package com.ibm.ws.console.security;

import com.ibm.websphere.models.config.ipc.EndPoint;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.ipc.ssl.TrustManager;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.CustomUserRegistry;
import com.ibm.websphere.models.config.security.LDAPUserRegistry;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.models.config.security.LocalOSUserRegistry;
import com.ibm.websphere.models.config.security.SSLConfig;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.models.config.security.SingleSignon;
import com.ibm.websphere.models.config.security.UserRegistry;
import com.ibm.websphere.models.config.security.WIMUserRegistry;
import com.ibm.ws.console.core.ConfigFileHelper;
import com.ibm.ws.console.core.error.IBMErrorMessages;
import com.ibm.ws.logging.LoggerHelper;
import com.ibm.ws.security.util.SecurityConfigUtil;
import com.ibm.ws.sm.workspace.WorkSpace;
import java.util.Iterator;
import java.util.Locale;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.util.MessageResources;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EObject;

/* loaded from: input_file:com/ibm/ws/console/security/SecurityValidation.class */
public class SecurityValidation {
    protected static final String className = "SecurityValidation";
    protected static Logger logger;
    public static final String VALIDATION_FAILED = "validation.failed";
    public static final String VALIDATION_FAILED_INVALID_CACHE_TIMEOUT = "validation.invalidCacheTimeout";
    public static final String VALIDATION_FAILED_NULL_REGISTRY = "validation.nullRegistry";
    public static final String VALIDATION_FAILED_NULL_HOSTNAME = "validation.nullHostname";
    public static final String VALIDATION_FAILED_NULL_CLASSNAME = "validation.nullClassname";
    public static final String VALIDATION_FAILED_INVALID_REGISTRY = "validation.invalidRegistry";
    public static final String VALIDATION_FAILED_SSO_NOT_ENABLED = "validation.SSONotEnabled";
    public static final String VALIDATION_FAILED_NULL_SSODOMAIN = "validation.nullSSODomainName";
    public static final String VALIDATION_FAILED_CHECK_IGNORECASE = "validation.failed.ignoreCase";
    public static final String FAILED = "failed";
    public static final String SUCCESS = "success";
    protected static Locale locale;
    protected static MessageResources messages;
    protected static IBMErrorMessages errors;
    private static final String ACTIVE_REGISTRY = "activeRegistry";
    private static ConnectToRuntime ctr;

    private static void initialize() throws ConnectToRuntimeException {
        ctr = new ConnectToRuntime();
    }

    public static final void validate(HttpServletRequest httpServletRequest, MessageResources messageResources, IBMErrorMessages iBMErrorMessages, Security security, SecurityDetailForm securityDetailForm) {
        LTPA ltpa;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "validate", securityDetailForm);
        }
        locale = httpServletRequest.getLocale();
        messages = messageResources;
        errors = iBMErrorMessages;
        if (securityDetailForm.getCacheTimeout() != null && securityDetailForm.getCacheTimeout().trim().length() > 0 && Integer.parseInt(securityDetailForm.getCacheTimeout()) < 30) {
            if (logger.isLoggable(Level.FINEST)) {
                logger.finest("CacheTimeout should be greater than or equals to 30 seconds");
            }
            errors.addErrorMessage(locale, messages, VALIDATION_FAILED_INVALID_CACHE_TIMEOUT, (String[]) null);
        }
        String str = null;
        if (securityDetailForm.getActiveAuthMechanism().trim().length() > 0) {
            str = securityDetailForm.getActiveAuthMechanism().trim();
            if (logger.isLoggable(Level.FINEST)) {
                logger.finest("ActiveAuthMechanism is = " + str);
            }
        }
        String str2 = null;
        if (securityDetailForm.getActiveUserRegistry().trim().length() > 0) {
            str2 = securityDetailForm.getActiveUserRegistry().trim();
        }
        LDAPUserRegistry userRegistry = getUserRegistry(security, str2);
        if (userRegistry == null) {
            if (logger.isLoggable(Level.FINEST)) {
                logger.finest("The User Registry is null. Check the Registry properties");
            }
            errors.addErrorMessage(locale, messages, VALIDATION_FAILED_NULL_REGISTRY, (String[]) null);
        }
        String str3 = "";
        new Properties();
        if (userRegistry instanceof LDAPUserRegistry) {
            str3 = "LDAPUserRegistry";
            EList hosts = userRegistry.getHosts();
            if (hosts == null || hosts.size() == 0) {
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest("LDAP registry host name is null");
                }
                errors.addErrorMessage(locale, messages, VALIDATION_FAILED_NULL_HOSTNAME, (String[]) null);
            } else {
                String host = ((EndPoint) hosts.iterator().next()).getHost();
                if (host == null || host.trim().length() == 0) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest("LDAP registry host name is null");
                    }
                    errors.addErrorMessage(locale, messages, VALIDATION_FAILED_NULL_HOSTNAME, (String[]) null);
                }
            }
            checkIgnoreCase(userRegistry);
            if (errors.getSize() == 0) {
                Properties lDAPProperties = setLDAPProperties(userRegistry, security);
                lDAPProperties.put(ACTIVE_REGISTRY, AdminCommandsIdMgrConfig.REPOSITORY_TYPE_LDAP);
                String customRealm = getCustomRealm(lDAPProperties);
                if (customRealm != null && customRealm.length() > 0) {
                    userRegistry.setRealm(customRealm);
                }
            }
        }
        if (userRegistry instanceof CustomUserRegistry) {
            str3 = "CustomUserRegistry";
            String customRegistryClassName = ((CustomUserRegistry) userRegistry).getCustomRegistryClassName();
            if (customRegistryClassName == null || customRegistryClassName.length() == 0) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.exiting(customRegistryClassName, "validate", "custom registry class name is null");
                }
                errors.addErrorMessage(locale, messages, VALIDATION_FAILED_NULL_CLASSNAME, (String[]) null);
            } else {
                Properties customProperties = setCustomProperties((CustomUserRegistry) userRegistry);
                customProperties.put(ACTIVE_REGISTRY, "CUSTOM");
                String customRealm2 = getCustomRealm(customProperties);
                if (customRealm2 != null && customRealm2.length() > 0) {
                    userRegistry.setRealm(customRealm2);
                }
            }
        }
        String cellType = ConfigFileHelper.getCellType((WorkSpace) httpServletRequest.getSession().getAttribute("workspace"));
        boolean z = false;
        if (cellType.equals("zoscell") || cellType.equals("mixedcell") || cellType.equals("zosbase")) {
            z = true;
        }
        if (userRegistry instanceof LocalOSUserRegistry) {
            str3 = "LocalOSUserRegistry";
            Properties localOSProperties = setLocalOSProperties(userRegistry);
            localOSProperties.put(ACTIVE_REGISTRY, "LOCALOS");
            String customRealm3 = getCustomRealm(localOSProperties);
            if (customRealm3 != null && customRealm3.length() > 0 && !z) {
                userRegistry.setRealm(customRealm3);
            }
        }
        if (userRegistry instanceof WIMUserRegistry) {
            str3 = "WIMUserRegistry";
            String registryClassName = ((WIMUserRegistry) userRegistry).getRegistryClassName();
            if (registryClassName == null || registryClassName.length() == 0) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.exiting(registryClassName, "validate", "WIM User Registry class name is null");
                }
                errors.addErrorMessage(locale, messages, VALIDATION_FAILED_NULL_CLASSNAME, (String[]) null);
            }
            if (userRegistry.getRealm() == null || userRegistry.getRealm().length() == 0) {
                userRegistry.setRealm("defaultWIMFileBasedRealm");
            }
        }
        SecurityTaskUtil.callSetTask("configureAdmin" + str3, "verifyRegistry", new Boolean("true"), httpServletRequest, errors, messages, true);
        String property = SecurityUtil.getProperty(SecurityUtil.getCellDoc(httpServletRequest.getSession()).getProperties(), SecurityConstants.UserRegistry_SafAuthorization);
        if ((userRegistry.getPrimaryAdminId() == null || userRegistry.getPrimaryAdminId().length() == 0) && (property == null || !property.equalsIgnoreCase("true"))) {
            errors.addErrorMessage(locale, messages, "validation.failed.no.admin", (String[]) null);
        }
        if (userRegistry.isUseRegistryServerId() && !z && (userRegistry.getServerId() == null || userRegistry.getServerId().length() == 0 || userRegistry.getServerPassword() == null || userRegistry.getServerPassword().length() == 0)) {
            errors.addErrorMessage(locale, messages, "validation.nullServerIDorPassword", (String[]) null);
        }
        if (errors.getSize() > 0) {
            return;
        }
        if (str.equals("LTPA") && (ltpa = getLTPA(security)) != null) {
            checkLTPA(ltpa);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "validate");
        }
    }

    public static UserRegistry getUserRegistry(Security security, String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "getUserRegistry", new Object[]{security, str});
        }
        Iterator it = security.getUserRegistries().iterator();
        UserRegistry userRegistry = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            UserRegistry userRegistry2 = (EObject) it.next();
            if (!(userRegistry2 instanceof LocalOSUserRegistry) || !str.equals("LOCAL")) {
                if (!(userRegistry2 instanceof LDAPUserRegistry) || !str.equals(AdminCommandsIdMgrConfig.REPOSITORY_TYPE_LDAP)) {
                    if ((userRegistry2 instanceof CustomUserRegistry) && str.equals("CUSTOM")) {
                        userRegistry = (CustomUserRegistry) userRegistry2;
                        break;
                    }
                    if ((userRegistry2 instanceof WIMUserRegistry) && str.equals("WIM")) {
                        userRegistry = (WIMUserRegistry) userRegistry2;
                    }
                } else {
                    userRegistry = (LDAPUserRegistry) userRegistry2;
                    break;
                }
            } else {
                userRegistry = userRegistry2;
                break;
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "getUserRegistry", userRegistry);
        }
        return userRegistry;
    }

    public static LTPA getLTPA(Security security) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "getLTPA", new Object[]{security});
        }
        Iterator it = security.getAuthMechanisms().iterator();
        LTPA ltpa = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EObject eObject = (EObject) it.next();
            if (eObject instanceof LTPA) {
                ltpa = (LTPA) eObject;
                break;
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "getLTPA", "returning LTPA:" + ltpa);
        }
        return ltpa;
    }

    private static void checkLTPA(LTPA ltpa) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "checkLTPA", new Object[]{ltpa});
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "checkLTPA");
        }
    }

    public static void checkSSO(LTPA ltpa, MessageResources messageResources, IBMErrorMessages iBMErrorMessages, Locale locale2) {
        if (ltpa == null) {
            return;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "checkSSO", new Object[]{ltpa});
        }
        SingleSignon singleSignon = ltpa.getSingleSignon();
        if (singleSignon == null || !singleSignon.isEnabled()) {
            if (logger.isLoggable(Level.FINEST)) {
                logger.finest("Warning: SSO object not found or not enabled");
            }
            iBMErrorMessages.addWarningMessage(locale2, messageResources, VALIDATION_FAILED_SSO_NOT_ENABLED, (String[]) null);
        } else if (singleSignon.getDomainName() == null || singleSignon.getDomainName().trim().length() <= 0) {
            if (logger.isLoggable(Level.FINEST)) {
                logger.finest("Warning: no SSO domain name specified");
            }
            iBMErrorMessages.addWarningMessage(locale2, messageResources, VALIDATION_FAILED_NULL_SSODOMAIN, (String[]) null);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "checkSSO");
        }
    }

    private static void checkIgnoreCase(LDAPUserRegistry lDAPUserRegistry) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "checkIgnoreCase", new Object[]{lDAPUserRegistry});
        }
        if (lDAPUserRegistry.getType() != null && lDAPUserRegistry.getType().getValue() == 0 && !lDAPUserRegistry.isIgnoreCase()) {
            errors.addErrorMessage(locale, messages, VALIDATION_FAILED_CHECK_IGNORECASE, (String[]) null);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "checkIgnoreCase");
        }
    }

    public static Properties setLDAPProperties(UserRegistry userRegistry, Security security) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "setLDAPProperties", new Object[]{userRegistry});
        }
        LDAPUserRegistry lDAPUserRegistry = (LDAPUserRegistry) userRegistry;
        Properties lDAPProperties = SecurityConfigUtil.setLDAPProperties(lDAPUserRegistry);
        lDAPProperties.put(AdminCommandsIdMgrConfig.LDAPREPOSITORY_SERVER_SSLENABLED, new Boolean(lDAPUserRegistry.isSslEnabled()));
        if (lDAPUserRegistry.isSslEnabled() && lDAPUserRegistry.getSslConfig() != null && lDAPUserRegistry.getSslConfig().length() > 0) {
            SecureSocketLayer secureSocketLayer = null;
            SSLConfig sSLConfig = null;
            Iterator it = security.getRepertoire().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                sSLConfig = (SSLConfig) it.next();
                if (sSLConfig.getAlias().equals(lDAPUserRegistry.getSslConfig())) {
                    secureSocketLayer = sSLConfig.getSetting();
                    break;
                }
            }
            if (secureSocketLayer != null) {
                lDAPProperties.put("sslConfig", createPropertiesFromSecureSocketLayer(secureSocketLayer));
                lDAPProperties.put("security.registry.ldap.SSLAlias", sSLConfig.getAlias());
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest("SSL Alias is obtained from panel:" + sSLConfig.getAlias());
                }
            }
        }
        lDAPProperties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        Properties addlProperties = setAddlProperties(lDAPUserRegistry, lDAPProperties);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "setLDAPProperties", addlProperties);
        }
        return addlProperties;
    }

    private static Properties createPropertiesFromSecureSocketLayer(SecureSocketLayer secureSocketLayer) {
        Object obj;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "createPropertiesFromSecureSocketLayer", new Object[]{secureSocketLayer});
        }
        Properties properties = new Properties();
        if (secureSocketLayer.getKeyManager() != null) {
            properties.put("com.ibm.ssl.keyManager", secureSocketLayer.getKeyManager().getName());
        }
        if (secureSocketLayer.getTrustManager() != null && !secureSocketLayer.getTrustManager().isEmpty()) {
            properties.put("com.ibm.ssl.trustManager", ((TrustManager) secureSocketLayer.getTrustManager().get(0)).getName());
        }
        String sslProtocol = secureSocketLayer.getSslProtocol();
        if (sslProtocol != null) {
            properties.put(SecurityConstants.SSL_PROTOCOL_PROP, sslProtocol);
        } else {
            EList properties2 = secureSocketLayer.getProperties();
            if (properties2 != null) {
                for (int i = 0; i < properties2.size(); i++) {
                    Property property = (Property) properties2.get(i);
                    if (property.getName() == SecurityConstants.SSL_PROTOCOL_PROP) {
                        properties.put(SecurityConstants.SSL_PROTOCOL_PROP, property.getValue());
                    }
                }
            } else {
                properties.put(SecurityConstants.SSL_PROTOCOL_PROP, "SSL_TLS");
            }
        }
        if (secureSocketLayer.getKeyStore() != null) {
            properties.put("com.ibm.ssl.keyStore", secureSocketLayer.getKeyStore().getName());
            properties.put("com.ibm.ssl.keyStorePassword", secureSocketLayer.getKeyStore().getPassword());
            properties.put(SecurityConstants.KeystoreType_property, secureSocketLayer.getKeyStore().getType());
        }
        if (secureSocketLayer.getTrustStore() != null) {
            properties.put("com.ibm.ssl.trustStore", secureSocketLayer.getTrustStore().getName());
            properties.put("com.ibm.ssl.trustStorePassword", secureSocketLayer.getTrustStore().getPassword());
            properties.put(SecurityConstants.TruststoreType_property, secureSocketLayer.getTrustStore().getType());
        }
        properties.put("com.ibm.ssl.clientAuthentication", Boolean.toString(secureSocketLayer.isClientAuthentication()));
        switch (secureSocketLayer.getSecurityLevel().getValue()) {
            case 0:
            default:
                obj = "HIGH";
                break;
            case 1:
                obj = "MEDIUM";
                break;
            case 2:
                obj = "LOW";
                break;
        }
        if (obj != null) {
            properties.put("com.ibm.ssl.securityLevel", obj);
        }
        for (int i2 = 0; i2 < secureSocketLayer.getProperties().size(); i2++) {
            Property property2 = (Property) secureSocketLayer.getProperties().get(i2);
            if (property2 != null) {
                properties.put(property2.getName(), property2.getValue());
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "createPropertiesFromSecureSocketLayer", properties);
        }
        return properties;
    }

    public static Properties setCustomProperties(CustomUserRegistry customUserRegistry) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "setCustomProperties", new Object[]{customUserRegistry});
        }
        Properties addlProperties = setAddlProperties(customUserRegistry, null);
        addlProperties.put("CustUserRegImplClass", customUserRegistry.getCustomRegistryClassName());
        addlProperties.put("security.registry.IgnoreCase", new Boolean(customUserRegistry.isIgnoreCase()));
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "setCustomProperties", addlProperties);
        }
        return addlProperties;
    }

    public static Properties setLocalOSProperties(UserRegistry userRegistry) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "setLocalOSProperties", new Object[]{userRegistry});
        }
        Properties addlProperties = setAddlProperties(userRegistry, null);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "setLocalOSProperties", addlProperties);
        }
        return addlProperties;
    }

    private static Properties setAddlProperties(UserRegistry userRegistry, Properties properties) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "setLocalOSProperties", new Object[]{userRegistry, properties});
        }
        if (properties == null) {
            properties = new Properties();
        }
        EList properties2 = userRegistry.getProperties();
        if (properties2 != null) {
            for (int i = 0; i < properties2.size(); i++) {
                Property property = (Property) properties2.get(i);
                properties.put(property.getName(), property.getValue());
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "setLocalOSProperties", properties);
        }
        return properties;
    }

    public static String getCustomRealm(Properties properties) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "getCustomRealm", new Object[]{properties});
        }
        String str = null;
        try {
            if (ctr == null) {
                initialize();
            }
            str = ctr.getRealm(properties);
        } catch (ConnectToRuntimeException e) {
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("exception getting realm from mbean:" + e.getMessage());
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "getCustomRealm", str);
        }
        return str;
    }

    static {
        logger = null;
        logger = Logger.getLogger(SecurityValidation.class.getName());
        LoggerHelper.addLoggerToGroup(logger, "Webui");
        locale = null;
        messages = null;
        errors = null;
        ctr = null;
    }
}
