package com.ibm.ws.security.registry.saf.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.registry.CertificateMapFailedException;
import com.ibm.ws.security.registry.CertificateMapNotSupportedException;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.SearchResult;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.ldap.internal.LdapConfig;
import com.ibm.ws.zos.jni.NativeMethodManager;
import com.ibm.ws.zos.jni.NativeMethodUtils;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

@TraceOptions(traceGroups = {"UserRegistry"}, traceGroup = "", messageBundle = "com.ibm.ws.security.registry.saf.internal.resources.SAFRegistryMessages", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.saf_1.0.jar:com/ibm/ws/security/registry/saf/internal/SAFRegistry.class */
public class SAFRegistry implements UserRegistry {
    private Map<String, Object> _config;
    static final long serialVersionUID = -7731946352296958923L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(SAFRegistry.class);
    private String _realm = null;
    GetGroupsLock getGroupsLock = new GetGroupsLock();
    GetUsersLock getUsersLock = new GetUsersLock();

    @TraceOptions(traceGroups = {"UserRegistry"}, traceGroup = "", messageBundle = "com.ibm.ws.security.registry.saf.internal.resources.SAFRegistryMessages", traceExceptionThrow = false, traceExceptionHandling = false)
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.saf_1.0.jar:com/ibm/ws/security/registry/saf/internal/SAFRegistry$GetGroupsLock.class */
    private static final class GetGroupsLock {
        static final long serialVersionUID = -968311181526434246L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(GetGroupsLock.class);

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        private GetGroupsLock() {
        }
    }

    @TraceOptions(traceGroups = {"UserRegistry"}, traceGroup = "", messageBundle = "com.ibm.ws.security.registry.saf.internal.resources.SAFRegistryMessages", traceExceptionThrow = false, traceExceptionHandling = false)
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.saf_1.0.jar:com/ibm/ws/security/registry/saf/internal/SAFRegistry$GetUsersLock.class */
    private static final class GetUsersLock {
        static final long serialVersionUID = 7764970683130900728L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(GetUsersLock.class);

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        private GetUsersLock() {
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFRegistry(Map<String, Object> map) {
        this._config = null;
        this._config = map;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFRegistry(Map<String, Object> map, NativeMethodManager nativeMethodManager) {
        this._config = null;
        this._config = map;
        nativeMethodManager.registerNatives(SAFRegistry.class);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String checkPassword(String str, @Sensitive String str2) throws RegistryException {
        assertNotEmpty(str, "userSecurityName is null");
        assertNotEmpty(str2, "password given for user " + str + " is null");
        if (ntv_checkPassword(NativeMethodUtils.convertToEBCDIC(str), NativeMethodUtils.convertToEBCDICNoTrace(str2), null)) {
            return str;
        }
        return null;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid group");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid group");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getGroups(String str, int i) throws RegistryException {
        assertNotEmpty(str, "pattern is null");
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        synchronized (this.getGroupsLock) {
            if (!ntv_resetGroupsCursor()) {
                throw new RegistryException("Failed to reset SAF user database");
            }
            while (true) {
                byte[] ntv_getNextGroup = ntv_getNextGroup();
                if (ntv_getNextGroup == null) {
                    break;
                }
                String convertToASCII = NativeMethodUtils.convertToASCII(ntv_getNextGroup);
                if (convertToASCII.matches(str)) {
                    if (i != 0 && arrayList.size() >= i) {
                        z = true;
                        break;
                    }
                    arrayList.add(convertToASCII);
                }
            }
            if (!ntv_closeGroupsDB()) {
                throw new RegistryException("Failed to close SAF user database");
            }
        }
        return new SearchResult(arrayList, z);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getGroupsForUser(String str) throws EntryNotFoundException, RegistryException {
        assertNotEmpty(str, "userSecurityName is null");
        EntryNotFoundException entryNotFoundException = null;
        try {
            List<byte[]> ntv_getGroupsForUser = ntv_getGroupsForUser(NativeMethodUtils.convertToEBCDIC(str), new ArrayList());
            ArrayList arrayList = new ArrayList();
            if (ntv_getGroupsForUser != null) {
                Iterator<byte[]> it = ntv_getGroupsForUser.iterator();
                while (it.hasNext()) {
                    arrayList.add(NativeMethodUtils.convertToASCII(it.next()));
                }
            }
            if (arrayList.size() != 0 || isValidUser(str)) {
                return arrayList;
            }
            entryNotFoundException = new EntryNotFoundException("User " + str + " not valid");
            throw entryNotFoundException;
        } catch (EntryNotFoundException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.saf.internal.SAFRegistry", "169", this, new Object[]{str});
            throw entryNotFoundException;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.saf.internal.SAFRegistry", "171", this, new Object[]{str});
            throw new RegistryException(entryNotFoundException.toString());
        }
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getRealm() {
        if (this._realm == null) {
            this._realm = (String) this._config.get(LdapConfig.REALM);
            if (this._realm == null || this._realm.length() == 0) {
                this._realm = getDefaultRealm();
            }
        }
        return this._realm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getDefaultRealm() {
        return NativeMethodUtils.convertToASCII(ntv_getPlexName());
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueGroupId(String str) throws EntryNotFoundException, RegistryException {
        if (isValidGroup(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid group");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getUniqueGroupIdsForUser(String str) throws EntryNotFoundException, RegistryException {
        return getGroupsForUser(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueUserId(String str) throws EntryNotFoundException, RegistryException {
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid user");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid user");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (isValidUser(str)) {
            return str;
        }
        throw new EntryNotFoundException(str + " is not a valid user");
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getUsers(String str, int i) throws RegistryException {
        assertNotEmpty(str, "pattern is null");
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        Throwable th = null;
        try {
            synchronized (this.getUsersLock) {
                if (!ntv_resetUsersCursor()) {
                    throw new RegistryException("Failed to reset SAF user database");
                }
                while (true) {
                    byte[] ntv_getNextUser = ntv_getNextUser();
                    if (ntv_getNextUser == null) {
                        break;
                    }
                    String convertToASCII = NativeMethodUtils.convertToASCII(ntv_getNextUser);
                    if (convertToASCII.matches(str)) {
                        if (i != 0 && arrayList.size() >= i) {
                            z = true;
                            break;
                        }
                        arrayList.add(convertToASCII);
                    }
                }
                if (!ntv_closeUsersDB()) {
                    throw new RegistryException("Failed to close SAF user database");
                }
            }
            return new SearchResult(arrayList, z);
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.saf.internal.SAFRegistry", "269", this, new Object[]{str, Integer.valueOf(i)});
            throw null;
        } catch (Throwable th2) {
            FFDCFilter.processException(th2, "com.ibm.ws.security.registry.saf.internal.SAFRegistry", "271", this, new Object[]{str, Integer.valueOf(i)});
            throw new RegistryException(th.toString());
        }
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidGroup(String str) throws RegistryException {
        assertNotEmpty(str, "groupSecurityName is null");
        return ntv_isValidGroup(NativeMethodUtils.convertToEBCDIC(str));
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidUser(String str) throws RegistryException {
        assertNotEmpty(str, "userSecurityName is null");
        return ntv_isValidUser(NativeMethodUtils.convertToEBCDIC(str));
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String mapCertificate(X509Certificate x509Certificate) throws CertificateMapNotSupportedException, CertificateMapFailedException, RegistryException {
        assertNotNull(x509Certificate, "cert is null");
        CertificateMapFailedException certificateMapFailedException = null;
        try {
            byte[] encoded = x509Certificate.getEncoded();
            String convertToASCII = NativeMethodUtils.convertToASCII(ntv_mapCertificate(encoded, encoded.length));
            if (convertToASCII != null) {
                return convertToASCII;
            }
            certificateMapFailedException = new CertificateMapFailedException("Certificate could not be mapped to a valid SAF user ID");
            throw certificateMapFailedException;
        } catch (CertificateEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.saf.internal.SAFRegistry", "309", this, new Object[]{x509Certificate});
            throw new CertificateMapFailedException("CertificateEncodingException", certificateMapFailedException);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void assertNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void assertNotEmpty(String str, String str2) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException(str2);
        }
    }

    protected native boolean ntv_checkPassword(byte[] bArr, byte[] bArr2, String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public native byte[] ntv_getRealm();

    protected native boolean ntv_isValidUser(byte[] bArr);

    protected native boolean ntv_isValidGroup(byte[] bArr);

    protected native byte[] ntv_mapCertificate(byte[] bArr, int i);

    protected native List<byte[]> ntv_getGroupsForUser(byte[] bArr, List<byte[]> list);

    protected native boolean ntv_resetGroupsCursor();

    protected native byte[] ntv_getNextGroup();

    protected native boolean ntv_closeGroupsDB();

    protected native boolean ntv_resetUsersCursor();

    protected native byte[] ntv_getNextUser();

    protected native boolean ntv_closeUsersDB();

    protected native byte[] ntv_getPlexName();
}
