package com.ibm.ws.management.repository.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.collective.controller.CollectiveRegistrationMBean;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.collective.security.CollectiveCertificateUtility;
import com.ibm.ws.collective.security.CollectiveOperationAuthorizer;
import com.ibm.ws.collective.security.CollectiveUUID;
import com.ibm.ws.collective.utils.RepositoryPathUtility;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.management.repository.recorder.ControllerMBeanFlightRecorder;
import com.ibm.ws.management.repository.recorder.FlightEndEvent;
import com.ibm.ws.management.repository.recorder.FlightStartEvent;
import com.ibm.wsspi.collective.repository.RepositoryClient;
import com.ibm.wsspi.collective.repository.RepositoryConnectionFactory;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.UUID;
import javax.management.DynamicMBean;
import javax.management.MBeanInfo;
import javax.management.MBeanOperationInfo;
import javax.management.MBeanParameterInfo;
import javax.management.NotCompliantMBeanException;
import javax.management.StandardMBean;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = ExtensionConstants.CORE_EXTENSION, messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {CollectiveRegistrationMBean.class, DynamicMBean.class}, configurationPolicy = ConfigurationPolicy.IGNORE, immediate = true, property = {"service.vendor=IBM", "jmx.objectname=WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration"})
/* loaded from: input_file:lib/com.ibm.ws.management.repository_1.0.2.cl50220140507-2029.jar:com/ibm/ws/management/repository/internal/CollectiveRegistrationMBeanImpl.class */
public class CollectiveRegistrationMBeanImpl extends StandardMBean implements CollectiveRegistrationMBean {
    private static final String PATH_SYS_STATUS = "sys.status";
    private static final String SYS_PATHS_SEGMENT = "sys.paths/";
    private static final String PATH_HOST_AUTH_INFO = "sys.host.auth.info";
    private static final String PATH_CLUSTER_MBEAN_NAME_ATTRIBUTE = "sys.mbeans/WebSphere:feature=clusterMember,type=ClusterMember,name=ClusterMember/attributes/Name";
    private static final String CLUSTER_SEGMENT = "/sys.was.groups/types/cluster/";
    private static final String SYS_MEMBERS_SEGMENT = "/sys.members";
    private static final String SYS_NOLOGIN_NODE = "sys.nologin";
    static final int VALIDITY_5_YEARS = 1825;
    static final String KEY_REPOSITORY_CONNECTION_FACTORY_REF = "repositoryConnectionFactory";
    static final String KEY_COLLECTIVE_CERTIFICATE_UTILITY_REF = "collectiveCertificateUtility";
    static final String KEY_COLLECTIVE_UUID_REF = "collectiveUUID";
    static final String KEY_AUTHORIZER_REF = "collectiveOperationAuthorizer";
    private final AtomicServiceReference<RepositoryConnectionFactory> repositoryConnectionFactoryRef;
    private final AtomicServiceReference<CollectiveCertificateUtility> collectiveCertificateUtilityRef;
    private final AtomicServiceReference<CollectiveUUID> collectiveUUIDRef;
    private final AtomicServiceReference<CollectiveOperationAuthorizer> authorizerRef;
    static final long serialVersionUID = -5994485229799258476L;
    private static final TraceComponent tc = Tr.register(CollectiveRegistrationMBeanImpl.class);
    private static final Integer DEFAULT_SSH_PORT = 22;
    private static final Map<String, PropertyInfo> VALID_HOST_AUTH_INFO_PROPERTY_MAP = new HashMap();
    private static final Map<String, PropertyInfo> VALID_CERTIFICATE_PROPERTY_MAP = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    @TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = ExtensionConstants.CORE_EXTENSION, messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:lib/com.ibm.ws.management.repository_1.0.2.cl50220140507-2029.jar:com/ibm/ws/management/repository/internal/CollectiveRegistrationMBeanImpl$PropertyInfo.class */
    public static final class PropertyInfo {
        final String name;
        final DatatypeSupport type;
        static final long serialVersionUID = 8553297714515140297L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(PropertyInfo.class);

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        PropertyInfo(String str, DatatypeSupport datatypeSupport) {
            this.name = str;
            this.type = datatypeSupport;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static void addHostAuthInfoProperty(String str, DatatypeSupport datatypeSupport) {
        VALID_HOST_AUTH_INFO_PROPERTY_MAP.put(str, new PropertyInfo(str, datatypeSupport));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static void addCertificateProperty(String str, DatatypeSupport datatypeSupport) {
        VALID_CERTIFICATE_PROPERTY_MAP.put(str, new PropertyInfo(str, datatypeSupport));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public CollectiveRegistrationMBeanImpl() throws NotCompliantMBeanException {
        super(CollectiveRegistrationMBean.class);
        this.repositoryConnectionFactoryRef = new AtomicServiceReference<>(KEY_REPOSITORY_CONNECTION_FACTORY_REF);
        this.collectiveCertificateUtilityRef = new AtomicServiceReference<>(KEY_COLLECTIVE_CERTIFICATE_UTILITY_REF);
        this.collectiveUUIDRef = new AtomicServiceReference<>(KEY_COLLECTIVE_UUID_REF);
        this.authorizerRef = new AtomicServiceReference<>(KEY_AUTHORIZER_REF);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected final String getDescription(MBeanInfo mBeanInfo) {
        return "Provides operations for registering and unregistering servers and hosts with the collective.";
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected final String getDescription(MBeanOperationInfo mBeanOperationInfo) {
        String name;
        String str = "Unknown operation";
        if (mBeanOperationInfo != null && (name = mBeanOperationInfo.getName()) != null) {
            if (name.equals("registerHost")) {
                str = "Registers a host with the collective.";
            } else if (name.equals("updateHost")) {
                str = "Updates the authentication information for a known host with the collective.";
            } else if (name.equals("unregisterHost")) {
                str = "Unregisters a host from the collective. Any servers on this host will be automatically removed from any clusters for which they are a member.";
            } else if (name.equals("join")) {
                str = "Join the specified server to the collective as a member.";
            } else if (name.equals("replicate")) {
                str = "Replicates the collective controller configuration it order to allow the specified server to act as a collective controller.";
            } else if (name.equals("remove")) {
                str = "Removes the server from the collective. The server will be automatically removed from any clusters for which it is a member.";
            } else if (name.equals("avow")) {
                str = "Avow the server to the collective. The server will be allowed to authenticate to the collective as long as it has the correct credentials.";
            } else if (name.equals("disavow")) {
                str = "Disavow the server from the collective. The server will be prevented from authenticating to the collective controllers.";
            }
        }
        return str;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected final String getParameterName(MBeanOperationInfo mBeanOperationInfo, MBeanParameterInfo mBeanParameterInfo, int i) {
        String str;
        String name;
        str = "Unknown";
        if (mBeanOperationInfo != null && mBeanParameterInfo != null && i >= 0 && (name = mBeanOperationInfo.getName()) != null) {
            if (i == 0) {
                str = "hostName";
            } else if (i == 1) {
                if (name.equals("registerHost") || name.equals("updateHost")) {
                    str = "hostAuthInfo";
                } else if (!name.equals("unregisterHost")) {
                    str = "wlpUserDir";
                }
            } else if (i >= 2 && !name.equals("registerHost") && !name.equals("updateHost") && !name.equals("unregisterHost")) {
                str = i == 2 ? ClusterManagerMBeanImpl.SERVER_NAME : "Unknown";
                if (name.equals("join") || name.equals("replicate")) {
                    if (i == 3) {
                        str = "wlpInstallDir";
                    } else if (i == 4) {
                        str = "keystorePassword";
                    } else if (i == 5) {
                        str = "certProperties";
                    } else if (i == 6) {
                        str = "hostAuthInfo";
                    }
                }
            }
        }
        return str;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected final String getDescription(MBeanOperationInfo mBeanOperationInfo, MBeanParameterInfo mBeanParameterInfo, int i) {
        String parameterName;
        String str = "Unknown";
        if (mBeanOperationInfo != null && mBeanParameterInfo != null && i >= 0 && (parameterName = getParameterName(mBeanOperationInfo, mBeanParameterInfo, i)) != null) {
            if (parameterName.equals("hostName")) {
                str = "The host name. Must not be null or an empty string.";
            } else if (parameterName.equals("wlpUserDir")) {
                str = "The canonical path for the user directory of server. Must not be null or an empty string.";
            } else if (parameterName.equals(ClusterManagerMBeanImpl.SERVER_NAME)) {
                str = "The server name. Must not be null or an empty string.";
            } else if (parameterName.equals("wlpInstallDir")) {
                str = "The Liberty install directory for this server. Must not be null or an empty string.";
            } else if (parameterName.equals("keystorePassword")) {
                str = "The password to protect the created keystores. Must not be null or an empty string.";
            } else if (parameterName.equals("certProperties")) {
                str = "Additional properties to control the certificate creation. May be null or an empty Map.";
            } else if (parameterName.equals("hostAuthInfo")) {
                str = "The host authentication information map containing properties that would be needed by a remote client to start the server.  Must not be null or an empty Map.";
            }
        }
        return str;
    }

    @Reference(name = KEY_REPOSITORY_CONNECTION_FACTORY_REF, service = RepositoryConnectionFactory.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setRepositoryConnectionFactory(ServiceReference<RepositoryConnectionFactory> serviceReference) {
        this.repositoryConnectionFactoryRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetRepositoryConnectionFactory(ServiceReference<RepositoryConnectionFactory> serviceReference) {
        this.repositoryConnectionFactoryRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_COLLECTIVE_CERTIFICATE_UTILITY_REF, service = CollectiveCertificateUtility.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCollectiveCertificateUtility(ServiceReference<CollectiveCertificateUtility> serviceReference) {
        this.collectiveCertificateUtilityRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCollectiveCertificateUtility(ServiceReference<CollectiveCertificateUtility> serviceReference) {
        this.collectiveCertificateUtilityRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_COLLECTIVE_UUID_REF, service = CollectiveUUID.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCollectiveUUID(ServiceReference<CollectiveUUID> serviceReference) {
        this.collectiveUUIDRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCollectiveUUID(ServiceReference<CollectiveUUID> serviceReference) {
        this.collectiveUUIDRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_AUTHORIZER_REF, service = CollectiveOperationAuthorizer.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setAuthorizer(ServiceReference<CollectiveOperationAuthorizer> serviceReference) {
        this.authorizerRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetAuthorizer(ServiceReference<CollectiveOperationAuthorizer> serviceReference) {
        this.authorizerRef.unsetReference(serviceReference);
    }

    @Activate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext) {
        this.repositoryConnectionFactoryRef.activate(componentContext);
        this.collectiveCertificateUtilityRef.activate(componentContext);
        this.collectiveUUIDRef.activate(componentContext);
        this.authorizerRef.activate(componentContext);
        Tr.info(tc, "COLLECTIVE_REGISTRATION_MBEAN_READY", new Object[0]);
    }

    @Deactivate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext) {
        this.repositoryConnectionFactoryRef.deactivate(componentContext);
        this.collectiveCertificateUtilityRef.deactivate(componentContext);
        this.collectiveUUIDRef.deactivate(componentContext);
        this.authorizerRef.deactivate(componentContext);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void isAuthorized(String str) {
        CollectiveOperationAuthorizer service = this.authorizerRef.getService();
        if (service != null) {
            service.isAuthorized(str);
        } else {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Unable to get the CollectiveOperationAuthorizer, the service may be stopping or the server may be shutting down. In either case, permissions is denied for operation: " + str, new Object[0]);
            }
            throw new AccessControlException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_MBEAN_ACCESS_DENIED", new Object[]{str}, "CWWKX9047E: The CollectiveRegistration MBean {0} operation cannot be completed. Permission is denied."));
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private RepositoryClient getRepositoryClient(String str) throws IOException {
        RepositoryClient obtainRepositoryClient;
        RepositoryConnectionFactory service = this.repositoryConnectionFactoryRef.getService();
        if (service != null && (obtainRepositoryClient = service.obtainRepositoryClient()) != null) {
            return obtainRepositoryClient;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "The RepositoryClient service is unavailable. Unable to publish data to the repository.", new Object[0]);
        }
        throw new IOException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_MANAGEMENT_REPOSITORY_UNAVAILABLE", new Object[]{str}, "CWWKX9004E: An internal error has occurred. The CollectiveRegistrationMBean {0} operation could not be completed. A connection to the collective repository could not be established. This can happen if the MBean was stopping. If the MBean was not stopping, then contact IBM support."));
    }

    @FFDCIgnore({IllegalArgumentException.class})
    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Map<String, Object> validateHostAuthInfo(String str, @Sensitive Map<String, Object> map, String str2) throws IllegalArgumentException {
        if (map == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "The properties map cannot be null.", new Object[0]);
            }
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_PROPERTIES_MAP", new Object[]{str}, "CWWKX9011E: The CollectiveRegistrationMBean {0} operation could not be completed. The properties map cannot be null."));
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            PropertyInfo propertyInfo = VALID_HOST_AUTH_INFO_PROPERTY_MAP.get(key);
            if (propertyInfo == null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(this, tc, "Unrecognized property: " + key, new Object[0]);
                }
                throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNRECOGNIZED_PROPERTY", new Object[]{str, key}, "CWWKX9012E: The CollectiveRegistrationMBean {0} operation could not be completed. Unrecognized hostAuthInfo property: {1}."));
            }
            try {
                Object processedObjectValue = propertyInfo.type.getProcessedObjectValue(entry.getValue());
                if (processedObjectValue == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(this, tc, "The value specified for property " + key + " is invalid.", new Object[0]);
                    }
                    throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_PROPERTY_VALUE", new Object[]{str, key}, "CWWKX9013E: The CollectiveRegistrationMBean {0} operation could not be completed. The value specified for hostAuthInfo property {1} is not valid."));
                }
                hashMap.put(propertyInfo.name, processedObjectValue);
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_PROPERTY_VALUE", new Object[]{str, key}, "CWWKX9013E: The CollectiveRegistrationMBean {0} operation could not be completed. The value specified for hostAuthInfo property {1} is not valid."), e);
            }
        }
        if (!hashMap.containsKey("rpcHost")) {
            hashMap.put("rpcHost", str2);
        }
        if (!hashMap.containsKey("rpcPort")) {
            hashMap.put("rpcPort", DEFAULT_SSH_PORT);
        }
        if (!hashMap.containsKey("rpcUser")) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "The rpcUser property is required.", new Object[0]);
            }
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_KEY_USERID_PROPERTY_REQUIRED", new Object[]{str}, "CWWKX9014E: The CollectiveRegistrationMBean {0} operation could not be completed. The userId property is required."));
        }
        if (!hashMap.containsKey("rpcUserPassword") && !hashMap.containsKey("sshPrivateKey")) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "The rpcUserPassword property or the sshPrivateKey property is required.", new Object[0]);
            }
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_PASSWORD_OR_PUB_PRIV_KEY_PROPERTIES_REQUIRED", new Object[]{str}, "CWWKX9015E: The CollectiveRegistrationMBean {0} operation could not be completed. The userPassword property or the sshPrivateKey property is required."));
        }
        if (hashMap.containsKey("rpcUserPassword") && hashMap.containsKey("sshPrivateKey")) {
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_KEY_CONFIG_WITH_USER_PASSWORD", new Object[]{str}, "CWWKX9016E: The CollectiveRegistrationMBean {0} operation could not be completed. Both sshPrivateKey and userPassword have been specified. Set either sshPrivateKey or userPassword, but not both."));
        }
        if (!hashMap.containsKey("sshPrivateKey") && hashMap.containsKey("sshPrivateKeyPassword")) {
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_KEY_PASSWORD_WITHOUT_KEY", new Object[]{str}, "CWWKX9017E: The CollectiveRegistrationMBean {0} operation could not be completed. An sshPrivateKeyPassword has been set without a corresponding sshPrivateKey."));
        }
        if (hashMap.containsKey("useSudo")) {
            if (!((Boolean) hashMap.get("useSudo")).booleanValue() && (hashMap.containsKey("sudoUser") || hashMap.containsKey("sudoUserPassword"))) {
                throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_USE_SUDO_FALSE_WITH_OTHER_SUDO_ARGS", new Object[]{str}, "CWWKX9018E: The CollectiveRegistrationMBean {0} operation could not be completed. useSudo is set to false, but other sudo options were set. This is not a valid combination. Either remove the other sudo options, or set useSudo to true."));
            }
        } else if (hashMap.containsKey("sudoUser") || hashMap.containsKey("sudoUserPassword")) {
            hashMap.put("useSudo", true);
        }
        return hashMap;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateHostName(String str, String str2) {
        if (DatatypeSupport.NON_EMPTY_STRING.isValid(str2)) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "The value '" + str2 + "' specified for the host name is not valid.", new Object[0]);
        }
        throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_HOST_NAME", new Object[]{str, str2}, "CWWKX9008E: The CollectiveRegistrationMBean {0} operation could not be completed. Host name is not valid: {1}."));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getHostNodeName(String str, String str2) throws IllegalArgumentException {
        validateHostName(str, str2);
        return RepositoryPathUtility.buildHostRepositoryPath(str2);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void createOrUpdate(RepositoryClient repositoryClient, String str, @Sensitive Object obj) throws IOException, IllegalArgumentException {
        if (!repositoryClient.create(str, obj) && !repositoryClient.setData(str, obj)) {
            throw new IOException("Unable to set data to " + str);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_registerHost(String str, String str2, @Sensitive Map<String, Object> map) throws IOException, IllegalArgumentException, IllegalStateException {
        String hostNodeName = getHostNodeName(str, str2);
        Map<String, Object> validateHostAuthInfo = validateHostAuthInfo(str, map, str2);
        RepositoryClient repositoryClient = getRepositoryClient(str);
        if (repositoryClient.exists(hostNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Host: " + str2 + " has already been registered.", new Object[0]);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_HOST_ALREADY_REGISTERED", new Object[]{str, str2}, "CWWKX9019E: The CollectiveRegistrationMBean {0} operation could not be completed. The host {1} has already been registered."));
        }
        createOrUpdate(repositoryClient, hostNodeName + PATH_HOST_AUTH_INFO, validateHostAuthInfo);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Host: " + str2 + " has been successfully registered.", hostNodeName);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void registerHost(String str, @Sensitive Map<String, Object> map) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "registerHost", str));
        try {
            isAuthorized("registerHost");
            do_registerHost("registerHost", str, map);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "registerHost", Void.TYPE, System.nanoTime() - nanoTime, str));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "registerHost", e, System.nanoTime() - nanoTime, str));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "registerHost", e2, System.nanoTime() - nanoTime, str));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_updateHost(String str, String str2, @Sensitive Map<String, Object> map) throws IOException, IllegalArgumentException, IllegalStateException {
        String hostNodeName = getHostNodeName(str, str2);
        Map<String, Object> validateHostAuthInfo = validateHostAuthInfo(str, map, str2);
        RepositoryClient repositoryClient = getRepositoryClient(str);
        if (!repositoryClient.exists(hostNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Host: " + str2 + " has already been registered.", new Object[0]);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNREGISTER_NONEXISTENT_HOST", new Object[]{str, str2}, "CWWKX9020E: The CollectiveRegistrationMBean {0} operation could not be completed. The host {1} does not exist in the repository."));
        }
        createOrUpdate(repositoryClient, hostNodeName + PATH_HOST_AUTH_INFO, validateHostAuthInfo);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Host: " + str2 + " has been successfully updated.", hostNodeName);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void updateHost(String str, @Sensitive Map<String, Object> map) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "updateHost", str));
        try {
            isAuthorized("updateHost");
            do_updateHost("updateHost", str, map);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "updateHost", Void.TYPE, System.nanoTime() - nanoTime, str));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "updateHost", e, System.nanoTime() - nanoTime, str));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "updateHost", e2, System.nanoTime() - nanoTime, str));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void getAllChildNodes(RepositoryClient repositoryClient, Collection<String> collection, String str) throws IllegalArgumentException, IOException {
        Collection<String> children = repositoryClient.getChildren(str, true);
        if (children != null) {
            for (String str2 : children) {
                collection.add(str2);
                getAllChildNodes(repositoryClient, collection, str2);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getMemberName(String str) {
        String[] split = str.split(WsLocationConstants.LOC_VIRTUAL_ROOT);
        return split[split.length - 1];
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void deleteServersOnHostFromCluster(RepositoryClient repositoryClient, String str, String str2) throws IOException {
        Collection<String> children = repositoryClient.getChildren(CLUSTER_SEGMENT + str2 + SYS_MEMBERS_SEGMENT, true);
        if (children != null) {
            for (String str3 : children) {
                String memberName = getMemberName(str3);
                if (memberName.startsWith(str)) {
                    repositoryClient.delete(str3);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Member " + memberName + " was successfully removed from cluster " + str2, new Object[0]);
                    }
                }
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeServersOnHostFromClusters(RepositoryClient repositoryClient, String str, String str2) throws IllegalArgumentException, IOException {
        ArrayList arrayList = new ArrayList();
        getAllChildNodes(repositoryClient, arrayList, str);
        ArrayList arrayList2 = new ArrayList();
        if (arrayList != null) {
            for (String str3 : arrayList) {
                if (str3.contains(PATH_CLUSTER_MBEAN_NAME_ATTRIBUTE)) {
                    arrayList2.add((String) repositoryClient.getData(str3));
                }
            }
        }
        if (arrayList2.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Host " + str2 + " has no servers that belong to a cluster", new Object[0]);
            }
        } else {
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                deleteServersOnHostFromCluster(repositoryClient, str2, (String) it.next());
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_unregisterHost(String str, String str2) throws IOException, IllegalArgumentException, IllegalStateException {
        String hostNodeName = getHostNodeName(str, str2);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Attempting to remove host: " + hostNodeName, new Object[0]);
        }
        RepositoryClient repositoryClient = getRepositoryClient(str);
        removeServersOnHostFromClusters(repositoryClient, hostNodeName, str2);
        if (!repositoryClient.delete(hostNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Host: " + str2 + " did not exist in the repository. No data deleted.", hostNodeName);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNREGISTER_NONEXISTENT_HOST", new Object[]{str, str2}, "CWWKX9020E: The CollectiveRegistrationMBean {0} operation could not be completed. The host {1} does not exist in the repository."));
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Host: " + str2 + " has been successfully unregistered.", hostNodeName);
        }
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Successfully removed host: " + hostNodeName, new Object[0]);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unregisterHost(String str) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "unregisterHost", str));
        try {
            isAuthorized("unregisterHost");
            do_unregisterHost("unregisterHost", str);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "unregisterHost", Void.TYPE, System.nanoTime() - nanoTime, str));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "unregisterHost", e, System.nanoTime() - nanoTime, str));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "unregisterHost", e2, System.nanoTime() - nanoTime, str));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateKeystorePassword(String str, @Sensitive String str2) {
        if (DatatypeSupport.NON_EMPTY_STRING.isValid(str2)) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "The specified value for the keystore password is not valid.", new Object[0]);
        }
        throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_KEYSTORE_PASSWORD", new Object[]{str}, "CWWKX9023E: The CollectiveRegistrationMBean {0} operation could not be completed. Keystore password is not valid."));
    }

    @FFDCIgnore({IllegalArgumentException.class})
    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateCertificateProperties(String str, @Sensitive Map<String, Object> map) throws IllegalArgumentException {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            PropertyInfo propertyInfo = VALID_CERTIFICATE_PROPERTY_MAP.get(key);
            if (propertyInfo == null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(this, tc, "Unrecognized property: " + key, new Object[0]);
                }
                throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNRECOGNIZED_PROPERTY", new Object[]{str, key}, "CWWKX9012E: The CollectiveRegistrationMBean {0} operation could not be completed. Unrecognized property: {1}."));
            }
            try {
                if (propertyInfo.type.getProcessedObjectValue(entry.getValue()) == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(this, tc, "The value specified for property " + key + " is invalid.", new Object[0]);
                    }
                    throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_PROPERTY_VALUE", new Object[]{str, key}, "CWWKX9013E: The CollectiveRegistrationMBean {0} operation could not be completed. The value specified for property {1} is not valid."));
                }
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_PROPERTY_VALUE", new Object[]{str, key}, "CWWKX9013E: The CollectiveRegistrationMBean {0} operation could not be completed. The value specified for property {1} is not valid."), e);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getServerNodeName(String str, String str2, String str3, String str4) throws IllegalArgumentException {
        validateHostName(str, str2);
        if (!DatatypeSupport.NON_EMPTY_STRING.isValid(str3)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "The value '" + str3 + "' specified for the userDir is not valid.", new Object[0]);
            }
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_USER_DIRECTORY", new Object[]{str, str3}, "CWWKX9010E: The CollectiveRegistrationMBean {0} operation could not be completed. User directory is not valid: {1}."));
        }
        if (DatatypeSupport.NON_EMPTY_STRING.isValid(str4)) {
            return RepositoryPathUtility.buildServerRepositoryPath(str2, RepositoryPathUtility.getURLEncodedPath(str3), str4);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "The value '" + str4 + "' specified for the server name is not valid.", new Object[0]);
        }
        throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_SERVER_NAME", new Object[]{str, str4}, "CWWKX9007E: The CollectiveRegistrationMBean {0} operation could not be completed. Server name is not valid: {1}."));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String validateServerToRegister(RepositoryClient repositoryClient, String str, String str2, String str3, String str4, String str5) throws IOException, IllegalArgumentException, IllegalStateException {
        String serverNodeName = getServerNodeName(str, str2, str3, str4);
        if (!DatatypeSupport.NON_EMPTY_STRING.isValid(str5)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "The value '" + str5 + "' specified for the install directory is not valid.", new Object[0]);
            }
            throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_INVALID_INSTALL_DIRECTORY", new Object[]{str, str5}, "CWWKX9009E: The CollectiveRegistrationMBean {0} operation could not be completed. Install directory is not valid: {1}."));
        }
        if (!repositoryClient.exists(serverNodeName)) {
            return serverNodeName;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "Server: " + str4 + ", Host: " + str2 + " has already been registered.", new Object[0]);
        }
        throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_ALREADY_REGISTERED", new Object[]{str, str4, str2, str3}, "CWWKX9005E: The CollectiveRegistrationMBean {0} operation could not be completed. The server {1} on host {2} with user directory of {3} has already been registered."));
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getServerPathNodeName(String str, String str2) {
        return str + SYS_PATHS_SEGMENT + str2;
    }

    @Trivial
    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getStringFromMap(@Sensitive Map<String, Object> map, String str, @Sensitive String str2) {
        return (map == null || !map.containsKey(str)) ? str2 : (String) map.get(str);
    }

    @Trivial
    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getPasswordFromMap(@Sensitive Map<String, Object> map, String str, @Sensitive String str2) {
        return PasswordUtil.passwordDecode((map == null || !map.containsKey(str)) ? str2 : (String) map.get(str));
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private int getIntFromMap(@Sensitive Map<String, Object> map, String str, int i) {
        return (map == null || !map.containsKey(str)) ? i : ((Integer) map.get(str)).intValue();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void registerServer(RepositoryClient repositoryClient, String str, String str2, String str3, String str4, String str5, String str6, @Sensitive Map<String, Object> map) throws IOException, IllegalArgumentException, IllegalStateException {
        createOrUpdate(repositoryClient, str2 + PATH_HOST_AUTH_INFO, map);
        createOrUpdate(repositoryClient, str2 + PATH_SYS_STATUS, "STOPPED");
        createOrUpdate(repositoryClient, getServerPathNodeName(str2, "wlp.install.dir"), str6);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Server: " + str5 + ", Host: " + str3 + " has been successfully registered.", str2);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Map<String, byte[]> do_join(String str, String str2, String str3, String str4, String str5, @Sensitive String str6, @Sensitive Map<String, Object> map, @Sensitive Map<String, Object> map2) throws IOException, IllegalArgumentException, IllegalStateException, CertificateException, KeyStoreException {
        RepositoryClient repositoryClient = getRepositoryClient(str);
        CollectiveCertificateUtility service = this.collectiveCertificateUtilityRef.getService();
        validateKeystorePassword(str, str6);
        validateCertificateProperties(str, map);
        Map<String, Object> validateHostAuthInfo = validateHostAuthInfo(str, map2, str2);
        String validateServerToRegister = validateServerToRegister(repositoryClient, str, str2, str3, str4, str5);
        String passwordFromMap = getPasswordFromMap(map, "serverIdentityKeystorePassword", str6);
        int intFromMap = getIntFromMap(map, "serverIdentityCertificateValidity", VALIDITY_5_YEARS);
        String passwordFromMap2 = getPasswordFromMap(map, "collectiveTrustKeystorePassword", str6);
        String passwordFromMap3 = getPasswordFromMap(map, "httpsKeystorePassword", str6);
        String stringFromMap = getStringFromMap(map, "httpsCertificateSubject", "CN=localhost");
        int intFromMap2 = getIntFromMap(map, "httpsCertificateValidity", VALIDITY_5_YEARS);
        String passwordFromMap4 = getPasswordFromMap(map, "httpsTruststorePassword", str6);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Generating collective certificates for new member " + str2 + "," + str3 + "," + str4 + ". This can take a while...", service);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("serverIdentity.jks", service.getMemberServerIdentityJKSBytes(str2, str3, str4, intFromMap, passwordFromMap));
        hashMap.put("collectiveTrust.jks", service.getMemberCollectiveTrustJKSBytes(passwordFromMap2));
        hashMap.put("key.jks", service.getMemberKeyJKSBytes(stringFromMap, intFromMap2, passwordFromMap3));
        hashMap.put("trust.jks", service.getMemberTrustJKSBytes(passwordFromMap4));
        registerServer(repositoryClient, str, validateServerToRegister, str2, str3, str4, str5, validateHostAuthInfo);
        return hashMap;
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Map<String, byte[]> join(String str, String str2, String str3, String str4, @Sensitive String str5, @Sensitive Map<String, Object> map, @Sensitive Map<String, Object> map2) throws IOException, IllegalArgumentException, IllegalStateException, CertificateException, KeyStoreException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "join", str, str2, str3, str4));
        try {
            isAuthorized("join");
            Map<String, byte[]> do_join = do_join("join", str, str2, str3, str4, str5, map, map2);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "join", do_join.keySet(), System.nanoTime() - nanoTime, str, str2, str3, str4));
            return do_join;
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "join", e, System.nanoTime() - nanoTime, str, str2, str3, str4));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "join", e2, System.nanoTime() - nanoTime, str, str2, str3, str4));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Map<String, byte[]> do_replicate(String str, String str2, String str3, String str4, String str5, @Sensitive String str6, @Sensitive Map<String, Object> map, @Sensitive Map<String, Object> map2) throws IOException, IllegalArgumentException, IllegalStateException, CertificateException, KeyStoreException {
        RepositoryClient repositoryClient = getRepositoryClient(str);
        CollectiveCertificateUtility service = this.collectiveCertificateUtilityRef.getService();
        UUID collectiveUUID = this.collectiveUUIDRef.getService().getCollectiveUUID();
        validateKeystorePassword(str, str6);
        validateCertificateProperties(str, map);
        Map<String, Object> validateHostAuthInfo = validateHostAuthInfo(str, map2, str2);
        String validateServerToRegister = validateServerToRegister(repositoryClient, str, str2, str3, str4, str5);
        String passwordFromMap = getPasswordFromMap(map, "serverIdentityKeystorePassword", str6);
        int intFromMap = getIntFromMap(map, "serverIdentityCertificateValidity", VALIDITY_5_YEARS);
        String passwordFromMap2 = getPasswordFromMap(map, "collectiveTrustKeystorePassword", str6);
        String passwordFromMap3 = getPasswordFromMap(map, "httpsKeystorePassword", str6);
        String stringFromMap = getStringFromMap(map, "httpsCertificateSubject", "CN=localhost");
        int intFromMap2 = getIntFromMap(map, "httpsCertificateValidity", VALIDITY_5_YEARS);
        String passwordFromMap4 = getPasswordFromMap(map, "httpsTruststorePassword", str6);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Generating collective certificates for new controller " + str2 + "," + str3 + "," + str4 + ". This can take a while...", service);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("serverIdentity.jks", service.getControllerServerIdentityJKSBytes(str2, str3, str4, intFromMap, passwordFromMap));
        hashMap.put("collectiveTrust.jks", service.getControllerCollectiveTrustJKSBytes(passwordFromMap2));
        hashMap.put("key.jks", service.getControllerKeyJKSBytes(stringFromMap, intFromMap2, passwordFromMap3));
        hashMap.put("trust.jks", service.getControllerTrustJKSBytes(passwordFromMap4));
        hashMap.put("rootKeys.jks", service.getRootKeystoreJKSBytes());
        hashMap.put("collective.uuid", collectiveUUID.toString().getBytes());
        registerServer(repositoryClient, str, validateServerToRegister, str2, str3, str4, str5, validateHostAuthInfo);
        return hashMap;
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Map<String, byte[]> replicate(String str, String str2, String str3, String str4, @Sensitive String str5, @Sensitive Map<String, Object> map, @Sensitive Map<String, Object> map2) throws IOException, IllegalArgumentException, IllegalStateException, CertificateException, KeyStoreException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "replicate", str, str2, str3, str4));
        try {
            isAuthorized("replicate");
            Map<String, byte[]> do_replicate = do_replicate("replicate", str, str2, str3, str4, str5, map, map2);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "replicate", do_replicate.keySet(), System.nanoTime() - nanoTime, str, str2, str3, str4));
            return do_replicate;
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "replicate", e, System.nanoTime() - nanoTime, str, str2, str3, str4));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "replicate", e2, System.nanoTime() - nanoTime, str, str2, str3, str4));
            throw e2;
        }
    }

    @FFDCIgnore({NoSuchElementException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeServerFromCluster(RepositoryClient repositoryClient, String str, String str2, String str3, String str4) throws IllegalArgumentException, IOException {
        try {
            String str5 = (String) repositoryClient.getData(str + PATH_CLUSTER_MBEAN_NAME_ATTRIBUTE);
            repositoryClient.delete(CLUSTER_SEGMENT + str5 + SYS_MEMBERS_SEGMENT + WsLocationConstants.LOC_VIRTUAL_ROOT + str2 + "," + RepositoryPathUtility.getURLEncodedPath(str3) + "," + str4);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Server " + str4 + " was successfully removed from cluster " + str5, new Object[0]);
            }
        } catch (NoSuchElementException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Server " + str4 + " was not part of any cluster", new Object[0]);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_remove(String str, String str2, String str3, String str4) throws IOException, IllegalArgumentException, IllegalStateException {
        String serverNodeName = getServerNodeName(str, str3, str4, str2);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Attempting to remove server: " + serverNodeName, new Object[0]);
        }
        RepositoryClient repositoryClient = getRepositoryClient(str);
        removeServerFromCluster(repositoryClient, serverNodeName, str3, str4, str2);
        if (!repositoryClient.delete(serverNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Server: " + str2 + ", Host: " + str3 + " did not exist in the repository. No data deleted.", serverNodeName);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNREGISTER_NONEXISTENT_SERVER", new Object[]{str, str2, str3, str4}, "CWWKX9006E: The CollectiveRegistrationMBean {0} operation could not be completed. The server {1} on host {2} with user directory of {3} does not exist in the repository."));
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Server: " + str2 + ", Host: " + str3 + " has been successfully unregistered.", serverNodeName);
        }
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Successfully removed server: " + serverNodeName, new Object[0]);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void remove(String str, String str2, String str3) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "remove", str3, str, str2));
        try {
            isAuthorized("remove");
            do_remove("remove", str3, str, str2);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "remove", Void.TYPE, System.nanoTime() - nanoTime, str3, str, str2));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "remove", e, System.nanoTime() - nanoTime, str3, str, str2));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "remove", e2, System.nanoTime() - nanoTime, str3, str, str2));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_avow(String str, String str2, String str3, String str4) throws IOException, IllegalArgumentException, IllegalStateException {
        String serverNodeName = getServerNodeName(str, str3, str4, str2);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Attempting to avow server: " + serverNodeName, new Object[0]);
        }
        RepositoryClient repositoryClient = getRepositoryClient(str);
        if (!repositoryClient.exists(serverNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Server: " + str2 + ", Host: " + str3 + " did not exist in the repository. Can not avow.", serverNodeName);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNREGISTER_NONEXISTENT_SERVER", new Object[]{str, str2, str3, str4}, "CWWKX9006E: The CollectiveRegistrationMBean {0} operation could not be completed. The server {1} on host {2} with user directory of {3} does not exist in the repository."));
        }
        repositoryClient.delete(serverNodeName + SYS_NOLOGIN_NODE);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Server: " + str2 + ", Host: " + str3 + " has been successfully unregistered.", serverNodeName);
        }
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Successfully avowed server: " + serverNodeName, new Object[0]);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void avow(String str, String str2, String str3) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "avow", str3, str, str2));
        try {
            isAuthorized("avow");
            do_avow("avow", str3, str, str2);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "avow", Void.TYPE, System.nanoTime() - nanoTime, str3, str, str2));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "avow", e, System.nanoTime() - nanoTime, str3, str, str2));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "avow", e2, System.nanoTime() - nanoTime, str3, str, str2));
            throw e2;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void do_disavow(String str, String str2, String str3, String str4) throws IOException, IllegalArgumentException, IllegalStateException {
        String serverNodeName = getServerNodeName(str, str3, str4, str2);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Attempting to avow server: " + serverNodeName, new Object[0]);
        }
        RepositoryClient repositoryClient = getRepositoryClient(str);
        if (!repositoryClient.exists(serverNodeName)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Server: " + str2 + ", Host: " + str3 + " did not exist in the repository. Can not avow.", serverNodeName);
            }
            throw new IllegalStateException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "COLLECTIVE_REGISTRATION_UNREGISTER_NONEXISTENT_SERVER", new Object[]{str, str2, str3, str4}, "CWWKX9006E: The CollectiveRegistrationMBean {0} operation could not be completed. The server {1} on host {2} with user directory of {3} does not exist in the repository."));
        }
        repositoryClient.create(serverNodeName + SYS_NOLOGIN_NODE, (Object) null);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Server: " + str2 + ", Host: " + str3 + " has been successfully unregistered.", serverNodeName);
        }
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Successfully avowed server: " + serverNodeName, new Object[0]);
        }
    }

    @FFDCIgnore({IOException.class, RuntimeException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void disavow(String str, String str2, String str3) throws IOException, IllegalArgumentException, IllegalStateException {
        long nanoTime = System.nanoTime();
        ControllerMBeanFlightRecorder.recordEvent(new FlightStartEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "disavow", str3, str, str2));
        try {
            isAuthorized("disavow");
            do_disavow("disavow", str3, str, str2);
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "disavow", Void.TYPE, System.nanoTime() - nanoTime, str3, str, str2));
        } catch (IOException e) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "disavow", e, System.nanoTime() - nanoTime, str3, str, str2));
            throw e;
        } catch (RuntimeException e2) {
            ControllerMBeanFlightRecorder.recordEvent(new FlightEndEvent("WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration", "disavow", e2, System.nanoTime() - nanoTime, str3, str, str2));
            throw e2;
        }
    }

    static {
        addHostAuthInfoProperty("rpcHost", DatatypeSupport.NON_EMPTY_STRING);
        addHostAuthInfoProperty("rpcPort", DatatypeSupport.INT);
        addHostAuthInfoProperty("rpcUser", DatatypeSupport.NON_EMPTY_STRING);
        addHostAuthInfoProperty("rpcUserPassword", DatatypeSupport.ENCODED_STRING);
        addHostAuthInfoProperty("sshPrivateKey", DatatypeSupport.ENCODED_STRING);
        addHostAuthInfoProperty("sshPrivateKeyPassword", DatatypeSupport.ENCODED_STRING);
        addHostAuthInfoProperty("useSudo", DatatypeSupport.BOOLEAN);
        addHostAuthInfoProperty("sudoUser", DatatypeSupport.NON_EMPTY_STRING);
        addHostAuthInfoProperty("sudoUserPassword", DatatypeSupport.ENCODED_STRING);
        addHostAuthInfoProperty("hostReadList", DatatypeSupport.LIST_STRING);
        addHostAuthInfoProperty("hostWriteList", DatatypeSupport.LIST_STRING);
        addHostAuthInfoProperty("hostJavaHome", DatatypeSupport.NON_EMPTY_STRING);
        addCertificateProperty("serverIdentityKeystorePassword", DatatypeSupport.ENCODED_STRING);
        addCertificateProperty("serverIdentityCertificateValidity", DatatypeSupport.INT);
        addCertificateProperty("collectiveTrustKeystorePassword", DatatypeSupport.ENCODED_STRING);
        addCertificateProperty("httpsKeystorePassword", DatatypeSupport.ENCODED_STRING);
        addCertificateProperty("httpsCertificateSubject", DatatypeSupport.NON_EMPTY_STRING);
        addCertificateProperty("httpsCertificateValidity", DatatypeSupport.INT);
        addCertificateProperty("httpsTruststorePassword", DatatypeSupport.ENCODED_STRING);
    }
}
