package com.ibm.ws.security.registry.ldap.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import org.apache.bcel.Constants;

@TraceOptions(traceGroups = {"LDAP"}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.ldap_1.0.jar:com/ibm/ws/security/registry/ldap/internal/LdapConfig.class */
public class LdapConfig extends HashMap<String, Object> {
    private static final TraceComponent tc = Tr.register(LdapConfig.class);
    private static final long serialVersionUID = -1;
    public static final String DEFAULT_REALM_NAME = "LDAPRegistry";
    public static final String HOST = "host";
    public static final String PORT = "port";
    public static final String REALM = "realm";
    public static final String BIND_DN = "bindDN";
    public static final String BIND_PASSWORD = "bindPassword";
    public static final String IGNORE_CASE = "ignoreCase";
    public static final String BASE_DN = "baseDN";
    public static final String USER_FILTER = "userFilter";
    public static final String GROUP_FILTER = "groupFilter";
    public static final String USER_ID_MAP = "userIdMap";
    public static final String GROUP_ID_MAP = "groupIdMap";
    public static final String GROUP_MEMBER_ID_MAP = "groupMemberIdMap";
    public static final String REALM_DELIMITER = ":";
    public static final String LDAP_TYPE = "ldapType";
    public static final String INITIAL_CTX_FACTORY = "java.naming.factory.initial";
    public static final String ROOT_DSE = "root.dse";
    public static final String RECURSIVE_SEARCH = "recursiveSearch";
    public static final String SEARCH_TIMEOUT = "searchTimeout";
    public static final String SSL_ENABLED = "sslEnabled";
    public static final String LDAP_REUSE_CONN = "reuseConnection";
    public static final String LDAP_VALIDATION = "ldapValidation";
    public static final String SSL = "ssl";
    public static final String SSL_REF = "sslRef";
    public static final String LDAP_FAIL_OVER_SERVERS = "ldapFailOverServers";
    List<String> supportedLdapTypes = new ArrayList();
    private final transient DirContextFactory dirContextFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public LdapConfig(Map<String, Object> map, DirContextFactory dirContextFactory) {
        int indexOf;
        populateSupportedLdapTypes();
        this.dirContextFactory = dirContextFactory;
        put(INITIAL_CTX_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        put("com.sun.jndi.ldap.connect.timeout", "60000");
        put(REALM, DEFAULT_REALM_NAME);
        Iterator<Map.Entry<String, Object>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "key = " + key, new Object[0]);
            }
            if (key.equals(BIND_PASSWORD)) {
                SerializableProtectedString serializableProtectedString = (SerializableProtectedString) map.get(key);
                String passwordDecode = PasswordUtil.passwordDecode((serializableProtectedString == null ? "" : new String(serializableProtectedString.getChars())).trim());
                putSensitive(key, serializableProtectedString);
                put("java.naming.security.credentials", new ProtectedString(passwordDecode.toCharArray()));
            } else if (key.equals(BIND_DN)) {
                String str = (String) map.get(key);
                if (str != null && str.length() > 2) {
                    str = LDAPRegistryUtil.removeDNSpace(str, 0);
                }
                put(key, str);
                put("java.naming.security.principal", str);
            } else if (key.equals(BASE_DN)) {
                String str2 = (String) map.get(key);
                if (str2 != null && str2.length() > 2) {
                    str2 = LDAPRegistryUtil.removeDNSpace(str2, 0);
                }
                put(key, str2);
            } else {
                put(key, map.get(key));
            }
        }
        validateLdapConfig();
        validateFilters();
        configureSSL();
        String str3 = "ldap://" + get("host") + ":" + get("port");
        str3 = get(LDAP_FAIL_OVER_SERVERS) != null ? str3.concat(" ").concat((String) get(LDAP_FAIL_OVER_SERVERS)) : str3;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "jndiUrl = " + str3, new Object[0]);
        }
        setDirectoryUrl(str3);
        String directoryUrl = getDirectoryUrl();
        if (directoryUrl != null && (indexOf = directoryUrl.indexOf(47, directoryUrl.lastIndexOf("://") + "://".length())) != -1) {
            directoryUrl = directoryUrl.substring(0, indexOf + 1);
        }
        if (directoryUrl != null && (directoryUrl.endsWith(":0") || directoryUrl.endsWith(":0/"))) {
            directoryUrl = directoryUrl.substring(0, directoryUrl.lastIndexOf(":0"));
        }
        put("java.naming.provider.url", directoryUrl);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void populateSupportedLdapTypes() {
        this.supportedLdapTypes.add("Netscape Directory Server");
        this.supportedLdapTypes.add("IBM SecureWay Directory Server");
        this.supportedLdapTypes.add("Microsoft Active Directory");
        this.supportedLdapTypes.add("Sun Java System Directory Server");
        this.supportedLdapTypes.add("IBM Tivoli Directory Server");
        this.supportedLdapTypes.add("Novell eDirectory");
        this.supportedLdapTypes.add("IBM Lotus Domino");
        this.supportedLdapTypes.add("Custom");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateLdapConfig() {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        if (get("host") == null) {
            arrayList.add("host");
        }
        if (get("port") == null) {
            arrayList.add("port");
        }
        if (get(BASE_DN) == null) {
            arrayList.add(BASE_DN);
        }
        if (get(LDAP_TYPE) == null) {
            arrayList.add(LDAP_TYPE);
        } else if (!validateLdapType((String) get(LDAP_TYPE))) {
            z = true;
        }
        if (get(BIND_DN) != null && getSensitive(BIND_PASSWORD) == null) {
            arrayList.add(BIND_PASSWORD);
        }
        if (get(BIND_DN) == null && getSensitive(BIND_PASSWORD) != null) {
            arrayList.add(BIND_DN);
        }
        Boolean bool = (Boolean) get(SSL_ENABLED);
        if (bool != null && bool.booleanValue() && get("sslRef") == null) {
            arrayList.add("sslRef");
        }
        if (z) {
            Tr.error(tc, "LDAP_UNSUPPORTED_TYPE", get(LDAP_TYPE));
            if (arrayList.size() == 0) {
                throw new IllegalArgumentException("Failed to specify a supported LDAP server type");
            }
        }
        if (arrayList.size() > 0) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                Tr.error(tc, "LDAP_CONFIG_INCOMPLETE", (String) it.next());
            }
            throw new IllegalArgumentException("Failed to specify all required configuration properties");
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateFilters() {
        Map<String, String> map = new LdapFilters().getSupportedLdapTypesAndFilters().get(get(LDAP_TYPE));
        if (get(USER_FILTER) == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "USER_FILTER = " + map.get(USER_FILTER), new Object[0]);
            }
            put(USER_FILTER, map.get(USER_FILTER));
        }
        if (get(GROUP_FILTER) == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "GROUP_FILTER = " + map.get(GROUP_FILTER), new Object[0]);
            }
            put(GROUP_FILTER, map.get(GROUP_FILTER));
        }
        if (get("userIdMap") == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "USER_ID_MAP = " + map.get("userIdMap"), new Object[0]);
            }
            put("userIdMap", map.get("userIdMap"));
        }
        if (get("groupIdMap") == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "GROUP_ID_MAP = " + map.get("groupIdMap"), new Object[0]);
            }
            put("groupIdMap", map.get("groupIdMap"));
        }
        if (get("groupMemberIdMap") == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "GROUP_MEMBER_ID_MAP = " + map.get("groupMemberIdMap"), new Object[0]);
            }
            put("groupMemberIdMap", map.get("groupMemberIdMap"));
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean validateLdapType(String str) {
        return this.supportedLdapTypes.contains(str);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void configureSSL() {
        Boolean bool = (Boolean) get(SSL_ENABLED);
        if (bool == null || !bool.booleanValue()) {
            return;
        }
        remove("com.sun.jndi.ldap.connect.timeout");
        put("java.naming.ldap.factory.socket", "com.ibm.ws.security.registry.ldap.LdapSSLSocketFactory");
        put("java.naming.security.protocol", SSL);
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public synchronized Object getSensitive(Object obj) {
        return super.get(obj);
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public synchronized Object putSensitive(String str, @Sensitive Object obj) {
        if (obj != null) {
            return super.put(str, obj);
        }
        Object obj2 = get(str);
        remove(str);
        return obj2;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getDirectoryUrl() {
        return (String) get("java.naming.provider.url");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setDirectoryUrl(String str) {
        if (str != null) {
            put("java.naming.provider.url", str);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public DirContext getRootDSE() throws NamingException {
        DirContext dirContext = (DirContext) get(ROOT_DSE);
        if (dirContext == null) {
            synchronized (this) {
                if (dirContext == null) {
                    dirContext = this.dirContextFactory.createDirContext(this);
                    setRootDSE(dirContext);
                }
            }
        }
        return dirContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void setRootDSE(DirContext dirContext) {
        DirContext dirContext2 = (DirContext) (dirContext != null ? put(ROOT_DSE, dirContext) : remove(ROOT_DSE));
        DirContext dirContext3 = dirContext2;
        if (dirContext3 != null) {
            try {
                dirContext3 = dirContext2;
                dirContext3.close();
            } catch (NamingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapConfig", "355", this, new Object[]{dirContext});
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void disconnect() {
        setRootDSE(null);
    }

    @Override // java.util.AbstractMap, java.util.Map
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // java.util.AbstractMap, java.util.Map
    public int hashCode() {
        return super.hashCode();
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
