package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.CertificateMapNotSupportedException;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.NotImplementedException;
import com.ibm.websphere.security.UserMapping;
import com.ibm.websphere.security.UserMappingException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/core/UserMappingImpl.class */
public class UserMappingImpl implements UserMapping {
    private static final TraceComponent tc = Tr.register(UserMappingImpl.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static UserRegistry registry;
    private UserMapping customMapping;
    public static final String MAPPING_USERS_PROPERTY = "WAS_customUserMappingImpl";

    @Override // com.ibm.websphere.security.UserMapping
    public String mapCertificateToName(X509Certificate[] x509CertificateArr) throws UserMappingException, NotImplementedException {
        String substring;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificateToName");
        }
        if (checkCustomMapping()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using customMapping for certificates");
            }
            try {
                String mapCertificateToName = this.customMapping.mapCertificateToName(x509CertificateArr);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapCertificateToName", mapCertificateToName);
                }
                return mapCertificateToName;
            } catch (NotImplementedException e) {
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using defaultMapping for certificate mapping");
        }
        if (registry == null) {
            registry = getUserRegistry();
        }
        try {
            substring = registry.mapCertificate(x509CertificateArr);
        } catch (CertificateMapFailedException e2) {
            FFDCFilter.processException(e2, "com.ibm.UserMappingImpl.mapCertificateToName", "87", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The following exception occurred in UserMappingImpl when calling mapCertificate: ", new Object[]{e2});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapCertificateToName");
            }
            throw new UserMappingException(e2.getMessage());
        } catch (CertificateMapNotSupportedException e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The user registry does not support mapCertificate. Mapping using first name in the certificate");
            }
            String name = x509CertificateArr[0].getSubjectDN().getName();
            int indexOf = name.indexOf("=");
            if (indexOf == -1) {
                substring = name;
            } else {
                int indexOf2 = name.indexOf(",");
                substring = indexOf2 == -1 ? name.substring(indexOf + 1) : name.substring(indexOf + 1, indexOf2);
            }
        } catch (CustomRegistryException e4) {
            FFDCFilter.processException(e4, "com.ibm.UserMappingImpl.mapCertificateToName", "92", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The following exception occurred in UserMappingImpl when calling mapCertificate: ", new Object[]{e4});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapCertificateToName");
            }
            throw new UserMappingException(e4.getMessage());
        } catch (Exception e5) {
            FFDCFilter.processException(e5, "com.ibm.UserMappingImpl.mapCertificateToName", "97", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The following exception occurred in UserMappingImpl when calling mapCertificate: ", new Object[]{e5});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapCertificateToName");
            }
            throw new UserMappingException(e5.getMessage());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapCertificateToName", substring);
        }
        return substring;
    }

    @Override // com.ibm.websphere.security.UserMapping
    public String mapDNToName(String str) throws UserMappingException, NotImplementedException {
        String substring;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapDNToName", str);
        }
        if (checkCustomMapping()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using customMapping for DN mapping");
            }
            try {
                String mapDNToName = this.customMapping.mapDNToName(str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapDNToName", mapDNToName);
                }
                return mapDNToName;
            } catch (NotImplementedException e) {
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using defaultMapping for DN mapping");
        }
        if (!SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType().equals("LDAP")) {
            int indexOf = str.indexOf("=");
            if (indexOf == -1) {
                substring = str;
            } else {
                int indexOf2 = str.indexOf(",");
                substring = indexOf2 == -1 ? str.substring(indexOf + 1) : str.substring(indexOf + 1, indexOf2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapDNToName", substring);
            }
            return substring;
        }
        if (Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.EXPAND_X500_EXTENDED_ATTRIBUTE, false)).booleanValue() && str.indexOf("2.5.4.46=#") != -1) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Convert OID:2.5.4.46 to DNQUALIFIER");
                }
                str = new X500Principal(str).toString();
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Fail to Convert OID:2.5.4.46 to DNQUALIFIER, use the original DN.");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapDNToName", str);
        }
        return str;
    }

    @Override // com.ibm.websphere.security.UserMapping
    public String mapPrincipalToName(String str) throws UserMappingException, NotImplementedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapPrincipalToName");
        }
        if (checkCustomMapping()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using customMapping for Principal mapping");
            }
            try {
                String mapPrincipalToName = this.customMapping.mapPrincipalToName(str);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapPrincipalToName", mapPrincipalToName);
                }
                return mapPrincipalToName;
            } catch (NotImplementedException e) {
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using defaultMapping for Principal mapping");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapPrincipalToName", str);
        }
        return str;
    }

    private boolean checkCustomMapping() throws UserMappingException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCustomMapping");
        }
        String str = (String) SecurityObjectLocator.getSecurityConfig().getProperties().get("WAS_customUserMappingImpl");
        if (str == null || str.trim().length() <= 0) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "checkCustomMapping", "false");
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Using custom mapping for certificates: " + str);
        }
        try {
            this.customMapping = (UserMapping) ExtClassLoader.getInstance().loadClass(str).newInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Custom user mapping: " + str + " successfully loaded");
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "checkCustomMapping", "true");
            return true;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.core.UserMappingImpl.mapCertificateToName", "126", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The following exception occurred in UserMappingImpl when loading the custom implementation: ", new Object[]{th});
            }
            throw new UserMappingException(th.getMessage());
        }
    }

    private UserRegistry getUserRegistry() throws UserMappingException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "UserMapping:getUserRegistry");
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (contextManagerFactory == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to get ContextManager");
            }
            Tr.error(tc, "security.sambean.nullsecserver");
            throw new UserMappingException("Unable to get ContextManager");
        }
        try {
            registry = contextManagerFactory.getRegistry(contextManagerFactory.getDefaultRealm());
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "UserMapping:getUserRegistry");
            }
            return registry;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.UserMappingImpl.getUserRegistry", "142");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to get registry from ContextManager");
            }
            Tr.error(tc, "security.sambean.urerr", new Object[]{e});
            throw new UserMappingException(e.getMessage());
        }
    }
}
