package com.ibm.ws.webservices.wssecurity.handler.token;

import com.ibm.websphere.security.UserMapping;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.xml.soapsec.token.UserRegistry;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Permission;
import java.security.cert.X509Certificate;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:ws_runtime.jar:com/ibm/ws/webservices/wssecurity/handler/token/WSUserRegistry.class */
public class WSUserRegistry extends UserRegistry {
    private String realm = null;
    private static com.ibm.websphere.security.UserRegistry _userRegistry = null;
    private static UserMapping _userMapping = null;
    private static final String USERMAPPING_IMPL = "com.ibm.ws.security.core.UserMappingImpl";
    private static final TraceComponent tc;
    private static final String comp = "security.wssecurity";
    private static final String clsName;
    private static final Permission PERM;
    static Class class$com$ibm$websphere$security$UserRegistry;
    static Class class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry;

    public String getRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        if (this.realm == null) {
            com.ibm.websphere.security.UserRegistry userRegistry = getUserRegistry();
            if (userRegistry != null) {
                try {
                    this.realm = userRegistry.getRealm();
                } catch (Exception e) {
                    Tr.warning(tc, "security.wssecurity.WSUserRegistry.token50", e);
                    Tr.processException(e, new StringBuffer().append(clsName).append(".getRealm").toString(), "59", this);
                }
            } else {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    Tr.error(tc, "security.wssecurity.ctxmgr.isnull");
                } else {
                    this.realm = contextManagerFactory.getDefaultRealm();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", this.realm);
        }
        return this.realm;
    }

    public String mapCertificate(X509Certificate x509Certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate", new Object[]{x509Certificate});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(PERM);
        }
        String str = null;
        UserMapping userMapping = getUserMapping();
        if (userMapping != null) {
            try {
                str = userMapping.mapCertificateToName(new X509Certificate[]{x509Certificate});
            } catch (Exception e) {
                Tr.processException(e, new StringBuffer().append(clsName).append(".mapCertificate").toString(), "94", this);
                Tr.warning(tc, "security.wssecurity.WSEC5185W", new Object[]{x509Certificate.getSubjectDN().getName(), e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapCertificate", str);
        }
        return str;
    }

    public boolean checkUsername(String str) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkUsername");
        }
        com.ibm.websphere.security.UserRegistry userRegistry = getUserRegistry();
        boolean z = false;
        if (userRegistry != null) {
            try {
                z = userRegistry.isValidUser(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("registry.isValidUser() [").append(str).append("] = ").append(z).toString());
                }
                if (!z) {
                    String userSecurityName = userRegistry.getUserSecurityName(str);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("registry.getUserSecurityName()=").append(userSecurityName).toString());
                    }
                    z = userRegistry.isValidUser(userSecurityName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("registry.isValidUser() [").append(userSecurityName).append("] = ").append(z).toString());
                    }
                }
            } catch (Exception e) {
                Tr.error(tc, "security.wssecurity.checkUsername", e);
                Tr.processException(e, new StringBuffer().append(clsName).append(".checkUsername").toString(), "%C");
                throw new LoginException(ConfigUtil.getMessage("security.wssecurityWSUserRegistry.token48", new String[]{str, e.toString()}));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("checkUsername(String username) returns boolean[").append(z).append("]").toString());
        }
        return z;
    }

    private static com.ibm.websphere.security.UserRegistry getUserRegistry() {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserRegistry");
        }
        if (_userRegistry == null && ContextManagerFactory.getInstance().isServerSecurityEnabled() && WSSecurityPlatformContextFactory.getInstance().isServer()) {
            InitialContext initialContext = null;
            try {
                try {
                    initialContext = new InitialContext();
                    Object lookup = initialContext.lookup(Constants.USER_REGISTRY);
                    if (class$com$ibm$websphere$security$UserRegistry == null) {
                        cls = class$("com.ibm.websphere.security.UserRegistry");
                        class$com$ibm$websphere$security$UserRegistry = cls;
                    } else {
                        cls = class$com$ibm$websphere$security$UserRegistry;
                    }
                    _userRegistry = (com.ibm.websphere.security.UserRegistry) PortableRemoteObject.narrow(lookup, cls);
                    if (initialContext != null) {
                        try {
                            initialContext.close();
                        } catch (NamingException e) {
                            Tr.error(tc, "security.wssecurity.WSUserRegistry.token48", e);
                            Tr.processException(e, new StringBuffer().append(clsName).append(".getUserRegistry").toString(), "170");
                        }
                    }
                } catch (NamingException e2) {
                    Tr.error(tc, "security.wssecurity.WSUserRegistry.token48", e2);
                    Tr.processException(e2, new StringBuffer().append(clsName).append(".getUserRegistry").toString(), "163");
                    if (initialContext != null) {
                        try {
                            initialContext.close();
                        } catch (NamingException e3) {
                            Tr.error(tc, "security.wssecurity.WSUserRegistry.token48", e3);
                            Tr.processException(e3, new StringBuffer().append(clsName).append(".getUserRegistry").toString(), "170");
                        }
                    }
                }
            } catch (Throwable th) {
                if (initialContext != null) {
                    try {
                        initialContext.close();
                    } catch (NamingException e4) {
                        Tr.error(tc, "security.wssecurity.WSUserRegistry.token48", e4);
                        Tr.processException(e4, new StringBuffer().append(clsName).append(".getUserRegistry").toString(), "170");
                    }
                }
                throw th;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserRegistry", _userRegistry);
        }
        return _userRegistry;
    }

    private static UserMapping getUserMapping() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserMapping");
        }
        if (_userMapping == null && ContextManagerFactory.getInstance().isServerSecurityEnabled() && WSSecurityPlatformContextFactory.getInstance().isServer()) {
            try {
                if (class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry == null) {
                    class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry = class$("com.ibm.ws.webservices.wssecurity.handler.token.WSUserRegistry");
                } else {
                    Class cls = class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry;
                }
                _userMapping = (UserMapping) Class.forName(USERMAPPING_IMPL).newInstance();
            } catch (ClassNotFoundException e) {
                Tr.processException(e, new StringBuffer().append(clsName).append(".getUserMapping").toString(), "195");
                Tr.error(tc, "security.wssecurity.WSEC5186E", new Object[]{USERMAPPING_IMPL, e});
            } catch (IllegalAccessException e2) {
                Tr.processException(e2, new StringBuffer().append(clsName).append(".getUserMapping").toString(), "198");
                Tr.error(tc, "security.wssecurity.WSEC5188E", new Object[]{USERMAPPING_IMPL, e2});
            } catch (Exception e3) {
                Tr.processException(e3, new StringBuffer().append(clsName).append(".getUserMapping").toString(), "201");
                Tr.error(tc, "security.wssecurity.WSEC5187E", new Object[]{USERMAPPING_IMPL, e3});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserMapping", _userMapping);
        }
        return _userMapping;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry == null) {
            cls = class$("com.ibm.ws.webservices.wssecurity.handler.token.WSUserRegistry");
            class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry;
        }
        tc = Tr.register(cls, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
        if (class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry == null) {
            cls2 = class$("com.ibm.ws.webservices.wssecurity.handler.token.WSUserRegistry");
            class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry = cls2;
        } else {
            cls2 = class$com$ibm$ws$webservices$wssecurity$handler$token$WSUserRegistry;
        }
        clsName = cls2.getName();
        PERM = new WebSphereRuntimePermission("wssecurity.WSUserRegistry.mapCertificate");
    }
}
