package com.ibm.ISecurityUtilityImpl;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.CSIv2Security.RSAPropMechOID;
import com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityContextImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ISecurityUtilityImpl/MechanismFactory.class */
public class MechanismFactory {
    private CSIv2Config csiv2;
    private VaultImpl vault = null;
    private static final TraceComponent tc = Tr.register((Class<?>) MechanismFactory.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    public static final String BasicAuthOverSSL = "1.1";
    public static final String BasicAuthOverSSLtoLTPA = "1.1.1";
    public static final String BasicAuthOverSSLtoLocalOS = "1.1.2";
    public static final String BasicAuthOverSSLtoDCE = "1.1.3";
    public static final String BasicAuthOverSSLtoCustom = "1.1.4";
    public static final String MutualSSL = "1.2";
    public static final String LTPAoverSSL = "1.3";
    public static final String LocalOSoverSSL = "1.4";
    public static final String GSSUPOverSSL = "1.5";
    public static final String GSSUPOverSSLtoLTPA = "1.5.1";
    public static final String GSSUPOverSSLtoLocalOS = "1.5.2";
    public static final String GSSUPOverSSLtoDCE = "1.5.3";
    public static final String GSSUPOverSSLtoCustom = "1.5.4";
    public static final String GSSUPOverSSLtoKRB5 = "1.5.5";
    public static final String Kerberos5overSSL = "1.6";
    public static final String CustomoverSSL = "1.7";
    public static final String RSAPropOverSSL = "1.8";
    public static final String BasicAuthOverIPSec = "2.1";
    public static final String MutualIPSec = "2.2";
    public static final String DCEKerberos = "3.1";
    public static final String ClientCerttoDCEKerberos = "3.2";
    public static final String Kerberos5 = "4.1";
    public static final String ClientCerttoKerberos5 = "4.2";
    public static final String ClientCerttoCustom = "4.3";
    public static final String LTPAoverTCP = "5.1";
    public static final String LocalOSoverTCP = "5.2";
    public static final String BasicAuthOverTCPtoLTPA = "5.3";
    public static final String BasicAuthOverTCPtoLocalOS = "5.4";
    public static final String BasicAuthOverTCPtoDCE = "5.5";
    public static final String BasicAuthOverTCP = "5.6";
    public static final String GSSUPOverTCPtoLTPA = "5.7.1";
    public static final String GSSUPOverTCPtoLocalOS = "5.7.2";
    public static final String GSSUPOverTCPtoDCE = "5.7.3";
    public static final String GSSUPOverTCP = "5.7.4";
    public static final String GSSUPOverTCPtoCustom = "5.7.5";
    public static final String GSSUPOverTCPtoKRB5 = "5.7.6";
    public static final String Kerberos5overTCP = "5.8";
    public static final String CustomoverTCP = "5.9";
    public static final String RSAPropOverTCP = "5.10";
    public static final String UnauthenticatedOverSSL = "6.1";

    public MechanismFactory() {
        this.csiv2 = null;
        this.csiv2 = SecurityObjectLocator.getCSIv2Config();
    }

    public VaultImpl getVault() {
        if (this.vault == null) {
            this.vault = VaultImpl.getInstance();
        }
        return this.vault;
    }

    public String getMechanismTypeIdentity() throws MechanismAmbiguityException {
        return getMechanismTypeIdentity(GSSUPMechOID.value);
    }

    public String getMechanismTypeIdentity(String str) throws MechanismAmbiguityException {
        String str2;
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMechanismTypeIdentity", new Object[]{str, this});
        }
        if (this.csiv2.getBoolean(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_REQUIRED) || this.csiv2.getBoolean(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_SUPPORTED)) {
            int integer = this.csiv2.getInteger("com.ibm.CORBA.authenticationTarget");
            if (str.compareTo(RSAPropMechOID.value) == 0) {
                str2 = RSAPropOverSSL;
                str3 = "RSAPropOverSSL";
            } else if (integer == 1 && str.compareTo(LTPAMechOID.value) == 0) {
                str2 = "1.3";
                str3 = "LTPAoverSSL";
            } else if (integer == 1 && str.compareTo(GSSUPMechOID.value) == 0) {
                str2 = GSSUPOverSSLtoLTPA;
                str3 = "GSSUPOverSSLtoLTPA";
            } else if (integer == 2) {
                str2 = GSSUPOverSSLtoLocalOS;
                str3 = "GSSUPOverSSLtoLocalOS";
            } else if (integer == 4) {
                str2 = "1.5";
                str3 = "GSSUPOverSSL";
            } else if (integer == 9) {
                str2 = "1.5.4";
                str3 = "GSSUPOverSSLtoCustom";
            } else if (integer == 6) {
                if (this.csiv2.getBoolean("com.ibm.websphere.security.krb.allowLTPAAuth") && str.compareTo(LTPAMechOID.value) == 0) {
                    str2 = "1.3";
                    str3 = "LTPAoverSSL";
                } else if (this.csiv2.getBoolean("com.ibm.websphere.security.krb.allowLTPAAuth") && str.compareTo(GSSUPMechOID.value) == 0) {
                    str2 = GSSUPOverSSLtoKRB5;
                    str3 = "GSSUPOverSSLtoKRB5";
                } else {
                    str2 = GSSUPOverSSLtoKRB5;
                    str3 = "GSSUPOverSSLtoKRB5";
                }
            } else {
                if (integer != 7) {
                    throw new MechanismAmbiguityException();
                }
                str2 = "1.5";
                str3 = "GSSUPOverSSL";
            }
        } else {
            int integer2 = this.csiv2.getInteger("com.ibm.CORBA.authenticationTarget");
            if (str.compareTo(RSAPropMechOID.value) == 0) {
                str2 = RSAPropOverTCP;
                str3 = "RSAPropOverTCP";
            } else if (integer2 == 1 && str.compareTo(LTPAMechOID.value) == 0) {
                str2 = LTPAoverTCP;
                str3 = "LTPAoverTCP";
            } else if (integer2 == 1 && str.compareTo(GSSUPMechOID.value) == 0) {
                str2 = GSSUPOverTCPtoLTPA;
                str3 = "GSSUPOverTCPtoLTPA";
            } else if (integer2 == 2) {
                str2 = GSSUPOverTCPtoLocalOS;
                str3 = "GSSUPOverTCPtoLocalOS";
            } else if (integer2 == 4) {
                str2 = GSSUPOverTCP;
                str3 = "GSSUPOverTCP";
            } else if (integer2 == 9) {
                str2 = GSSUPOverTCPtoCustom;
                str3 = "GSSUPOverTCPtoCustom";
            } else if (integer2 == 6) {
                if (this.csiv2.getBoolean("com.ibm.websphere.security.krb.allowLTPAAuth") && str.compareTo(LTPAMechOID.value) == 0) {
                    str2 = LTPAoverTCP;
                    str3 = "LTPAoverTCP";
                } else {
                    str2 = GSSUPOverTCPtoKRB5;
                    str3 = "GSSUPOverTCPtoKRB5";
                }
            } else {
                if (integer2 != 7) {
                    throw new MechanismAmbiguityException();
                }
                str2 = GSSUPOverTCP;
                str3 = "GSSUPOverTCP";
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning mechanism type: " + str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMechanismTypeIdentity", str2);
        }
        return str2;
    }

    public SecurityContextImpl getSecurityContext(VaultImpl vaultImpl, WSCredential wSCredential, String str) throws MechanismAmbiguityException {
        SecurityContextImpl securityContextImpl;
        try {
            if (wSCredential.isBasicAuth()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Returning GSSUP SecurityContext.");
                }
                securityContextImpl = OID.compareOIDs(wSCredential.getOID(), GSSUPMechOID.value) ? new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(getVault(), str) : new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str);
            } else {
                if (!wSCredential.isForwardable()) {
                    throw new MechanismAmbiguityException("Non-forwardable credentials cannot establish a SecurityContext.");
                }
                Tr.debug(tc, "Returning TokenBase SecurityContext.");
                securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str);
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.MechanismFactory.getSecurityContext", "335", this);
            if (e instanceof MechanismAmbiguityException) {
                throw ((MechanismAmbiguityException) e);
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str);
        }
        return securityContextImpl;
    }

    public SecurityContextImpl getSecurityContext(VaultImpl vaultImpl, String str, String str2) throws MechanismAmbiguityException {
        return getSecurityContext(str, str2);
    }

    public SecurityContextImpl getSecurityContext(String str, String str2) throws MechanismAmbiguityException {
        SecurityContextImpl securityContextImpl;
        if (str.equals(VaultConstants.LTPA_MECH_TYPE)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning Token Base SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str2, str);
        } else if (str.equals(VaultConstants.CUSTOM_MECH_TYPE)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning Token Base SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str2, str);
        } else if (str.equals(VaultConstants.KRB5_MECH_TYPE)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning Token Base SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str2, str);
        } else if (str.equals(VaultConstants.RSA_PROP_MECH_TYPE)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning Token Base SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str2, str);
        } else if (str.equals(VaultConstants.CLIENT_CERT_MECH_TYPE)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning TokenBase SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl(getVault(), str2, str);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning GSSUP SecurityContext.");
            }
            securityContextImpl = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(getVault(), str2);
        }
        return securityContextImpl;
    }
}
