.serviceName = null;
        this.krb5Spn = null;
        this.trimUserName = true;
        this.enabledGssCredDelegate = true;
    }

    public DeleteKrbAuthMechanism(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.krb5Realm = null;
        this.krb5Config = null;
        this.krb5Keytab = null;
        this.serviceName = null;
        this.krb5Spn = null;
        this.trimUserName = true;
        this.enabledGssCredDelegate = true;
    }

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            ObjectName objectName = configService.resolve(configSession, "Cell=:Security=")[0];
            r13 = new AttributeList();
            ArrayList arrayList = (ArrayList) configService.getAttribute(configSession, objectName, "authMechanisms");
            for (int i = 0; i < arrayList.size(); i++) {
                AttributeList attributeList = (AttributeList) arrayList.get(i);
                Object attributeValue = ConfigServiceHelper.getAttributeValue(attributeList, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authObj: " + attributeValue.toString());
                }
                if (attributeValue.toString().equalsIgnoreCase(AuthenticationTarget.LTPAString)) {
                    ObjectName[] queryConfigObjects = configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName(attributeList), null);
                    r13.clear();
                    r13.add(new Attribute("activeAuthMechanism", queryConfigObjects[0]));
                    configService.setAttributes(configSession, objectName, r13);
                } else if (attributeValue.toString().equalsIgnoreCase(AuthenticationTarget.KRB5String)) {
                    ObjectName[] queryConfigObjects2 = configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName(attributeList), null);
                    if (Krb5Utils.getAuthMechObj(configSession, configService, objectName, AuthMechanismConfig.TYPE_SPNEGO) != null) {
                        r13.clear();
                        r13.add(new Attribute(AuthMechanismConfig.OID, (Object) null));
                        r13.add(new Attribute(AuthMechanismConfig.AUTH_CONTEXT_IMPL_CLASS, (Object) null));
                        r13.add(new Attribute(AuthMechanismConfig.AUTH_CONFIG, (Object) null));
                        r13.add(new Attribute(AuthMechanismConfig.SIMPLE_AUTH_CONFIG, (Object) null));
                        r13.add(new Attribute(AuthMechanismConfig.AUTH_VALIDATION_CONFIG, (Object) null));
                        r13.add(new Attribute("krb5Realm", (Object) null));
                        r13.add(new Attribute(AuthMechanismConfig.KRB5_SPN, (Object) null));
                        r13.add(new Attribute("trimUserName", (Object) null));
                        r13.add(new Attribute("enabledGssCredDelegate", (Object) null));
                        r13.add(new Attribute("configured", false));
                        configService.setAttributes(configSession, queryConfigObjects2[0], r13);
                    } else {
                        configService.deleteConfigData(configSession, queryConfigObjects2[0]);
                    }
                }
            }
            ObjectName[] queryConfigObjects3 = configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "JAASConfigurationEntry"), null);
            for (int i2 = 0; i2 < queryConfigObjects3.length; i2++) {
                Object attribute = configService.getAttribute(configSession, queryConfigObjects3[i2], "alias");
                if (attribute != null && (attribute.toString().equals("WEB_INBOUND") || attribute.toString().equals("RMI_INBOUND") || attribute.toString().equals("DEFAULT"))) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "JAASConfigurationEntries: " + queryConfigObjects3[i2]);
                    }
                    for (Attribute attribute2 : configService.getAttributes(configSession, queryConfigObjects3[i2], null, true)) {
                        boolean z = false;
                        if (attribute2.getName().equals("loginModules")) {
                            for (AttributeList attributeList2 : (List) attribute2.getValue()) {
                                ObjectName[] queryConfigObjects4 = configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName(attributeList2), null);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "loginModuleObjs: " + queryConfigObjects4);
                                }
                                if (queryConfigObjects4 != null && queryConfigObjects4.length != 0) {
                                    Object attribute3 = configService.getAttribute(configSession, queryConfigObjects4[0], "moduleClassName");
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "moduleClassName: " + attribute3.toString());
                                    }
                                    if (krb5LoginModuleWrapper.equals(attribute3.toString()) || wsKrb5LoginModule.equals(attribute3.toString())) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Delete moduleClassName: " + attribute3.toString());
                                        }
                                        configService.deleteConfigData(configSession, queryConfigObjects4[0]);
                                    }
                                    if (ltpaLoginModule.equals(attribute3.toString())) {
                                        z = true;
                                    }
                                }
                            }
                            if (!z) {
                                attributeList2.clear();
                                attributeList2.add(new Attribute("moduleClassName", ltpaLoginModule));
                                attributeList2.add(new Attribute("authenticationStrategy", "REQUIRED"));
                                configService.addElement(configSession, queryConfigObjects3[i2], "loginModules", attributeList2, 0);
                            }
                        }
                    }
                }
            }
            CommandMgr commandMgr = CommandMgr.getCommandMgr();
            String str = null;
            attributeList2.clear();
            ObjectName objectName2 = configService.queryConfigObjects(configSession, objectName, ConfigServiceHelper.createObjectName((AttributeList) configService.getAttribute(configSession, objectName, "CSI")), null)[0];
            ArrayList arrayList2 = (ArrayList) ConfigServiceHelper.getAttributeValue((AttributeList) configService.getAttribute(configSession, objectName2, CSIv2ConfigData.CLAIMS), "layers");
            for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                AttributeList attributeList3 = (AttributeList) arrayList2.get(i3);
                if (((String) ConfigServiceHelper.getAttributeValue(attributeList3, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE)).equals("MessageLayer")) {
                    str = (String) ConfigServiceHelper.getAttributeValue(attributeList3, CSIv2MessageLayerConfig.SUPPORTED_AUTH_MECH_LIST);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CSI inbound, supportedAuthMechList: " + str);
            }
            String lowerCase = str.toLowerCase();
            if (lowerCase != null && lowerCase.length() != 0 && lowerCase.contains(AuthenticationTarget.KRB5String)) {
                String replace = lowerCase.contains("krb5|") ? lowerCase.replace("krb5|", "") : lowerCase.contains("|krb5") ? lowerCase.replace("|krb5", "") : lowerCase.replace(AuthenticationTarget.KRB5String, "");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "CSI inbound, update supportedAuthMechList: " + replace);
                }
                AdminCommand createCommand = commandMgr.createCommand("configureCSIInbound");
                createCommand.setParameter(CSIv2MessageLayerConfig.SUPPORTED_AUTH_MECH_LIST, replace.toUpperCase());
                createCommand.setConfigSession(configSession);
                createCommand.execute();
                CommandResult commandResult = createCommand.getCommandResult();
                if (!commandResult.isSuccessful()) {
                    Throwable exception = commandResult.getException();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error getting supportedAuthMechList for CSI inbound.", new Object[]{exception});
                    }
                    Tr.error(tc, "Error getting supportedAuthMechList for CSI inbound", new Object[]{exception.getMessage()});
                }
            }
            ArrayList arrayList3 = (ArrayList) ConfigServiceHelper.getAttributeValue((AttributeList) configService.getAttribute(configSession, objectName2, CSIv2ConfigData.PERFORMS), "layers");
            for (int i4 = 0; i4 < arrayList3.size(); i4++) {
                AttributeList attributeList4 = (AttributeList) arrayList3.get(i4);
                if (((String) ConfigServiceHelper.getAttributeValue(attributeList4, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE)).equals("MessageLayer")) {
                    lowerCase = (String) ConfigServiceHelper.getAttributeValue(attributeList4, CSIv2MessageLayerConfig.SUPPORTED_AUTH_MECH_LIST);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CSI outbound, supportedAuthMechList " + lowerCase);
            }
            String lowerCase2 = lowerCase.toLowerCase();
            if (lowerCase2 != null && lowerCase2.length() != 0 && lowerCase2.contains(AuthenticationTarget.KRB5String)) {
                String replace2 = lowerCase2.contains("krb5|") ? lowerCase2.replace("krb5|", "") : lowerCase2.contains("|krb5") ? lowerCase2.replace("|krb5", "") : lowerCase2.replace(AuthenticationTarget.KRB5String, "");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "CSI outbound, update supportedAuthMechList: " + replace2);
                }
                AdminCommand createCommand2 = commandMgr.createCommand("configureCSIOutbound");
                createCommand2.setParameter(CSIv2MessageLayerConfig.SUPPORTED_AUTH_MECH_LIST, replace2.toUpperCase());
                createCommand2.setConfigSession(configSession);
                createCommand2.execute();
                CommandResult commandResult2 = createCommand2.getCommandResult();
                if (!commandResult2.isSuccessful()) {
                    Throwable exception2 = commandResult2.getException();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Error getting supportedAuthMechList for CSI outbound.", new Object[]{exception2});
                    }
                    Tr.error(tc, "Error getting supportedAuthMechList for CSI outbound", new Object[]{exception2.getMessage()});
                }
            }
            taskCommandResultImpl.setResult(new Boolean(true));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.kerberos.admintask.DeleteKrbAuthMechanism.afterStepsExecuted", "297", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }
}
