package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.applicationserver.ApplicationServer;
import com.ibm.websphere.models.config.applicationserver.webcontainer.WebContainer;
import com.ibm.websphere.models.config.ipc.EndPoint;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.jaaslogin.JAASAuthData;
import com.ibm.websphere.models.config.process.Server;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.AuthMechanism;
import com.ibm.websphere.models.config.security.CustomAuthMechanism;
import com.ibm.websphere.models.config.security.CustomUserRegistry;
import com.ibm.websphere.models.config.security.Key;
import com.ibm.websphere.models.config.security.LDAPUserRegistry;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.models.config.security.LocalOSUserRegistry;
import com.ibm.websphere.models.config.security.SSLConfig;
import com.ibm.websphere.models.config.security.SWAMAuthentication;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.models.config.security.SingleSignon;
import com.ibm.websphere.models.config.security.UserRegistry;
import com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping;
import com.ibm.ws.security.util.AuthData;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:efixes/PK17589/components/security.impl/update.jar:lib/securityimpl.jarcom/ibm/ws/security/core/SecurityConfig.class */
public class SecurityConfig {
    private static TraceComponent tc;
    private static final SecurityConfig secCfg;
    private final HashMap myProps = new HashMap();
    public static final String CACHE_TIMEOUT = "security.CacheTimeout";
    public static final String CACHE_CUSHION_MIN = "security.CacheCushionMin";
    public static final String CACHE_CUSHION_MAX = "security.CacheCushionMax";
    public static final String SECURITY_ENABLED = "security.enabled";
    public static final String SERVER_SECURITY_ENABLED = "server.security.enabled";
    public static final String CELL_SECURITY_ENABLED = "cell.security.enabled";
    public static final String QUALIFIED_USER_NAME = "security.FullyQualifiedUserName";
    public static final String USE_LOCAL_SEC_SERVER = "security.useLocalSecurityServer";
    public static final String SECURITY_SERVER_NAME = "security.securityServerName";
    public static final String SERVER_NAME = "process.serverName";
    public static final String CELL_NAME = "cellname";
    public static final String SHORT_SERVER_NAME = "shortservername";
    public static final String ISSUE_PERM_WARNING = "security.issuePermissionWarning";
    public static final String ACTIVE_AUTH_MECHANISM = "security.activeAuthMechanism";
    public static final String ACTIVE_AUTH_MECHANISM_OID = "security.activeAuthMechanism.OID";
    public static final String AUTH_MECHANISM_OID = "security.authMechOID";
    public static final String AUTH_MECHANISM_AUTHALIAS = "security.authMechAuthAlias";
    public static final String AUTH_MECHANISM_SIMPAUTHALIAS = "security.authMechSimpAuthAlias";
    public static final String AUTH_MECHANISM_VALIDATEALIAS = "security.authMechValidateAlias";
    public static final String AUTH_MECHANISM_FORWARDABLE_CRED = "security.authMechForwardCred";
    public static final String AUTH_MECHANISM_CONTEXTIMPL = "security.authMechContextImpl";
    public static final String TRUST_ASSOCIATION_ENABLED = "security.ltpa.trustAssociationEnabled";
    public static final String TRUST_ASSOCIATIONS = "security.ltpa.trustAssociations";
    public static final String LTPA_PASSWORD = "security.ltpa.password";
    public static final String LTPA_EXPIRATION_TIME = "security.ltpa.expirydate";
    public static final String SSO_ENABLED = "security.ltpa.sso.enabled";
    public static final String SSO_DOMAIN = "security.ltpa.sso.domain";
    public static final String SSO_SSL = "security.ltpa.sso.ssl";
    public static final String ACTIVE_USER_REGISTRY = "security.activeUserRegistry";
    public static final String SERVER_ID = "security.serverId";
    public static final String SERVER_PASSWD = "security.serverPasswd";
    public static final String ACTIVE_USER_REGISTRY_PROPS = "security.activeUserRegistry.props";
    public static final String ACTIVE_USER_REGISTRY_REALM = "security.activeUserRegistry.realm";
    public static final String LDAP_PROPS = "security.registry.ldap.props";
    public static final String LDAP_SSL_ENABLED = "security.registry.ldap.SSLEnabled";
    public static final String LDAP_SSL_CONFIG = "security.registry.ldap.SSLConfig";
    public static final String CUSTIMPL_CLASSNAME = "CustUserRegImplClass";
    public static final String CUSTOM_REG_PROPS = "CustomerUserRegistryProps";
    public static final String PROP_EXCEPTION_TO_CLIENT = "com.ibm.websphere.security.registry.propagateExceptionsToClient";
    public static final String REGISTRY_MAX_USERID_SIZE_PROPERTY = "com.ibm.websphere.security.registry.maxUseridSize";
    public static final String REGISTRY_MAX_PASSWORD_SIZE_PROPERTY = "com.ibm.websphere.security.registry.maxPasswordSize";
    public static final String LDAP_REUSE_CONN = "security.registry.ldap.reuseConn";
    public static final String LDAP_SEARCH_TIME_LIMIT = "security.registry.ldap.searchTimeLimit";
    public static final String REGISTRY_IMPL_CLASS = "CustUserRegImplClass";
    public static final String LDAP_REG_IMPL_CLASS = "com.ibm.ws.security.registry.ldap.LdapRegistryImpl";
    public static final String VIRTUAL_HOSTS = "host.virtualhosts";
    public static final String WEB_TRANSPORTS = "webcontainer.transports";
    public static final String SYSTEM_CONFIG_LOGIN_JAAS = "security.loginconfig.system";
    public static final String APPL_CONFIG_LOGIN_JAAS = "security.loginconfig.application";
    public static final String ENFORCE_JAVA2SECURITY = "security.java2security";
    public static final String USE_FIPS = "com.ibm.security.useFIPS";
    public static final String IBMJCEFIPS = "com.ibm.crypto.fips.provider.IBMJCEFIPS";
    public static final String IBMJSSEFIPS = "com.ibm.fips.jsse.IBMJSSEFIPSProvider";
    public static final String IBMJSSE = "com.ibm.jsse.IBMJSSEProvider";
    public static final String IBMJCE = "com.ibm.crypto.provider.IBMJCE";
    public static final String PROVIDER = "IBMJCE";
    public static final String DEFAULT_JCE_PROVIDER = "DEFAULT_JCE_PROVIDER";
    public static boolean isLDAP;
    public static boolean isTAM;
    public static final String AUTH_MECHANISM_SWAM = "SWAM";
    public static final String AUTH_MECHANISM_LTPA = "LTPA";
    public static final String AUTH_MECHANISM_KERBEROS = "KERBEROS";
    public static final String AUTH_MECHANISM_CUSTOM = "CUSTOM";
    public static final Boolean disabled;
    public static final Boolean enabled;
    public static final Long cacheTimeout;
    private static String toStringResult;
    private static boolean toStringChange;
    static Class class$com$ibm$ws$security$core$SecurityConfig;
    static Class class$com$ibm$websphere$models$config$applicationserver$ApplicationServer;
    static Class class$com$ibm$websphere$models$config$applicationserver$webcontainer$WebContainer;

    public static SecurityConfig getConfig() {
        return secCfg;
    }

    private SecurityConfig() {
        init();
    }

    private void init() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init");
        }
        this.myProps.put(ACTIVE_AUTH_MECHANISM, AUTH_MECHANISM_SWAM);
        Boolean bool = new Boolean(false);
        Long l = new Long(30000L);
        this.myProps.put(TRUST_ASSOCIATION_ENABLED, bool);
        this.myProps.put(CACHE_TIMEOUT, l);
        this.myProps.put(SECURITY_ENABLED, bool);
        this.myProps.put(SSO_ENABLED, bool);
        this.myProps.put(SSO_SSL, bool);
        this.myProps.put(QUALIFIED_USER_NAME, bool);
        this.myProps.put(SECURITY_SERVER_NAME, "SecurityServer");
        this.myProps.put(USE_LOCAL_SEC_SERVER, bool);
        this.myProps.put(USE_FIPS, bool.toString());
        this.myProps.put(PROVIDER, PROVIDER);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init");
        }
    }

    public Object getValue(String str) {
        return this.myProps.get(str);
    }

    public void setValue(String str, Object obj) throws IllegalArgumentException {
        toStringChange = true;
        this.myProps.put(str, obj);
    }

    public void setValues(Security security) {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setValues ").append(security).toString());
        }
        this.myProps.put("security.toplevel.properties", security.getProperties());
        Properties properties = getProperties(security.getProperties());
        String str2 = (String) properties.get(PROP_EXCEPTION_TO_CLIENT);
        if (str2 == null) {
            str2 = System.getProperty(PROP_EXCEPTION_TO_CLIENT);
        }
        if (str2 == null || !(str2.equalsIgnoreCase("true") || str2.equalsIgnoreCase("yes"))) {
            this.myProps.put(PROP_EXCEPTION_TO_CLIENT, "false");
        } else {
            this.myProps.put(PROP_EXCEPTION_TO_CLIENT, "true");
        }
        String str3 = (String) properties.get(REGISTRY_MAX_USERID_SIZE_PROPERTY);
        if (str3 == null || str3.equals("")) {
            this.myProps.put(REGISTRY_MAX_USERID_SIZE_PROPERTY, "256");
        } else {
            this.myProps.put(REGISTRY_MAX_USERID_SIZE_PROPERTY, str3);
        }
        String str4 = (String) properties.get(REGISTRY_MAX_PASSWORD_SIZE_PROPERTY);
        if (str4 == null || str4.equals("")) {
            this.myProps.put(REGISTRY_MAX_PASSWORD_SIZE_PROPERTY, "256");
        } else {
            this.myProps.put(REGISTRY_MAX_PASSWORD_SIZE_PROPERTY, str4);
        }
        Properties properties2 = null;
        String property = getProperties(security.getProperties()).getProperty(USE_FIPS);
        if (property != null) {
            getConfig().setValue(USE_FIPS, property);
        }
        if (security.getActiveAuthMechanism() instanceof LTPA) {
            LTPA ltpa = (LTPA) security.getActiveAuthMechanism();
            this.myProps.put(LTPA_EXPIRATION_TIME, new Long(ltpa.getTimeout()));
            this.myProps.put(LTPA_PASSWORD, ltpa.getPassword());
            this.myProps.put(ACTIVE_AUTH_MECHANISM, AUTH_MECHANISM_LTPA);
            this.myProps.put(AUTH_MECHANISM_OID, ltpa.getOID());
            this.myProps.put(AUTH_MECHANISM_AUTHALIAS, ltpa.getAuthConfig());
            this.myProps.put(AUTH_MECHANISM_SIMPAUTHALIAS, ltpa.getSimpleAuthConfig());
            this.myProps.put(AUTH_MECHANISM_VALIDATEALIAS, ltpa.getAuthValidationConfig());
            this.myProps.put(AUTH_MECHANISM_FORWARDABLE_CRED, enabled);
            this.myProps.put(AUTH_MECHANISM_CONTEXTIMPL, ltpa.getAuthContextImplClass());
            setLTPAKeys(ltpa, this.myProps);
            SingleSignon singleSignon = ltpa.getSingleSignon();
            this.myProps.put(SSO_ENABLED, new Boolean(singleSignon.isEnabled()));
            this.myProps.put(SSO_DOMAIN, singleSignon.getDomainName());
            this.myProps.put(SSO_SSL, new Boolean(singleSignon.isRequiresSSL()));
            if (System.getProperty("com.ibm.ejs.security.setSSODomain", "true").equals("false")) {
                this.myProps.put("security.ltpa.setSSODomain", disabled);
            } else {
                this.myProps.put("security.ltpa.setSSODomain", enabled);
            }
            this.myProps.put(TRUST_ASSOCIATION_ENABLED, new Boolean(ltpa.getTrustAssociation().isEnabled()));
            this.myProps.put(TRUST_ASSOCIATIONS, ltpa.getTrustAssociation());
        } else if (security.getActiveAuthMechanism() instanceof SWAMAuthentication) {
            this.myProps.put(ACTIVE_AUTH_MECHANISM, AUTH_MECHANISM_SWAM);
            this.myProps.put(AUTH_MECHANISM_CONTEXTIMPL, "");
            this.myProps.put(AUTH_MECHANISM_OID, "No OID for this mechanism");
            SWAMAuthentication activeAuthMechanism = security.getActiveAuthMechanism();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("SWAM props are: ").append(activeAuthMechanism).toString());
            }
            this.myProps.put(AUTH_MECHANISM_FORWARDABLE_CRED, disabled);
            this.myProps.put(AUTH_MECHANISM_AUTHALIAS, activeAuthMechanism.getAuthConfig());
        } else if (security.getActiveAuthMechanism() instanceof CustomAuthMechanism) {
            CustomAuthMechanism activeAuthMechanism2 = security.getActiveAuthMechanism();
            this.myProps.put(AUTH_MECHANISM_OID, activeAuthMechanism2.getOID());
            this.myProps.put(AUTH_MECHANISM_AUTHALIAS, activeAuthMechanism2.getAuthConfig());
            this.myProps.put(AUTH_MECHANISM_SIMPAUTHALIAS, activeAuthMechanism2.getSimpleAuthConfig());
            this.myProps.put(AUTH_MECHANISM_VALIDATEALIAS, activeAuthMechanism2.getAuthValidationConfig());
            this.myProps.put(AUTH_MECHANISM_FORWARDABLE_CRED, enabled);
            this.myProps.put(AUTH_MECHANISM_CONTEXTIMPL, activeAuthMechanism2.getAuthContextImplClass());
            this.myProps.put(ACTIVE_AUTH_MECHANISM, AUTH_MECHANISM_CUSTOM);
        } else if (security.getActiveAuthMechanism() instanceof AuthMechanism) {
            AuthMechanism activeAuthMechanism3 = security.getActiveAuthMechanism();
            this.myProps.put(AUTH_MECHANISM_OID, activeAuthMechanism3.getOID());
            this.myProps.put(AUTH_MECHANISM_AUTHALIAS, activeAuthMechanism3.getAuthConfig());
            this.myProps.put(AUTH_MECHANISM_SIMPAUTHALIAS, activeAuthMechanism3.getSimpleAuthConfig());
            this.myProps.put(AUTH_MECHANISM_VALIDATEALIAS, activeAuthMechanism3.getAuthValidationConfig());
            this.myProps.put(AUTH_MECHANISM_FORWARDABLE_CRED, enabled);
            this.myProps.put(AUTH_MECHANISM_CONTEXTIMPL, activeAuthMechanism3.getAuthContextImplClass());
            this.myProps.put(ACTIVE_AUTH_MECHANISM, AUTH_MECHANISM_KERBEROS);
        }
        if (security.getActiveUserRegistry() instanceof LocalOSUserRegistry) {
            this.myProps.put("security.activeUserRegistryType", "LOCALOS");
        }
        if (security.getActiveUserRegistry() instanceof CustomUserRegistry) {
            this.myProps.put("security.activeUserRegistryType", AUTH_MECHANISM_CUSTOM);
            Properties properties3 = new Properties();
            CustomUserRegistry activeUserRegistry = security.getActiveUserRegistry();
            if (activeUserRegistry != null) {
                properties3.put("CustUserRegImplClass", activeUserRegistry.getCustomRegistryClassName());
                this.myProps.put(CUSTOM_REG_PROPS, properties3);
                this.myProps.put("security.registry.IgnoreCase", new Boolean(activeUserRegistry.isIgnoreCase()));
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Active registry");
            }
        }
        if (security.getActiveUserRegistry() instanceof LDAPUserRegistry) {
            this.myProps.put("security.activeUserRegistryType", "LDAP");
            Properties properties4 = null;
            LDAPUserRegistry activeUserRegistry2 = security.getActiveUserRegistry();
            if (activeUserRegistry2 != null) {
                properties4 = setLDAPProperties(activeUserRegistry2);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Active registry");
            }
            this.myProps.put(LDAP_PROPS, properties4);
            this.myProps.put(LDAP_SSL_ENABLED, new Boolean(activeUserRegistry2.isSslEnabled()));
            this.myProps.put("security.registry.IgnoreCase", new Boolean(activeUserRegistry2.isIgnoreCase()));
            SecureSocketLayer secureSocketLayer = null;
            String sslConfig = activeUserRegistry2.getSslConfig();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Ldap SSL alias is ").append(sslConfig).toString());
            }
            int i = 0;
            while (true) {
                if (i >= security.getRepertoire().size()) {
                    break;
                }
                if (((SSLConfig) security.getRepertoire().get(i)).getAlias().equals(sslConfig)) {
                    secureSocketLayer = ((SSLConfig) security.getRepertoire().get(i)).getSetting();
                    break;
                }
                i++;
            }
            if (activeUserRegistry2.isSslEnabled() && secureSocketLayer != null) {
                this.myProps.put(LDAP_SSL_CONFIG, secureSocketLayer);
            }
            isLDAP = true;
            properties2 = getProperties(security.getActiveUserRegistry().getProperties());
            if (properties2 != null && (str = (String) properties2.get("com.ibm.websphere.security.registry.UseTAM")) != null && str.equalsIgnoreCase("true")) {
                isTAM = true;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using Tivoli Access Manager");
                }
            }
        }
        this.myProps.put(ACTIVE_AUTH_MECHANISM_OID, security.getActiveAuthMechanism().getOID());
        this.myProps.put(ACTIVE_USER_REGISTRY, security.getActiveUserRegistry());
        this.myProps.put(SERVER_ID, security.getActiveUserRegistry().getServerId());
        this.myProps.put(SERVER_PASSWD, security.getActiveUserRegistry().getServerPassword());
        if (properties2 != null) {
            this.myProps.put(ACTIVE_USER_REGISTRY_PROPS, properties2);
        } else {
            this.myProps.put(ACTIVE_USER_REGISTRY_PROPS, getProperties(security.getActiveUserRegistry().getProperties()));
        }
        this.myProps.put(ACTIVE_USER_REGISTRY_REALM, security.getActiveUserRegistry().getRealm());
        this.myProps.put(SECURITY_SERVER_NAME, "SecurityServer");
        String property2 = System.getProperty("com.ibm.ws.security.cacheCushionMin");
        if (property2 == null || property2.equals("")) {
            this.myProps.put(CACHE_CUSHION_MIN, new Integer("3"));
        } else {
            this.myProps.put(CACHE_CUSHION_MIN, new Integer(property2));
        }
        String property3 = System.getProperty("com.ibm.ws.security.cacheCushionMax");
        if (property3 == null || property3.equals("")) {
            this.myProps.put(CACHE_CUSHION_MAX, new Integer("10"));
        } else {
            this.myProps.put(CACHE_CUSHION_MAX, new Integer(property3));
        }
        this.myProps.put(SECURITY_ENABLED, new Boolean(security.isEnabled()));
        if (security.getCacheTimeout() > 0) {
            this.myProps.put(CACHE_TIMEOUT, new Long(security.getCacheTimeout()));
        } else {
            this.myProps.put(CACHE_TIMEOUT, cacheTimeout);
        }
        this.myProps.put(QUALIFIED_USER_NAME, new Boolean(security.isUseDomainQualifiedUserNames()));
        this.myProps.put(USE_LOCAL_SEC_SERVER, new Boolean(security.isUseLocalSecurityServer()));
        this.myProps.put(ISSUE_PERM_WARNING, new Boolean(security.isIssuePermissionWarning()));
        this.myProps.put(SYSTEM_CONFIG_LOGIN_JAAS, security.getSystemLoginConfig());
        this.myProps.put(APPL_CONFIG_LOGIN_JAAS, security.getApplicationLoginConfig());
        if (security.getAuthDataEntries() != null) {
            refreshAuthDataEntries(security);
        }
        this.myProps.put(ENFORCE_JAVA2SECURITY, new Boolean(security.isEnforceJava2Security()));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setValues");
        }
    }

    public static void updateHTTPTransports(Server server) {
        Class cls;
        Class cls2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("updateHTTPTransports ").append(server).toString());
        }
        EList components = server.getComponents();
        ApplicationServer applicationServer = null;
        if (class$com$ibm$websphere$models$config$applicationserver$ApplicationServer == null) {
            cls = class$("com.ibm.websphere.models.config.applicationserver.ApplicationServer");
            class$com$ibm$websphere$models$config$applicationserver$ApplicationServer = cls;
        } else {
            cls = class$com$ibm$websphere$models$config$applicationserver$ApplicationServer;
        }
        Class cls3 = cls;
        Iterator it = components.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (cls3.isInstance(next)) {
                applicationServer = (ApplicationServer) next;
                break;
            }
        }
        EList components2 = applicationServer.getComponents();
        WebContainer webContainer = null;
        if (class$com$ibm$websphere$models$config$applicationserver$webcontainer$WebContainer == null) {
            cls2 = class$("com.ibm.websphere.models.config.applicationserver.webcontainer.WebContainer");
            class$com$ibm$websphere$models$config$applicationserver$webcontainer$WebContainer = cls2;
        } else {
            cls2 = class$com$ibm$websphere$models$config$applicationserver$webcontainer$WebContainer;
        }
        Class cls4 = cls2;
        Iterator it2 = components2.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Object next2 = it2.next();
            if (cls4.isInstance(next2)) {
                webContainer = (WebContainer) next2;
                break;
            }
        }
        secCfg.setValue(WEB_TRANSPORTS, webContainer.getTransports());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updateHTTPTransports ");
        }
    }

    public Properties setLDAPProperties(UserRegistry userRegistry) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setLDAPProperties ");
        }
        LDAPUserRegistry lDAPUserRegistry = (LDAPUserRegistry) userRegistry;
        Properties properties = new Properties();
        properties.put("LDAP.server.id", lDAPUserRegistry.getServerId());
        properties.put("LDAP.server.pwd", lDAPUserRegistry.getServerPassword());
        properties.put("user.filter", lDAPUserRegistry.getSearchFilter().getUserFilter());
        properties.put("group.filter", lDAPUserRegistry.getSearchFilter().getGroupFilter());
        properties.put("group.idmap", lDAPUserRegistry.getSearchFilter().getGroupIdMap());
        properties.put("user.idmap", lDAPUserRegistry.getSearchFilter().getUserIdMap());
        properties.put("groupmember.idmap", lDAPUserRegistry.getSearchFilter().getGroupMemberIdMap());
        properties.put(LDAP_SEARCH_TIME_LIMIT, Long.toString(lDAPUserRegistry.getSearchTimeout()));
        properties.put(LDAP_REUSE_CONN, new Boolean(lDAPUserRegistry.isReuseConnection()).toString());
        this.myProps.put("security.registry.IgnoreCase", new Boolean(lDAPUserRegistry.isIgnoreCase()));
        if (lDAPUserRegistry.getSearchFilter() != null) {
            switch (lDAPUserRegistry.getSearchFilter().getCertificateMapMode().getValue()) {
                case 0:
                    properties.put("certificate.map.mode", "exactDNMode");
                    break;
                case 1:
                    properties.put("certificate.map.mode", "filterDescriptorMode");
                    if (lDAPUserRegistry.getSearchFilter().getCertificateFilter() != null) {
                        properties.put("certificate.map.filter", lDAPUserRegistry.getSearchFilter().getCertificateFilter());
                        break;
                    } else {
                        Tr.warning(tc, "security.config.missingAttributeCertFilter");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No CertificateFilter specified. Mandatory for Certificate Mode CERTIFICATE_FILTER");
                            break;
                        }
                    }
                    break;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LDAP registry search filter info missing");
        }
        EList hosts = lDAPUserRegistry.getHosts();
        String str = "";
        String str2 = "";
        if (hosts != null && hosts.size() > 0) {
            EndPoint endPoint = (EndPoint) hosts.iterator().next();
            str = endPoint.getHost();
            str2 = Integer.toString(endPoint.getPort());
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LDAP server host and port info missing");
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        if (!stringBuffer.toString().startsWith("ldap://")) {
            stringBuffer.insert(0, "ldap://");
        }
        if (str2 != null && str2.length() > 0) {
            stringBuffer.append(new StringBuffer().append(":").append(str2).toString());
        }
        stringBuffer.append("/");
        String baseDN = lDAPUserRegistry.getBaseDN();
        if (baseDN != null && baseDN.length() > 0) {
            properties.put("ldap.basedn", baseDN);
            stringBuffer.append(baseDN);
        }
        properties.put("java.naming.provider.url", stringBuffer.toString());
        if (lDAPUserRegistry.getBindDN() != null && lDAPUserRegistry.getBindDN().length() > 0) {
            properties.put("java.naming.security.principal", lDAPUserRegistry.getBindDN());
        }
        if (lDAPUserRegistry.getBindPassword() != null && lDAPUserRegistry.getBindPassword().length() > 0) {
            properties.put("java.naming.security.credentials", lDAPUserRegistry.getBindPassword());
        }
        if (lDAPUserRegistry.getType() != null) {
            switch (lDAPUserRegistry.getType().getValue()) {
                case 0:
                    properties.put("dirType", "ibm_dir_server");
                    break;
                case 1:
                    properties.put("dirType", "secureway");
                    break;
                case 2:
                    properties.put("dirType", "iplanet");
                    break;
                case 3:
                    properties.put("dirType", "netscape");
                    break;
                case 4:
                    properties.put("dirType", "domino50");
                    break;
                case 5:
                    properties.put("dirType", "edirectory");
                    break;
                case 6:
                    properties.put("dirType", "actived");
                    break;
                case 7:
                    properties.put("dirType", "custom");
                    break;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Unknow LDAP registry type");
        }
        properties.put("CustUserRegImplClass", LDAP_REG_IMPL_CLASS);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("setLDAPProperties ").append(maskPasswords(properties)).toString());
        }
        return properties;
    }

    public static Properties getTrustProperties(List list) {
        Properties properties = new Properties();
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                Property property = (Property) list.get(i);
                properties.put(property.getName(), property.getValue());
            }
        }
        return properties;
    }

    public static Properties getProperties(List list) {
        Properties properties = new Properties();
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                Property property = (Property) list.get(i);
                properties.put(property.getName(), property.getValue());
            }
        }
        return properties;
    }

    public Properties getAuthData(String str) throws SecurityException {
        AuthData authDataInt = WSDefaultPrincipalMapping.getAuthDataInt(str);
        if (authDataInt == null) {
            return null;
        }
        Properties properties = new Properties();
        properties.put("username", authDataInt.uid);
        properties.put("password", authDataInt.psw);
        return properties;
    }

    public String toString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "toString()");
        }
        try {
            if (this.myProps == null || !(toStringResult == null || toStringChange)) {
                toStringResult = new StringBuffer().append("SecurityConfig property values:\n").append("None to report, null property table.\n").toString();
            } else {
                HashMap hashMap = new HashMap(this.myProps);
                hashMap.put(SERVER_PASSWD, "XXXXXX");
                hashMap.put(LTPA_PASSWORD, "XXXXXX");
                Properties properties = (Properties) hashMap.get(LDAP_PROPS);
                Properties properties2 = null;
                if (properties != null) {
                    properties2 = new Properties();
                    Enumeration<?> propertyNames = properties.propertyNames();
                    while (propertyNames.hasMoreElements()) {
                        String str = (String) propertyNames.nextElement();
                        String property = properties.getProperty(str);
                        if (property != null) {
                            properties2.setProperty(str, property);
                        }
                    }
                }
                if (properties2 != null) {
                    if (properties2.getProperty("LDAP.server.pwd") != null) {
                        properties2.setProperty("LDAP.server.pwd", "XXXXXX");
                    }
                    Properties properties3 = (Properties) hashMap.get(ACTIVE_USER_REGISTRY_PROPS);
                    Properties properties4 = null;
                    if (properties3 != null) {
                        properties4 = new Properties();
                        Enumeration<?> propertyNames2 = properties3.propertyNames();
                        while (propertyNames2.hasMoreElements()) {
                            String str2 = (String) propertyNames2.nextElement();
                            String property2 = properties3.getProperty(str2);
                            if (property2 != null) {
                                properties4.setProperty(str2, property2);
                            }
                        }
                    }
                    if (properties4 != null) {
                        if (properties4.getProperty("java.naming.security.credentials") != null) {
                            properties4.setProperty("java.naming.security.credentials", "XXXXXX");
                        }
                        if (properties4.getProperty("LDAP.server.pwd") != null) {
                            properties4.setProperty("LDAP.server.pwd", "XXXXXX");
                        }
                        if (properties4.getProperty("sslConfig") != null) {
                            properties4.setProperty("sslConfig", "XXXXXX");
                        }
                        hashMap.put(ACTIVE_USER_REGISTRY_PROPS, properties4);
                    }
                    if (((SecureSocketLayer) hashMap.get(LDAP_SSL_CONFIG)) != null) {
                        hashMap.remove(LDAP_SSL_CONFIG);
                    }
                    hashMap.put(LDAP_PROPS, maskPasswords(properties2));
                }
                toStringResult = new StringBuffer().append("SecurityConfig property values:\n").append(hashMap.toString()).toString();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "toString()");
            }
            return toStringResult;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception occurred in toString(): ").append(e.getMessage()).toString());
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "toString() -> NULL");
            return null;
        }
    }

    public static boolean isRegLDAP() {
        return isLDAP;
    }

    public static boolean isRegTAM() {
        return isTAM;
    }

    private void setLTPAKeys(LTPA ltpa, HashMap hashMap) {
        Key shared;
        Key key;
        String str = null;
        if (ltpa.getPrivate() != null) {
            Tr.debug(tc, "ltpa.isSetPrivate() is true");
            Key key2 = ltpa.getPrivate();
            if (key2 != null) {
                Tr.debug(tc, "key.isSetByteArray()  is true");
                str = key2.getByteArray();
            }
        }
        hashMap.put("com.ibm.websphere.ltpa.PrivateKey", str);
        String str2 = null;
        if (ltpa.getPublic() != null && (key = ltpa.getPublic()) != null) {
            str2 = key.getByteArray();
        }
        hashMap.put("com.ibm.websphere.ltpa.PublicKey", str2);
        String str3 = null;
        if (ltpa.getShared() != null && (shared = ltpa.getShared()) != null) {
            str3 = shared.getByteArray();
        }
        hashMap.put("com.ibm.websphere.ltpa.3DESKey", str3);
    }

    public static Properties maskPasswords(Properties properties) {
        Properties properties2 = new Properties();
        if (properties == null) {
            return null;
        }
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            properties2.put(str, properties.get(str));
        }
        if (properties.getProperty(LTPA_PASSWORD) != null) {
            properties2.put(LTPA_PASSWORD, "XXXXXX");
        }
        if (properties.getProperty("java.naming.security.credentials") != null) {
            properties2.put("java.naming.security.credentials", "XXXXXX");
        }
        if (properties.getProperty(SERVER_PASSWD) != null) {
            properties2.put(SERVER_PASSWD, "XXXXXX");
        }
        if (properties.getProperty("LDAP.server.pwd") != null) {
            properties2.put("LDAP.server.pwd", "XXXXXX");
        }
        return properties2;
    }

    public static void expandSSLVars(SecureSocketLayer secureSocketLayer) {
        int length = "${USER_INSTALL_ROOT}".length();
        String str = (String) getConfig().getValue("${USER_INSTALL_ROOT}");
        if (secureSocketLayer == null) {
            return;
        }
        String keyFileName = secureSocketLayer.getKeyFileName();
        if (keyFileName.startsWith("${USER_INSTALL_ROOT}")) {
            StringBuffer stringBuffer = new StringBuffer(keyFileName);
            stringBuffer.replace(0, length, str);
            secureSocketLayer.setKeyFileName(stringBuffer.toString());
        }
        String trustFileName = secureSocketLayer.getTrustFileName();
        if (trustFileName.startsWith("${USER_INSTALL_ROOT}")) {
            StringBuffer stringBuffer2 = new StringBuffer(trustFileName);
            stringBuffer2.replace(0, length, str);
            secureSocketLayer.setTrustFileName(stringBuffer2.toString());
        }
    }

    public static Properties expandProps(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expandProps");
        }
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String str2 = null;
            if (properties.get(str) instanceof String) {
                str2 = (String) properties.get(str);
            }
            if (str2 != null && str2.startsWith("${USER_INSTALL_ROOT}")) {
                int length = "${USER_INSTALL_ROOT}".length();
                String str3 = (String) getConfig().getValue("${USER_INSTALL_ROOT}");
                StringBuffer stringBuffer = new StringBuffer(str2);
                stringBuffer.replace(0, length, str3);
                properties.put(str, stringBuffer.toString());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("expanding the property: ").append(str2).append(" to: ").append(stringBuffer.toString()).toString());
                }
            } else if (str2 != null && str2.startsWith("${WAS_INSTALL_ROOT}")) {
                int length2 = "${WAS_INSTALL_ROOT}".length();
                String str4 = (String) getConfig().getValue("${WAS_INSTALL_ROOT}");
                StringBuffer stringBuffer2 = new StringBuffer(str2);
                stringBuffer2.replace(0, length2, str4);
                properties.put(str, stringBuffer2.toString());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("expanding the property: ").append(str2).append(" to: ").append(stringBuffer2.toString()).toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expandProps");
        }
        return properties;
    }

    public static String expandString(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expandString");
        }
        if (str != null && str.startsWith("${USER_INSTALL_ROOT}")) {
            int length = "${USER_INSTALL_ROOT}".length();
            String str2 = (String) getConfig().getValue("${USER_INSTALL_ROOT}");
            StringBuffer stringBuffer = new StringBuffer(str);
            stringBuffer.replace(0, length, str2);
            str = stringBuffer.toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("expanding the string to: ").append(str).toString());
            }
        } else if (str != null && str.startsWith("${WAS_INSTALL_ROOT}")) {
            int length2 = "${WAS_INSTALL_ROOT}".length();
            String str3 = (String) getConfig().getValue("${WAS_INSTALL_ROOT}");
            StringBuffer stringBuffer2 = new StringBuffer(str);
            stringBuffer2.replace(0, length2, str3);
            str = stringBuffer2.toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("expanding the string to : ").append(str).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expandString", str);
        }
        return str;
    }

    void refreshAuthDataEntries(Security security) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshAuthDataEntries");
        }
        HashMap hashMap = new HashMap();
        for (JAASAuthData jAASAuthData : security.getAuthDataEntries()) {
            if (jAASAuthData != null) {
                hashMap.put(jAASAuthData.getAlias(), new AuthData(jAASAuthData.getUserId(), jAASAuthData.getPassword()));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("AuthData - add ").append(jAASAuthData.getAlias()).toString());
                }
            }
        }
        WSDefaultPrincipalMapping.refreshAuthData(hashMap);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshAuthDataEntries");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$SecurityConfig == null) {
            cls = class$("com.ibm.ws.security.core.SecurityConfig");
            class$com$ibm$ws$security$core$SecurityConfig = cls;
        } else {
            cls = class$com$ibm$ws$security$core$SecurityConfig;
        }
        tc = Tr.register(cls.getName(), (String) null, "com.ibm.ejs.resources.security");
        secCfg = new SecurityConfig();
        isLDAP = false;
        isTAM = false;
        disabled = new Boolean(false);
        enabled = new Boolean(true);
        cacheTimeout = new Long(30000L);
        toStringResult = null;
        toStringChange = false;
    }
}
