package com.ibm.ws.security.util;

import com.ibm.CORBA.iiop.ExtendedServerRequestInfo;
import com.ibm.CORBA.iiop.ObjectKey;
import com.ibm.CORBA.iiop.Profile;
import com.ibm.IExtendedSecurityPriv.ComponentData;
import com.ibm.IExtendedSecurityPriv.ObjectDoesNotExistHere;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase;
import com.ibm.ISecurityLocalObjectBaseL13Impl.DomainInfo;
import com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityTaggedComponentAssistorImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SecurityExecutionEnvironment;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.ws.naming.util.C;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.util.PlatformHelperFactory;
import java.lang.reflect.Proxy;
import java.util.HashMap;
import java.util.List;
import javax.rmi.CORBA.Tie;
import org.omg.CORBA.Object;
import org.omg.PortableInterceptor.ServerRequestInfo;

/* loaded from: input_file:com/ibm/ws/security/util/MultiDomainHelper.class */
public class MultiDomainHelper {
    private static final TraceComponent tc = Tr.register(MultiDomainHelper.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static HashMap<String, ComponentData[]> taggedComponentMap = new HashMap<>();
    protected static List adminapps = null;

    public static byte[] getSecurityDomain(byte[] bArr, String str, Object object) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomain", new Object[]{bArr, str, object});
        }
        byte[] bArr2 = null;
        String str2 = null;
        SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        if (SecurityObjectLocator.getSecurityConfig().getBoolean("enabled")) {
            if (securityConfigManager.isAdminAgent()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "This process is an admin agent.");
                }
                str2 = CSIServerRIBase.getManagedNodeUUID(object);
                if (str2 == null) {
                    str2 = (String) SecurityObjectLocator.getAdminData().peek();
                }
            } else if (DomainInfo.isMultiDomainDefined()) {
                if (isAdmin(bArr, str)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The userKey is tagged to be an admin IOR.");
                    }
                    str2 = securityConfigManager.getDomainId();
                } else if (isConfigDomainSpecific()) {
                    boolean pushAppContext = SecurityObjectLocator.pushAppContext("");
                    try {
                        str2 = SecurityObjectLocator.getSecurityConfigManager().getDomainId();
                        if (pushAppContext) {
                            SecurityObjectLocator.popContext();
                        }
                    } catch (Throwable th) {
                        if (pushAppContext) {
                            SecurityObjectLocator.popContext();
                        }
                        throw th;
                    }
                }
            }
        }
        if (str2 != null) {
            bArr2 = str2.getBytes();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityDomain", new Object[]{str2, bArr2});
        }
        return bArr2;
    }

    public static boolean isAdmin(byte[] bArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isAdmin", new Object[]{bArr, str});
        }
        boolean z = false;
        String str2 = null;
        ContextManager contextManager = null;
        if (bArr != null && str != null) {
            try {
                if (bArr != null) {
                    try {
                        contextManager = ContextManagerFactory.getInstance();
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "exception getting ContextManager: " + e.getMessage());
                        }
                    }
                    if (contextManager != null) {
                        str2 = contextManager.getObjectAdapterName(bArr);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "null userKeyBytes");
                }
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception trying to get the object adapter name: " + e2.getMessage());
                }
            }
            if (!DomainInfo.isMultiDomainDefined() || isClassNameAdmin(str) || (str2 != null && str2.startsWith("JTS"))) {
                z = true;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The userKey is tagged to be an admin IOR, classname: " + str + ", objectAdapterName: " + str2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isAdmin", Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean isConfigDomainSpecific() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isConfigDomainSpecific");
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        if (SecurityObjectLocator.getSecurityConfig().getBoolean("enabled")) {
            boolean pushAppContext = SecurityObjectLocator.pushAppContext("");
            try {
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig("AppSecurity");
                if (securityConfig != null && securityConfig.getBoolean(SecurityConfig.APP_SECURITY_ENABLED)) {
                    if (securityConfig.getActiveUserRegistry(false) != null) {
                        z3 = true;
                    }
                    if (securityConfig.getCSIv2Config(false) != null) {
                        z4 = true;
                    }
                    if (securityConfig.isSet(SecurityConfig.APP_SECURITY_ENABLED)) {
                        z2 = true;
                    }
                }
            } finally {
                if (pushAppContext) {
                    SecurityObjectLocator.popContext();
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isAppSecDomainSpecific: " + z2 + ", isRealmDomainSepcific: " + z3 + ", isCSIv2DomainSpecific: " + z4);
        }
        if (z2 || z3 || z4) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isConfigDomainSpecific", Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean interceptLocate(String str, Profile profile) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "interceptLocate", new Object[]{str, profile});
        }
        boolean z = false;
        boolean z2 = false;
        try {
            z2 = SecurityObjectLocator.getAdminData().push(str);
            boolean z3 = str.equals("domain:admin") || str.equals("admin");
            if (!z3 && SecurityObjectLocator.getSecurityConfigManager().isAdminAgent()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "interceptLocate setting admin=true in AdminAgent for profile " + str);
                }
                z3 = true;
            }
            ComponentData[] componentDataArr = taggedComponentMap.get(str);
            try {
                if (componentDataArr == null) {
                    VaultImpl vaultImpl = VaultImpl.getInstance();
                    SecurityTaggedComponentAssistorImpl[] create = SecurityTaggedComponentAssistorImpl.create(vaultImpl != null ? vaultImpl.getORB() : null, vaultImpl.getMechanismFactory(), vaultImpl.getSecurityConnectionInterceptor());
                    if (0 < create.length) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found local tagged component assistor... getting component data.");
                        }
                        componentDataArr = create[0].getComponentData(profile, z3, false);
                    }
                    taggedComponentMap.put(str, componentDataArr);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got component data from the cache: " + componentDataArr);
                }
                if (componentDataArr != null) {
                    for (int i = 0; i < componentDataArr.length; i++) {
                        if (componentDataArr[i] != null && componentDataArr[i].componentBodyValue != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding tagged component ID: " + componentDataArr[i].componentID);
                            }
                            profile.putTaggedComponent(componentDataArr[i].componentID, componentDataArr[i].componentBodyValue, true);
                            z = true;
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Tagged component array had a null value and was not added to the IOR.");
                        }
                    }
                }
                if (z2) {
                    SecurityObjectLocator.getAdminData().pop();
                }
                if (tc.isDebugEnabled()) {
                    Tr.exit(tc, "interceptLocate", Boolean.valueOf(z));
                }
                return z;
            } catch (ObjectDoesNotExistHere e) {
                Manager.Ffdc.log(e, MultiDomainHelper.class, "comISecurityLocalObjectBaseL13Impl.MultiDomainHelper.interceptLocate", "%C");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception adding tagged components to IOR.", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (z2) {
                SecurityObjectLocator.getAdminData().pop();
            }
            throw th;
        }
    }

    public static String getIORInfoDomain(ServerRequestInfo serverRequestInfo, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getIORInfoDomain", new Object[]{serverRequestInfo, str});
        }
        String str2 = "admin";
        String str3 = "<unknown>";
        boolean z = false;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            Class<?> cls = null;
            Class<?> cls2 = null;
            try {
                cls = Class.forName("com.ibm.ws.management.ControlAdminService");
                cls2 = Class.forName("com.ibm.ws390.orb.RIRProtectedProxyHandler");
            } catch (Throwable th) {
            }
            Object target = ((ExtendedServerRequestInfo) serverRequestInfo).getTarget();
            Tie tie = null;
            if (target != null && cls2 != null && Proxy.isProxyClass(target.getClass())) {
                try {
                    tie = (Object) cls2.getMethod("getServant", (Class[]) null).invoke(Proxy.getInvocationHandler(target), (Object[]) null);
                    if ((tie instanceof Tie) && cls.isAssignableFrom(tie.getTarget().getClass())) {
                        z = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Tie target implements control admin service.");
                        }
                    }
                } catch (Throwable th2) {
                    Manager.Ffdc.log(th2, MultiDomainHelper.class, "com.ibm.ISecurityLocalObjectBaseL13Impl.MultiDomainHelper.getIORInfoDomain", "388", MultiDomainHelper.class);
                }
                str3 = tie.getClass().getName();
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "classname: " + str + ", servant classname: " + str3);
        }
        byte[] bArr = null;
        if (new ObjectKey(serverRequestInfo.object_id()) != null) {
            try {
                bArr = serverRequestInfo.object_id();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception is: " + e);
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "objectKey is null: cannot set thread local context;  object_id was " + new String(serverRequestInfo.object_id()));
        }
        if (bArr != null) {
            String objectAdapterName = ContextManagerFactory.getInstance().getObjectAdapterName(bArr);
            if (!DomainInfo.isMultiDomainDefined() || isClassNameAdmin(str) || ((objectAdapterName != null && objectAdapterName.startsWith("JTS")) || z)) {
                str2 = "admin";
            } else if (DomainInfo.isMultiDomainDefined()) {
                str2 = AppConstants.APPUPDATE_CONTENT_APP;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getIORInfoDomain", str2);
        }
        return str2;
    }

    public static boolean isClassNameAdmin(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isClassNameAdmin", str);
        }
        boolean z = false;
        if (str != null && (str.startsWith("javax.management.remote.rmi") || str.startsWith("com.ibm.ws.management.connector.rmi") || str.startsWith(C.URL_PACKAGE_PREFIX) || (PlatformHelperFactory.getPlatformHelper().isZOS() && (str.equals("com.ibm.ws390.management.connector.corba.CorbaConnectorImpl") || str.equals("com.ibm.ws390.management.connector.corba.CorbaConnectorImpl") || str.equals("com.ibm.WsnBootstrap._WsnNameServiceStub"))))) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isClassNameAdmin", Boolean.valueOf(z));
        }
        return z;
    }

    public static void releaseTaggedComponents() {
        String peekAdminContext;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "releaseTaggedComponents");
        }
        if (!PlatformHelperFactory.getPlatformHelper().isZOS() || (peekAdminContext = SecurityExecutionEnvironment.peekAdminContext()) == null) {
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "releaseTaggedComponents releasing tags for profile: " + peekAdminContext);
        }
        taggedComponentMap.remove(peekAdminContext);
    }

    public static void setSystemApps(List list) {
        adminapps = list;
    }

    public static boolean isSystemApp(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSystemApp = " + str);
        }
        if (adminapps.contains(str)) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isSystemApp: true");
            return true;
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isSystemApp: false");
        return false;
    }
}
