package com.ibm.ws.security.wim.registry.util;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.wim.ras.WIMMessageHelper;
import com.ibm.websphere.security.wim.util.PasswordUtil;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.registry.CertificateMapFailedException;
import com.ibm.ws.security.registry.CertificateMapNotSupportedException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.wim.registry.dataobject.IDAndRealm;
import com.ibm.wsspi.security.wim.exception.PasswordCheckFailedException;
import com.ibm.wsspi.security.wim.exception.WIMException;
import com.ibm.wsspi.security.wim.model.Context;
import com.ibm.wsspi.security.wim.model.Entity;
import com.ibm.wsspi.security.wim.model.LoginAccount;
import com.ibm.wsspi.security.wim.model.LoginControl;
import com.ibm.wsspi.security.wim.model.Root;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/wim/registry/util/LoginBridge.class */
public class LoginBridge {
    private static final TraceComponent tc = Tr.register(LoginBridge.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private TypeMappings propertyMap;
    private BridgeUtils mappingUtils;
    static final long serialVersionUID = 6462275514085308184L;

    public LoginBridge(BridgeUtils bridgeUtils) {
        this.propertyMap = null;
        this.mappingUtils = null;
        this.mappingUtils = bridgeUtils;
        this.propertyMap = new TypeMappings(bridgeUtils);
    }

    @FFDCIgnore({WIMException.class})
    public String checkPassword(String str, @Sensitive String str2) throws RegistryException {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            this.mappingUtils.validateId(str);
            IDAndRealm separateIDAndRealm = this.mappingUtils.separateIDAndRealm(str);
            Root createRootObject = this.mappingUtils.getWimService().createRootObject();
            if (separateIDAndRealm.isRealmDefined()) {
                this.mappingUtils.createRealmDataObject(createRootObject, separateIDAndRealm.getRealm());
                List contexts = createRootObject.getContexts();
                if (contexts != null) {
                    Context context = new Context();
                    context.setKey("allowOperationIfReposDown");
                    context.setValue(Boolean.valueOf(this.mappingUtils.getCoreConfiguration().isAllowOpIfRepoDown(separateIDAndRealm.getRealm())));
                    contexts.add(context);
                }
            }
            String outputUserSecurityName = this.propertyMap.getOutputUserSecurityName(separateIDAndRealm.getRealm());
            if (this.mappingUtils.isIdentifierTypeProperty(outputUserSecurityName)) {
                LoginControl loginControl = new LoginControl();
                loginControl.setCountLimit(this.mappingUtils.getCoreConfiguration().getMaxSearchResults() + 1);
                createRootObject.getControls().add(loginControl);
            } else {
                this.mappingUtils.createLoginControlDataObject(createRootObject, outputUserSecurityName);
            }
            List entities = createRootObject.getEntities();
            LoginAccount loginAccount = new LoginAccount();
            if (entities != null) {
                entities.add(loginAccount);
            }
            loginAccount.setPrincipalName(separateIDAndRealm.getId());
            loginAccount.setPassword(PasswordUtil.getByteArrayPassword(str2));
            List entities2 = this.mappingUtils.getWimService().login(createRootObject).getEntities();
            if (entities2.isEmpty()) {
                String formatMessage = Tr.formatMessage(tc, "ENTITY_NOT_FOUND", WIMMessageHelper.generateMsgParms(str));
                if (tc.isErrorEnabled()) {
                    Tr.error(tc, formatMessage, new Object[0]);
                }
                throw new PasswordCheckFailedException("ENTITY_NOT_FOUND", formatMessage);
            }
            Entity entity = (Entity) entities2.get(0);
            if (this.mappingUtils.isIdentifierTypeProperty(outputUserSecurityName)) {
                stringBuffer.append(BridgeUtils.getStringValue(entity.getIdentifier().get(outputUserSecurityName)));
            } else {
                Object obj = entity.get(outputUserSecurityName);
                if (obj instanceof List) {
                    stringBuffer.append(BridgeUtils.getStringValue(((List) obj).get(0)));
                } else {
                    stringBuffer.append(BridgeUtils.getStringValue(obj));
                }
            }
            if (separateIDAndRealm.isRealmDefined() && !this.mappingUtils.getDefaultRealmName().equals(separateIDAndRealm.getRealm())) {
                stringBuffer.append(separateIDAndRealm.getDelimiter() + separateIDAndRealm.getRealm());
            }
            return stringBuffer.toString();
        } catch (WIMException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, e.getMessage(), new Object[]{e});
            }
            if (tc.isErrorEnabled()) {
                Tr.error(tc, e.getMessage(), new Object[]{e});
            }
            throw new RegistryException(e.getMessage(), e);
        }
    }

    @FFDCIgnore({WIMException.class})
    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapNotSupportedException, CertificateMapFailedException, RegistryException {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            this.mappingUtils.validateCertificate(x509CertificateArr);
            IDAndRealm separateIDAndRealm = this.mappingUtils.separateIDAndRealm("");
            Root createRootObject = this.mappingUtils.getWimService().createRootObject();
            String outputUserSecurityName = this.propertyMap.getOutputUserSecurityName(separateIDAndRealm.getRealm());
            if (!this.mappingUtils.isIdentifierTypeProperty(outputUserSecurityName)) {
                this.mappingUtils.createLoginControlDataObject(createRootObject, outputUserSecurityName);
            }
            List entities = createRootObject.getEntities();
            LoginAccount loginAccount = new LoginAccount();
            if (entities != null) {
                entities.add(loginAccount);
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                loginAccount.getCertificate().add(x509Certificate.getEncoded());
            }
            List entities2 = this.mappingUtils.getWimService().login(createRootObject).getEntities();
            if (entities2.isEmpty()) {
                throw new com.ibm.wsspi.security.wim.exception.CertificateMapFailedException();
            }
            Entity entity = (Entity) entities2.get(0);
            if (this.mappingUtils.isIdentifierTypeProperty(outputUserSecurityName)) {
                stringBuffer.append(BridgeUtils.getStringValue(entity.getIdentifier().get(outputUserSecurityName)));
            } else {
                Object obj = entity.get(outputUserSecurityName);
                if (obj instanceof List) {
                    stringBuffer.append(BridgeUtils.getStringValue(((List) obj).get(0)));
                } else {
                    stringBuffer.append(BridgeUtils.getStringValue(obj));
                }
            }
            if (separateIDAndRealm.isRealmDefined() && !this.mappingUtils.getDefaultRealmName().equals(separateIDAndRealm.getRealm())) {
                stringBuffer.append(separateIDAndRealm.getDelimiter() + separateIDAndRealm.getRealm());
            }
            return stringBuffer.toString();
        } catch (CertificateEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.wim.registry.util.LoginBridge", "250", this, new Object[]{x509CertificateArr});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, e.getMessage(), new Object[]{e});
            }
            throw new RegistryException(e.getMessage(), e);
        } catch (WIMException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, e2.getMessage(), new Object[]{e2});
            }
            if (e2 instanceof com.ibm.wsspi.security.wim.exception.CertificateMapNotSupportedException) {
                throw new CertificateMapNotSupportedException(e2.getMessage(), e2);
            }
            if (e2 instanceof com.ibm.wsspi.security.wim.exception.CertificateMapFailedException) {
                throw new CertificateMapFailedException(e2.getMessage(), e2);
            }
            throw new RegistryException(e2.getMessage(), e2);
        }
    }

    public String getRealmName() throws WIMException {
        return this.mappingUtils.getWimService().getRealmName();
    }
}
