package com.ibm.ws.collective.member.internal.publisher;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.collective.member.internal.HostAuthConfig;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {HostAuthConfig.class}, configurationPid = "com.ibm.ws.management.repository.member.hostAuthInfo", configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.collective.member_1.0.jar:com/ibm/ws/collective/member/internal/publisher/HostAuthConfigImpl.class */
public class HostAuthConfigImpl implements HostAuthConfig {
    private static final TraceComponent tc = Tr.register(HostAuthConfigImpl.class);
    static final Integer DEFAULT_SSH_PORT = 22;
    static final String INTERNAL_KEY_DEFAULT_SSH_PUBLIC_KEY_PATH = "defaultSSHPublicKeyPath";
    static final String INTERNAL_KEY_DEFAULT_SSH_PRIVATE_KEY_PATH = "defaultSSHPrivateKeyPath";
    private static final List<String> EXPECTED_KEYS = new ArrayList(Arrays.asList("rpcHost", "rpcPort", "rpcUser", "rpcUserPassword", HostAuthConfig.CFG_KEY_USER_HOME, "useSudo", "sudoUser", "sudoUserPassword", HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH, HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH, "sshPrivateKeyPassword", "useHostCredentials", INTERNAL_KEY_DEFAULT_SSH_PUBLIC_KEY_PATH, INTERNAL_KEY_DEFAULT_SSH_PRIVATE_KEY_PATH));
    private static final List<String> KEYS_TO_ENCDODE = new ArrayList(Arrays.asList("rpcUserPassword", "sudoUserPassword", "sshPrivateKeyPassword"));
    private static final String SYSKEY_OSNAME = "os.name";
    private static final String SYSKEY_USER_NAME = "user.name";
    private static final String SYSKEY_USER_HOME = "user.home";

    @Sensitive
    private Map<String, Object> hostAuthInfo;
    private String hostname;
    static final long serialVersionUID = -6696046911903417518L;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Trivial
    /* loaded from: input_file:wlp/lib/com.ibm.ws.collective.member_1.0.jar:com/ibm/ws/collective/member/internal/publisher/HostAuthConfigImpl$GetSystemPropertyAction.class */
    public static class GetSystemPropertyAction implements PrivilegedAction<String> {
        private final String property;

        public GetSystemPropertyAction(String str) {
            this.property = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            return System.getProperty(this.property);
        }
    }

    private boolean propertyExists(@Sensitive Map<String, Object> map, String str) {
        return (!map.containsKey(str) || map.get(str) == null || map.get(str).toString().trim().isEmpty()) ? false : true;
    }

    private String getSystemProperty(String str) {
        return (String) AccessController.doPrivileged(new GetSystemPropertyAction(str));
    }

    @Sensitive
    private Object encodeSensitiveData(String str, @Sensitive Object obj) {
        String str2;
        if (obj instanceof SerializableProtectedString) {
            str2 = String.valueOf(((SerializableProtectedString) obj).getChars());
        } else {
            if (!(obj instanceof String)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected object type: " + obj.getClass().getCanonicalName(), new Object[0]);
                }
                return obj;
            }
            str2 = (String) obj;
        }
        if (PasswordUtil.isEncrypted(str2)) {
            return str2;
        }
        String passwordEncode = PasswordUtil.passwordEncode(str2);
        if (passwordEncode == null) {
            Tr.error(tc, "HOST_AUTH_CONFIG_PASSWORD_ENCODER_ERROR", str);
        }
        return passwordEncode;
    }

    @Sensitive
    private Map<String, Object> encodeSensitiveKeys(@Sensitive Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            if (KEYS_TO_ENCDODE.contains(key)) {
                map.put(key, encodeSensitiveData(key, entry.getValue()));
            }
        }
        return map;
    }

    private void validateSSHConfiguration(@Sensitive Map<String, Object> map) {
        if (map.containsKey(HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH) && !map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            Tr.warning(tc, "HOST_AUTH_CONFIG_ONLY_PUBLIC_KEY", new Object[0]);
            map.remove(HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH);
        }
        if (!map.containsKey("sshPrivateKeyPassword") || map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            return;
        }
        Tr.warning(tc, "HOST_AUTH_CONFIG_KEY_PASSWORD_WITHOUT_KEY", new Object[0]);
        map.remove("sshPrivateKeyPassword");
    }

    private void validateConfiguration(@Sensitive Map<String, Object> map) {
        validateSSHConfiguration(map);
        if (propertyExists(map, "rpcUserPassword") && propertyExists(map, HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            Tr.warning(tc, "HOST_AUTH_CONFIG_KEY_CONFIG_WITH_USER_PASSWORD", new Object[0]);
            map.remove("rpcUserPassword");
        }
        if (!map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH) && !map.containsKey("rpcUserPassword")) {
            Tr.info(tc, "HOST_AUTH_CONFIG_USE_DEFAULT_SSH_CONFIG", new Object[0]);
            map.put(HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH, map.get(INTERNAL_KEY_DEFAULT_SSH_PUBLIC_KEY_PATH));
            map.put(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH, map.get(INTERNAL_KEY_DEFAULT_SSH_PRIVATE_KEY_PATH));
        }
        map.remove(INTERNAL_KEY_DEFAULT_SSH_PUBLIC_KEY_PATH);
        map.remove(INTERNAL_KEY_DEFAULT_SSH_PRIVATE_KEY_PATH);
        if (!propertyExists(map, "useSudo")) {
            if (propertyExists(map, "sudoUser") || propertyExists(map, "sudoUserPassword")) {
                map.put("useSudo", true);
                return;
            }
            return;
        }
        if (((Boolean) map.get("useSudo")).booleanValue()) {
            return;
        }
        if (propertyExists(map, "sudoUser") || propertyExists(map, "sudoUserPassword")) {
            map.remove("sudoUser");
            map.remove("sudoUserPassword");
            Tr.warning(tc, "HOST_AUTH_CONFIG_USE_SUDO_WARNING", new Object[0]);
        }
    }

    @Sensitive
    private Map<String, Object> filterUnexpectedKeys(@Sensitive Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            if (EXPECTED_KEYS.contains(key)) {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    @Trivial
    private void writeEffectiveConfigInfoMessage(@Sensitive Map<String, Object> map) {
        if (map.isEmpty()) {
            Tr.info(tc, "HOST_AUTH_CONFIG_STATE_HOST_CREDENTIALS", new Object[0]);
            return;
        }
        String str = (String) map.get("rpcHost");
        String num = ((Integer) map.get("rpcPort")).toString();
        String str2 = (String) map.get("rpcUser");
        Object obj = null;
        if (map.containsKey("rpcUserPassword")) {
            obj = "password";
        } else if (map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            obj = "ssh-key";
        }
        Tr.info(tc, "HOST_AUTH_CONFIG_STATE", str, num, str2, obj);
    }

    @Sensitive
    private Map<String, Object> processHostAuthConfig(@Sensitive Map<String, Object> map) {
        Map<String, Object> filterUnexpectedKeys = filterUnexpectedKeys(map);
        if (filterUnexpectedKeys.get("useHostCredentials") == null || !((Boolean) filterUnexpectedKeys.get("useHostCredentials")).booleanValue()) {
            filterUnexpectedKeys.put(HostAuthConfig.KEY_OS_NAME, getSystemProperty("os.name"));
            if (!propertyExists(filterUnexpectedKeys, "rpcHost")) {
                filterUnexpectedKeys.put("rpcHost", HostNameUtil.getFQDN());
            } else if ("*".equals(filterUnexpectedKeys.get("rpcHost"))) {
                filterUnexpectedKeys.put("rpcHost", HostNameUtil.getFQDN());
            }
            this.hostname = (String) filterUnexpectedKeys.get("rpcHost");
            if (!propertyExists(filterUnexpectedKeys, "rpcPort")) {
                filterUnexpectedKeys.put("rpcPort", DEFAULT_SSH_PORT);
            }
            if (!propertyExists(filterUnexpectedKeys, "rpcUser")) {
                filterUnexpectedKeys.put("rpcUser", getSystemProperty(SYSKEY_USER_NAME));
            }
            if (!propertyExists(filterUnexpectedKeys, HostAuthConfig.CFG_KEY_USER_HOME)) {
                filterUnexpectedKeys.put(HostAuthConfig.CFG_KEY_USER_HOME, getSystemProperty("user.home"));
            }
            validateConfiguration(filterUnexpectedKeys);
        } else {
            filterUnexpectedKeys = new HashMap();
        }
        writeEffectiveConfigInfoMessage(filterUnexpectedKeys);
        return encodeSensitiveKeys(filterUnexpectedKeys);
    }

    @Activate
    protected void activate(@Sensitive Map<String, Object> map) {
        this.hostAuthInfo = processHostAuthConfig(map);
    }

    @Modified
    protected void modified(@Sensitive Map<String, Object> map) {
        this.hostAuthInfo = processHostAuthConfig(map);
    }

    @Deactivate
    protected void deactivate() {
    }

    @Override // com.ibm.ws.collective.member.internal.HostAuthConfig
    public String getHostName() {
        return this.hostname;
    }

    @Override // com.ibm.ws.collective.member.internal.HostAuthConfig
    @Sensitive
    public Map<String, Object> getHostAuthConfig() {
        return this.hostAuthInfo;
    }
}
