package com.ibm.ws.security.core;

import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.commonarchive.CommonarchiveFactory;
import com.ibm.etools.commonarchive.EARFile;
import com.ibm.etools.commonarchive.impl.CommonarchiveFactoryImpl;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.cache.DistributedMap;
import com.ibm.websphere.management.AdminConstants;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.configservice.ConfigServiceProxy;
import com.ibm.websphere.management.dynamicproxy.InvocationHandler;
import com.ibm.websphere.management.dynamicproxy.StateObject;
import com.ibm.websphere.models.config.appdeployment.ApplicationDeployment;
import com.ibm.websphere.models.config.appdeployment.Deployment;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.jaaslogin.JAASAuthData;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.Result;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.AdminHelper;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.DistributedMapFactory;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping;
import com.ibm.ws.security.auth.login.Configuration;
import com.ibm.ws.security.authorize.AppInstallNotify;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.registry.UserRegistryImpl;
import com.ibm.ws.security.registry.ldap.LdapRegistryImpl;
import com.ibm.ws.security.server.LTPAConfigException;
import com.ibm.ws.security.server.SecurityServerImpl;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.AuthData;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.security.util.InvalidPasswordDecodingException;
import com.ibm.ws.security.util.PasswordUtil;
import com.ibm.ws.sm.workspace.RepositoryContext;
import com.ibm.ws.sm.workspace.WorkSpace;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.sm.workspace.metadata.RepositoryContextType;
import com.ibm.ws.sm.workspace.metadata.RepositoryMetaDataFactory;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.TokenHolder;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import javax.net.ssl.SSLContext;
import javax.security.auth.Subject;
import org.eclipse.emf.common.util.URI;
import org.eclipse.emf.ecore.resource.Resource;
import org.eclipse.jst.j2ee.commonarchivecore.internal.helpers.ArchiveOptions;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.omg.CSI.KRB5MechOID;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/core/SecurityAdmin.class */
public final class SecurityAdmin implements InvocationHandler {
    private static final String LOGIN_CONFIG_CLASS = "com.ibm.ws.security.auth.login.Configuration";
    private static List cachedDefaultCiphers = null;
    private static final WebSphereRuntimePermission GET_SSO_TOKEN_PERM = new WebSphereRuntimePermission("getSingleSignonToken");
    private static final String[] CIPHER_SUITES_LIST = {Constants.SSL_RSA_WITH_RC4_128_MD5, Constants.SSL_RSA_WITH_RC4_128_SHA, Constants.SSL_RSA_WITH_AES_128_CBC_SHA, Constants.SSL_RSA_WITH_DES_CBC_SHA, "SSL_RSA_FIPS_WITH_DES_CBC_SHA", Constants.SSL_RSA_WITH_3DES_EDE_CBC_SHA, Constants.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, Constants.SSL_DHE_RSA_WITH_AES_128_CBC_SHA, Constants.SSL_DHE_RSA_WITH_DES_CBC_SHA, Constants.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, Constants.SSL_DHE_DSS_WITH_AES_128_CBC_SHA, Constants.SSL_DHE_DSS_WITH_RC4_128_SHA, Constants.SSL_DHE_DSS_WITH_DES_CBC_SHA, Constants.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, Constants.SSL_RSA_EXPORT_WITH_RC4_40_MD5, Constants.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, Constants.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, Constants.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, Constants.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA};
    private static final String[] FIPS_CIPHER_SUITES_LIST = {Constants.SSL_RSA_WITH_AES_128_CBC_SHA, Constants.SSL_RSA_WITH_3DES_EDE_CBC_SHA, Constants.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, Constants.SSL_DHE_RSA_WITH_AES_128_CBC_SHA, Constants.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, Constants.SSL_DHE_DSS_WITH_AES_128_CBC_SHA, Constants.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA};
    private static final TraceComponent tc;
    private LTPAServerObject _ltpaServer = null;
    private UserRegistry _registry = null;
    private boolean initialized = false;
    static Class class$org$ietf$jgss$Oid;
    static Class class$com$ibm$wsspi$security$token$SingleSignonToken;
    static Class class$com$ibm$ws$security$core$SecurityAdmin;

    /* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/core/SecurityAdmin$OpenKeyStoreAction.class */
    static class OpenKeyStoreAction implements PrivilegedExceptionAction {
        private String file;

        public OpenKeyStoreAction(String str) {
            this.file = null;
            this.file = str;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws MalformedURLException, IOException {
            if (SecurityAdmin.tc.isEntryEnabled()) {
                Tr.entry(SecurityAdmin.tc, "OpenKeyStoreAction.run");
            }
            File file = new File(this.file);
            if (file.exists() && file.length() == 0) {
                throw new IOException(new StringBuffer().append("Keystore file exists, but is empty: ").append(this.file).toString());
            }
            InputStream openStream = (!file.exists() ? new URL(this.file) : new URL(new StringBuffer().append("file:").append(file.getCanonicalPath()).toString())).openStream();
            if (SecurityAdmin.tc.isEntryEnabled()) {
                Tr.exit(SecurityAdmin.tc, "OpenKeyStoreAction.run");
            }
            return openStream;
        }
    }

    public SecurityAdmin() throws Exception {
        initialize();
    }

    public synchronized void initialize() throws Exception {
        if (this.initialized) {
            return;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize ");
        }
        if (((Boolean) SecurityConfig.getConfig().getValue("security.enabled")).booleanValue()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security is enabled, therefore initializing references to user registry and ltpa server.");
            }
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (contextManagerFactory == null) {
                Tr.error(tc, "security.sambean.nullsecserver");
                throw new Exception("Unable to get ContextManager");
            }
            try {
                this._registry = contextManagerFactory.getRegistry(contextManagerFactory.getDefaultRealm());
                try {
                    this._ltpaServer = LTPAServerObject.getLTPAServer();
                } catch (LTPAConfigException e) {
                    FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.core.SecurityAdmin.initialize", "195", (Object) this);
                    Tr.debug(tc, "Error initializing LTPA server object.");
                }
                if (tc.isDebugEnabled()) {
                    if (this._ltpaServer == null) {
                        Tr.debug(tc, "ltpa server not initialized.");
                    } else {
                        Tr.debug(tc, "ltpa server initialized.");
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.initialize", "176", this);
                Tr.error(tc, "security.sambean.urerr", new Object[]{e2});
                throw e2;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security is not enabled, therefore not initializing references to user registry and ltpa server.");
        }
        this.initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    public void purgeUserFromAuthCache(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "purgeUserFromAuthCache");
        }
        try {
            AuthCache.getInstance().removeEntry(str, str2);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.purgeUserFromCache", "231", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception purging user").append(str2).append(" from cache.").toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "purgeUserFromAuthCache");
        }
    }

    public void clearAuthCache() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearAuthCache");
        }
        try {
            AuthCache.getInstance().removeAllEntries();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.purgeUserFromCache", "253", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception clearing auth cache.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearAuthCache");
        }
    }

    public void resetLdapBindInfo(String str, String str2) {
        if (!WSSecurityHelper.isGlobalSecurityEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Global security is not enabled.");
                return;
            }
            return;
        }
        ConfigService configService = null;
        try {
            configService = new ConfigServiceProxy(AdminServiceFactory.getAdminService().getDeploymentManagerAdminClient());
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get ConfigService from deployment manager");
            }
        }
        if (configService == null) {
            configService = ConfigServiceFactory.getConfigService();
        }
        if (configService == null) {
            try {
                Properties properties = new Properties();
                properties.setProperty("location", "local");
                configService = ConfigServiceFactory.createConfigService(true, properties);
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to create ConfigService. ", e2);
                    return;
                }
                return;
            }
        }
        if (configService == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "There is no configservice available.");
            }
            Tr.audit(tc, "security.registry.ldap.update.audit");
            return;
        }
        Session session = null;
        try {
            session = new Session();
            ObjectName createObjectName = ConfigServiceHelper.createObjectName(null, "Security");
            ObjectName objectName = configService.resolve(session, "Cell=")[0];
            ObjectName objectName2 = objectName != null ? configService.queryConfigObjects(session, objectName, createObjectName, null)[0] : null;
            if (objectName2 == null) {
                objectName2 = configService.queryConfigObjects(session, null, createObjectName, null)[0];
            }
            ObjectName objectName3 = (ObjectName) configService.getAttribute(session, objectName2, "activeUserRegistry");
            boolean z = false;
            try {
                String configDataType = ConfigServiceHelper.getConfigDataType(objectName3);
                if (configDataType != null) {
                    if (configDataType.equalsIgnoreCase("LDAPUserRegistry")) {
                        z = true;
                    }
                }
            } catch (Exception e3) {
            }
            String str3 = null;
            try {
                str3 = (String) configService.getAttribute(session, objectName3, "serverId");
            } catch (Exception e4) {
            }
            if (!z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The active registry is not LDAP, no update is performed.");
                }
                try {
                    configService.discard(session);
                    return;
                } catch (Exception e5) {
                    return;
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "This is LDAP user registry.");
            }
            ArrayList arrayList = (ArrayList) configService.getAttribute(session, objectName3, "hosts");
            String str4 = "";
            if (arrayList != null) {
                for (int i = 0; i < arrayList.size(); i++) {
                    AttributeList attributeList = (AttributeList) arrayList.get(i);
                    String str5 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "host");
                    Integer num = (Integer) ConfigServiceHelper.getAttributeValue(attributeList, "port");
                    StringBuffer stringBuffer = new StringBuffer();
                    if (str5.startsWith("ldap://")) {
                        str5 = str5.substring("ldap://".length());
                    }
                    if (SecurityConfig.isIPv6Addr(str5)) {
                        str5 = SecurityConfig.formatIPv6Addr(str5);
                    }
                    stringBuffer.append("ldap://").append(str5);
                    if (num != null && num.intValue() > 0) {
                        stringBuffer.append(new StringBuffer().append(":").append(num.intValue()).toString());
                    }
                    if (stringBuffer != null && stringBuffer.length() > 0) {
                        if (str4 == "") {
                            str4 = stringBuffer.toString();
                        } else if (str4.indexOf(stringBuffer.toString()) == -1) {
                            str4 = new StringBuffer().append(str4).append(RASFormatter.DEFAULT_SEPARATOR).append(stringBuffer.toString()).toString();
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("LDAP hosts are ").append(str4).toString());
                }
            }
            String str6 = (String) configService.getAttribute(session, objectName3, "bindPassword");
            String str7 = (String) configService.getAttribute(session, objectName3, "bindDN");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("New bind DN is ").append(str7).toString());
            }
            boolean z2 = true;
            if (str2 == null || str == null || str2.length() == 0 || str.length() == 0) {
                str = str7;
                str2 = str6;
                z2 = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Bind info input  is incompleted, use bind info from security.xml.");
                }
            }
            UserRegistry registryImpl = SecurityServerImpl.getRegistryImpl(ContextManagerFactory.getInstance().getDefaultRealm());
            if (str2 == null || str == null || str2.length() == 0 || str.length() == 0) {
                str = null;
                str2 = null;
            } else {
                try {
                    str = registryImpl.checkPassword(str, str2);
                } catch (Exception e6) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Bind info is incorrect with Bind DN of ").append(str).toString());
                    }
                    Tr.audit(tc, "security.registry.ldap.update.audit");
                    try {
                        configService.discard(session);
                        return;
                    } catch (Exception e7) {
                        return;
                    }
                }
            }
            LdapRegistryImpl.refreshRegistry(str, str2, str4);
            if (str3 == null || str3 == "") {
                str3 = "123";
            }
            try {
                registryImpl.getUsers(str3, 1);
            } catch (Exception e8) {
            }
            if (((str6 == null && str2 == null) || str6.equals(str2)) && ((str7 == null && str == null) || str7.equals(str))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Bind info is not changed in security.xml since last update.");
                }
                z2 = false;
            }
            if (z2) {
                AttributeList attributeList2 = new AttributeList();
                attributeList2.add(new Attribute("bindDN", str));
                attributeList2.add(new Attribute("bindPassword", str2));
                configService.setAttributes(session, objectName3, attributeList2);
                configService.save(session, false);
                try {
                    configService.discard(session);
                } catch (Exception e9) {
                }
                String processType = AdminServiceFactory.getAdminService().getProcessType();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Process Type is ").append(processType).toString());
                }
                if (processType.equals(AdminConstants.DEPLOYMENT_MANAGER_PROCESS)) {
                }
                Iterator it = AdminServiceFactory.getAdminService().queryNames(new ObjectName("WebSphere:type=NodeSync,*"), null).iterator();
                while (it.hasNext()) {
                    AdminServiceFactory.getAdminService().invoke((ObjectName) it.next(), "sync", new Object[0], new String[0]);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "security.xml Sync completed.");
                }
            } else {
                try {
                    configService.discard(session);
                } catch (Exception e10) {
                }
            }
            try {
                configService.discard(session);
            } catch (Exception e11) {
            }
        } catch (Exception e12) {
            try {
                configService.discard(session);
            } catch (Exception e13) {
            }
        } catch (Throwable th) {
            try {
                configService.discard(session);
            } catch (Exception e14) {
            }
            throw th;
        }
    }

    public void updateAuthDataCfg(HashMap hashMap) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateAuthDataCfg ", new Object[]{hashMap});
        }
        if (hashMap != null) {
            WSDefaultPrincipalMapping.refreshAuthData(hashMap);
        } else {
            WorkSpace workSpace = null;
            try {
                try {
                    workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace(new StringBuffer().append("").append(System.currentTimeMillis()).toString());
                    RepositoryContextType contextType = RepositoryMetaDataFactory.getRepositoryMetaData().getContextType("cells");
                    URI createURI = URI.createURI("security.xml");
                    Security security = null;
                    Iterator it = workSpace.findContext(contextType).iterator();
                    if (it.hasNext()) {
                        Resource createResource = ((RepositoryContext) it.next()).getResourceSet().createResource(createURI);
                        createResource.load(new HashMap());
                        security = (Security) createResource.getContents().get(0);
                    }
                    if (security != null) {
                        HashMap hashMap2 = new HashMap();
                        for (JAASAuthData jAASAuthData : security.getAuthDataEntries()) {
                            if (jAASAuthData != null) {
                                hashMap2.put(jAASAuthData.getAlias(), new AuthData(jAASAuthData.getUserId(), jAASAuthData.getPassword()));
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("AuthData - add ").append(jAASAuthData.getAlias()).toString());
                                }
                            }
                        }
                        WSDefaultPrincipalMapping.refreshAuthData(hashMap2);
                    }
                    if (workSpace != null) {
                        try {
                            WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
                        } catch (WorkSpaceException e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception removing WorkSpace.");
                            }
                        }
                    }
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception refreshing J2C AuthData.");
                    }
                    if (workSpace != null) {
                        try {
                            WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
                        } catch (WorkSpaceException e3) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception removing WorkSpace.");
                            }
                        }
                    }
                }
            } catch (Throwable th) {
                if (workSpace != null) {
                    try {
                        WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
                    } catch (WorkSpaceException e4) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception removing WorkSpace.");
                        }
                    }
                }
                throw th;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateAuthDataCfg ");
        }
    }

    public void updateJAASCfg(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateJAASCfg ");
        }
        Configuration configuration = Configuration.getConfiguration();
        String name = configuration.getClass().getName();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("The Login Configuration class is: ").append(name).toString());
        }
        if (configuration instanceof Configuration) {
            try {
                Configuration configuration2 = configuration;
                configuration2.updateWCCMAppConfig(str);
                configuration2.refresh();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("The dynamic JAAS login configuration is:\n").append(configuration2.toString()).toString());
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.updateJAASCfg", "612", this);
                Tr.error(tc, "security.init.wccmjaas.error", new Object[]{e});
            }
        } else {
            Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("security.enabled");
            if (bool != null && bool.booleanValue()) {
                Tr.error(tc, "security.init.wccmjaas.wrongclasserror", new Object[]{name, LOGIN_CONFIG_CLASS});
                throw new RuntimeException("JAAS Login provider class com.ibm.ws.security.auth.login.Configuration is not configured as login provider class");
            }
            Tr.warning(tc, "security.init.wccmjaas.wrongclasswarning", (Object) new Object[]{name, LOGIN_CONFIG_CLASS});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateJAASCfg ");
        }
    }

    public String getJAASCfg() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJAASCfg ");
        }
        String str = null;
        Configuration configuration = Configuration.getConfiguration();
        String name = configuration.getClass().getName();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("The Login Configuration class is: ").append(name).toString());
        }
        if (configuration instanceof Configuration) {
            try {
                str = configuration.toString();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getJAASCfg", "664", this);
                Tr.error(tc, "security.init.wccmjaas.error", new Object[]{e});
            }
        } else {
            Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("security.enabled");
            if (bool != null && bool.booleanValue()) {
                Tr.error(tc, "security.init.wccmjaas.wrongclasserror", new Object[]{name, LOGIN_CONFIG_CLASS});
                throw new RuntimeException("JAAS Login provider class com.ibm.ws.security.auth.login.Configuration is not configured as login provider class");
            }
            Tr.warning(tc, "security.init.wccmjaas.wrongclasswarning", (Object) new Object[]{name, LOGIN_CONFIG_CLASS});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJAASCfg ");
        }
        return str;
    }

    public Result getUsers(String str, Integer num, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsers ", new StringBuffer().append(str).append(RASFormatter.DEFAULT_SEPARATOR).append(num).toString());
        }
        int intValue = num.intValue();
        Result result = null;
        UserRegistry registry = getRegistry(properties);
        if (registry != null) {
            try {
                SecurityConfig.getConfig();
                result = registry.getUsers(SecurityConfig.variableMapExpand(str), intValue);
            } catch (CustomRegistryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getUsers", "714", this);
                Tr.error(tc, "security.sambean.getusrerr", new Object[]{str, new Integer(intValue), e});
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.getUsers", "720", this);
                Tr.error(tc, "security.sambean.getusrerr", new Object[]{str, new Integer(intValue), e2});
                throw e2;
            }
        } else {
            Tr.error(tc, "security.sa.no.registry");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUsers ");
        }
        return result;
    }

    public Result getGroups(String str, Integer num, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups ", new StringBuffer().append(str).append(RASFormatter.DEFAULT_SEPARATOR).append(num).toString());
        }
        int intValue = num.intValue();
        Result result = null;
        UserRegistry registry = getRegistry(properties);
        if (registry != null) {
            try {
                result = registry.getGroups(str, intValue);
            } catch (CustomRegistryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getGroups", "752", this);
                Tr.error(tc, "security.sambean.getgrperr", new Object[]{str, new Integer(intValue), e});
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.getGroups", "758", this);
                Tr.error(tc, "security.sambean.getgrperr", new Object[]{str, new Integer(intValue), e2});
                throw e2;
            }
        } else {
            Tr.error(tc, "security.sa.no.registry");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroups ");
        }
        return result;
    }

    public Boolean checkRunAsUser(List list, List list2, String str, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkRunAsUser", str);
        }
        if (SecurityConfig.isJACCEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No runAsRole to role checking when JACC is enabled");
            }
            return Boolean.TRUE;
        }
        boolean z = false;
        UserRegistry userRegistry = null;
        if (str == null || str.trim().length() <= 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RunAs username is null");
            }
            z = true;
        } else if (list.contains(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("user ").append(str).append(" is in the user list").toString());
            }
            z = true;
        } else {
            userRegistry = getRegistry(properties);
            if (userRegistry != null) {
                Result users = userRegistry.getUsers(str, 1);
                String str2 = users != null ? (String) users.getList().get(0) : null;
                if (list != null && str2 != null && str2.length() > 0 && list.contains(str2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("user ").append(str).append(" is in the list").toString());
                    }
                    z = true;
                }
            } else {
                Tr.error(tc, "security.sa.no.registry");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("cannot determine if user ").append(str).append(" is in the list since registry is null. Returing false").toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkRunAsUser");
                }
            }
        }
        if (!z && userRegistry != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("user ").append(str).append(" is not in the user list. Checking in the group list").toString());
            }
            boolean z2 = false;
            Boolean bool = (Boolean) SecurityConfig.getConfig().getValue(CommonConstants.IGNORE_CASE);
            if (bool != null && bool.booleanValue()) {
                z2 = true;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ignoreCase is set");
                }
            }
            List groupsForUser = userRegistry.getGroupsForUser(str);
            if (list2 != null && groupsForUser != null) {
                for (int i = 0; i < list2.size() && !z; i++) {
                    if (z2) {
                        int i2 = 0;
                        while (true) {
                            if (i2 >= groupsForUser.size()) {
                                break;
                            }
                            if (((String) groupsForUser.get(i2)).equalsIgnoreCase((String) list2.get(i))) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("user ").append(str).append(" is in the group list").toString());
                                }
                                z = true;
                            } else {
                                i2++;
                            }
                        }
                    } else if (groupsForUser.contains(list2.get(i))) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("user ").append(str).append(" is in the group list").toString());
                        }
                        z = true;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkRunAsUser", z ? Boolean.TRUE : Boolean.FALSE);
        }
        return z ? Boolean.TRUE : Boolean.FALSE;
    }

    public String getAccessIds(boolean z, String str, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessIds", str);
        }
        String str2 = null;
        UserRegistry registry = getRegistry(properties);
        if (registry != null) {
            str2 = z ? registry.getUniqueUserId(str) : registry.getUniqueGroupId(str);
        } else {
            Tr.error(tc, "security.sa.no.registry");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "registry is null. Returing null accessId");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAccessIds");
        }
        return str2;
    }

    public String getRealm(Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm ");
        }
        UserRegistry registry = getRegistry(properties);
        String str = null;
        if (registry != null) {
            try {
                str = registry.getRealm();
            } catch (CustomRegistryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getRealm", "917", this);
                Tr.error(tc, "security.sa.get.realm", new Object[]{e});
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.getRealm", "923", this);
                Tr.error(tc, "security.sa.get.realm", new Object[]{e2});
                throw e2;
            }
        } else {
            Tr.error(tc, "security.sa.no.registry");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm ", str);
        }
        return str;
    }

    public void generateKeys(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKeys");
        }
        getLtpaServer();
        generateKeysForKeySetGroup(null, Boolean.TRUE);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateKeys");
        }
    }

    public void updateRuntimeKeys(Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateRuntimeKeys ");
        }
        try {
            getLtpaServer().updateLTPAKeysFromMap(map);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "updateRuntimeKeys ");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.updateRuntimeKeys", "969", this);
            Tr.error(tc, "security.ErrorCreatingLTPAKeys", new Object[]{e});
            throw e;
        }
    }

    public Map generateKeysForKeySetGroup(Session session, Boolean bool) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKeysForKeySetGroup");
        }
        try {
            Map generateKeysForKeySetGroup = getLtpaServer().generateKeysForKeySetGroup(session, bool);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateKeysForKeySetGroup");
            }
            return generateKeysForKeySetGroup;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.generateKeysForKeySetGroup", "991", this);
            Tr.error(tc, "security.ErrorCreatingLTPAKeys", new Object[]{e});
            throw e;
        }
    }

    public Properties genKeys(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genKeys ");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "genKeys ");
        }
        generateKeysForKeySetGroup(null, Boolean.FALSE);
        return null;
    }

    public void exportKeys(String str, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("exportKeys filename:").append(str).toString());
        }
        LTPAServerObject ltpaServer = getLtpaServer(properties);
        String property = properties.getProperty("ltpa_password");
        Properties properties2 = null;
        if (ltpaServer != null) {
            try {
                properties2 = ltpaServer.exportSSOProperties(property.getBytes("UTF8"));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.exportKeys", "1025", this);
                Tr.error(tc, "security.sambean.expltpakeys", new Object[]{e});
                throw e;
            }
        }
        try {
            setProps(properties2, str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "exportKeys ");
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.exportKeys", "1037", this);
            Tr.error(tc, "security.sa.set.props", new Object[]{str, e2});
            throw e2;
        }
    }

    public void importKeys(String str, byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("importKeys ").append(str).toString());
        }
        new Properties();
        try {
            Properties props = getProps(str);
            try {
                getLtpaServer(props).importSSOProperties(props, bArr);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "importKeys ");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.importKeys", "1071", this);
                Tr.error(tc, "security.sambean.impltpakeys", new Object[]{props, e});
                throw e;
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.importKeys", "1058", this);
            Tr.error(tc, "security.sa.set.props", new Object[]{str, e2});
            throw e2;
        }
    }

    public void getApplicationRoles(String str) {
    }

    public void getEjbModuleRoles(String str, String str2) {
    }

    public void getWebModuleRoles(String str, String str2) {
    }

    public Map importSSOPropertiesToKeySetGroup(Properties properties, byte[] bArr, Session session, Boolean bool) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "importSSOPropertiesToKeySetGroup");
        }
        try {
            LTPAServerObject ltpaServer = getLtpaServer();
            if (null != ltpaServer) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "importSSOPropertiesToKeySetGroup");
                }
                return ltpaServer.importSSOPropertiesToKeySetGroup(properties, bArr, session, bool);
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "importSSOPropertiesToKeySetGroup (null)");
            return null;
        } catch (Exception e) {
            Tr.error(tc, "security.sambean.impltpakeys", new Object[]{properties, e});
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.importLTPAKeys", "1119", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importSSOPropertiesToKeySetGroup", e);
            }
            throw e;
        }
    }

    public void importLTPAKeys(Properties properties, byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "importLTPAKeys");
        }
        try {
            LTPAServerObject ltpaServer = getLtpaServer(properties);
            if (null != ltpaServer) {
                ltpaServer.importSSOProperties(properties, bArr);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importLTPAKeys");
            }
        } catch (Exception e) {
            Tr.error(tc, "security.sambean.impltpakeys", new Object[]{properties, e});
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.importLTPAKeys", "1143", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "importLTPAKeys", e);
            }
            throw e;
        }
    }

    public void checkImportLTPAKeys(Properties properties, byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkImportLTPAKeys");
        }
        try {
            LTPAServerObject ltpaServer = getLtpaServer(properties);
            if (null != ltpaServer) {
                ltpaServer.checkImportSSOProperties(properties, bArr);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkImportLTPAKeys");
            }
        } catch (Exception e) {
            Tr.error(tc, "security.sambean.impltpakeys", new Object[]{properties, e});
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.checkImportLTPAKeys", "1164", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkImportLTPAKeys", e);
            }
            throw e;
        }
    }

    public Properties exportLTPAKeys(byte[] bArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "exportLTPAKeys (with pw)");
        }
        try {
            Properties properties = null;
            LTPAServerObject ltpaServer = getLtpaServer();
            if (ltpaServer != null) {
                properties = ltpaServer.exportSSOProperties(bArr);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ltpaServer is null! not good.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("exportLTPAKeys: ").append(properties != null ? properties.toString() : "null props").toString());
            }
            return properties;
        } catch (Exception e) {
            Tr.error(tc, "security.sambean.expltpakeys", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.exportLTPAKeys", "1193", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "exportLTPAKeys", e);
            }
            throw e;
        }
    }

    public Properties exportLTPAKeys() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "exportLTPAKeys");
        }
        try {
            Properties properties = null;
            LTPAServerObject ltpaServer = getLtpaServer();
            if (ltpaServer != null) {
                properties = ltpaServer.exportSSOProperties(ManagementScopeManager.getInstance().getCellName().getBytes("UTF8"));
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ltpaServer is null! not good.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("exportLTPAKeys: ").append(properties != null ? properties.toString() : "null props").toString());
            }
            return properties;
        } catch (Exception e) {
            Tr.error(tc, "security.sambean.expltpakeys", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.exportLTPAKeys", "1222", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "exportLTPAKeys", e);
            }
            throw e;
        }
    }

    public Boolean checkPassword(String str, String str2, Properties properties) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkPassword");
        }
        boolean z = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("props=").append(properties.toString()).toString());
        }
        if (properties != null) {
            Boolean bool = (Boolean) properties.get("sslEnabled");
            Hashtable hashtable = (Hashtable) properties.get("sslConfig");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("sslEnabled=").append(bool).toString());
            }
            if (bool != null && bool.toString().equals("true")) {
                properties.put("sslEnabled", Boolean.TRUE);
                if (hashtable != null) {
                    properties.put("LDAP.validation", "true");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "LDAP validation property is set to true");
                    }
                }
            }
        }
        UserRegistry registry = getRegistry(properties);
        SecurityConfig.getConfig();
        String variableMapExpand = SecurityConfig.variableMapExpand(str);
        SecurityConfig.getConfig();
        String variableMapExpand2 = SecurityConfig.variableMapExpand(str2);
        try {
            variableMapExpand2 = PasswordUtil.decode(variableMapExpand2);
        } catch (InvalidPasswordDecodingException e) {
        }
        if (registry != null) {
            try {
                String str3 = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism.OID");
                if (ContextManagerFactory.getInstance().isCellSecurityEnabled() && str3 != null && KRB5MechOID.value.endsWith(str3)) {
                    String str4 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.KERBEROS_REALM);
                    if (str4 != null && !str4.equals("") && variableMapExpand.indexOf(64) == -1) {
                        variableMapExpand = new StringBuffer().append(variableMapExpand).append(EndPointMgr.DEFAULT).append(str4).toString();
                    }
                    if (ContextManagerFactory.getInstance().login(ContextManagerFactory.getInstance().getDefaultRealm(), variableMapExpand, variableMapExpand2) != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "password is ok");
                        }
                        z = true;
                    }
                } else {
                    registry.checkPassword(variableMapExpand, variableMapExpand2);
                    z = true;
                }
            } catch (CustomRegistryException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.checkPassword", "1310", this);
                Tr.error(tc, "security.sa.chk.password.custom", new Object[]{variableMapExpand, e2});
                throw e2;
            } catch (PasswordCheckFailedException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityAdmin.checkPassword", "1304", this);
                Tr.error(tc, "security.sa.chk.password", new Object[]{variableMapExpand, e3});
                throw e3;
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.core.SecurityAdmin.checkPassword", "1316", this);
                Tr.error(tc, "security.sa.chk.password.custom", new Object[]{variableMapExpand, e4});
                throw e4;
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "registry is null: checkPassword failed");
            }
            Tr.error(tc, "security.sa.no.registry");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkPassword", z ? Boolean.TRUE : Boolean.FALSE);
        }
        return z ? Boolean.TRUE : Boolean.FALSE;
    }

    public Integer checkTokenLibFile(String str, String str2, String str3, String str4, String str5, String str6) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTokenLibFile");
        }
        int checkTokenLibFile = SSLConfigValidation.checkTokenLibFile(str, str2, str3, str4, str5, str6);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTokenLibFile", new StringBuffer().append("status=").append(checkTokenLibFile).toString());
        }
        return new Integer(checkTokenLibFile);
    }

    public Integer checkKeyFile(String str, String str2, String str3, String str4, String str5) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkKeyFile");
        }
        int checkKeyFile = SSLConfigValidation.checkKeyFile(str, str2, str3, str4, str5);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkKeyFile", new StringBuffer().append("status=").append(checkKeyFile).toString());
        }
        return new Integer(checkKeyFile);
    }

    public Integer checkTrustFile(String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTrustFile");
        }
        int checkTrustFile = SSLConfigValidation.checkTrustFile(str, str2, str3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTrustFile", new StringBuffer().append("status=").append(checkTrustFile).toString());
        }
        return new Integer(checkTrustFile);
    }

    public TokenHolder getOpaqueToken(ByteArray byteArray) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueToken");
        }
        byte[] bArr = null;
        TokenHolder tokenHolder = null;
        if (AdminHelper.getPlatformHelper().isZOS()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Extract stoken of input ssoToken's originating servant.");
            }
            try {
                String[] attributes = ContextManagerFactory.getInstance().getWSCredTokenMapper().validateLTPAToken(byteArray.getArray()).getAttributes(CommonConstants.ZOS_SERVANT_ID);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("retrieved servantID").append(attributes[0]).toString());
                }
                tokenHolder = SecurityAdminHelper.getOpaqueToken(byteArray, attributes[0]);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getOpaqueToken returns token.").append(tokenHolder).toString());
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getOpaqueToken", "1444", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "Exception occurred extracting stoken of input ssoToken's originating servant.", new Object[]{e});
                }
            }
            return tokenHolder;
        }
        try {
            DistributedMap map = DistributedMapFactory.getMap("WSSecureMap");
            if (map != null) {
                bArr = (byte[]) map.get(byteArray);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.getOpaqueToken", "1460", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exception occurred getting opaque token from distributed map.", new Object[]{e2});
            }
        }
        if (bArr != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getOpaqueToken returns opaque token.");
            }
            tokenHolder = new TokenHolder(bArr, "WS_OPAQUE", 1);
        } else if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOpaqueToken returns null.");
        }
        return tokenHolder;
    }

    public TokenHolder getInitialContextToken(ByteArray byteArray, String str) {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getInitialContextToken, targetServer: ").append(str).toString());
        }
        byte[] bArr = null;
        GSSCredential gSSCredential = null;
        TokenHolder tokenHolder = null;
        GSSManager gSSManager = GSSManager.getInstance();
        try {
            DistributedMap map = DistributedMapFactory.getMap("WSSecureMapNotShared");
            if (map != null) {
                gSSCredential = (GSSCredential) map.get(byteArray);
            } else {
                Tr.error(tc, "dm is null");
            }
            if (gSSCredential != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "gssCred is not null ");
                }
                String stringBuffer = new StringBuffer().append("host@").append(str).toString();
                Oid oid = null;
                if (0 == 0) {
                    try {
                        oid = new Oid(com.ibm.ws.security.spnego.Constants.OID_KRB5_MECH);
                    } catch (GSSException e) {
                        Object[] objArr = new Object[3];
                        if (class$org$ietf$jgss$Oid == null) {
                            cls = class$("org.ietf.jgss.Oid");
                            class$org$ietf$jgss$Oid = cls;
                        } else {
                            cls = class$org$ietf$jgss$Oid;
                        }
                        objArr[0] = cls;
                        objArr[1] = "Oid(\"1.2.840.113554.1.2.2\")";
                        objArr[2] = e;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Exception getting OID: ").append(e.getMessage()).toString());
                        }
                        throw e;
                    }
                }
                try {
                    GSSName createName = gSSManager.createName(stringBuffer, GSSName.NT_HOSTBASED_SERVICE, oid);
                    Tr.debug(tc, new StringBuffer().append("ServerName").append(createName).toString());
                    try {
                        GSSContext createContext = gSSManager.createContext(createName, oid, gSSCredential, 0);
                        try {
                            createContext.requestCredDeleg(true);
                            try {
                                bArr = createContext.initSecContext((byte[]) null, 0, 0);
                                Tr.debug(tc, new StringBuffer().append("Token = ").append(bArr.length).append(bArr).toString());
                                if (!createContext.isEstablished()) {
                                    Object[] objArr2 = {createContext, stringBuffer};
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "initSecContext: clientContext not established.");
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "initSecContext: clientContext established successfully.");
                                }
                            } catch (GSSException e2) {
                                Object[] objArr3 = {createContext, "initSecContext()", e2};
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("Exception calling initSecContext: ").append(e2.getMessage()).toString());
                                }
                                throw e2;
                            }
                        } catch (GSSException e3) {
                            Object[] objArr4 = {createContext, "requestCredDeleg(true)", e3};
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Exception calling requestCredDeleg: ").append(e3.getMessage()).toString());
                            }
                            throw e3;
                        }
                    } catch (GSSException e4) {
                        Object[] objArr5 = {gSSManager, "createContext()", e4};
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Exception calling createContext: ").append(e4.getMessage()).toString());
                        }
                        throw e4;
                    }
                } catch (GSSException e5) {
                    Object[] objArr6 = {gSSManager, "createName()", e5};
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Exception calling createName: ").append(e5.getMessage()).toString());
                    }
                    throw e5;
                }
            } else {
                Tr.error(tc, "gssCred was null");
            }
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.core.SecurityAdmin.getOpaqueToken", "1616", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exception occurred getting opaque token from distributed map.", new Object[]{e6});
            }
        }
        if (bArr != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getInitialContextToken returns opaque token.");
            }
            tokenHolder = new TokenHolder(bArr, "INIT_CONTEXT_TOKEN", 1);
        } else if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInitialContextToken returns null.");
        }
        return tokenHolder;
    }

    public TokenHolder[] getSingleSignonTokens() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSingleSignonTokens");
        }
        java.lang.SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting: ").append(GET_SSO_TOKEN_PERM).toString());
            }
            securityManager.checkPermission(GET_SSO_TOKEN_PERM);
        }
        SingleSignonToken[] singleSignonTokenArr = null;
        TokenHolder tokenHolder = null;
        try {
            Subject callerSubject = ContextManagerFactory.getInstance().getCallerSubject();
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject);
            if (callerSubject != null && wSCredentialFromSubject != null && !wSCredentialFromSubject.isUnauthenticated() && !wSCredentialFromSubject.isBasicAuth()) {
                singleSignonTokenArr = (SingleSignonToken[]) AccessController.doPrivileged(new PrivilegedExceptionAction(this, callerSubject) { // from class: com.ibm.ws.security.core.SecurityAdmin.1
                    private final Subject val$subject;
                    private final SecurityAdmin this$0;

                    {
                        this.this$0 = this;
                        this.val$subject = callerSubject;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        Class cls;
                        Class cls2;
                        HashSet hashSet = new HashSet();
                        Subject subject = this.val$subject;
                        if (SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken == null) {
                            cls = SecurityAdmin.class$("com.ibm.wsspi.security.token.SingleSignonToken");
                            SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken = cls;
                        } else {
                            cls = SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken;
                        }
                        Set privateCredentials = subject.getPrivateCredentials(cls);
                        Subject subject2 = this.val$subject;
                        if (SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken == null) {
                            cls2 = SecurityAdmin.class$("com.ibm.wsspi.security.token.SingleSignonToken");
                            SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken = cls2;
                        } else {
                            cls2 = SecurityAdmin.class$com$ibm$wsspi$security$token$SingleSignonToken;
                        }
                        Set publicCredentials = subject2.getPublicCredentials(cls2);
                        if (privateCredentials != null) {
                            hashSet.addAll(privateCredentials);
                        }
                        if (publicCredentials != null) {
                            hashSet.addAll(publicCredentials);
                        }
                        return hashSet.toArray(new SingleSignonToken[0]);
                    }
                });
                tokenHolder = new TokenHolder(wSCredentialFromSubject.getCredentialToken(), "LtpaToken", -1);
            }
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            FFDCFilter.processException(exception, "com.ibm.ws.security.core.SecurityAdmin.getSingleSignonTokens", "1685", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected exception getting token list", exception);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdmin.getSingleSignonTokens", "1690", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected exception getting token list", e2);
            }
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; singleSignonTokenArr != null && i < singleSignonTokenArr.length; i++) {
            try {
                hashSet.add(new TokenHolder(singleSignonTokenArr[i].getBytes(), singleSignonTokenArr[i].getName(), singleSignonTokenArr[i].getVersion()));
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityAdmin.getSingleSignonTokens", "1706", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected exception building TokenHolder list", e3);
                }
            }
        }
        if ((SecurityConfig.getConfig().getValue("com.ibm.ws.security.ssoInteropModeEnabled").equals("true") || SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundPropagationEnabled").equals("false") || hashSet.size() == 0) && tokenHolder != null) {
            hashSet.add(tokenHolder);
        }
        TokenHolder[] tokenHolderArr = (TokenHolder[]) hashSet.toArray(new TokenHolder[0]);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSingleSignonTokens", tokenHolderArr);
        }
        return tokenHolderArr;
    }

    private UserRegistry getRegistry(Properties properties) throws Exception {
        Boolean bool;
        String str;
        Properties properties2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getRegistry ").append(SecurityConfig.maskPasswords(properties)).toString());
        }
        UserRegistry userRegistry = this._registry;
        if (properties == null && userRegistry != null) {
            return userRegistry;
        }
        if (properties == null && userRegistry == null) {
            properties = SecurityConfig.expandProps((Properties) SecurityConfig.getConfig().getValue("security.activeUserRegistry.props"));
            Properties properties3 = (Properties) SecurityConfig.getConfig().getValue("security.registry.ldap.props");
            if (properties3 != null) {
                Enumeration keys = properties3.keys();
                while (keys.hasMoreElements()) {
                    String str2 = (String) keys.nextElement();
                    properties.put(str2, properties3.get(str2));
                }
                Boolean bool2 = (Boolean) SecurityConfig.getConfig().getValue("security.registry.ldap.SSLEnabled");
                properties.put("sslEnabled", bool2);
                if (bool2.booleanValue() && (properties2 = (Properties) SecurityConfig.getConfig().getValue("security.registry.ldap.SSLConfig")) != null) {
                    properties.put("sslConfig", properties2);
                }
                properties.put("CustUserRegImplClass", "com.ibm.ws.security.registry.ldap.LdapRegistryImpl");
            } else {
                Properties properties4 = (Properties) SecurityConfig.getConfig().getValue("CustomerUserRegistryProps");
                if (properties4 != null && (str = (String) properties4.get("CustUserRegImplClass")) != null) {
                    properties.put("CustUserRegImplClass", str);
                }
            }
        }
        Properties properties5 = null;
        if (properties != null) {
            try {
                properties5 = new Properties();
                Enumeration keys2 = properties.keys();
                while (keys2.hasMoreElements()) {
                    String str3 = (String) keys2.nextElement();
                    properties5.put(str3, properties.get(str3));
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getRegistry", "1857", this);
                Tr.error(tc, "security.registry.createerror", new Object[]{e});
                throw e;
            } catch (RemoteException e2) {
                FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.core.SecurityAdmin.getRegistry", "1845", (Object) this);
                Tr.error(tc, "security.registry.createerror", new Object[]{e2});
                throw e2;
            } catch (CustomRegistryException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.core.SecurityAdmin.getRegistry", "1851", this);
                Tr.error(tc, "security.registry.createerror", new Object[]{e3});
                throw e3;
            }
        }
        if (properties5 != null && (bool = (Boolean) properties5.get("sslEnabled")) != null && bool.booleanValue()) {
            Properties properties6 = null;
            try {
                properties6 = (Properties) properties5.get("sslConfig");
            } catch (ClassCastException e4) {
                SecureSocketLayer secureSocketLayer = (SecureSocketLayer) properties5.get("sslConfig");
                if (secureSocketLayer != null) {
                    properties6 = createPropertiesFromSecureSocketLayer(secureSocketLayer);
                }
            }
            if (properties6 != null) {
                properties5.put("sslConfig", properties6);
            }
        }
        UserRegistryImpl userRegistryImpl = new UserRegistryImpl();
        userRegistryImpl.initialize(SecurityConfig.expandProps(properties5));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRegistry ");
        }
        if (this._registry == null) {
            this._registry = userRegistryImpl;
        }
        return userRegistryImpl;
    }

    private Properties createPropertiesFromSecureSocketLayer(SecureSocketLayer secureSocketLayer) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Converting SSL config to properties.");
        }
        try {
            return SSLConfigManager.getInstance().parseSecureSocketLayer(null, null, secureSocketLayer, true);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.createPropertiesFromSecureSocketLayer", "1881", this);
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception converting the properties.", new Object[]{e});
            return null;
        }
    }

    private Properties getProps(String str) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProps ");
        }
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.getProps", "1904", this);
            Tr.error(tc, "security.sa.set.props", new Object[]{str, e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Malformed url", str);
            }
        }
        Properties properties = new Properties();
        InputStream openStream = url.openStream();
        try {
            properties.load(openStream);
            if (openStream != null) {
                openStream.close();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getProps ");
            }
            return properties;
        } catch (Throwable th) {
            if (openStream != null) {
                openStream.close();
            }
            throw th;
        }
    }

    private void setProps(Properties properties, String str) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setProps ");
        }
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdmin.setProps", "1937", this);
            Tr.error(tc, "security.sa.set.props", new Object[]{str, e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Malformed url", str);
            }
        }
        properties.save(new FileOutputStream(url.getFile()), "SSOProperties");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setProps ");
        }
    }

    private LTPAServerObject getLtpaServer(Properties properties) throws Exception {
        return getLtpaServer();
    }

    private LTPAServerObject getLtpaServer() throws Exception {
        if (this._ltpaServer == null) {
            this._ltpaServer = new LTPAServerObject();
            if (this._ltpaServer == null) {
                Tr.error(tc, "security.sambean.noltpaserver");
                throw new Exception("Error creating LTPAServerObject.");
            }
        }
        return this._ltpaServer;
    }

    public void preInvoke(String str, Object[] objArr, String[] strArr, StateObject stateObject, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preInvoke()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "preInvoke");
        }
    }

    public void postInvoke(String str, Object[] objArr, String[] strArr, StateObject stateObject, int i, Throwable th, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "postInvoke");
        }
        if (str.equals("purgeUserFromAuthCache")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "purgeUserFromAuthCache()");
            }
            purgeUserFromAuthCache((String) objArr[0], (String) objArr[1]);
        } else if (str.equals("clearAuthCache")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "clearAuthCache()");
            }
            clearAuthCache();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "postInvoke()");
        }
    }

    public void propagatePolicyToJACCProvider(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "propagatePolicyToJACCProvider");
        }
        WorkSpace workSpace = null;
        EARFile eARFile = null;
        Resource resource = null;
        try {
            workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace(new StringBuffer().append("").append(System.currentTimeMillis()).toString());
            URI createURI = URI.createURI("deployment.xml");
            for (RepositoryContext repositoryContext : workSpace.findContext(RepositoryMetaDataFactory.getRepositoryMetaData().getContextType(AppConstants.APPCTX))) {
                String name = repositoryContext.getName();
                boolean z = false;
                if (str != null) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str, ":");
                    while (stringTokenizer.hasMoreTokens()) {
                        if (name.equals(stringTokenizer.nextToken())) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("appName to be propagated is: ").append(name).toString());
                            }
                            z = true;
                        }
                    }
                }
                if (str == null || z) {
                    String path = repositoryContext.getPath();
                    repositoryContext.extract(false);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("appName is: ").append(name).append(", dirName is ").append(path).toString());
                    }
                    try {
                        CommonarchiveFactory activeFactory = CommonarchiveFactoryImpl.getActiveFactory();
                        ArchiveOptions archiveOptions = new ArchiveOptions();
                        archiveOptions.setUseJavaReflection(false);
                        archiveOptions.setIsReadOnly(true);
                        resource = repositoryContext.getResourceSet().createResource(createURI);
                        resource.load(new HashMap());
                        String appContextIDForSecurity = ((ApplicationDeployment) ((Deployment) resource.getContents().get(0)).getDeployedObject()).getAppContextIDForSecurity();
                        eARFile = activeFactory.openEARFile(archiveOptions, path);
                        AppInstallNotify.getInstance().appInstall(eARFile, name, appContextIDForSecurity, false);
                        if (eARFile != null) {
                            eARFile.close();
                        }
                        if (resource != null) {
                            resource.unload();
                            resource = null;
                        }
                    } catch (Throwable th) {
                        if (eARFile != null) {
                            eARFile.close();
                        }
                        if (resource != null) {
                            resource.unload();
                        }
                        throw th;
                    }
                }
            }
            if (workSpace != null) {
                WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
            }
        } catch (Throwable th2) {
            if (workSpace != null) {
                WorkSpaceManagerFactory.getManager().removeWorkSpace(workSpace.getUserName());
            }
            throw th2;
        }
    }

    public static List getSecureSocketLayerCipherList(Boolean bool) {
        String cSIInboundSSLConfigAlias;
        SSLContext sSLContext = null;
        String[] strArr = null;
        new ArrayList();
        boolean isFipsEnabled = JSSEProviderFactory.isFipsEnabled();
        if (isFipsEnabled == bool.booleanValue()) {
            if (cachedDefaultCiphers != null && cachedDefaultCiphers.size() > 0) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getSecureSocketLayerCipherList returning cached Ciphers: ").append(cachedDefaultCiphers).toString());
                }
                return cachedDefaultCiphers;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSecureSocketLayerCipherList cachedDefaultCiphers is null, proceed to determine the provider.");
            }
            SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
            if (securityConfiguration != null && securityConfiguration.processIsServer() && (cSIInboundSSLConfigAlias = securityConfiguration.getCSIInboundSSLConfigAlias()) != null) {
                try {
                    HashMap hashMap = new HashMap();
                    hashMap.put("com.ibm.ssl.direction", "inbound");
                    hashMap.put("com.ibm.ssl.endPointName", "IIOP");
                    sSLContext = JSSEHelper.getInstance().getSSLContext(cSIInboundSSLConfigAlias, hashMap, null);
                } catch (SSLException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Error getting sslConfig for alias ").append(cSIInboundSSLConfigAlias).toString(), new Object[]{e});
                    }
                }
                if (sSLContext != null) {
                    strArr = sSLContext.getServerSocketFactory().getDefaultCipherSuites();
                    String[] supportedCipherSuites = sSLContext.getServerSocketFactory().getSupportedCipherSuites();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Default Cipher Suites: ").append(strArr).toString());
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Supported Cipher Suites: ").append(supportedCipherSuites).toString());
                    }
                }
            }
        }
        if (strArr == null) {
            strArr = bool.booleanValue() ? FIPS_CIPHER_SUITES_LIST : CIPHER_SUITES_LIST;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (int i = 0; i < strArr.length; i++) {
            if (!strArr[i].equals(Constants.SSL_DH_anon_WITH_AES_128_CBC_SHA) && !strArr[i].equals(Constants.SSL_DH_anon_WITH_RC4_128_MD5) && !strArr[i].equals(Constants.SSL_DH_anon_WITH_3DES_EDE_CBC_SHA) && !strArr[i].equals(Constants.SSL_DH_anon_WITH_DES_CBC_SHA) && !strArr[i].equals(Constants.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5) && !strArr[i].equals(Constants.SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA) && !strArr.equals(Constants.SSL_DH_anon_WITH_AES_256_CBC_SHA)) {
                arrayList.add(strArr[i]);
            }
        }
        if (arrayList != null && bool.booleanValue() == isFipsEnabled) {
            cachedDefaultCiphers = arrayList;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getSecureSocketLayerCipherList = ").append(arrayList).toString());
        }
        return arrayList;
    }

    protected static InputStream openKeyStore(String str) throws MalformedURLException, IOException {
        try {
            return (InputStream) java.security.AccessController.doPrivileged(new OpenKeyStoreAction(str));
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", new Object[]{exception});
            }
            if (exception instanceof MalformedURLException) {
                throw ((MalformedURLException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw new IOException(exception.getMessage());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$SecurityAdmin == null) {
            cls = class$("com.ibm.ws.security.core.SecurityAdmin");
            class$com$ibm$ws$security$core$SecurityAdmin = cls;
        } else {
            cls = class$com$ibm$ws$security$core$SecurityAdmin;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
