package com.ibm.ws.security.registry.basic.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.registry.CertificateMapFailedException;
import com.ibm.ws.security.registry.CertificateMapNotSupportedException;
import com.ibm.ws.security.registry.CustomRegistryException;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.LDAPUtils;
import com.ibm.ws.security.registry.NotImplementedException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.SearchResult;
import com.ibm.ws.security.registry.UserRegistry;
import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.registry.basic_1.0.2.jar:com/ibm/ws/security/registry/basic/internal/BasicRegistry.class */
public class BasicRegistry implements UserRegistry {
    protected static final String DEFAULT_REALM_NAME = "BasicRegistry";
    private String realm;
    private Boolean ignoreCaseForAuthentication;
    private final Map<String, BasicPassword> users;
    private final Map<String, List<String>> groups;
    static final long serialVersionUID = -7253204215842941069L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(BasicRegistry.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicRegistry(String str, Boolean bool, Set<BasicUser> set, Set<BasicGroup> set2) {
        this.realm = DEFAULT_REALM_NAME;
        this.ignoreCaseForAuthentication = Boolean.FALSE;
        if (str != null) {
            this.realm = str;
        }
        if (bool != null && bool.booleanValue()) {
            this.ignoreCaseForAuthentication = Boolean.TRUE;
        }
        HashMap hashMap = new HashMap();
        for (BasicUser basicUser : set) {
            hashMap.put(basicUser.getName(), basicUser.getPassword());
        }
        HashMap hashMap2 = new HashMap();
        for (BasicGroup basicGroup : set2) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(basicGroup.getMembers());
            hashMap2.put(basicGroup.getName(), arrayList);
        }
        this.users = Collections.unmodifiableMap(hashMap);
        this.groups = Collections.unmodifiableMap(hashMap2);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getRealm() {
        return this.realm;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r18v0, types: [java.lang.Exception] */
    @Override // com.ibm.ws.security.registry.UserRegistry
    public String checkPassword(String str, @Sensitive String str2) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is an empty String");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("password is null");
        }
        if (str2.trim().isEmpty()) {
            throw new IllegalArgumentException("password is an empty String");
        }
        boolean z = false;
        BasicPassword basicPassword = null;
        if (this.ignoreCaseForAuthentication.booleanValue()) {
            for (String str3 : this.users.keySet()) {
                if (str3.equalsIgnoreCase(str)) {
                    basicPassword = this.users.get(str3);
                }
            }
        } else {
            basicPassword = this.users.get(str);
        }
        if (basicPassword != null) {
            if (basicPassword.isHashed()) {
                String hashedPassword = basicPassword.getHashedPassword();
                if (hashedPassword != null) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(PasswordUtil.PROPERTY_HASH_ENCODED, hashedPassword);
                    String str4 = null;
                    try {
                        str4 = PasswordUtil.encode(str2, PasswordUtil.getCryptoAlgorithm(hashedPassword), hashMap);
                        if (hashedPassword.equals(str4)) {
                            z = true;
                        }
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.registry.basic.internal.BasicRegistry", "138", this, new Object[]{str, "<sensitive java.lang.String>"});
                        throw new IllegalArgumentException("password encoding failure : " + str4.getMessage());
                    }
                }
            } else {
                ProtectedString protectedString = new ProtectedString(str2.toCharArray());
                ProtectedString password = basicPassword.getPassword();
                if (password != null && password.equals(protectedString)) {
                    z = true;
                }
            }
        }
        if (z) {
            return str;
        }
        return null;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String mapCertificate(X509Certificate x509Certificate) throws CertificateMapNotSupportedException, CertificateMapFailedException, RegistryException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("cert is null");
        }
        String name = x509Certificate.getSubjectX500Principal().getName();
        String cNFromDN = LDAPUtils.getCNFromDN(name);
        if (cNFromDN == null || !isValidUser(cNFromDN)) {
            throw new CertificateMapFailedException("DN: " + name + " does not map to a valid registry user");
        }
        return cNFromDN;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public boolean isValidUser(String str) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is an empty String");
        }
        String str2 = str;
        if (this.ignoreCaseForAuthentication.booleanValue()) {
            str2 = str2.toLowerCase();
        }
        return this.users.containsKey(str2);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public SearchResult getUsers(String str, int i) throws RegistryException {
        return searchMap(this.users, str, i);
    }

    private String convertToRegex(String str) {
        return str.replace("*", ".*");
    }

    private SearchResult searchMap(Map<String, ?> map, String str, int i) {
        if (str == null) {
            throw new IllegalArgumentException("pattern is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("pattern is an empty String");
        }
        String convertToRegex = convertToRegex(str);
        if (i >= 0 && map.size() != 0) {
            int i2 = 0;
            int i3 = i == 0 ? 0 : i + 1;
            boolean z = false;
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = map.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.matches(convertToRegex)) {
                    arrayList.add(next);
                    i2++;
                    if (i2 == i3) {
                        arrayList.remove(next);
                        z = true;
                        break;
                    }
                }
            }
            return i2 > 0 ? new SearchResult(arrayList, z) : new SearchResult();
        }
        return new SearchResult();
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getUserDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is an empty String");
        }
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getUniqueUserId(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is an empty String");
        }
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getUserSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("uniqueUserId is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("uniqueUserId is an empty String");
        }
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public boolean isValidGroup(String str) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is an empty String");
        }
        return this.groups.containsKey(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public SearchResult getGroups(String str, int i) throws RegistryException {
        return searchMap(this.groups, str, i);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getGroupDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is an empty String");
        }
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getUniqueGroupId(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is an empty String");
        }
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public String getGroupSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("uniqueGroupId is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("uniqueGroupId is an empty String");
        }
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " does not exist");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public List<String> getUniqueGroupIdsForUser(String str) throws EntryNotFoundException, RegistryException {
        return getGroupsForUser(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public List<String> getGroupsForUser(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is an empty String");
        }
        if (!isValidUser(str)) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : this.groups.keySet()) {
            if (this.groups.get(str2).contains(str)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    public SearchResult getUsersForGroup(String str, int i) throws NotImplementedException, EntryNotFoundException, CustomRegistryException, RemoteException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is an empty String");
        }
        if (i < 0) {
            throw new IllegalArgumentException("limit is less than zero");
        }
        if (!isValidGroup(str)) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        ArrayList arrayList = new ArrayList(this.groups.get(str));
        if (i == 0) {
            return new SearchResult(arrayList, Boolean.FALSE.booleanValue());
        }
        Iterator it = arrayList.iterator();
        int i2 = 0;
        ArrayList arrayList2 = new ArrayList();
        while (it.hasNext() && i2 < i) {
            i2++;
            arrayList2.add(it.next());
        }
        return it.hasNext() ? new SearchResult(arrayList2, Boolean.TRUE.booleanValue()) : new SearchResult(arrayList2, Boolean.FALSE.booleanValue());
    }
}
