package com.ibm.ws.security.core;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityUtilityImpl.InvalidPasswordDecodingException;
import com.ibm.ISecurityUtilityImpl.InvalidPasswordEncodingException;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.channelservice.Chain;
import com.ibm.websphere.models.config.channelservice.TransportChannel;
import com.ibm.websphere.models.config.channelservice.TransportChannelService;
import com.ibm.websphere.models.config.channelservice.channels.ORBInboundChannel;
import com.ibm.websphere.models.config.channelservice.channels.SSLInboundChannel;
import com.ibm.websphere.models.config.channelservice.channels.TCPInboundChannel;
import com.ibm.websphere.models.config.ipc.EndPoint;
import com.ibm.websphere.models.config.orb.securityprotocol.CommonSecureInterop;
import com.ibm.websphere.models.config.orb.securityprotocol.IIOPLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.IIOPSecurityProtocol;
import com.ibm.websphere.models.config.orb.securityprotocol.IdentityAssertionLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.IdentityAssertionQOP;
import com.ibm.websphere.models.config.orb.securityprotocol.MessageLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.MessageQOP;
import com.ibm.websphere.models.config.orb.securityprotocol.ServerIdentity;
import com.ibm.websphere.models.config.orb.securityprotocol.TransportLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.TransportQOP;
import com.ibm.websphere.models.config.process.Server;
import com.ibm.websphere.models.config.security.CustomAuthMechanism;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.channel.framework.impl.WSVirtualConnectionFactoryImpl;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.SASPropFile;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Properties;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:ws_runtime.jar:com/ibm/ws/security/core/SASConfig.class */
public class SASConfig {
    private static final TraceComponent tc;
    private static SASConfig config;
    public static final String SECURITY_ENABLED_PROPERTY = "com.ibm.CORBA.securityEnabled";
    public static final String AUTHENTICATION_TARGET_PROPERTY = "com.ibm.CORBA.authenticationTarget";
    public static final String PRINCIPAL_NAME_PROPERTY = "com.ibm.CORBA.principalName";
    public static final String LOGIN_USERID = "com.ibm.CORBA.loginUserid";
    public static final String LOGIN_PASSWORD = "com.ibm.CORBA.loginPassword";
    public static final String SECURITY_CACHE_TIMEOUT_PROPERTY = "com.ibm.CORBA.securityCacheTimeout";
    public static final String ORB_SSL_LISTENER_ADDRESS = "ORB_SSL_LISTENER_ADDRESS";
    public static final String CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS = "CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS";
    public static final String CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS = "CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS";
    public static final String SAS_SSL_SERVERAUTH_LISTENER_ADDRESS = "SAS_SSL_SERVERAUTH_LISTENER_ADDRESS";
    public static final String CELL_NODE_SERVER = "com.ibm.CSI.CellNodeServer";
    public static final String PLUGGABLE_AUTHZN_PROPERTY = "com.ibm.websphere.security.authorizationTable";
    private static final String[] propNames;
    private static final int SECURITY_ENABLED = 0;
    private static final int AUTHENTICATION_TARGET = 1;
    private static final int PRINCIPAL_NAME = 2;
    private static final int LOGIN_USERID_INDEX = 3;
    private static final int LOGIN_PASSWORD_INDEX = 4;
    private static final int SECURITY_CACHE_TIMEOUT = 5;
    private static final int SERVER_SECURITY_ENABLED = 6;
    private static final String LOCALOS_USERID = "LOCALOS.server.id";
    private static final String LOCALOS_PASSWORD = "LOCALOS.server.pwd";
    private boolean isRequired;
    private boolean forceRestart = false;
    private URL configURL = null;
    private URL futureConfigURL = null;
    private Properties localOSData;
    static Class class$com$ibm$ws$security$core$SASConfig;
    static Class class$com$ibm$websphere$models$config$channelservice$TransportChannelService;
    static Class class$com$ibm$websphere$models$config$channelservice$channels$ORBInboundChannel;
    static Class class$com$ibm$websphere$models$config$channelservice$channels$SSLInboundChannel;
    static Class class$com$ibm$websphere$models$config$channelservice$channels$TCPInboundChannel;

    public static SASConfig getInstance() {
        Class cls;
        if (config == null) {
            if (class$com$ibm$ws$security$core$SASConfig == null) {
                cls = class$("com.ibm.ws.security.core.SASConfig");
                class$com$ibm$ws$security$core$SASConfig = cls;
            } else {
                cls = class$com$ibm$ws$security$core$SASConfig;
            }
            Class cls2 = cls;
            synchronized (cls) {
                if (config == null) {
                    config = new SASConfig();
                }
            }
        }
        return config;
    }

    private SASConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SASConfig");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SASConfig");
        }
    }

    public boolean isRequired() {
        return this.isRequired;
    }

    private boolean isInitialized() {
        return this.configURL != null;
    }

    private static void copy(URL url, URL url2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "copy");
        }
        InputStream inputStream = null;
        OutputStream outputStream = null;
        try {
            try {
                inputStream = url.openStream();
                outputStream = getOutputStream(url2);
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        outputStream.write(bArr, 0, read);
                    }
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                if (outputStream != null) {
                    outputStream.close();
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "copy");
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.copy", "179");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "copy", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            if (outputStream != null) {
                outputStream.close();
            }
            throw th;
        }
    }

    public Properties getLoginData(String str) throws IOException {
        Properties properties = null;
        if (str.equals("LOCALOS")) {
            properties = this.localOSData;
        }
        return properties;
    }

    public synchronized void setLoginData(String str, Properties properties) throws IOException {
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setLoginData");
        }
        if (!isInitialized()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setLoginData");
            }
            throw new FileNotFoundException("ConfigURL");
        }
        boolean z = false;
        StringBuffer stringBuffer = new StringBuffer(str);
        stringBuffer.append(".server.");
        int length = stringBuffer.length();
        stringBuffer.append("id");
        String stringBuffer2 = stringBuffer.toString();
        String property = properties.getProperty(stringBuffer2);
        String property2 = this.localOSData.getProperty(stringBuffer2);
        if (property2 != null && property != null && !property2.equals(property)) {
            this.localOSData.put(stringBuffer2, property);
            z = true;
        }
        stringBuffer.setLength(length);
        stringBuffer.append("pwd");
        String stringBuffer3 = stringBuffer.toString();
        String property3 = properties.getProperty(stringBuffer3);
        String property4 = this.localOSData.getProperty(stringBuffer3);
        if (property4 != null && property3 != null && !property4.equals(property3)) {
            try {
                str2 = PasswordUtil.decode(property3);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.core.SASConfig.setLoginData", "249", (Object) this);
                str2 = property3;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SASConfig.setLoginData", "254", this);
                str2 = property3;
                Tr.error(tc, "security.sas.decode.error", new Object[]{property3, stringBuffer3});
            }
            this.localOSData.put(stringBuffer3, str2);
            z = true;
        }
        if (z) {
            Properties loadProperties = loadProperties(this.futureConfigURL);
            Enumeration<?> propertyNames = this.localOSData.propertyNames();
            while (propertyNames.hasMoreElements()) {
                stringBuffer3 = (String) propertyNames.nextElement();
                loadProperties.put(stringBuffer3, this.localOSData.getProperty(stringBuffer3));
            }
            try {
                SASPropFile.encodePropPasswords(loadProperties);
            } catch (InvalidPasswordEncodingException e3) {
                FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.core.SASConfig.setLoginData", "278", (Object) this);
                Tr.error(tc, "security.sas.encode.error", new Object[]{stringBuffer3, this.localOSData.getProperty(stringBuffer3)});
            }
            SASPropFile.saveConfig(loadProperties, this.futureConfigURL);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setLoginData");
        }
    }

    private boolean isCurrent() {
        boolean z = false;
        try {
            z = equal(loadProperties(this.futureConfigURL), loadProperties(this.configURL));
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.isCurrent", "299", this);
            Tr.error(tc, "security.sasconfig.currenterror", new Object[]{this.configURL.getPath(), this.futureConfigURL.getPath()});
        }
        return z;
    }

    private boolean equal(Properties properties, Properties properties2) {
        boolean z = true;
        int i = 0;
        while (true) {
            try {
                if (i >= propNames.length) {
                    break;
                }
                if (!properties.getProperty(propNames[i]).equals(properties2.getProperty(propNames[i]))) {
                    z = false;
                    break;
                }
                i++;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.security.core.SASConfig.equal", "325", this);
                z = false;
            }
        }
        return z;
    }

    private Properties loadProperties(URL url) throws IOException {
        return loadProperties(url, true);
    }

    private static Properties loadProperties(URL url, boolean z) throws IOException {
        Properties properties = new Properties();
        InputStream openStream = url.openStream();
        try {
            properties.load(openStream);
            if (openStream != null) {
                openStream.close();
            }
            if (z) {
                try {
                    SASPropFile.decodePropPasswords(properties);
                } catch (InvalidPasswordDecodingException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.loadProperties", "365");
                    Tr.error(tc, "security.sas.decode.error", new Object[]{url, properties});
                }
            }
            return properties;
        } catch (Throwable th) {
            if (openStream != null) {
                openStream.close();
            }
            throw th;
        }
    }

    private static OutputStream getOutputStream(URL url) throws IOException {
        return url.getProtocol().equals("file") ? new FileOutputStream(url.getFile()) : url.openConnection().getOutputStream();
    }

    private static boolean exists(URL url) {
        boolean z = false;
        try {
            InputStream openStream = url.openStream();
            int read = openStream.read();
            openStream.close();
            if (read >= 0) {
                z = true;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.exists", "404");
        }
        return z;
    }

    private static boolean delete(URL url) {
        boolean z = false;
        if (url.getProtocol().equals("file")) {
            try {
                getOutputStream(url).close();
                z = true;
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.delete", "422");
            }
        }
        return z;
    }

    private static boolean renameTo(URL url, URL url2) {
        boolean z = false;
        if (url.getProtocol().equals("file")) {
            try {
                copy(url, url2);
                delete(url);
                z = true;
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.renameTo", "439");
            }
        }
        return z;
    }

    private boolean isORBSecurityEnabled(ORB orb) {
        boolean z = false;
        String property = orb.getProperty("com.ibm.CORBA.securityEnabled");
        if (property != null && (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes"))) {
            z = true;
        }
        return z;
    }

    public static void updateORBConfig(Security security, Properties properties, EndPointMgr endPointMgr, Server server) {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updateORBConfig");
        }
        if (class$com$ibm$ws$security$core$SASConfig == null) {
            cls = class$("com.ibm.ws.security.core.SASConfig");
            class$com$ibm$ws$security$core$SASConfig = cls;
        } else {
            cls = class$com$ibm$ws$security$core$SASConfig;
        }
        Class cls2 = cls;
        synchronized (cls) {
            try {
                refresh((String) SecurityConfig.getConfig().getValue("security.activeUserRegistry.realm"), security, properties, endPointMgr, server);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.updateORBConfig", "499");
                Tr.error(tc, "security.sasconfig.registryattrs", new Object[]{e});
                Tr.debug(tc, "Exception: ", new Object[]{e});
            }
            if (tc.isDebugEnabled()) {
                Enumeration<?> propertyNames = properties.propertyNames();
                while (propertyNames.hasMoreElements()) {
                    String str = (String) propertyNames.nextElement();
                    if (str != null) {
                        String property = properties.getProperty(str);
                        if (str.indexOf("Password") == -1 && str.indexOf("password") == -1) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("updateORBConfig").append(": ").append(str).append(" = ").append(property).toString());
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("updateORBConfig").append(": ").append(str).append(" = ").append(SecurityConfiguration.mask(property)).toString());
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "updateORBConfig");
            }
        }
    }

    private static synchronized void refresh(String str, Security security, Properties properties, EndPointMgr endPointMgr, Server server) throws RemoteException, IOException {
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refresh");
        }
        Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("cell.security.enabled");
        String valueOf = bool != null ? String.valueOf(bool) : "false";
        if (valueOf != null) {
            properties.put(propNames[0], valueOf);
        }
        String valueOf2 = String.valueOf((Boolean) SecurityConfig.getConfig().getValue("server.security.enabled"));
        if (valueOf2 != null) {
            properties.put(propNames[6], valueOf2);
        }
        properties.put("com.ibm.CORBA.processIsServer", "true");
        try {
            String str3 = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.CommTrace.ExcludeServiceContexts");
            if (str3 != null) {
                properties.put("com.ibm.ws.security.CommTrace.ExcludeServiceContexts", str3);
            }
        } catch (Exception e) {
        }
        if (bool.booleanValue()) {
            String str4 = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
            if (str4 != null) {
                properties.put(propNames[1], str4);
            }
            String str5 = (String) SecurityConfig.getConfig().getValue("security.serverId");
            String str6 = null;
            if (str5 != null && (str5 instanceof String)) {
                str6 = str5;
                properties.put("com.ibm.CORBA.loginUserid", str5);
            }
            String str7 = (String) SecurityConfig.getConfig().getValue("process.serverName");
            if (str7 != null) {
                properties.put("com.ibm.CSI.CellNodeServer", str7);
            }
            String str8 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiOutboundPropagationEnabled");
            if (str8 != null) {
                properties.put("com.ibm.CSI.rmiOutboundPropagationEnabled", str8);
            }
            String str9 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiOutboundLoginEnabled");
            if (str9 != null) {
                properties.put("com.ibm.CSI.rmiOutboundLoginEnabled", str9);
            }
            String str10 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiInboundPropagationEnabled");
            if (str10 != null) {
                properties.put("com.ibm.CSI.rmiInboundPropagationEnabled", str10);
            }
            String str11 = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundPropagationEnabled");
            if (str11 != null) {
                properties.put("com.ibm.ws.security.webInboundPropagationEnabled", str11);
            }
            String str12 = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.ssoInteropModeEnabled");
            if (str12 != null) {
                properties.put("com.ibm.ws.security.ssoInteropModeEnabled", str12);
            }
            String str13 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiInboundLoginConfig");
            if (str13 != null) {
                properties.put("com.ibm.CSI.rmiInboundLoginConfig", str13);
            }
            String str14 = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundLoginConfig");
            if (str14 != null) {
                properties.put("com.ibm.ws.security.webInboundLoginConfig", str14);
            }
            String str15 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiOutboundLoginConfig");
            if (str15 != null) {
                properties.put("com.ibm.CSI.rmiOutboundLoginConfig", str15);
            }
            String str16 = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.supportedTargetRealms");
            if (str16 != null) {
                properties.put("com.ibm.CSI.supportedTargetRealms", str16);
            }
            String str17 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.CHALLENGE_IF_CUSTOM_SUBJECT_NOT_FOUND);
            if (str17 != null) {
                properties.put(SecurityConfig.CHALLENGE_IF_CUSTOM_SUBJECT_NOT_FOUND, str17);
            }
            String str18 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.WEB_PROPAGATION_SERVER_TRANSPORT);
            if (str18 != null) {
                properties.put(SecurityConfig.WEB_PROPAGATION_SERVER_TRANSPORT, str18);
            }
            String str19 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.PROPAGATION_EXCLUDE_LIST);
            if (str19 != null) {
                properties.put(SecurityConfig.PROPAGATION_EXCLUDE_LIST, str19);
            }
            String str20 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.SUPPORT_LTPA);
            if (str20 != null) {
                properties.put(SecurityConfig.SUPPORT_LTPA, str20);
            }
            String str21 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.INCLUDE_RUNAS_CHANGES_IN_CALLER_LIST);
            if (str21 != null) {
                properties.put(SecurityConfig.INCLUDE_RUNAS_CHANGES_IN_CALLER_LIST, str21);
            }
            String str22 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.ASSERT_LDAP_SHORT_NAME);
            if (str22 != null) {
                properties.put(SecurityConfig.ASSERT_LDAP_SHORT_NAME, str22);
            }
            String str23 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.INTERNAL_SERVER_ID);
            if (str23 != null) {
                properties.put(SecurityConfig.INTERNAL_SERVER_ID, str23);
            }
            Boolean bool2 = (Boolean) SecurityConfig.getConfig().getValue(SecurityConfig.IS_USE_REGISTRY_SERVERID);
            if (bool2 == null || bool2.booleanValue()) {
                properties.put(SecurityConfig.IS_USE_REGISTRY_SERVERID, "true");
            } else {
                properties.put(SecurityConfig.IS_USE_REGISTRY_SERVERID, "false");
            }
            String str24 = (String) SecurityConfig.getConfig().getValue(SecurityConfig.PROCESS_TYPE);
            if (str24 != null) {
                properties.put(SecurityConfig.PROCESS_TYPE, str24);
            }
            String str25 = (String) SecurityConfig.getConfig().getValue("security.serverPasswd");
            if (str25 != null) {
                try {
                    if (str25 instanceof String) {
                        str25 = PasswordUtil.encode(str25);
                    }
                } catch (InvalidPasswordEncodingException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.core.SASConfig.refresh", "665");
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.core.SASConfig.refresh", "669");
                    Tr.error(tc, "security.sas.encode.error", new Object[]{str25, "com.ibm.CORBA.loginPassword"});
                }
            }
            if (str25 != null) {
                properties.put("com.ibm.CORBA.loginPassword", str25);
            }
            String stringBuffer = new StringBuffer().append(str).append("/").append(str6).toString();
            if (stringBuffer != null && str6 != null) {
                properties.put(propNames[2], stringBuffer);
            }
            if (security.getActiveAuthMechanism() instanceof CustomAuthMechanism) {
                String str26 = (String) SecurityConfig.getConfig().getValue("security.authMechOID");
                if (str26 != null) {
                    properties.put("com.ibm.CSI.WSSecurityContextCustomOID", str26);
                }
                String str27 = (String) SecurityConfig.getConfig().getValue("security.authMechContextImpl");
                if (str27 != null) {
                    properties.put("com.ibm.CSI.WSSecurityContextCustomClass", str27);
                }
            }
            String str28 = (String) SecurityConfig.getConfig().getValue("security.authMechOID");
            if (str28 != null) {
                properties.put("com.ibm.CSI.WSSecurityContextActiveOID", str28);
            }
            String str29 = (String) SecurityConfig.getConfig().getValue("security.authMechContextImpl");
            if (str29 != null) {
                properties.put("com.ibm.CSI.WSSecurityContextActiveClass", str29);
            }
            String bool3 = ((Boolean) SecurityConfig.getConfig().getValue("security.authMechForwardCred")).toString();
            if (bool3 != null) {
                properties.put("com.ibm.CSI.WSSecurityContextActiveForwardable", bool3);
            }
            String str30 = (String) SecurityConfig.getConfig().getValue("security.authMechAuthAlias");
            if (str30 != null) {
                properties.put("com.ibm.CSI.authMechAuthAlias", str30);
            }
            String str31 = (String) SecurityConfig.getConfig().getValue(CommonConstants.ACTIVE_USER_REGISTRY_TYPE);
            if (str31 != null) {
                properties.put("com.ibm.CSI.activeUserRegistry", str31);
            }
            String str32 = (String) SecurityConfig.getConfig().getValue("com.ibm.websphere.security.authorizationTable");
            if (str32 != null && !str32.equals("") && (str2 = (String) SecurityConfig.getConfig().getValue("com.ibm.websphere.security.authorizationTable")) != null) {
                properties.put("com.ibm.websphere.security.authorizationTable", str2);
            }
            properties.put("com.ibm.ws.orb.transport.ConnectionInterceptorName", "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor");
            setCSIValues(security, server, properties, endPointMgr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refresh");
        }
    }

    private static void setCSIValues(Security security, Server server, Properties properties, EndPointMgr endPointMgr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setCSIValues: ").append(security).toString());
        }
        try {
            IIOPSecurityProtocol csi = security.getCSI();
            CommonSecureInterop commonSecureInterop = (CommonSecureInterop) csi.getClaims();
            if (commonSecureInterop.isStateful()) {
                properties.put("com.ibm.CSI.claimStateful", "true");
            } else {
                properties.put("com.ibm.CSI.claimStateful", "false");
            }
            IdentityAssertionLayer identityAssertionLayer = null;
            int i = 0;
            while (true) {
                if (i >= commonSecureInterop.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) commonSecureInterop.getLayers().get(i)) instanceof IdentityAssertionLayer) {
                    identityAssertionLayer = (IdentityAssertionLayer) commonSecureInterop.getLayers().get(i);
                    break;
                }
                i++;
            }
            if (identityAssertionLayer != null) {
                if (((IdentityAssertionQOP) identityAssertionLayer.getSupportedQOP()).isEnable()) {
                    properties.put("com.ibm.CSI.claimIdentityAssertionSupported", "true");
                } else {
                    properties.put("com.ibm.CSI.claimIdentityAssertionSupported", "false");
                }
            }
            String str = "";
            int i2 = 0;
            while (i2 < identityAssertionLayer.getTrustedServers().size()) {
                ServerIdentity serverIdentity = (ServerIdentity) identityAssertionLayer.getTrustedServers().get(i2);
                str = i2 == 0 ? serverIdentity.getServerId() : new StringBuffer().append(str).append(",").append(serverIdentity.getServerId()).toString();
                i2++;
            }
            if (str != null) {
                properties.put("com.ibm.CSI.trustedPrincipalList", str);
            }
            MessageLayer messageLayer = null;
            int i3 = 0;
            while (true) {
                if (i3 >= commonSecureInterop.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) commonSecureInterop.getLayers().get(i3)) instanceof MessageLayer) {
                    messageLayer = (MessageLayer) commonSecureInterop.getLayers().get(i3);
                    break;
                }
                i3++;
            }
            if (messageLayer != null) {
                if (((MessageQOP) messageLayer.getSupportedQOP()).isEstablishTrustInClient()) {
                    properties.put("com.ibm.CSI.claimClientAuthenticationSupported", "true");
                } else {
                    properties.put("com.ibm.CSI.claimClientAuthenticationSupported", "false");
                }
                if (((MessageQOP) messageLayer.getRequiredQOP()).isEstablishTrustInClient()) {
                    properties.put("com.ibm.CSI.claimClientAuthenticationRequired", "true");
                } else {
                    properties.put("com.ibm.CSI.claimClientAuthenticationRequired", "false");
                }
            }
            boolean z = false;
            if (server != null) {
                z = setCSIInboundTranportFromChannelFramework(server, properties, endPointMgr);
            }
            if (server == null || !z) {
                TransportLayer transportLayer = null;
                int i4 = 0;
                while (true) {
                    if (i4 >= commonSecureInterop.getLayers().size()) {
                        break;
                    }
                    if (((IIOPLayer) commonSecureInterop.getLayers().get(i4)) instanceof TransportLayer) {
                        transportLayer = (TransportLayer) commonSecureInterop.getLayers().get(i4);
                        break;
                    }
                    i4++;
                }
                if (transportLayer != null) {
                    TransportQOP transportQOP = (TransportQOP) transportLayer.getSupportedQOP();
                    if (transportQOP.isEnableProtection()) {
                        properties.put("com.ibm.CSI.claimTransportAssocSSLTLSSupported", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimTransportAssocSSLTLSSupported", "false");
                    }
                    if (transportQOP.isEstablishTrustInClient()) {
                        properties.put("com.ibm.CSI.claimTLClientAuthenticationSupported", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimTLClientAuthenticationSupported", "false");
                    }
                    if (transportQOP.isIntegrity()) {
                        properties.put("com.ibm.CSI.claimMessageIntegritySupported", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimMessageIntegritySupported", "false");
                    }
                    if (transportQOP.isConfidentiality()) {
                        properties.put("com.ibm.CSI.claimMessageConfidentialitySupported", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimMessageConfidentialitySupported", "false");
                    }
                    TransportQOP transportQOP2 = (TransportQOP) transportLayer.getRequiredQOP();
                    if (transportQOP2.isEnableProtection()) {
                        properties.put("com.ibm.CSI.claimTransportAssocSSLTLSRequired", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimTransportAssocSSLTLSRequired", "false");
                    }
                    if (transportQOP2.isEstablishTrustInClient()) {
                        properties.put("com.ibm.CSI.claimTLClientAuthenticationRequired", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimTLClientAuthenticationRequired", "false");
                    }
                    if (transportQOP2.isIntegrity()) {
                        properties.put("com.ibm.CSI.claimMessageIntegrityRequired", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimMessageIntegrityRequired", "false");
                    }
                    if (transportQOP2.isConfidentiality()) {
                        properties.put("com.ibm.CSI.claimMessageConfidentialityRequired", "true");
                    } else {
                        properties.put("com.ibm.CSI.claimMessageConfidentialityRequired", "false");
                    }
                    String sslConfig = transportLayer.getServerAuthentication().getSslConfig();
                    if (sslConfig != null) {
                        properties.put("com.ibm.ssl.csi.inbound.alias", sslConfig);
                    }
                    if (!PlatformHelperFactory.getPlatformHelper().isZOS()) {
                        String str2 = "0";
                        try {
                            EndPoint endPoint = endPointMgr.getNodeEndPoints("@").getServerEndPoints("@").getEndPoint("CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS");
                            if (endPoint != null) {
                                str2 = Integer.toString(endPoint.getPort());
                            }
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.setCSIValues", "846");
                        }
                        if (str2 == null || str2.equals("")) {
                            properties.put("com.ibm.CSI.SSLPort", "0");
                        } else {
                            properties.put("com.ibm.CSI.SSLPort", str2);
                        }
                        String str3 = "0";
                        try {
                            EndPoint endPoint2 = endPointMgr.getNodeEndPoints("@").getServerEndPoints("@").getEndPoint("CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS");
                            if (endPoint2 != null) {
                                str3 = Integer.toString(endPoint2.getPort());
                            }
                        } catch (Exception e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SASConfig.setCSIValues", "868");
                        }
                        if (str3 == null || str3.equals("")) {
                            properties.put("com.ibm.CSI.ClientCertSSLPort", "0");
                        } else {
                            properties.put("com.ibm.CSI.ClientCertSSLPort", str3);
                        }
                    }
                }
            }
            CommonSecureInterop commonSecureInterop2 = (CommonSecureInterop) csi.getPerforms();
            if (commonSecureInterop2.isStateful()) {
                properties.put(SASPropFile.CSI_PERFORM_STATEFUL, "true");
            } else {
                properties.put(SASPropFile.CSI_PERFORM_STATEFUL, "false");
            }
            properties.put("com.ibm.CORBA.sessionGCinterval", Integer.toString(commonSecureInterop2.getSessionGCInterval()));
            properties.put("com.ibm.CORBA.sessionGCdiscardunused", Integer.toString(commonSecureInterop2.getSessionGCIdleTime()));
            IdentityAssertionLayer identityAssertionLayer2 = null;
            int i5 = 0;
            while (true) {
                if (i5 >= commonSecureInterop2.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) commonSecureInterop2.getLayers().get(i5)) instanceof IdentityAssertionLayer) {
                    identityAssertionLayer2 = (IdentityAssertionLayer) commonSecureInterop2.getLayers().get(i5);
                    break;
                }
                i5++;
            }
            if (identityAssertionLayer2 != null) {
                IdentityAssertionQOP identityAssertionQOP = (IdentityAssertionQOP) identityAssertionLayer2.getSupportedQOP();
                if (identityAssertionQOP.isEnable()) {
                    properties.put("com.ibm.CSI.performIdentityAssertionSupported", "true");
                } else {
                    properties.put("com.ibm.CSI.performIdentityAssertionSupported", "false");
                }
                if (((IdentityAssertionQOP) identityAssertionLayer2.getRequiredQOP()).isEnable()) {
                    properties.put("com.ibm.CSI.performIdentityAssertionRequired", "true");
                } else {
                    properties.put("com.ibm.CSI.performIdentityAssertionRequired", "false");
                }
                String trustedId = identityAssertionQOP.getTrustedId();
                String trustedPassword = identityAssertionQOP.getTrustedPassword();
                if (trustedId != null && !trustedId.equals("") && trustedPassword != null && !trustedPassword.equals("")) {
                    properties.put("com.ibm.CSI.alternateIdentityAssertionPerformTrustedId", trustedId);
                    properties.put("com.ibm.CSI.alternateIdentityAssertionPerformTrustedPassword", trustedPassword);
                }
            }
            MessageLayer messageLayer2 = null;
            int i6 = 0;
            while (true) {
                if (i6 >= commonSecureInterop2.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) commonSecureInterop2.getLayers().get(i6)) instanceof MessageLayer) {
                    messageLayer2 = (MessageLayer) commonSecureInterop2.getLayers().get(i6);
                    break;
                }
                i6++;
            }
            if (messageLayer2 != null) {
                if (((MessageQOP) messageLayer2.getSupportedQOP()).isEstablishTrustInClient()) {
                    properties.put(SASPropFile.CSI_PERFORM_CLIENT_AUTH_SUP, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_CLIENT_AUTH_SUP, "false");
                }
                if (((MessageQOP) messageLayer2.getRequiredQOP()).isEstablishTrustInClient()) {
                    properties.put(SASPropFile.CSI_PERFORM_CLIENT_AUTH_REQ, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_CLIENT_AUTH_REQ, "false");
                }
                properties.put(SASPropFile.AUTHENTICATION_RETRY_COUNT, Integer.toString(messageLayer2.getAuthenticationLayerRetryCount()));
                if (messageLayer2.getAuthenticationLayerRetryCount() > 0) {
                    properties.put(SASPropFile.AUTHENTICATION_RETRY_ENABLED, "true");
                } else {
                    properties.put(SASPropFile.AUTHENTICATION_RETRY_ENABLED, "false");
                }
            }
            TransportLayer transportLayer2 = null;
            int i7 = 0;
            while (true) {
                if (i7 >= commonSecureInterop2.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) commonSecureInterop2.getLayers().get(i7)) instanceof TransportLayer) {
                    transportLayer2 = (TransportLayer) commonSecureInterop2.getLayers().get(i7);
                    break;
                }
                i7++;
            }
            if (transportLayer2 != null) {
                TransportQOP transportQOP3 = (TransportQOP) transportLayer2.getSupportedQOP();
                if (transportQOP3.isEnableProtection()) {
                    properties.put(SASPropFile.CSI_PERFORM_TRANSPORT_SUP, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_TRANSPORT_SUP, "false");
                }
                if (transportQOP3.isEstablishTrustInClient()) {
                    properties.put(SASPropFile.CSI_PERFORM_TLC_CLIENT_AUTH_SUP, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_TLC_CLIENT_AUTH_SUP, "false");
                }
                if (transportQOP3.isIntegrity()) {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_INT_SUP, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_INT_SUP, "false");
                }
                if (transportQOP3.isConfidentiality()) {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_CON_SUP, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_CON_SUP, "false");
                }
                TransportQOP transportQOP4 = (TransportQOP) transportLayer2.getRequiredQOP();
                if (transportQOP4.isEnableProtection()) {
                    properties.put(SASPropFile.CSI_PERFORM_TRANSPORT_REQ, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_TRANSPORT_REQ, "false");
                }
                if (transportQOP4.isEstablishTrustInClient()) {
                    properties.put(SASPropFile.CSI_PERFORM_TLC_CLIENT_AUTH_REQ, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_TLC_CLIENT_AUTH_REQ, "false");
                }
                if (transportQOP4.isIntegrity()) {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_INT_REQ, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_INT_REQ, "false");
                }
                if (transportQOP4.isConfidentiality()) {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_CON_REQ, "true");
                } else {
                    properties.put(SASPropFile.CSI_PERFORM_MESSAGE_CON_REQ, "false");
                }
                String sslConfig2 = transportLayer2.getServerAuthentication().getSslConfig();
                if (sslConfig2 != null) {
                    properties.put("com.ibm.ssl.csi.outbound.alias", sslConfig2);
                }
            }
            properties.put(SASPropFile.SAS_LOGIN_TIMEOUT, new Integer(300).toString());
            String str4 = (String) SecurityConfig.getConfig().getValue(Constants.DELEGATE_CREDENTIALS);
            if (str4 == null || str4.equals("")) {
                str4 = "methoddefined";
            }
            properties.put(Constants.DELEGATE_CREDENTIALS, str4);
        } catch (Exception e3) {
            Tr.error(tc, "security.init.error", new Object[]{e3});
            FFDCFilter.processException(e3, "com.ibm.ws.security.core.SASConfig.updateORBConfig", "1126");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCSIValues");
        }
    }

    private static boolean setCSIInboundTranportFromChannelFramework(Server server, Properties properties, EndPointMgr endPointMgr) {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setCSIInboundTranportFromChannelFramework: ").append(server).toString());
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            EList services = server.getServices();
            if (services != null && services.size() > 0) {
                TransportChannelService transportChannelService = null;
                if (class$com$ibm$websphere$models$config$channelservice$TransportChannelService == null) {
                    cls = class$("com.ibm.websphere.models.config.channelservice.TransportChannelService");
                    class$com$ibm$websphere$models$config$channelservice$TransportChannelService = cls;
                } else {
                    cls = class$com$ibm$websphere$models$config$channelservice$TransportChannelService;
                }
                Class cls5 = cls;
                Iterator it = services.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Object next = it.next();
                    if (cls5.isInstance(next)) {
                        transportChannelService = (TransportChannelService) next;
                        break;
                    }
                }
                if (transportChannelService != null) {
                    EList<Chain> chains = transportChannelService.getChains();
                    if (chains != null && chains.size() > 0) {
                        for (Chain chain : chains) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Looking at chain: ").append(chain.getName()).toString());
                            }
                            EList transportChannels = chain.getTransportChannels();
                            if (transportChannels != null && transportChannels.size() > 0) {
                                ORBInboundChannel oRBInboundChannel = null;
                                SSLInboundChannel sSLInboundChannel = null;
                                TCPInboundChannel tCPInboundChannel = null;
                                if (class$com$ibm$websphere$models$config$channelservice$channels$ORBInboundChannel == null) {
                                    cls2 = class$("com.ibm.websphere.models.config.channelservice.channels.ORBInboundChannel");
                                    class$com$ibm$websphere$models$config$channelservice$channels$ORBInboundChannel = cls2;
                                } else {
                                    cls2 = class$com$ibm$websphere$models$config$channelservice$channels$ORBInboundChannel;
                                }
                                Class cls6 = cls2;
                                if (class$com$ibm$websphere$models$config$channelservice$channels$SSLInboundChannel == null) {
                                    cls3 = class$("com.ibm.websphere.models.config.channelservice.channels.SSLInboundChannel");
                                    class$com$ibm$websphere$models$config$channelservice$channels$SSLInboundChannel = cls3;
                                } else {
                                    cls3 = class$com$ibm$websphere$models$config$channelservice$channels$SSLInboundChannel;
                                }
                                Class cls7 = cls3;
                                if (class$com$ibm$websphere$models$config$channelservice$channels$TCPInboundChannel == null) {
                                    cls4 = class$("com.ibm.websphere.models.config.channelservice.channels.TCPInboundChannel");
                                    class$com$ibm$websphere$models$config$channelservice$channels$TCPInboundChannel = cls4;
                                } else {
                                    cls4 = class$com$ibm$websphere$models$config$channelservice$channels$TCPInboundChannel;
                                }
                                Class cls8 = cls4;
                                for (Object obj : transportChannels) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("Looking at channel: ").append(((TransportChannel) obj).getName()).toString());
                                    }
                                    if (cls6.isInstance(obj)) {
                                        oRBInboundChannel = (ORBInboundChannel) obj;
                                    }
                                    if (cls7.isInstance(obj)) {
                                        sSLInboundChannel = (SSLInboundChannel) obj;
                                    }
                                    if (cls8.isInstance(obj)) {
                                        tCPInboundChannel = (TCPInboundChannel) obj;
                                    }
                                }
                                String str = null;
                                if (oRBInboundChannel != null && tCPInboundChannel != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("Found ORB TCP endpoint: ").append(tCPInboundChannel.getEndPointName()).toString());
                                    }
                                    EndPoint endPoint = endPointMgr.getNodeEndPoints("@").getServerEndPoints("@").getEndPoint(tCPInboundChannel.getEndPointName());
                                    if (endPoint != null) {
                                        str = Integer.toString(endPoint.getPort());
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, new StringBuffer().append("Found ORB port: ").append(str).toString());
                                        }
                                    }
                                }
                                if (oRBInboundChannel != null && tCPInboundChannel != null && sSLInboundChannel == null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("Found ORB TCP chain: ").append(chain.getName()).toString());
                                    }
                                    String endPointName = tCPInboundChannel.getEndPointName();
                                    Properties properties2 = new Properties();
                                    if (str != null) {
                                        properties2.setProperty("com.ibm.CORBA.ListenerPort", str);
                                    }
                                    properties2.setProperty("ChainName", chain.getName());
                                    if (endPointName != null) {
                                        properties2.setProperty(WSVirtualConnectionFactoryImpl.ENDPOINT_NAME, endPointName);
                                    }
                                    arrayList2.add(properties2);
                                }
                                if (oRBInboundChannel != null && sSLInboundChannel != null && tCPInboundChannel != null) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("Found ORB SSL chain: ").append(chain.getName()).toString());
                                    }
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("ORB SSL config: ").append(sSLInboundChannel.getSslConfigAlias()).toString());
                                    }
                                    String sslConfigAlias = sSLInboundChannel.getSslConfigAlias();
                                    try {
                                        String endPointName2 = tCPInboundChannel.getEndPointName();
                                        HashMap hashMap = new HashMap();
                                        hashMap.put("com.ibm.ssl.direction", "inbound");
                                        hashMap.put("com.ibm.ssl.endPointName", endPointName2);
                                        Properties properties3 = JSSEHelper.getInstance().getProperties(sslConfigAlias, hashMap, null);
                                        if (properties3 != null) {
                                            Properties properties4 = new Properties(properties3);
                                            if (str != null) {
                                                properties4.setProperty("com.ibm.CSI.SSLPort", str);
                                            }
                                            properties4.setProperty("ChainName", chain.getName());
                                            if (endPointName2 != null) {
                                                properties4.setProperty(WSVirtualConnectionFactoryImpl.ENDPOINT_NAME, endPointName2);
                                            }
                                            arrayList.add(properties4);
                                        }
                                    } catch (SSLException e) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Exception occurred in setCSIInboundTranportFromChannelFramework: ", new Object[]{e});
                                        }
                                        FFDCFilter.processException(e, "com.ibm.ws.security.core.SASConfig.setCSIInboundTranportFromChannelFramework", "1265");
                                    }
                                }
                            }
                        }
                        SecurityConfig.getConfig().setValue("iiop.insecure.transports", arrayList2);
                        SecurityConfig.getConfig().setValue("iiop.secure.transports", arrayList);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No Chains found in TransportChannelService in server.xml.");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No TransportChannelService found in server.xml.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Services found in server.xml.");
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting http transports: ", new Object[]{e2.toString()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCSIInboundTranportFromChannelFramework");
        }
        return (arrayList.size() == 0 && arrayList2.size() == 0) ? false : true;
    }

    private static boolean hasValue(String str) {
        return str != null && str.length() > 0;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$SASConfig == null) {
            cls = class$("com.ibm.ws.security.core.SASConfig");
            class$com$ibm$ws$security$core$SASConfig = cls;
        } else {
            cls = class$com$ibm$ws$security$core$SASConfig;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        propNames = SASPropFile.propNames;
    }
}
