package com.ibm.eserver.zos.racf.userregistry;

import com.ibm.security.userregistry.SecAdmin;
import com.ibm.security.userregistry.SecAdminException;
import com.ibm.security.userregistry.User;
import com.ibm.security.userregistry.UserGroup;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;

/* loaded from: input_file:com/ibm/eserver/zos/racf/userregistry/RACF_RSecAdmin.class */
public class RACF_RSecAdmin implements SecAdmin {
    private static String thisclass = "RACF_RSecAdmin";
    private static String password_exists = "Password Exists";
    private static String no_password = "NOPASSWORD";
    public static final String sccsid = "@(#)79    1.4  JSec/src/com/ibm/eserver/zos/racf/userregistry/RACF_RSecAdmin.java, racf.jsec, hrf7740  1/22/07  13:19:04";
    public static final String COPYRIGHT = " Licensed Materials - Property of IBM, 5694-A01 (C) COPYRIGHT 2007 All Rights Reserved. US Government Users restricted Rights -  Use, Duplication or Disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private InitialDirContext ctx;
    protected static final String SUFFIX = "Suffix";
    private String suffix;

    /* JADX INFO: Access modifiers changed from: protected */
    public RACF_RSecAdmin(RACF_remote rACF_remote) throws SecAdminException {
        this.ctx = null;
        Hashtable hashtable = new Hashtable(8);
        String connect_credentials = rACF_remote.getConnect_credentials();
        String connect_url = rACF_remote.getConnect_url();
        String connect_mode = rACF_remote.getConnect_mode();
        String connect_principal = rACF_remote.getConnect_principal();
        this.suffix = rACF_remote.getConnect_suffix();
        if (connect_credentials == null || connect_credentials.trim().length() < 1) {
            throw new SecAdminException("Null or empty credentials in RACF_remote object.");
        }
        if (connect_principal == null || connect_principal.trim().length() < 1) {
            throw new SecAdminException("Null or empty principal in RACF_remote object.");
        }
        if (connect_mode == null || connect_mode.trim().length() < 1) {
            rACF_remote.setConnect_mode("simple");
            connect_mode = "simple";
        }
        if (connect_url == null || connect_url.trim().length() < 1) {
            throw new SecAdminException("Null or empty connection URL in RACF_remote object.");
        }
        if (this.suffix == null || this.suffix.trim().length() < 1) {
            throw new SecAdminException("Null or empty LDAP/SDBM suffix in RACF_remote object.");
        }
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", connect_url);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", suffix_it(connect_principal));
        hashtable.put("java.naming.security.credentials", connect_credentials);
        if (connect_mode.equalsIgnoreCase("secure")) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        try {
            this.ctx = new InitialDirContext(hashtable);
            MyLogger.log("debug", thisclass, "InitialDirContext successful", null);
        } catch (NamingException e) {
            throw new SecAdminException("Error initially connecting to LDAP/SDBM.", e);
        }
    }

    public User getUser(String str) throws SecAdminException {
        return new RACF_User(this.ctx, this.suffix, str);
    }

    public UserGroup getGroup(String str) throws SecAdminException {
        return new RACF_Group(this.ctx, this.suffix, str);
    }

    public User createUser(String str, BasicAttributes basicAttributes) throws SecAdminException {
        return new RACF_User(this.ctx, this.suffix, str, basicAttributes);
    }

    public void deleteUser(String str) throws SecAdminException {
        try {
            this.ctx.destroySubcontext(suffix_it(str));
        } catch (NamingException e) {
            String message = e.getMessage();
            if (message.toUpperCase().indexOf("INVALID USERID") <= -1 && message.toUpperCase().indexOf("NOT A VALID RACF DN") <= -1 && message.toUpperCase().indexOf("ICH51003I") <= -1) {
                throw new SecAdminException("Error in deleteUser.", e);
            }
            throw new SecAdminException(new StringBuffer().append("Userid ").append(str).append(" not found.").toString());
        }
    }

    public UserGroup createGroup(String str, BasicAttributes basicAttributes) throws SecAdminException {
        return new RACF_Group(this.ctx, this.suffix, str, basicAttributes);
    }

    public void modifyUser(String str, ModificationItem[] modificationItemArr) throws SecAdminException {
        new RACF_User(this.ctx, this.suffix, str).modify(modificationItemArr);
    }

    public void modifyGroup(String str, ModificationItem[] modificationItemArr) throws SecAdminException {
        new RACF_Group(this.ctx, this.suffix, str).modify(modificationItemArr);
    }

    String suffix_it(String str) {
        return str.toUpperCase().indexOf(this.suffix.toUpperCase()) > -1 ? str : new StringBuffer().append(" racfid=").append(str).append(",profiletype=user,").append(this.suffix).toString();
    }

    private String suffix_group(String str) {
        return str.toUpperCase().indexOf(this.suffix.toUpperCase()) > -1 ? str : new StringBuffer().append(" racfid=").append(str).append(",profiletype=group,").append(this.suffix).toString();
    }

    protected InitialDirContext getContext() {
        return this.ctx;
    }

    public void deleteGroup(String str) throws SecAdminException {
        if (new RACF_Group(this.ctx, this.suffix, str).hasMembers()) {
            throw new SecAdminException(new StringBuffer().append("A group with members or subgroups cannot be deleted.  Group ").append(str).append(" not deleted.").toString());
        }
        try {
            this.ctx.destroySubcontext(suffix_group(str));
        } catch (NamingException e) {
            String message = e.getMessage();
            if (message.toUpperCase().indexOf("INVALID GROUP") <= -1 && message.toUpperCase().indexOf("NOT A VALID RACF DN") <= -1) {
                throw new SecAdminException("Error in deleteGroup.", e);
            }
            throw new SecAdminException(new StringBuffer().append("Group ").append(str).append(" not found.").toString());
        }
    }
}
