package com.ibm.ws.security.admintask.securityDomain;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.application.client.ResourceValidationHelper;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand;
import com.ibm.websphere.management.cmdframework.provider.SimpleCommandProvider;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.configservice.SystemAttributes;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.management.exception.ConnectorException;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataAccessorFactory;
import com.ibm.websphere.management.metadata.ManagedObjectMetadataHelper;
import com.ibm.websphere.models.config.security.SecurityCommon;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.logging.object.WsLogRecord;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.security.auth.kerberos.admintask.SpnegoCommandProviderImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.SingleSignonConfig;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.config.securitydomain.SecDomainHelper;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.securitydomain.DomainCheckerExtensionsProcessor;
import com.ibm.wsspi.websvcs.Constants;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.ResourceBundle;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/admintask/securityDomain/SecurityDomainProvider.class */
public class SecurityDomainProvider extends SimpleCommandProvider {
    private static TraceComponent tc = Tr.register(SecurityDomainProvider.class, "security", "com.ibm.ws.security.admintask.securityDomain");
    private static String BUNDLE_NAME = "com.ibm.ejs.resources.security";
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private static final String CELL = "Cell";
    private static final String SERVER = "Server";
    private static final String SERVERCLUSTER = "ServerCluster";
    private static final String CLUSTER = "Cluster";
    private static final String SIBUS = "SIBus";

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    public String createSecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSecurityDomain", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter("securityDomainDescription");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainDescription name is " + str2);
                }
                if (str.equalsIgnoreCase(Constants.MODULE_GLOBAL_TAG) || str.equalsIgnoreCase(SecurityObjectLocator.ADMIN)) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.cannotCreateDomain.SECJ7811E", new Object[]{str}));
                }
                ObjectName cellObjectName = getCellObjectName(configSession, configService);
                AttributeList attributeList = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList, "name", str);
                ConfigServiceHelper.setAttributeValue(attributeList, "description", str2);
                ObjectName createConfigData = configService.createConfigData(configSession, cellObjectName, "SecurityDomain", "SecurityDomain", attributeList);
                attributeList.clear();
                ObjectName createConfigData2 = configService.createConfigData(configSession, createConfigData, "AppSecurity", "AppSecurity", attributeList);
                String configDataId = ConfigServiceHelper.getConfigDataId(createConfigData2).toString();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createSecurityDomain", createConfigData2);
                }
                return configDataId;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSecurityDomain", null);
            }
            throw th;
        }
    }

    public List listSecurityDomains(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listSecurityDomains", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = new ArrayList();
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                Boolean bool = (Boolean) abstractAdminCommand.getParameter("listDescription");
                Boolean bool2 = (Boolean) abstractAdminCommand.getParameter("doNotDisplaySpecialDomains");
                for (ObjectName objectName : configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null)) {
                    String str = (String) configService.getAttribute(configSession, objectName, "name");
                    if (str != null && (!str.equals(CommonConstants.GLOBALSECURITY_DOMAIN) || !bool2.booleanValue())) {
                        AttributeList attributeList = new AttributeList();
                        if (bool.booleanValue()) {
                            ConfigServiceHelper.setAttributeValue(attributeList, "name", str);
                            ConfigServiceHelper.setAttributeValue(attributeList, "description", (String) configService.getAttribute(configSession, objectName, "description"));
                            arrayList.add(attributeList);
                        } else {
                            arrayList.add(str);
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listSecurityDomains", null);
                }
                return arrayList;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listSecurityDomains", null);
            }
            throw th;
        }
    }

    public void deleteSecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        ArrayList checkForValidRealm;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteSecurityDomain", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = null;
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                Boolean bool = (Boolean) abstractAdminCommand.getParameter("force");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str + ":force is " + bool);
                }
                ObjectName securityDomainObj = getSecurityDomainObj(configSession, configService, str);
                if (securityDomainObj == null) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str}));
                }
                if (bool == null || !bool.booleanValue()) {
                    List list = (List) configService.getAttribute(configSession, securityDomainObj, "members");
                    boolean z = false;
                    if (list.size() > 0) {
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            String convertResource = SecDomainHelper.convertResource((String) ConfigServiceHelper.getAttributeValue((AttributeList) it.next(), CommonConstants.RESOURCE_NAME));
                            try {
                                ConfigServiceHelper.getConfigDataId(configService.resolve(configSession, convertResource)[0]).toString();
                                z = true;
                                break;
                            } catch (ArrayIndexOutOfBoundsException e) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "resourceName = " + convertResource + " is not a valid resource");
                                }
                            }
                        }
                    }
                    if (z) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeMapped.SECJ7717E", null));
                    }
                    if (bindingsExists(configSession, str)) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeMapped.SECJ7717E", null));
                    }
                }
                ObjectName objectName = configService.queryConfigObjects(configSession, securityDomainObj, ConfigServiceHelper.createObjectName((ConfigDataId) null, "AppSecurity"), null)[0];
                if (objectName != null) {
                    arrayList = getRealmsFromDomain(configService, configSession, objectName);
                    configService.deleteConfigData(configSession, objectName);
                }
                configService.deleteConfigData(configSession, securityDomainObj);
                if (arrayList != null && arrayList.size() > 0 && (checkForValidRealm = checkForValidRealm(configService, configSession, arrayList)) != null && checkForValidRealm.size() > 0) {
                    removeRealmFromTrustedRealmsList(configService, configSession, checkForValidRealm);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "deleteSecurityDomains");
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e2);
                }
                throw e2;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "deleteSecurityDomains");
            }
            throw th;
        }
    }

    private boolean bindingsExists(Session session, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "bindingsExists", new Object[]{str});
        }
        try {
            AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("getDefaultBindings");
            createCommand.setParameter(SingleSignonConfig.DOMAIN_NAME, str);
            createCommand.setConfigSession(session);
            createCommand.execute();
            CommandResult commandResult = createCommand.getCommandResult();
            if (commandResult.isSuccessful()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Successfully called getDefaultBindings");
                }
                Properties properties = (Properties) commandResult.getResult();
                if (properties != null && properties.size() > 0) {
                    if (properties.containsKey("client") && ((String) properties.get("client")) != null) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, "bindingsExists -> false");
                        return true;
                    }
                    if (properties.containsKey("provider") && ((String) properties.get("provider")) != null) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, "bindingsExists -> false");
                        return true;
                    }
                }
            } else {
                Throwable exception = commandResult.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "verifyKrbConfig did not execute.", new Object[]{exception});
                }
            }
            return false;
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "getDefaultBindings did not execute.", new Object[]{e});
            return false;
        }
    }

    public void mapResourceToSecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapResourceToSecurityDomain", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.RESOURCE_NAME);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "resourceName is " + str2);
                }
                ObjectName securityDomainObj = getSecurityDomainObj(configSession, configService, str);
                if (securityDomainObj == null) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str}));
                }
                ObjectName[] resolve = configService.resolve(configSession, str2);
                if (resolve.length <= 0) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                }
                String configDataId = ConfigServiceHelper.getConfigDataId(resolve[0]).toString();
                String configDataType = ConfigServiceHelper.getConfigDataType(resolve[0]);
                if (!DomainCheckerExtensionsProcessor.getProcessor().processHandleResource(configDataType)) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                }
                if (!str.equals(CommonConstants.GLOBALSECURITY_DOMAIN) && !DomainCheckerExtensionsProcessor.getProcessor().processValidateResource(str2, configDataType, configSession)) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                }
                if (configDataType.equalsIgnoreCase("Server") && isServerSecurityConfigured(configSession, configService, resolve[0])) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.multidomain.oldServerSecurity.SECJ7788E", new Object[]{str2}));
                }
                if (configDataType.equalsIgnoreCase("cell") && isCellMixedVersion(configSession, configService)) {
                    createSpecialDomain(configSession, configService);
                }
                if (configDataType.equalsIgnoreCase("cell")) {
                    DomainCheckerExtensionsProcessor.getProcessor().processCellDomainMapped(configSession, configService);
                }
                String substring = (configDataId == null || configDataId.lastIndexOf(124) <= 0) ? configDataId : configDataId.substring(0, configDataId.lastIndexOf(124));
                if (!isResourceInADomain(configSession, configService, substring)) {
                    AttributeList attributeList = new AttributeList();
                    ConfigServiceHelper.setAttributeValue(attributeList, CommonConstants.RESOURCE_NAME, substring);
                    ConfigServiceHelper.setAttributeValue(attributeList, CommonConstants.RESOURCE_TYPE, configDataType);
                    configService.createConfigData(configSession, securityDomainObj, "members", "SecurityDomainMember", attributeList);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapResourceToSecurityDomain");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapResourceToSecurityDomain");
            }
            throw th;
        }
    }

    public void removeResourceFromSecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeResourceFromSecurityDomain", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.RESOURCE_NAME);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "resourceName name is " + str2);
                }
                ObjectName[] resolve = configService.resolve(configSession, str2);
                if (resolve.length <= 0) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                }
                String configDataId = ConfigServiceHelper.getConfigDataId(resolve[0]).toString();
                if (!DomainCheckerExtensionsProcessor.getProcessor().processHandleResource(ConfigServiceHelper.getConfigDataType(resolve[0]))) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                }
                String substring = (configDataId == null || configDataId.lastIndexOf(124) <= 0) ? configDataId : configDataId.substring(0, configDataId.lastIndexOf(124));
                for (ObjectName objectName : configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null)) {
                    if (((String) configService.getAttribute(configSession, objectName, "name")).equals(str)) {
                        for (AttributeList attributeList : (List) configService.getAttribute(configSession, objectName, "members")) {
                            if (substring.equals(ConfigServiceHelper.getAttributeValue(attributeList, CommonConstants.RESOURCE_NAME))) {
                                configService.deleteConfigData(configSession, ConfigServiceHelper.createObjectName(attributeList));
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "removeResourceFromSecurityDomain");
                                    return;
                                }
                                return;
                            }
                        }
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.scope.not.in.domain.SECJ7719E", new Object[]{str2, str}));
                    }
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "removeResourceFromSecurityDomain");
            }
            throw th;
        }
    }

    public List listResourcesInSecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        ObjectName objectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listResourcesInSecurityDomain", new Object[]{abstractAdminCommand});
        }
        ArrayList arrayList = new ArrayList();
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                Boolean bool = (Boolean) abstractAdminCommand.getParameter("expandCell");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "expandCell name is " + bool);
                }
                ObjectName securityDomainObj = getSecurityDomainObj(configSession, configService, str);
                if (securityDomainObj == null) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str}));
                }
                Iterator it = ((List) configService.getAttribute(configSession, securityDomainObj, "members")).iterator();
                while (it.hasNext()) {
                    String str2 = (String) ConfigServiceHelper.getAttributeValue((AttributeList) it.next(), CommonConstants.RESOURCE_NAME);
                    if (str2 != null && (objectName = configService.resolve(configSession, SecDomainHelper.convertResource(str2))[0]) != null) {
                        ConfigServiceHelper.getConfigDataId(objectName).toString();
                        String configDataType = ConfigServiceHelper.getConfigDataType(objectName);
                        if (bool.booleanValue() && configDataType.equalsIgnoreCase("cell")) {
                            List serversInCell = getServersInCell(configSession, configService, (String) configService.getAttribute(configSession, objectName, "name", false));
                            for (int i = 0; i < serversInCell.size(); i++) {
                                String str3 = (String) serversInCell.get(i);
                                if (!arrayList.contains(str3)) {
                                    arrayList.add(str3);
                                }
                            }
                        } else {
                            arrayList.add(SecDomainHelper.convertResource1(str2));
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listResourcesInSecurityDomain");
                }
                return arrayList;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listResourcesInSecurityDomain");
            }
            throw th;
        }
    }

    public String getSecurityDomainForResource(AbstractAdminCommand abstractAdminCommand) throws Exception {
        String str;
        ObjectName cluster;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomainForResource", new Object[]{abstractAdminCommand});
        }
        try {
            ConfigService configService = getCommandProviderHelper().getConfigService();
            Session configSession = abstractAdminCommand.getConfigSession();
            String str2 = (String) abstractAdminCommand.getParameter(CommonConstants.RESOURCE_NAME);
            Boolean bool = (Boolean) abstractAdminCommand.getParameter("getEffectiveDomain");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "resourceName name is " + str2);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getEffectiveDomain name is " + bool);
            }
            String cellDomain = SecDomainHelper.getCellDomain(configSession, configService);
            ObjectName[] resolve = configService.resolve(configSession, str2);
            if (resolve.length <= 0) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
            }
            String configDataId = ConfigServiceHelper.getConfigDataId(resolve[0]).toString();
            String configDataType = ConfigServiceHelper.getConfigDataType(resolve[0]);
            if (!DomainCheckerExtensionsProcessor.getProcessor().processHandleResource(configDataType)) {
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
            }
            String findDomainForResource = SecDomainHelper.findDomainForResource(configSession, configService, (configDataId == null || configDataId.lastIndexOf(124) <= 0) ? configDataId : configDataId.substring(0, configDataId.lastIndexOf(124)));
            if (findDomainForResource == null && bool != null && bool.booleanValue()) {
                if (configDataType.equals("Server") && (str = (String) configService.getAttribute(configSession, resolve[0], "clusterName")) != null && (cluster = getCluster(configService, configSession, str)) != null) {
                    String configDataId2 = ConfigServiceHelper.getConfigDataId(cluster).toString();
                    findDomainForResource = SecDomainHelper.findDomainForResource(configSession, configService, (configDataId2 == null || configDataId2.lastIndexOf(124) <= 0) ? configDataId2 : configDataId2.substring(0, configDataId2.lastIndexOf(124)));
                }
                if (findDomainForResource == null && cellDomain != null) {
                    findDomainForResource = cellDomain;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecurityDomainForResource");
            }
            return findDomainForResource;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
            throw e;
        }
    }

    public String copySecurityDomainFromGlobalSecurity(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "copySecurityDomainFromGlobalSecurity", new Object[]{abstractAdminCommand});
        }
        ObjectName objectName = null;
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter("securityDomainDescription");
                String str3 = (String) abstractAdminCommand.getParameter("realmName");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainDescription name is " + str2);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realmName name is " + str3);
                }
                ObjectName cellObjectName = getCellObjectName(configSession, configService);
                ObjectName securityObjectName = getSecurityObjectName(configSession, configService);
                AttributeList attributeList = new AttributeList();
                attributeList.add(new Attribute("name", str));
                attributeList.add(new Attribute("description", str2));
                ObjectName createConfigData = configService.createConfigData(configSession, cellObjectName, "SecurityDomain", "SecurityDomain", attributeList);
                attributeList.clear();
                objectName = configService.createConfigData(configSession, createConfigData, "AppSecurity", "AppSecurity", attributeList);
                copyToSecurityConfig(configSession, configService, securityObjectName, objectName, str3, true);
                String configDataId = ConfigServiceHelper.getConfigDataId(objectName).toString();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "copySecurityDomainFromGlobalSecurity", objectName);
                }
                return configDataId;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "88");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "copySecurityDomainFromGlobalSecurity", objectName);
            }
            throw th;
        }
    }

    public String copySecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "copySecurityDomain", new Object[]{abstractAdminCommand});
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter("securityDomainDescription");
                String str3 = (String) abstractAdminCommand.getParameter("copyFromSecurityDomainName");
                String str4 = (String) abstractAdminCommand.getParameter("realmName");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainDescription name is " + str2);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "copyFromSecurityDomainName name is " + str3);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realmName name is " + str4);
                }
                ObjectName cellObjectName = getCellObjectName(configSession, configService);
                AttributeList attributeList = new AttributeList();
                attributeList.add(new Attribute("name", str));
                attributeList.add(new Attribute("description", str2));
                ObjectName createConfigData = configService.createConfigData(configSession, cellObjectName, "SecurityDomain", "SecurityDomain", attributeList);
                attributeList.clear();
                ObjectName createConfigData2 = configService.createConfigData(configSession, createConfigData, "AppSecurity", "AppSecurity", attributeList);
                ObjectName securityDomain = getSecurityDomain(configSession, configService, str3);
                if (securityDomain == null) {
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str3}));
                }
                copyToSecurityConfig(configSession, configService, securityDomain, createConfigData2, str4, false);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "copySecurityConfig", new Object[]{abstractAdminCommand});
                }
                String configDataId = ConfigServiceHelper.getConfigDataId(createConfigData2).toString();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "copySecurityDomain", createConfigData2);
                }
                return configDataId;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "copySecurityDomain", null);
            }
            throw th;
        }
    }

    public void modifySecurityDomain(AbstractAdminCommand abstractAdminCommand) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "modifySecurityDomain");
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String str = (String) abstractAdminCommand.getParameter("securityDomainName");
                String str2 = (String) abstractAdminCommand.getParameter("securityDomainDescription");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityDomainName name is " + str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "description name is " + str2);
                }
                for (ObjectName objectName : configService.queryConfigObjects(configSession, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null)) {
                    if (((String) configService.getAttribute(configSession, objectName, "name")).equals(str)) {
                        AttributeList attributeList = new AttributeList();
                        ConfigServiceHelper.setAttributeValue(attributeList, "description", str2);
                        configService.setAttributes(configSession, objectName, attributeList);
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "modifySecurityDomain");
                            return;
                        }
                        return;
                    }
                }
                throw new CommandValidationException(getMsg(resBundle, "security.admintask.config.does.not.exist.SECJ7702E", new Object[]{str}));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "modifySecurityDomain");
            }
            throw th;
        }
    }

    public String[] listSecurityDomainsForResources(AbstractAdminCommand abstractAdminCommand) throws Exception {
        String findDomainForResource;
        ObjectName objectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "listSecurityDomainsForResources");
        }
        try {
            try {
                ConfigService configService = getCommandProviderHelper().getConfigService();
                Session configSession = abstractAdminCommand.getConfigSession();
                String cellDomain = SecDomainHelper.getCellDomain(configSession, configService);
                String str = (String) abstractAdminCommand.getParameter("resourceNames");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "resourceNames name is " + str);
                }
                String[] split = str.split("\\+");
                for (int i = 0; i < split.length; i++) {
                    String str2 = split[i];
                    ObjectName[] resolve = configService.resolve(configSession, str2);
                    if (resolve.length <= 0) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                    }
                    String configDataId = ConfigServiceHelper.getConfigDataId(resolve[0]).toString();
                    String configDataType = ConfigServiceHelper.getConfigDataType(resolve[0]);
                    ConfigServiceHelper.getDisplayName(resolve[0]);
                    if (!DomainCheckerExtensionsProcessor.getProcessor().processHandleResource(configDataType)) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.scopeNotValid.SECJ7718E", new Object[]{str2}));
                    }
                    String substring = (configDataId == null || configDataId.lastIndexOf(124) <= 0) ? configDataId : configDataId.substring(0, configDataId.lastIndexOf(124));
                    if (configDataType.equalsIgnoreCase("Server")) {
                        findDomainForResource = SecDomainHelper.findDomainForResource(configSession, configService, substring);
                        if (findDomainForResource == null) {
                            String str3 = (String) configService.getAttribute(configSession, resolve[0], "clusterName");
                            if (str3 != null && (objectName = configService.resolve(configSession, "Cell=:ServerCluster=" + str3)[0]) != null) {
                                String configDataId2 = ConfigServiceHelper.getConfigDataId(objectName).toString();
                                findDomainForResource = SecDomainHelper.findDomainForResource(configSession, configService, (configDataId2 == null || configDataId2.lastIndexOf(124) <= 0) ? configDataId2 : configDataId2.substring(0, configDataId2.lastIndexOf(124)));
                            }
                        }
                    } else {
                        findDomainForResource = SecDomainHelper.findDomainForResource(configSession, configService, substring);
                    }
                    if (findDomainForResource != null) {
                        split[i] = "WebSphere:" + SecDomainHelper.convertResource1(substring) + "(" + findDomainForResource + ")";
                    } else if (cellDomain != null) {
                        split[i] = "WebSphere:" + SecDomainHelper.convertResource1(substring) + "(" + cellDomain + ")";
                    } else {
                        split[i] = "WebSphere:" + SecDomainHelper.convertResource1(substring);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "listSecurityDomainsForResources");
                }
                return split;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "listSecurityDomainsForResources");
            }
            throw th;
        }
    }

    private ObjectName getCellObjectName(Session session, ConfigService configService) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellObjectName", new Object[]{session, configService, this});
        }
        ObjectName objectName = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Policy"), null)[0];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cell ObjectName is " + objectName + ". Cell Name is " + ConfigServiceHelper.getDisplayName(objectName));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellObjectName", objectName);
        }
        return objectName;
    }

    private ObjectName getSecurityObjectName(Session session, ConfigService configService) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityObjectName", new Object[]{session, configService, this});
        }
        ObjectName objectName = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security"), null)[0];
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security ObjectName is " + objectName + ". Cell Name is " + ConfigServiceHelper.getDisplayName(objectName));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityObjectName", objectName);
        }
        return objectName;
    }

    private ObjectName getSecurityDomain(Session session, ConfigService configService, String str) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomain", new Object[]{session, configService, this});
        }
        ObjectName objectName = null;
        ObjectName[] queryConfigObjects = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null);
        int i = 0;
        while (true) {
            if (i >= queryConfigObjects.length) {
                break;
            }
            ObjectName objectName2 = queryConfigObjects[i];
            if (((String) configService.getAttribute(session, objectName2, "name")).equals(str)) {
                ObjectName objectName3 = configService.queryConfigObjects(session, objectName2, ConfigServiceHelper.createObjectName((ConfigDataId) null, "AppSecurity"), null)[0];
                if (objectName3 != null) {
                    objectName = objectName3;
                }
            } else {
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityDomain", objectName);
        }
        return objectName;
    }

    private ObjectName getSecurityDomainObj(Session session, ConfigService configService, String str) throws ConfigServiceException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityDomainObj", new Object[]{session, configService, this});
        }
        ObjectName objectName = null;
        ObjectName[] queryConfigObjects = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null);
        int i = 0;
        while (true) {
            if (i >= queryConfigObjects.length) {
                break;
            }
            ObjectName objectName2 = queryConfigObjects[i];
            if (((String) configService.getAttribute(session, objectName2, "name")).equals(str)) {
                objectName = objectName2;
                break;
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityDomainObj", objectName);
        }
        return objectName;
    }

    private boolean isResourceInADomain(Session session, ConfigService configService, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isResourceInADomain");
        }
        for (ObjectName objectName : configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null)) {
            Iterator it = ((List) configService.getAttribute(session, objectName, "members")).iterator();
            while (it.hasNext()) {
                if (str.equals(ConfigServiceHelper.getAttributeValue((AttributeList) it.next(), CommonConstants.RESOURCE_NAME))) {
                    String str2 = (String) configService.getAttribute(session, objectName, "name");
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Error: " + str + " already exists in the " + str2 + " domain.");
                    }
                    throw new CommandValidationException(getMsg(resBundle, "security.admintask.scope.in.domain.SECJ7703E", new Object[]{str, str2}));
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isResouceInADomain");
        }
        return false;
    }

    private void copyToSecurityConfig(Session session, ConfigService configService, ObjectName objectName, ObjectName objectName2, String str, boolean z) throws Exception {
        ArrayList arrayList;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "copyToSecurityConfig");
        }
        ObjectName objectName3 = null;
        new AttributeList();
        String str2 = str != null ? str : null;
        AttributeList attributes = configService.getAttributes(session, objectName, new String[]{AuthMechanismConfig.AUTH_CONFIG}, true);
        configService.setAttributes(session, objectName2, attributes);
        AttributeList attributeList = (AttributeList) configService.getAttribute(session, objectName2, AuthMechanismConfig.AUTH_CONFIG);
        if (attributeList != null) {
            attributes.clear();
            attributes.add(new Attribute("useNativeAuthorization", null));
            configService.setAttributes(session, ConfigServiceHelper.createObjectName(attributeList), attributes);
        }
        attributes.clear();
        AttributeList attributes2 = configService.getAttributes(session, objectName, new String[]{"applicationLoginConfig"}, true);
        configService.setAttributes(session, objectName2, attributes2);
        attributes2.clear();
        AttributeList attributes3 = configService.getAttributes(session, objectName, new String[]{"authDataEntries"}, true);
        configService.setAttributes(session, objectName2, attributes3);
        attributes3.clear();
        AttributeList attributes4 = configService.getAttributes(session, objectName, new String[]{"CSI"}, true);
        configService.setAttributes(session, objectName2, attributes4);
        attributes4.clear();
        AttributeList attributes5 = configService.getAttributes(session, objectName, new String[]{"systemLoginConfig"}, true);
        configService.setAttributes(session, objectName2, attributes5);
        attributes5.clear();
        AttributeList attributes6 = configService.getAttributes(session, objectName, new String[]{"properties"}, true);
        configService.setAttributes(session, objectName2, attributes6);
        attributes6.clear();
        AttributeList attributes7 = configService.getAttributes(session, objectName, new String[]{"authMechanisms"}, true);
        Iterator it = ((ArrayList) ConfigServiceHelper.getAttributeValue(attributes7, "authMechanisms")).iterator();
        while (it.hasNext()) {
            AttributeList attributeList2 = (AttributeList) it.next();
            String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList2, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found auth mechanism of type " + str3);
            }
            if (str3.equals("LTPA")) {
                Iterator it2 = attributeList2.iterator();
                while (it2.hasNext()) {
                    String name = ((Attribute) it2.next()).getName();
                    if (!name.equals("trustAssociation")) {
                        if (name.equals("singleSignon")) {
                            it2.remove();
                        }
                        if (name.equals(AuthMechanismConfig.KEY_SET_GROUP)) {
                            it2.remove();
                        }
                    }
                }
            } else if (!str3.equals(AuthMechanismConfig.TYPE_KERBEROS) && !str3.equals(AuthMechanismConfig.TYPE_SPNEGO)) {
                it.remove();
            }
        }
        configService.setAttributes(session, objectName2, attributes7);
        attributes7.clear();
        ObjectName objectName4 = (ObjectName) ConfigServiceHelper.getAttributeValue(configService.getAttributes(session, objectName, new String[]{SpnegoCommandProviderImpl.DYNAMIC_RELOAD}, false), SpnegoCommandProviderImpl.DYNAMIC_RELOAD);
        if (objectName4 != null && (arrayList = (ArrayList) configService.getAttribute(session, objectName4, "authMechanisms")) != null && arrayList.size() > 0) {
            String str4 = (String) ConfigServiceHelper.getAttributeValue(configService.getAttributes(session, (ObjectName) arrayList.get(0), null, true), SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE);
            Iterator it3 = ((ArrayList) ConfigServiceHelper.getAttributeValue(configService.getAttributes(session, objectName2, new String[]{"authMechanisms"}, true), "authMechanisms")).iterator();
            while (it3.hasNext()) {
                AttributeList attributeList3 = (AttributeList) it3.next();
                if (((String) ConfigServiceHelper.getAttributeValue(attributeList3, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE)).equals(str4)) {
                    ObjectName createObjectName = ConfigServiceHelper.createObjectName((ConfigDataId) ConfigServiceHelper.getAttributeValue(attributeList3, SystemAttributes._WEBSPHERE_CONFIG_DATA_ID));
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(createObjectName);
                    attributes7.add(new Attribute("authMechanisms", arrayList2));
                }
            }
            configService.createConfigData(session, objectName2, SpnegoCommandProviderImpl.DYNAMIC_RELOAD, "DynamicReload", attributes7);
        }
        Object obj = null;
        ObjectName objectName5 = (ObjectName) configService.getAttribute(session, objectName, "activeUserRegistry");
        if (objectName5 != null) {
            AttributeList attributes8 = configService.getAttributes(session, objectName5, null, false);
            obj = ConfigServiceHelper.getAttributeValue(attributes8, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE);
            if (str == null) {
                str2 = (String) ConfigServiceHelper.getAttributeValue(attributes8, "realm");
            }
        }
        ArrayList arrayList3 = (ArrayList) configService.getAttribute(session, objectName, "userRegistries");
        if (arrayList3 != null) {
            for (int i = 0; i < arrayList3.size(); i++) {
                AttributeList attributeList4 = (AttributeList) arrayList3.get(i);
                Object attributeValue = ConfigServiceHelper.getAttributeValue(attributeList4, SystemAttributes._WEBSPHERE_CONFIG_DATA_TYPE);
                if (attributeValue != null) {
                    String str5 = (String) ConfigServiceHelper.getAttributeValue(attributeList4, UserRegistryConfig.SERVER_ID);
                    String str6 = (String) ConfigServiceHelper.getAttributeValue(attributeList4, UserRegistryConfig.SERVER_PASSWORD);
                    String str7 = (String) ConfigServiceHelper.getAttributeValue(attributeList4, UserRegistryConfig.PRIMARY_ADMIN_ID);
                    Boolean bool = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList4, UserRegistryConfig.USE_REGISTRY_SERVER_ID);
                    if (str5 != null) {
                        attributeList4.remove(new Attribute(UserRegistryConfig.SERVER_ID, str5));
                    }
                    if (str6 != null) {
                        attributeList4.remove(new Attribute(UserRegistryConfig.SERVER_PASSWORD, str6));
                    }
                    if (str7 != null) {
                        attributeList4.remove(new Attribute(UserRegistryConfig.PRIMARY_ADMIN_ID, str7));
                    }
                    if (bool != null) {
                        attributeList4.remove(new Attribute(UserRegistryConfig.USE_REGISTRY_SERVER_ID, bool));
                    }
                    if (!attributeValue.toString().equals(UserRegistryConfig.TYPE_WIM)) {
                        if (str != null && obj != null && attributeValue.toString().equals(obj.toString())) {
                            ConfigServiceHelper.setAttributeValue(attributeList4, "realm", str2);
                        }
                        if (z && str == null) {
                            ConfigServiceHelper.setAttributeValue(attributeList4, "useRegistryRealm", true);
                        }
                    }
                    ObjectName createConfigData = configService.createConfigData(session, objectName2, "userRegistries", attributeValue.toString(), attributeList4);
                    if (obj != null && attributeValue.toString().equals(obj.toString())) {
                        objectName3 = createConfigData;
                    }
                }
            }
        }
        attributes7.clear();
        SecurityCommon securityCommon = (SecurityCommon) MOFUtil.convertToEObject(session, objectName);
        Boolean bool2 = (Boolean) configService.getAttribute(session, objectName, SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES);
        if (bool2 != null && securityCommon.isSetUseDomainQualifiedUserNames()) {
            attributes7.add(new Attribute(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES, bool2));
        }
        Integer num = (Integer) configService.getAttribute(session, objectName, SecurityConfig.CACHE_TIMEOUT);
        if (num != null && securityCommon.isSetCacheTimeout()) {
            attributes7.add(new Attribute(SecurityConfig.CACHE_TIMEOUT, num));
        }
        Boolean bool3 = (Boolean) configService.getAttribute(session, objectName, "issuePermissionWarning");
        if (bool3 != null && securityCommon.isSetIssuePermissionWarning()) {
            attributes7.add(new Attribute("issuePermissionWarning", bool3));
        }
        Boolean bool4 = (Boolean) configService.getAttribute(session, objectName, SecurityConfig.ENFORCE_JAVA2_SECURITY);
        if (bool4 != null && securityCommon.isSetIssuePermissionWarning()) {
            attributes7.add(new Attribute(SecurityConfig.ENFORCE_JAVA2_SECURITY, bool4));
        }
        Boolean bool5 = (Boolean) configService.getAttribute(session, objectName, SecurityConfig.APP_SECURITY_ENABLED);
        if (bool5 != null && securityCommon.isSetAppEnabled()) {
            attributes7.add(new Attribute(SecurityConfig.APP_SECURITY_ENABLED, bool5));
        }
        configService.setAttributes(session, objectName2, attributes7);
        if (objectName3 != null) {
            attributes7.clear();
            attributes7.add(new Attribute("activeUserRegistry", objectName3));
            configService.setAttributes(session, objectName2, attributes7);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "copyToSecurityConfig");
        }
    }

    private List getServersInCell(Session session, ConfigService configService, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServersInCell", new Object[]{str});
        }
        ArrayList arrayList = new ArrayList();
        try {
            for (ObjectName objectName : configService.resolve(session, "Cell=:ServerCluster=")) {
                if (objectName != null) {
                    String str2 = "Cell=" + str + ":Cluster=" + ((String) configService.getAttribute(session, objectName, "name"));
                    if (!isResourceAlreadyMapped(session, configService, str2)) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "adding " + str2 + " to cell server list");
                        }
                        if (!arrayList.contains(str2)) {
                            arrayList.add(str2);
                        }
                    }
                }
            }
            for (ObjectName objectName2 : configService.resolve(session, "Cell=:Node=")) {
                if (objectName2 != null) {
                    String str3 = (String) configService.getAttribute(session, objectName2, "name");
                    for (ObjectName objectName3 : configService.queryConfigObjects(session, objectName2, ConfigServiceHelper.createObjectName((ConfigDataId) null, "ServerEntry"), null)) {
                        if (((String) configService.getAttribute(session, objectName3, "serverType")).equals("APPLICATION_SERVER")) {
                            String str4 = (String) configService.getAttribute(session, objectName3, WsLogRecord.EDE_SERVER_NAME);
                            String str5 = "Cell=" + str + ":Node=" + str3 + ":Server=" + str4;
                            if (!isResourceAlreadyMapped(session, configService, str5) && !isResourceClusterMember(session, configService, str3, str4)) {
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "adding " + str5 + " to cell server list");
                                }
                                if (!arrayList.contains(str5)) {
                                    arrayList.add(str5);
                                }
                            }
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getServersInCell", new Object[]{arrayList});
            }
            return arrayList;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
            throw e;
        }
    }

    private boolean isResourceAlreadyMapped(Session session, ConfigService configService, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isResourceAlreadyMapped");
        }
        try {
            for (ObjectName objectName : configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "SecurityDomain"), null)) {
                List list = (List) configService.getAttribute(session, objectName, "members");
                for (int i = 0; i < list.size(); i++) {
                    if (SecDomainHelper.convertResource1((String) ConfigServiceHelper.getAttributeValue((AttributeList) list.get(i), CommonConstants.RESOURCE_NAME)).equalsIgnoreCase(str)) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, "isResourceAlreadyMapped -> true");
                        return true;
                    }
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isResourceAlreadyMapped -> false");
        return false;
    }

    private boolean isResourceClusterMember(Session session, ConfigService configService, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isResourceClusterMember");
        }
        try {
            for (ObjectName objectName : configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "ServerCluster"), null)) {
                List list = (List) configService.getAttribute(session, objectName, "members");
                for (int i = 0; i < list.size(); i++) {
                    AttributeList attributeList = (AttributeList) list.get(i);
                    String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList, ResourceValidationHelper.CLUSTER_MEMBER_ATTR);
                    if (str.equals((String) ConfigServiceHelper.getAttributeValue(attributeList, "nodeName")) && str2.equals(str3)) {
                        if (!tc.isEntryEnabled()) {
                            return true;
                        }
                        Tr.exit(tc, "isResourceClusterMember -> true");
                        return true;
                    }
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isResourceClusterMember -> false");
        return false;
    }

    private boolean isServerSecurityConfigured(Session session, ConfigService configService, ObjectName objectName) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerSecurityConfigured");
        }
        boolean z = false;
        if (configService.queryConfigObjects(session, objectName, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security"), null).length > 0) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isServerSecurityConfigured", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean isCellMixedVersion(Session session, ConfigService configService) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCellMixedVersion");
        }
        boolean z = false;
        Properties properties = new Properties();
        properties.setProperty("CONFIG_SESSION", session.toString());
        ManagedObjectMetadataHelper managedObjectMetadataHelper = new ManagedObjectMetadataHelper(ManagedObjectMetadataAccessorFactory.createAccessor(properties));
        for (ObjectName objectName : configService.resolve(session, "Cell=:Node=")) {
            String str = (String) configService.getAttribute(session, objectName, "name");
            if (str != null) {
                String nodeBaseProductVersion = managedObjectMetadataHelper.getNodeBaseProductVersion(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Node product version is " + nodeBaseProductVersion);
                }
                String nodeMajorVersion = managedObjectMetadataHelper.getNodeMajorVersion(str);
                String nodeMinorVersion = managedObjectMetadataHelper.getNodeMinorVersion(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "nodeMajorVersion is " + nodeMajorVersion + " nodeMinorVersion is " + nodeMinorVersion);
                }
                if (Integer.parseInt(nodeMajorVersion) < 7) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Resource is not a version 7.0.  Version is " + nodeBaseProductVersion);
                    }
                    z = true;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isCellMixedVersion", new Boolean(z));
        }
        return z;
    }

    private void createSpecialDomain(Session session, ConfigService configService) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSpecialDomain");
        }
        try {
            if (getSecurityDomainObj(session, configService, CommonConstants.GLOBALSECURITY_DOMAIN) != null) {
                return;
            }
            ObjectName cellObjectName = getCellObjectName(session, configService);
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, "name", CommonConstants.GLOBALSECURITY_DOMAIN);
            ObjectName createConfigData = configService.createConfigData(session, cellObjectName, "SecurityDomain", "SecurityDomain", attributeList);
            attributeList.clear();
            ObjectName createConfigData2 = configService.createConfigData(session, createConfigData, "AppSecurity", "AppSecurity", attributeList);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Domain created: " + createConfigData2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSpecialDomain");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.adminTasks.securityDomain.SecurityDomainProvider", "1440");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
            throw e;
        }
    }

    private ArrayList getRealmsFromDomain(ConfigService configService, Session session, ObjectName objectName) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = (ArrayList) configService.getAttribute(session, objectName, "userRegistries");
        if (arrayList2 != null) {
            for (int i = 0; i < arrayList2.size(); i++) {
                String str = (String) ConfigServiceHelper.getAttributeValue((AttributeList) arrayList2.get(i), "realm");
                if (str != null && str.length() > 0) {
                    arrayList.add(str);
                }
            }
        }
        return arrayList;
    }

    private void removeRealmFromTrustedRealmsList(ConfigService configService, Session session, ArrayList arrayList) throws Exception {
        String str = null;
        AttributeList attributeList = new AttributeList();
        for (int i = 0; i < arrayList.size(); i++) {
            try {
                String str2 = (String) arrayList.get(i);
                str = str != null ? str + CommandSecurityUtil.PARAM_DELIM + str2 : str2;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.commands.securityDomain.SecurityRealmProvider", "772");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exception caught", e);
                }
                throw e;
            }
        }
        ObjectName objectName = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security"), null)[0];
        ObjectName trustedRealms = SecConfigTaskHelper.getTrustedRealms(session, configService, objectName, "inboundTrustedAuthenticationRealm");
        if (trustedRealms != null) {
            attributeList.clear();
            attributeList.add(new Attribute("realmList", SecConfigTaskHelper.updateRealmList(session, configService, trustedRealms, str)));
            configService.setAttributes(session, trustedRealms, attributeList);
        }
        ObjectName trustedRealms2 = SecConfigTaskHelper.getTrustedRealms(session, configService, objectName, "outboundTrustedAuthenticationRealm");
        if (trustedRealms2 != null) {
            attributeList.clear();
            attributeList.add(new Attribute("realmList", SecConfigTaskHelper.updateRealmList(session, configService, trustedRealms, str)));
            configService.setAttributes(session, trustedRealms2, attributeList);
        }
        for (ObjectName objectName2 : configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "AppSecurity"), null)) {
            ObjectName trustedRealms3 = SecConfigTaskHelper.getTrustedRealms(session, configService, objectName2, "inboundTrustedAuthenticationRealm");
            if (trustedRealms3 != null) {
                attributeList.clear();
                attributeList.add(new Attribute("realmList", SecConfigTaskHelper.updateRealmList(session, configService, trustedRealms3, str)));
                configService.setAttributes(session, trustedRealms3, attributeList);
            }
            ObjectName trustedRealms4 = SecConfigTaskHelper.getTrustedRealms(session, configService, objectName2, "outboundTrustedAuthenticationRealm");
            if (trustedRealms4 != null) {
                attributeList.clear();
                attributeList.add(new Attribute("realmList", SecConfigTaskHelper.updateRealmList(session, configService, trustedRealms4, str)));
                configService.setAttributes(session, trustedRealms4, attributeList);
            }
        }
    }

    private ArrayList checkForValidRealm(ConfigService configService, Session session, ArrayList arrayList) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkForValidRealm");
        }
        try {
            ArrayList arrayList2 = (ArrayList) configService.getAttribute(session, configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security"), null)[0], "userRegistries");
            if (arrayList2 != null) {
                for (int i = 0; i < arrayList2.size(); i++) {
                    String str = (String) ConfigServiceHelper.getAttributeValue((AttributeList) arrayList2.get(i), "realm");
                    if (str != null && arrayList.contains(str)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "remove " + str + " from the list of realms to delete from trusted list.");
                        }
                        arrayList.remove(str);
                    }
                }
            }
            for (ObjectName objectName : configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName((ConfigDataId) null, "AppSecurity"), null)) {
                ArrayList arrayList3 = (ArrayList) configService.getAttribute(session, objectName, "userRegistries");
                if (arrayList3 != null) {
                    for (int i2 = 0; i2 < arrayList3.size(); i2++) {
                        String str2 = (String) ConfigServiceHelper.getAttributeValue((AttributeList) arrayList3.get(i2), "realm");
                        if (str2 != null && arrayList.contains(str2)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "remove " + str2 + " from the list of realms to delete from trusted list.");
                            }
                            arrayList.remove(str2);
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkForValidRealm");
            }
            return arrayList;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.commands.securityDomain.SecurityRealmProvider", "772");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exception caught", e);
            }
            throw e;
        }
    }

    protected ObjectName getCluster(ConfigService configService, Session session, String str) throws ConfigServiceException, ConnectorException {
        ObjectName[] resolve = configService.resolve(session, "Cell=:ServerCluster=" + str);
        if (resolve == null || resolve.length == 0) {
            return null;
        }
        return resolve[0];
    }
}
