package com.ibm.ws.security.csiv2;

import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.wsspi.security.csiv2.TrustedIDEvaluator;
import java.security.cert.X509Certificate;
import java.util.StringTokenizer;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/csiv2/TrustedIDEvaluatorImpl.class */
public class TrustedIDEvaluatorImpl implements TrustedIDEvaluator {
    private VaultImpl vault;
    private ContextManager contextManager = null;
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$csiv2$TrustedIDEvaluatorImpl;

    public TrustedIDEvaluatorImpl() {
        this.vault = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this.vault = VaultImpl.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(String str, String str2) {
        VaultImpl vaultImpl = this.vault;
        SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
        securityConfiguration.getCSIv2TrustedPrincipalList();
        String cSIv2AlternateIdentityAssertionPerformTrustedId = securityConfiguration.getCSIv2AlternateIdentityAssertionPerformTrustedId();
        String cSIv2AlternateIdentityAssertionPerformTrustedPassword = securityConfiguration.getCSIv2AlternateIdentityAssertionPerformTrustedPassword();
        String str3 = securityConfiguration.getloginUserid();
        String str4 = securityConfiguration.getloginPassword();
        if (str3 != null && !str3.equals("") && str != null && str.equalsIgnoreCase(str3) && str4 != null && !str4.equals("") && str2 != null && str2.equalsIgnoreCase(str4)) {
            if (!SecurityLogger.debugTraceEnabled) {
                return true;
            }
            SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", "The server ID/password is from this cell, returning true.");
            return true;
        }
        if (cSIv2AlternateIdentityAssertionPerformTrustedId != null && str.equalsIgnoreCase(cSIv2AlternateIdentityAssertionPerformTrustedId) && cSIv2AlternateIdentityAssertionPerformTrustedPassword != null && str2 != null && str2.equalsIgnoreCase(cSIv2AlternateIdentityAssertionPerformTrustedPassword)) {
            if (!SecurityLogger.debugTraceEnabled) {
                return true;
            }
            SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", "The alternate ID/password is from this cell, returning true.");
            return true;
        }
        if (str3 != null && !str3.equals("") && (str4 == null || str4.equals(""))) {
            if (str != null && str.equalsIgnoreCase(str3)) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", "The server ID is from this cell, returning true.");
                return true;
            }
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this.contextManager.getServerSubject());
                if (wSCredentialFromSubject != null) {
                    String accessId = wSCredentialFromSubject.getAccessId();
                    String uniqueSecurityName = wSCredentialFromSubject.getUniqueSecurityName();
                    String securityName = wSCredentialFromSubject.getSecurityName();
                    if ((accessId != null && str.equalsIgnoreCase(accessId)) || ((uniqueSecurityName != null && str.equalsIgnoreCase(uniqueSecurityName)) || (securityName != null && str.equalsIgnoreCase(securityName)))) {
                        if (!SecurityLogger.debugTraceEnabled) {
                            return true;
                        }
                        SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", "The server access ID, secuirty name, or unique server ID is from this cell, returning true.");
                        return true;
                    }
                }
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", "Exception getting access ID from server credential.");
                }
                SecurityLogger.logException("TrustedIDEvaluatorImpl.isTrusted(user, pwd)", e, 0, 0);
                return false;
            }
        }
        return isTrusted(str);
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(String str) {
        if (getContextManager().isInternalServerId(str)) {
            if (!SecurityLogger.debugTraceEnabled) {
                return true;
            }
            SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user)", new StringBuffer().append("The serverID ").append(str).append(" is an internal server identity.").toString());
            return true;
        }
        VaultImpl vaultImpl = this.vault;
        String cSIv2TrustedPrincipalList = VaultImpl.getSecurityConfiguration().getCSIv2TrustedPrincipalList();
        StringTokenizer stringTokenizer = new StringTokenizer(cSIv2TrustedPrincipalList, CommandSecurityUtil.PARAM_DELIM);
        while (stringTokenizer.hasMoreTokens()) {
            if (clean(stringTokenizer.nextToken()).equalsIgnoreCase(str)) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user)", new StringBuffer().append("The serverID ").append(str).append(" has been found in the trusted list.").toString());
                return true;
            }
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(cSIv2TrustedPrincipalList, ",");
        while (stringTokenizer2.hasMoreTokens()) {
            if (clean(stringTokenizer2.nextToken()).equalsIgnoreCase(str)) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return true;
                }
                SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(user)", new StringBuffer().append("The serverID ").append(str).append(" has been found in the trusted list.").toString());
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(X509Certificate[] x509CertificateArr) {
        boolean z = false;
        if (x509CertificateArr == null || x509CertificateArr[0] == null) {
            SecurityLogger.debugMessage("TrustedIDEvaluatorImpl.isTrusted(cert)", "cert chain or the first cert is null");
        } else {
            z = isTrusted(x509CertificateArr[0].getIssuerDN().getName());
        }
        return z;
    }

    private ContextManager getContextManager() {
        if (this.contextManager == null) {
            this.contextManager = ContextManagerFactory.getInstance();
        }
        return this.contextManager;
    }

    public static String clean(String str) {
        String str2 = null;
        if (str != null) {
            str2 = str.trim();
            if ((str2.startsWith("\"") && str2.endsWith("\"")) || (str2.startsWith("'") && str2.endsWith("'"))) {
                str2 = str2.substring(1, str2.length() - 1).trim();
            }
        }
        return str2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$csiv2$TrustedIDEvaluatorImpl == null) {
            cls = class$("com.ibm.ws.security.csiv2.TrustedIDEvaluatorImpl");
            class$com$ibm$ws$security$csiv2$TrustedIDEvaluatorImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$csiv2$TrustedIDEvaluatorImpl;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
    }
}
