package com.ibm.ws.security.config;

import com.ibm.ISecurityUtilityImpl.DelegationMode;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.security.SecurityPackage;
import com.ibm.websphere.naming.PROPS;
import com.ibm.ws.management.commands.properties.PropertiesBasedConfigConstants;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.ConfigUtils;
import com.ibm.ws.util.PlatformHelperFactory;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
import org.eclipse.wst.common.frameworks.internal.plugin.WTPCommonMessages;

/* loaded from: input_file:wasJars/securityconfigimpl.jar:com/ibm/ws/security/config/SecurityConfigImpl.class */
public class SecurityConfigImpl extends GenericConfigHelperImpl implements SecurityConfig {
    private static final String AUTH_MECHANISMS = "authMechanisms";
    private static final String USER_REGISTRIES = "userRegistries";
    private static final String AUTHORIZATION_CONFIG = "authConfig";
    private static final String CSIv2 = "CSI";
    private static final String INBOUND_TRUSTED_AUTHENTICATION_REALM = "inboundTrustedAuthenticationRealm";
    private static final String OUTBOUND_TRUSTED_AUTHENTICATION_REALM = "outboundTrustedAuthenticationRealm";
    private static final String JASPI_CONFIGURATION = "jaspiConfiguration";
    private static final String TRUST_ASSOCIATION = "trustAssociation";
    private static final String ACTIVE_AUTH_MECHANISM = "activeAuthMechanism";
    private static final String ACTIVE_USER_REGISTRY = "activeUserRegistry";
    private static char UNCHECKED = 0;
    private static char CHECKED = 1;
    private static char INHERITED = 16;
    private static TraceComponent tc = Tr.register(SecurityConfigImpl.class, "SecurityConfig", AdminConstants.MSG_BUNDLE_NAME);
    private AuthMechanismConfig activeAuthMech;
    private char state_activeAuthMech;
    private AuthMechanismConfig adminPreferredAuthMech;
    private List<AuthMechanismConfig> authMechanisms;
    private char state_tai;
    private TrustAssociationConfig tai;
    private UserRegistryConfig activeUserReg;
    private char state_activeUserReg;
    private List<UserRegistryConfig> userRegistries;
    private char state_userRegistries;
    private AuthorizationConfig authzConfig;
    private char state_authzConfig;
    private JAASLoginConfig loginConfig;
    private CSIv2ConfigData csiv2Data;
    private char state_csiv2Data;
    private TrustedAuthenticationRealm inboundTrustedAuthenticationRealm;
    private char state_inboundTrustedAuthenticationRealm;
    private TrustedAuthenticationRealm outboundTrustedAuthenticationRealm;
    private char state_outboundTrustedAuthenticationRealm;
    private Properties props;
    private HashMap<String, String> defaultProps;
    private JaspiConfiguration jaspiConfig;
    private Boolean _performTAIForUnprotectedURI;
    private HashMap<String, String> propsCache;
    private HashMap<String, Boolean> boolPropsCache;

    private void commonConstructor(SecurityConfigObject securityConfigObject, String str) {
        this.propsCache = new HashMap<>(30);
        this.boolPropsCache = new HashMap<>(20);
        super.initialize(securityConfigObject, null, str);
        initialize_defaults();
        initialize_default_props();
    }

    public SecurityConfigImpl(SecurityConfigObject securityConfigObject, String str) {
        this.activeAuthMech = null;
        this.state_activeAuthMech = UNCHECKED;
        this.adminPreferredAuthMech = null;
        this.authMechanisms = null;
        this.state_tai = UNCHECKED;
        this.tai = null;
        this.activeUserReg = null;
        this.state_activeUserReg = UNCHECKED;
        this.userRegistries = null;
        this.state_userRegistries = UNCHECKED;
        this.authzConfig = null;
        this.state_authzConfig = UNCHECKED;
        this.loginConfig = null;
        this.csiv2Data = null;
        this.state_csiv2Data = UNCHECKED;
        this.inboundTrustedAuthenticationRealm = null;
        this.state_inboundTrustedAuthenticationRealm = UNCHECKED;
        this.outboundTrustedAuthenticationRealm = null;
        this.state_outboundTrustedAuthenticationRealm = UNCHECKED;
        this.props = null;
        this.defaultProps = null;
        this.jaspiConfig = null;
        this._performTAIForUnprotectedURI = null;
        this.propsCache = null;
        this.boolPropsCache = null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "ctor " + str, securityConfigObject);
        }
        commonConstructor(securityConfigObject, str);
        initialization();
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            dumpProperties();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "ctor " + this.cacheKey, this);
        }
    }

    SecurityConfigImpl(Properties properties) {
        this.activeAuthMech = null;
        this.state_activeAuthMech = UNCHECKED;
        this.adminPreferredAuthMech = null;
        this.authMechanisms = null;
        this.state_tai = UNCHECKED;
        this.tai = null;
        this.activeUserReg = null;
        this.state_activeUserReg = UNCHECKED;
        this.userRegistries = null;
        this.state_userRegistries = UNCHECKED;
        this.authzConfig = null;
        this.state_authzConfig = UNCHECKED;
        this.loginConfig = null;
        this.csiv2Data = null;
        this.state_csiv2Data = UNCHECKED;
        this.inboundTrustedAuthenticationRealm = null;
        this.state_inboundTrustedAuthenticationRealm = UNCHECKED;
        this.outboundTrustedAuthenticationRealm = null;
        this.state_outboundTrustedAuthenticationRealm = UNCHECKED;
        this.props = null;
        this.defaultProps = null;
        this.jaspiConfig = null;
        this._performTAIForUnprotectedURI = null;
        this.propsCache = null;
        this.boolPropsCache = null;
        commonConstructor(null, "test");
        this.props = properties;
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            dumpProperties();
        }
    }

    private void initialize_defaults() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize_defaults " + this.cacheKey);
        }
        this.defaults.put("enabled", Boolean.TRUE);
        this.defaults.put(SecurityConfig.APP_SECURITY_ENABLED, Boolean.FALSE);
        this.defaults.put(ACTIVE_AUTH_MECHANISM, "LTPA");
        this.defaults.put(SecurityConfig.ADMIN_PREFERRED_AUTH_MECH, "LTPA");
        this.defaults.put(SecurityConfig.CACHE_TIMEOUT, 600);
        this.defaults.put(SecurityConfig.ENFORCE_FINE_GRAINED_JCA_SECURITY, Boolean.FALSE);
        this.defaults.put(SecurityConfig.ENFORCE_JAVA2_SECURITY, Boolean.FALSE);
        this.defaults.put(SecurityConfig.USE_LOCAL_SECURITY_SERVER, Boolean.TRUE);
        this.defaults.put(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES, Boolean.FALSE);
        this.defaults.put(SecurityConfig.ISSUE_PERMISSION_WARNING, Boolean.FALSE);
        this.defaults.put(SecurityConfig.ACTIVE_PROTOCOL, "");
        this.defaults.put(SecurityConfig.DYNAMICALLY_UPDATE_SSL_CONFIG, Boolean.FALSE);
        this.defaults.put("com.ibm.wsspi.security.web.webAuthReq", PROPS.NAMESPACE_CONNECTION_LAZY);
        this.defaults.put("com.ibm.wsspi.security.web.failOverToBasicAuth", Boolean.FALSE);
        this.defaults.put("security.domain.type", "admin_and_app");
        this.defaults.put("use_single_registry", Boolean.FALSE);
        this.defaults.put(SecurityConfig.NATIVE_AUTHZ, Boolean.TRUE);
        this.defaults.put("com.ibm.CORBA.delegateCredentials", null);
        this.defaults.put(SecurityConfig.IS_DEFAULT_JACC_PROVIDER, Boolean.FALSE);
        this.defaults.put(SecurityConfig.RSA_CERTIFICATE_ALIAS_CACHE, 5000);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize_defaults " + this.cacheKey);
        }
    }

    private void initialize_default_props() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize_default_props " + this.cacheKey);
        }
        this.defaultProps = new HashMap<>();
        this.defaultProps.put(SecurityConfig.USE_SHORT_HOST_NAME, "false");
        this.defaultProps.put("com.ibm.wsspi.security.token.authorizationTokenFactory", "com.ibm.ws.security.ltpa.AuthzPropTokenFactory");
        this.defaultProps.put("com.ibm.wsspi.security.token.propagationTokenFactory", "com.ibm.ws.security.ltpa.AuthzPropTokenFactory");
        this.defaultProps.put("com.ibm.wsspi.security.token.authenticationTokenFactory", "com.ibm.ws.security.ltpa.LTPATokenFactory");
        this.defaultProps.put("com.ibm.wsspi.security.token.singleSignonTokenFactory", "com.ibm.ws.security.ltpa.LTPATokenFactory");
        this.defaultProps.put("com.ibm.wsspi.security.token.defaultTokenFactory", "com.ibm.ws.security.ltpa.LTPATokenFactory");
        this.defaultProps.put("com.ibm.wsspi.security.ltpa.tokenFactory", CommonConstants.LTPA_TOKEN_FACTORY_DEFAULT_IMPL_CLASS);
        this.defaultProps.put("com.ibm.security.useFIPS", "false");
        this.defaultProps.put("com.ibm.websphere.security.registry.propagateExceptionsToClient", "false");
        this.defaultProps.put("com.ibm.CSI.authenticateSpecialMethods", "false");
        this.defaultProps.put("com.ibm.CSI.rmiOutboundPropagationEnabled", "false");
        this.defaultProps.put("com.ibm.CSI.rmiInboundPropagationEnabled", "false");
        this.defaultProps.put("com.ibm.CSI.rmiOutboundLoginEnabled", "false");
        this.defaultProps.put("com.ibm.ws.security.webInboundPropagationEnabled", "false");
        this.defaultProps.put("com.ibm.ws.security.ssoInteropModeEnabled", "false");
        this.defaultProps.put("com.ibm.CSI.rmiOutboundMappingEnabled", "false");
        this.defaultProps.put("com.ibm.CSI.rmiInboundMappingEnabled", "false");
        this.defaultProps.put("com.ibm.CSI.rmiInboundLoginConfig", "system.LTPA");
        this.defaultProps.put("com.ibm.ws.security.defaultLoginConfig", "system.LTPA");
        this.defaultProps.put("com.ibm.CSI.rmiOutboundLoginConfig", "system.RMI_OUTBOUND");
        this.defaultProps.put("com.ibm.ws.security.webInboundLoginConfig", "system.LTPA_WEB");
        this.defaultProps.put("com.ibm.ws.security.includeRunAsChangesInCallerList", "false");
        this.defaultProps.put(SecurityConfig.LTPA_TOKEN2CIPHER, "AES/CBC/PKCS5Padding");
        this.defaultProps.put("com.ibm.ws.security.createTokenSubjectForAsynchLogin", "false");
        this.defaultProps.put("com.ibm.ws.security.skipAsynchSubjectCache", "false");
        this.defaultProps.put(SecurityConfig.FORCE_SOFTWARE_JCE_PROVIDER_FOR_LTPA, "false");
        this.defaultProps.put(SecurityConfig.WEB_PROPAGATION_SERVER_TRANSPORT, "SOAP");
        this.defaultProps.put("com.ibm.ws.security.webChallengeIfCustomSubjectNotFound", "true");
        this.defaultProps.put(SecurityConfig.PROPAGATION_EXCLUDE_LIST, "");
        this.defaultProps.put("com.ibm.ws.security.assertLDAPShortName", "false");
        this.defaultProps.put("com.ibm.websphere.security.registry.maxUseridSize", "256");
        this.defaultProps.put("com.ibm.websphere.security.registry.maxPasswordSize", "256");
        this.defaultProps.put("security.enablePluggableAuthentication", "false");
        this.defaultProps.put("security.enableAuthorizationAttributes", "false");
        this.defaultProps.put(SecurityConfig.CACHE_CUSHION_MIN, "3");
        this.defaultProps.put(SecurityConfig.CACHE_CUSHION_MAX, WTPCommonMessages.DESTINATION_INVALID);
        this.defaultProps.put("security.callbackHandlerFactoryClass", "com.ibm.ws.security.auth.callback.WSCallbackHandlerFactoryImpl");
        this.defaultProps.put("security.mappingCallbackHandlerFactoryClass", "com.ibm.ws.security.auth.callback.WSMappingCallbackHandlerFactoryImpl");
        this.defaultProps.put("security.callbackHandlerClass", "com.ibm.ws.security.auth.callback.WSCallbackHandler");
        this.defaultProps.put("security.useDefaultPolicyWhenJ2SDisabled", "false");
        this.defaultProps.put(SecurityConfig.WEB_LOGOUT_ON_HTTP_SESSION_EXPIRE, "false");
        this.defaultProps.put("com.ibm.websphere.gss.cred.propagation", "false");
        this.defaultProps.put("com.ibm.websphere.runas.id.assert", "false");
        this.defaultProps.put("com.ibm.websphere.security.InvokeTAIbeforeSSO", "");
        this.defaultProps.put(SecurityConfig.PROP_POSTPARAM_SAVE_METHOD, "0");
        this.defaultProps.put(SecurityConfig.PROP_POSTPARAM_COOKIE_SIZE, "16384");
        this.defaultProps.put(SecurityConfig.PROP_WASREQURL_FQURL, "false");
        this.defaultProps.put("com.ibm.websphere.security.suppressExceptionStack", "false");
        this.defaultProps.put(SecurityConfig.ENABLE_ONE_CHAR_EXPANSION, "false");
        this.defaultProps.put("com.ibm.CSI.refreshClientSubjectGoingOutbound", "true");
        this.defaultProps.put(SecurityConfig.ADD_HTTPONLY_ATTRIBUTE_TO_COOKIES, "false");
        this.defaultProps.put(SecurityConfig.CANONICAL_HOST, "false");
        this.defaultProps.put(SecurityConfig.INHERIT_J2C, "true");
        this.defaultProps.put(SecurityConfig.INHERIT_JAAS, "true");
        this.defaultProps.put(SecurityConfig.SAF_USE_APPL_PROFILE, "true");
        this.defaultProps.put("security.zOS.domainType", "none");
        this.defaultProps.put(SecurityConfig.SAF_PROFILE_PREFIX, "");
        this.defaultProps.put(SecurityConfig.RSA_CERTIFICATE_ALIAS_CACHE, CommonConstants.AUDIT_DEFAULT_QUEUE_SIZE);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize_default_props " + this.cacheKey);
        }
    }

    String getDescriptiveProperties(SecurityConfigObjectList securityConfigObjectList, String str) {
        SecurityConfigObject object;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getDescriptiveProperties " + this.cacheKey, new Object[]{securityConfigObjectList, str});
        }
        String str2 = null;
        if (securityConfigObjectList != null && securityConfigObjectList.size() > 0 && (object = securityConfigObjectList.getObject("name", str)) != null) {
            str2 = object.getString("value", null);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getDescriptiveProperties " + this.cacheKey, str2);
        }
        return str2;
    }

    void initialze_SAF() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initialze_SAF " + this.cacheKey);
        }
        String property = getProperty("com.ibm.security.SAF.authorization");
        if (property == null || property.equals("")) {
            property = "false";
        }
        if (property.equalsIgnoreCase("true")) {
            setProperty("com.ibm.websphere.security.authorizationTable", CommonConstants.SAF_AUTHZN_IMPL);
            String property2 = getProperty("com.ibm.websphere.security.SAF.RoleMapper");
            if (property2 == null || property2.equals("")) {
                setString("com.ibm.websphere.security.SAF.RoleMapper", CommonConstants.DEFAULT_SAF_ROLE_MAPPER_CLASS_NAME);
            } else {
                setString("com.ibm.websphere.security.SAF.RoleMapper", property2.trim());
            }
            String property3 = getProperty("com.ibm.security.SAF.delegation");
            if (property3 == null || property3.equals("")) {
                property3 = "false";
            }
            if (property3.equalsIgnoreCase("true")) {
                setString("com.ibm.CORBA.delegateCredentials", "saf");
            }
        } else {
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting delegation policy to null and removing pluggable authz prop");
            }
            setString("com.ibm.CORBA.delegateCredentials", DelegationMode.MethodDefinedString);
            this.props.remove("com.ibm.websphere.security.authorizationTable");
        }
        String property4 = getProperty(SecurityConfig.SAF_FORCE_DELEGATION);
        if (property4 != null && property4.trim().equalsIgnoreCase("true")) {
            setString("com.ibm.CORBA.delegateCredentials", "saf");
        }
        String property5 = getProperty("com.ibm.security.SAF.unauthenticated");
        if (property5 == null || property5.equals("")) {
            property5 = "WSGUEST";
        }
        setString("com.ibm.security.SAF.unauthenticated", property5);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initialze_SAF " + this.cacheKey);
        }
    }

    private void initialization_zOS() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initialization_zOS " + this.cacheKey);
        }
        if (getActiveUserRegistry().getType().equals("LOCALOS")) {
            setString("com.ibm.websphere.security.TrustedIDEvaluator", CommonConstants.ZOS_TRUSTED_ID_EVALUATOR);
        }
        String property = getProperty("security.zOS.domainType");
        if (null != property) {
            setString("security.zOS.domainType", property);
        }
        String property2 = getProperty("security.zOS.domainName");
        if ("cellQualified".equalsIgnoreCase(property) && property2 != null) {
            setString("security.zOS.domainName", property2);
        }
        initialze_SAF();
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initialization_zOS " + this.cacheKey);
        }
    }

    private void initialization_domain() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "initialization_domain " + this.cacheKey);
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig("security");
        if (isSet("enabled")) {
            Tr.warning(tc, "Attribute [enabled] is not valid for domains");
        }
        setBoolean("enabled", securityConfig.getBoolean("enabled"));
        if (!isSet(SecurityConfig.APP_SECURITY_ENABLED)) {
            setBoolean(SecurityConfig.APP_SECURITY_ENABLED, securityConfig.getBoolean(SecurityConfig.APP_SECURITY_ENABLED));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: appEnabled");
            }
        }
        if (!isSet(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES)) {
            setBoolean(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES, securityConfig.getBoolean(SecurityConfig.USE_DOMAIN_QUALIFIED_USER_NAMES));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: useDomainQualifiedUserNames");
            }
        }
        if (!isSet(SecurityConfig.CACHE_TIMEOUT)) {
            setInteger(SecurityConfig.CACHE_TIMEOUT, securityConfig.getInteger(SecurityConfig.CACHE_TIMEOUT));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: cacheTimeout");
            }
        }
        if (!isSet(SecurityConfig.ISSUE_PERMISSION_WARNING)) {
            setBoolean(SecurityConfig.ISSUE_PERMISSION_WARNING, securityConfig.getBoolean(SecurityConfig.ISSUE_PERMISSION_WARNING));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: issuePermissionWarning");
            }
        }
        if (!isSet(SecurityConfig.ENFORCE_JAVA2_SECURITY)) {
            setBoolean(SecurityConfig.ENFORCE_JAVA2_SECURITY, securityConfig.getBoolean(SecurityConfig.ENFORCE_JAVA2_SECURITY));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: enforceJava2Security");
            }
        }
        if (!isSet(SecurityConfig.ENFORCE_FINE_GRAINED_JCA_SECURITY)) {
            setBoolean(SecurityConfig.ENFORCE_FINE_GRAINED_JCA_SECURITY, securityConfig.getBoolean(SecurityConfig.ENFORCE_FINE_GRAINED_JCA_SECURITY));
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "Using cell attribute: enforceFineGrainedJCASecurity");
            }
        }
        if (isSet(SecurityConfig.DYNAMICALLY_UPDATE_SSL_CONFIG)) {
            Tr.warning(tc, "Attribute [dynamicallyUpdateSSLConfig] is not valid for domains");
        }
        setBoolean(SecurityConfig.DYNAMICALLY_UPDATE_SSL_CONFIG, securityConfig.getBoolean(SecurityConfig.DYNAMICALLY_UPDATE_SSL_CONFIG));
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "initialization_domain " + this.cacheKey);
        }
    }

    private void initialization() {
        SecurityConfigObjectList objectList = this.sco.getObjectList("webAuthAttrs");
        String property = System.getProperty("com.ibm.wsspi.security.web.webAuthReq");
        if (property == null && objectList != null) {
            property = getDescriptiveProperties(objectList, "com.ibm.wsspi.security.web.webAuthReq");
        }
        if (property != null) {
            setString("com.ibm.wsspi.security.web.webAuthReq", property);
        }
        String property2 = System.getProperty("com.ibm.wsspi.security.web.failOverToBasicAuth");
        if (property2 == null && objectList != null) {
            property2 = getDescriptiveProperties(objectList, "com.ibm.wsspi.security.web.failOverToBasicAuth");
        }
        if (property2 != null) {
            setBoolean("com.ibm.wsspi.security.web.failOverToBasicAuth", Boolean.valueOf(property2));
        }
        if (this.sco.isDomainConfig() && !this.scm.isAdminAgent()) {
            initialization_domain();
        }
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            initialization_zOS();
        }
    }

    private Object returnOnlyIfValidInheritance(Object obj, char c, boolean z) {
        return z ? obj : (z || (c & INHERITED) != INHERITED) ? obj : null;
    }

    private synchronized List<AuthMechanismConfig> do_getAuthMechanisms() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "do_getAuthMechanisms");
        }
        if (this.authMechanisms == null) {
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "do_getAuthMechanisms building list of authMechs");
            }
            this.authMechanisms = new LinkedList();
            if (this.sco.isDomainConfig() && !this.scm.isAdminAgent()) {
                List<AuthMechanismConfig> authMechanisms = SecurityObjectLocator.getSecurityConfig("security").getAuthMechanisms();
                int size = authMechanisms.size();
                for (int i = 0; i < size; i++) {
                    if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "do_getAuthMechanisms inheriting authMech from admin config", (AuthMechanismConfigImpl) authMechanisms.get(i));
                    }
                    this.authMechanisms.add((AuthMechanismConfigImpl) authMechanisms.get(i));
                }
            }
            SecurityConfigObjectList objectList = this.sco.getObjectList(AUTH_MECHANISMS, false);
            if (objectList != null) {
                int size2 = objectList.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    SecurityConfigObject securityConfigObject = objectList.get(i2);
                    if (!objectList.isDomainConfig() || this.scm.isAdminAgent() || securityConfigObject.instanceOf(SecurityPackage.eNS_URI, "LTPA") || securityConfigObject.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_SPNEGO) || securityConfigObject.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_KERBEROS)) {
                        AuthMechanismConfigImpl authMechanismConfigImpl = (objectList.isDomainConfig() && !this.scm.isAdminAgent() && securityConfigObject.instanceOf(SecurityPackage.eNS_URI, "LTPA")) ? new AuthMechanismConfigImpl(((AuthMechanismConfigImpl) SecurityObjectLocator.getSecurityConfig("security").getAuthMechanism("LTPA")).getSCO(), securityConfigObject, this, this.cacheKey) : new AuthMechanismConfigImpl(securityConfigObject, this, this.cacheKey);
                        boolean z = false;
                        if (this.sco.isDomainConfig()) {
                            int size3 = this.authMechanisms.size();
                            for (int i3 = 0; i3 < size3; i3++) {
                                AuthMechanismConfig authMechanismConfig = this.authMechanisms.get(i3);
                                if (authMechanismConfig.getSCO().isAdminConfig() && authMechanismConfigImpl.getType().equals(authMechanismConfig.getType())) {
                                    if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "do_getAuthMechanisms replacing admin authMech with domain authMech", new Object[]{authMechanismConfig, authMechanismConfigImpl});
                                    }
                                    this.authMechanisms.set(i3, authMechanismConfigImpl);
                                    z = true;
                                }
                            }
                        }
                        if (!z) {
                            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                                Tr.debug(tc, "do_getAuthMechanisms adding authMech: " + authMechanismConfigImpl);
                            }
                            this.authMechanisms.add(authMechanismConfigImpl);
                        }
                    } else if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "do_getAuthMechanisms ignoring authMech: " + securityConfigObject);
                    }
                }
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "do_getAuthMechanisms", this.authMechanisms);
        }
        return this.authMechanisms;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public List<AuthMechanismConfig> getAuthMechanisms() {
        return getAuthMechanisms(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public List<AuthMechanismConfig> getAuthMechanisms(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthMechanisms " + this.cacheKey, Boolean.valueOf(z));
        }
        List<AuthMechanismConfig> do_getAuthMechanisms = this.authMechanisms == null ? do_getAuthMechanisms() : null;
        if (this.authMechanisms != null) {
            if (z || this.sco.isAdminConfig() || this.scm.isAdminAgent()) {
                do_getAuthMechanisms = this.authMechanisms;
            } else {
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "getAuthMechanisms inherit=false returning only domain authMechs");
                }
                do_getAuthMechanisms = new LinkedList();
                int size = this.authMechanisms.size();
                for (int i = 0; i < size; i++) {
                    AuthMechanismConfig authMechanismConfig = this.authMechanisms.get(i);
                    if (authMechanismConfig.getSCO().isDomainConfig()) {
                        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                            Tr.debug(tc, "do_getAuthMechanisms inherit=false returning domain authMech: " + authMechanismConfig);
                        }
                        do_getAuthMechanisms.add(authMechanismConfig);
                    }
                }
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthMechanisms " + this.cacheKey, do_getAuthMechanisms);
        }
        return do_getAuthMechanisms;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthMechanismConfig getAuthMechanism(String str) {
        return getAuthMechanism(str, true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthMechanismConfig getAuthMechanism(String str, boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthMechanism " + this.cacheKey, new Object[]{str, Boolean.valueOf(z)});
        }
        AuthMechanismConfig authMechFromList = getAuthMechFromList(str, getAuthMechanisms(true));
        if (!z && authMechFromList != null && this.sco.isDomainConfig() && authMechFromList.getSCO().isAdminConfig()) {
            authMechFromList = null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthMechanism " + this.cacheKey, authMechFromList);
        }
        return authMechFromList;
    }

    private AuthMechanismConfig getAuthMechFromList(String str, List<AuthMechanismConfig> list) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthMechFromList " + this.cacheKey, new Object[]{str, list});
        }
        AuthMechanismConfig authMechanismConfig = null;
        if (list != null) {
            int i = 0;
            while (true) {
                if (i >= list.size()) {
                    break;
                }
                if (list.get(i).getType().equals(str)) {
                    authMechanismConfig = list.get(i);
                    break;
                }
                i++;
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthMechFromList " + this.cacheKey, authMechanismConfig);
        }
        return authMechanismConfig;
    }

    private synchronized AuthMechanismConfig do_getActiveAuthMechanism(boolean z) {
        AuthMechanismConfig authMechanismConfig = null;
        if (this.state_activeAuthMech == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject(ACTIVE_AUTH_MECHANISM, true);
            this.state_activeAuthMech = (char) (this.state_activeAuthMech | CHECKED);
            if (object != null) {
                if (object.isAdminConfig() && this.sco.isDomainConfig()) {
                    this.state_activeAuthMech = (char) (this.state_activeAuthMech | INHERITED);
                }
                this.activeAuthMech = new AuthMechanismConfigImpl(object, this, this.cacheKey);
                authMechanismConfig = (z || (this.state_activeAuthMech & INHERITED) != INHERITED) ? this.activeAuthMech : null;
            }
        } else {
            authMechanismConfig = z ? this.activeAuthMech : (z || (this.state_activeAuthMech & INHERITED) != INHERITED) ? this.activeAuthMech : null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_activeAuthMech=" + this.state_activeAuthMech);
        }
        return authMechanismConfig;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthMechanismConfig getActiveAuthMechanism() {
        return getActiveAuthMechanism(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthMechanismConfig getActiveAuthMechanism(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getActiveAuthMechanism " + this.cacheKey, Boolean.valueOf(z));
        }
        AuthMechanismConfig do_getActiveAuthMechanism = this.state_activeAuthMech == UNCHECKED ? do_getActiveAuthMechanism(z) : z ? this.activeAuthMech : (z || (this.state_activeAuthMech & INHERITED) != INHERITED) ? this.activeAuthMech : null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getActiveAuthMechanism " + this.cacheKey, do_getActiveAuthMechanism);
        }
        return do_getActiveAuthMechanism;
    }

    private synchronized void do_getAdminPreferredAuthMechanism() {
        if (this.adminPreferredAuthMech == null) {
            SecurityConfigObject object = this.sco.getObject(SecurityConfig.ADMIN_PREFERRED_AUTH_MECH, true);
            if (object != null) {
                this.adminPreferredAuthMech = new AuthMechanismConfigImpl(object, this, this.cacheKey);
                return;
            }
            SecurityConfigObject object2 = this.sco.getObject(ACTIVE_AUTH_MECHANISM, true);
            if (object2 != null) {
                this.adminPreferredAuthMech = new AuthMechanismConfigImpl(object2, this, this.cacheKey);
            }
        }
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthMechanismConfig getAdminPreferredAuthMechanism() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAdminPreferredAuthMechanism " + this.cacheKey);
        }
        if (this.adminPreferredAuthMech == null) {
            do_getAdminPreferredAuthMechanism();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAdminPreferredAuthMechanism " + this.cacheKey, this.adminPreferredAuthMech);
        }
        return this.adminPreferredAuthMech;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public void setAuthMechanism(AuthMechanismConfig authMechanismConfig) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "setAuthMechanism " + this.cacheKey, authMechanismConfig);
        }
        if (this.authMechanisms == null) {
            getAuthMechanisms();
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= this.authMechanisms.size()) {
                break;
            }
            if (this.authMechanisms.get(i).getType().equals(authMechanismConfig.getType())) {
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "setAuthMechanism replacing existing auth mech in list");
                }
                this.authMechanisms.set(i, authMechanismConfig);
                z = true;
            } else {
                i++;
            }
        }
        if (!z) {
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                Tr.debug(tc, "setAuthMechanism adding auth mech to list");
            }
            this.authMechanisms.add(authMechanismConfig);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthMechanism " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public void refreshSPNEGOAuthMechanism() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshSPNEGOAuthMechanism " + this.cacheKey);
        }
        this.scm.refreshSPNEGOAuthMechanism(this.sco.isDomainConfig() ? PropertiesBasedConfigConstants.APPSECURITY_RESOURCE_TYPE : "security");
        if (this.sco.isDomainConfig()) {
            this.authMechanisms = null;
            do_getAuthMechanisms();
        } else {
            Iterator<AuthMechanismConfig> it = this.authMechanisms.iterator();
            while (it.hasNext()) {
                AuthMechanismConfig next = it.next();
                if (next.getType().equals(AuthMechanismConfig.TYPE_SPNEGO) || next.getType().equals(AuthMechanismConfig.TYPE_KERBEROS)) {
                    it.remove();
                }
            }
            SecurityConfigObjectList objectList = this.sco.getObjectList(AUTH_MECHANISMS, false);
            if (objectList != null) {
                int size = objectList.size();
                for (int i = 0; i < size; i++) {
                    SecurityConfigObject securityConfigObject = objectList.get(i);
                    if (securityConfigObject.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_SPNEGO) || securityConfigObject.instanceOf(SecurityPackage.eNS_URI, AuthMechanismConfig.TYPE_KERBEROS)) {
                        this.authMechanisms.add(new AuthMechanismConfigImpl(securityConfigObject, this, this.cacheKey));
                    }
                }
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthMechanism " + this.cacheKey);
        }
    }

    private synchronized TrustAssociationConfig do_getTrustAssociation(String str, boolean z) {
        TrustAssociationConfig trustAssociationConfig;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "do_getTrustAssociation " + this.cacheKey, new Object[]{str, Boolean.valueOf(z)});
        }
        if (this.state_tai == UNCHECKED) {
            if (this.sco.isDomainConfig() && !this.scm.isAdminAgent()) {
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "We are a MSD domain, try to load the TAI if it is defined");
                }
                SecurityConfigObjectList objectList = this.sco.getObjectList(AUTH_MECHANISMS, false);
                if (objectList != null) {
                    int size = objectList.size();
                    for (int i = 0; i < size; i++) {
                        SecurityConfigObject securityConfigObject = objectList.get(i);
                        if (securityConfigObject.instanceOf(SecurityPackage.eNS_URI, "LTPA")) {
                            SecurityConfigObject object = securityConfigObject.getObject(TRUST_ASSOCIATION, false);
                            if (object != null) {
                                this.tai = new TrustAssociationConfigImpl(object, this, this.cacheKey);
                                if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
                                    Tr.debug(tc, "trustAssociation found at the domain level");
                                }
                            } else if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Unable to find a trustAssociation definition");
                            }
                        }
                    }
                }
            }
            if (this.tai == null) {
                if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                    Tr.debug(tc, "We are admin, an AdminAgent profile or MSD without LTPA or TAI defined");
                }
                AuthMechanismConfigImpl authMechanismConfigImpl = (AuthMechanismConfigImpl) getAuthMechanism(str, z);
                if (authMechanismConfigImpl != null) {
                    SecurityConfigObject object2 = authMechanismConfigImpl.getSCO().getObject(TRUST_ASSOCIATION, false);
                    if (object2 != null) {
                        this.tai = new TrustAssociationConfigImpl(object2, this, this.cacheKey);
                        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
                            Tr.debug(tc, "trustAssociation found at the global level");
                        }
                        if (object2.isAdminConfig() && this.sco.isDomainConfig()) {
                            this.state_tai = (char) (this.state_tai | INHERITED);
                        }
                    } else if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unable to find a trustAssociation definition");
                    }
                }
            }
            this.state_tai = (char) (this.state_tai | CHECKED);
            trustAssociationConfig = (TrustAssociationConfig) returnOnlyIfValidInheritance(this.tai, this.state_tai, z);
        } else {
            trustAssociationConfig = (TrustAssociationConfig) returnOnlyIfValidInheritance(this.tai, this.state_tai, z);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_tai=" + this.state_tai);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "do_getTrustAssociation " + this.cacheKey, trustAssociationConfig);
        }
        return trustAssociationConfig;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public TrustAssociationConfig getTrustAssociation() {
        return getTrustAssociation("LTPA", true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public TrustAssociationConfig getTrustAssociation(String str) {
        return getTrustAssociation(str, true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public TrustAssociationConfig getTrustAssociation(String str, boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustAssociation " + this.cacheKey, new Object[]{str, Boolean.valueOf(z)});
        }
        TrustAssociationConfig do_getTrustAssociation = (this.state_tai == UNCHECKED || !str.equals("LTPA")) ? do_getTrustAssociation(str, z) : (TrustAssociationConfig) returnOnlyIfValidInheritance(this.tai, this.state_tai, z);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getTrustAssociation " + this.cacheKey, do_getTrustAssociation);
        }
        return do_getTrustAssociation;
    }

    private synchronized List<UserRegistryConfig> do_getUserRegistries(boolean z) {
        List<UserRegistryConfig> list = null;
        if (this.state_userRegistries == UNCHECKED) {
            SecurityConfigObjectList objectList = this.sco.getObjectList(USER_REGISTRIES, true);
            this.state_userRegistries = (char) (this.state_userRegistries | CHECKED);
            if (objectList != null) {
                if (!objectList.isDomainConfig() && this.sco.isDomainConfig()) {
                    this.state_userRegistries = (char) (this.state_userRegistries | INHERITED);
                }
                int size = objectList.size();
                this.userRegistries = new LinkedList();
                for (int i = 0; i < size; i++) {
                    this.userRegistries.add(new UserRegistryConfigImpl(objectList.get(i), this, this.cacheKey));
                }
                list = (z || (this.state_userRegistries & INHERITED) != INHERITED) ? this.userRegistries : null;
            }
        } else {
            list = z ? this.userRegistries : (z || (this.state_userRegistries & INHERITED) != INHERITED) ? this.userRegistries : null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_userRegistries=" + this.state_userRegistries);
        }
        return list;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public List<UserRegistryConfig> getUserRegistries() {
        return getUserRegistries(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public List<UserRegistryConfig> getUserRegistries(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserRegistries " + this.cacheKey, Boolean.valueOf(z));
        }
        List<UserRegistryConfig> do_getUserRegistries = this.state_userRegistries == UNCHECKED ? do_getUserRegistries(z) : z ? this.userRegistries : (z || (this.state_userRegistries & INHERITED) != INHERITED) ? this.userRegistries : null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserRegistries" + this.cacheKey, do_getUserRegistries);
        }
        return do_getUserRegistries;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public UserRegistryConfig getUserRegistry(String str) {
        return getUserRegistry(str, true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public UserRegistryConfig getUserRegistry(String str, boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserRegistry " + this.cacheKey, new Object[]{str, Boolean.valueOf(z)});
        }
        UserRegistryConfig userRegistryConfig = null;
        List<UserRegistryConfig> userRegistries = getUserRegistries(z);
        if (userRegistries != null) {
            int i = 0;
            while (true) {
                if (i >= userRegistries.size()) {
                    break;
                }
                if (userRegistries.get(i).getType().equals(str)) {
                    userRegistryConfig = userRegistries.get(i);
                    break;
                }
                i++;
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserRegistry " + this.cacheKey, userRegistryConfig);
        }
        return userRegistryConfig;
    }

    private synchronized UserRegistryConfig do_getActiveUserRegistry(boolean z) {
        UserRegistryConfig userRegistryConfig = null;
        if (this.state_activeUserReg == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject(ACTIVE_USER_REGISTRY, true);
            this.state_activeUserReg = (char) (this.state_activeUserReg | CHECKED);
            if (object != null) {
                if (object.isAdminConfig() && this.sco.isDomainConfig()) {
                    this.state_activeUserReg = (char) (this.state_activeUserReg | INHERITED);
                }
                if (this.activeUserReg == null) {
                    this.activeUserReg = new UserRegistryConfigImpl(object, this, this.cacheKey);
                }
                userRegistryConfig = (z || (this.state_activeUserReg & INHERITED) != INHERITED) ? this.activeUserReg : null;
            }
        } else {
            userRegistryConfig = z ? this.activeUserReg : (z || (this.state_activeUserReg & INHERITED) != INHERITED) ? this.activeUserReg : null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_activeUserReg=" + this.state_activeUserReg);
        }
        return userRegistryConfig;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public UserRegistryConfig getActiveUserRegistry() {
        return getActiveUserRegistry(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public UserRegistryConfig getActiveUserRegistry(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getActiveUserRegistry " + this.cacheKey, Boolean.valueOf(z));
        }
        UserRegistryConfig do_getActiveUserRegistry = this.state_activeUserReg == UNCHECKED ? do_getActiveUserRegistry(z) : z ? this.activeUserReg : (z || (this.state_activeUserReg & INHERITED) != INHERITED) ? this.activeUserReg : null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getActiveUserRegistry " + this.cacheKey, do_getActiveUserRegistry);
        }
        return do_getActiveUserRegistry;
    }

    protected synchronized AuthorizationConfig setAuthorizationConfig(AuthorizationConfig authorizationConfig) {
        boolean isDomainConfig = this.sco.isDomainConfig();
        boolean isDomainConfig2 = authorizationConfig.getSCO().isDomainConfig();
        if (!isDomainConfig || isDomainConfig2) {
            if (isDomainConfig || !isDomainConfig2) {
                throw new IllegalStateException("Trying to set AuthorizationConfig for a scope using configuration from that scope. isDomainAuthzConfig=" + isDomainConfig2);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting AuthorizationConfig for global scope using domain configuration");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting AuthorizationConfig for domain scope using global configuration");
        }
        this.state_authzConfig = CHECKED;
        this.authzConfig = authorizationConfig;
        return authorizationConfig;
    }

    private synchronized AuthorizationConfig do_getAuthorizationConfig(boolean z) {
        AuthorizationConfig authorizationConfig;
        AuthorizationConfig authorizationConfig2 = null;
        if (this.state_authzConfig == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject("authConfig", z);
            this.state_authzConfig = (char) (this.state_authzConfig | CHECKED);
            if (object != null) {
                if (object.isAdminConfig() && this.sco.isDomainConfig()) {
                    this.state_authzConfig = (char) (this.state_authzConfig | INHERITED);
                }
                this.authzConfig = new AuthorizationConfigImpl(object, this, this.cacheKey);
                authorizationConfig2 = (z || (this.state_authzConfig & INHERITED) != INHERITED) ? this.authzConfig : null;
                if (this.sco.isDomainConfig() && (this.state_authzConfig & INHERITED) != INHERITED && this.authzConfig != null) {
                    ((SecurityConfigImpl) SecurityObjectLocator.getSecurityConfig("security")).setAuthorizationConfig(this.authzConfig);
                }
            } else if (this.sco.isDomainConfig() && (authorizationConfig = SecurityObjectLocator.getSecurityConfig("security").getAuthorizationConfig()) != null) {
                authorizationConfig2 = setAuthorizationConfig(authorizationConfig);
            }
        } else {
            authorizationConfig2 = z ? this.authzConfig : (z || (this.state_authzConfig & INHERITED) != INHERITED) ? this.authzConfig : null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_authzConfig=" + this.state_authzConfig);
        }
        return authorizationConfig2;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthorizationConfig getAuthorizationConfig() {
        return getAuthorizationConfig(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public AuthorizationConfig getAuthorizationConfig(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthorizationConfig " + this.cacheKey, Boolean.valueOf(z));
        }
        AuthorizationConfig do_getAuthorizationConfig = this.state_authzConfig == UNCHECKED ? do_getAuthorizationConfig(z) : z ? this.authzConfig : (z || (this.state_authzConfig & INHERITED) != INHERITED) ? this.authzConfig : null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthorizationConfig " + this.cacheKey, do_getAuthorizationConfig);
        }
        return do_getAuthorizationConfig;
    }

    private synchronized void do_getJAASLoginConfig() {
        if (this.loginConfig == null) {
            this.loginConfig = new JAASLoginConfigImpl(this.sco, this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public JAASLoginConfig getJAASLoginConfig() {
        return getJAASLoginConfig(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public JAASLoginConfig getJAASLoginConfig(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getJAASLoginConfig " + this.cacheKey, Boolean.valueOf(z));
        }
        if (this.loginConfig == null) {
            do_getJAASLoginConfig();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getJAASLoginConfig " + this.cacheKey, this.loginConfig);
        }
        return this.loginConfig;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public CSIv2Config getCSIv2Config() {
        return getCSIv2Config(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public CSIv2Config getCSIv2Config(boolean z) {
        if (getCSIv2Data(z) == null) {
            return null;
        }
        return SecurityObjectLocator.getCSIv2Config();
    }

    private synchronized CSIv2ConfigData do_getCSIv2Data(boolean z) {
        CSIv2ConfigData cSIv2ConfigData = null;
        if (this.state_csiv2Data == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject(CSIv2, true);
            this.state_csiv2Data = (char) (this.state_csiv2Data | CHECKED);
            if (object != null) {
                if (object.isAdminConfig() && this.sco.isDomainConfig()) {
                    this.state_csiv2Data = (char) (this.state_csiv2Data | INHERITED);
                }
                this.csiv2Data = new CSIv2ConfigData(object, this, this.cacheKey);
                cSIv2ConfigData = (z || (this.state_csiv2Data & INHERITED) != INHERITED) ? this.csiv2Data : null;
            }
        } else {
            cSIv2ConfigData = z ? this.csiv2Data : (z || (this.state_csiv2Data & INHERITED) != INHERITED) ? this.csiv2Data : null;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_csiv2Data=" + this.state_csiv2Data);
        }
        return cSIv2ConfigData;
    }

    public CSIv2ConfigData getCSIv2Data() {
        return getCSIv2Data(true);
    }

    public CSIv2ConfigData getCSIv2Data(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getCSIv2Data " + this.cacheKey, Boolean.valueOf(z));
        }
        CSIv2ConfigData do_getCSIv2Data = this.state_csiv2Data == UNCHECKED ? do_getCSIv2Data(z) : z ? this.csiv2Data : (z || (this.state_csiv2Data & INHERITED) != INHERITED) ? this.csiv2Data : null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getCSIv2Data " + this.cacheKey, do_getCSIv2Data);
        }
        return do_getCSIv2Data;
    }

    private synchronized TrustedAuthenticationRealm do_getInboundTrustedAuthenticationRealm() {
        TrustedAuthenticationRealm trustedAuthenticationRealm;
        if (this.state_inboundTrustedAuthenticationRealm == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject(INBOUND_TRUSTED_AUTHENTICATION_REALM, false);
            this.state_inboundTrustedAuthenticationRealm = (char) (this.state_inboundTrustedAuthenticationRealm | CHECKED);
            TrustedAuthenticationRealm trustedAuthenticationRealm2 = new TrustedAuthenticationRealm(false, object, this, this.cacheKey);
            this.inboundTrustedAuthenticationRealm = trustedAuthenticationRealm2;
            trustedAuthenticationRealm = trustedAuthenticationRealm2;
        } else {
            trustedAuthenticationRealm = this.inboundTrustedAuthenticationRealm;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_inboundTrustedAuthenticationRealm=" + this.state_inboundTrustedAuthenticationRealm);
        }
        return trustedAuthenticationRealm;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public TrustedAuthenticationRealm getInboundTrustedAuthenticationRealm() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getInboundTrustedAuthenticationRealm " + this.cacheKey);
        }
        TrustedAuthenticationRealm do_getInboundTrustedAuthenticationRealm = this.state_inboundTrustedAuthenticationRealm == UNCHECKED ? do_getInboundTrustedAuthenticationRealm() : this.inboundTrustedAuthenticationRealm;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getInboundTrustedAuthenticationRealm " + this.cacheKey, do_getInboundTrustedAuthenticationRealm);
        }
        return do_getInboundTrustedAuthenticationRealm;
    }

    private synchronized TrustedAuthenticationRealm do_getOutboundTrustedAuthenticationRealm() {
        TrustedAuthenticationRealm trustedAuthenticationRealm;
        if (this.state_outboundTrustedAuthenticationRealm == UNCHECKED) {
            SecurityConfigObject object = this.sco.getObject(OUTBOUND_TRUSTED_AUTHENTICATION_REALM, false);
            this.state_outboundTrustedAuthenticationRealm = (char) (this.state_outboundTrustedAuthenticationRealm | CHECKED);
            TrustedAuthenticationRealm trustedAuthenticationRealm2 = new TrustedAuthenticationRealm(true, object, this, this.cacheKey);
            this.outboundTrustedAuthenticationRealm = trustedAuthenticationRealm2;
            trustedAuthenticationRealm = trustedAuthenticationRealm2;
        } else {
            trustedAuthenticationRealm = this.outboundTrustedAuthenticationRealm;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "state_outboundTrustedAuthenticationRealm=" + this.state_outboundTrustedAuthenticationRealm);
        }
        return trustedAuthenticationRealm;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public TrustedAuthenticationRealm getOutboundTrustedAuthenticationRealm() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getOutboundTrustedAuthenticationRealm " + this.cacheKey);
        }
        TrustedAuthenticationRealm do_getOutboundTrustedAuthenticationRealm = this.state_outboundTrustedAuthenticationRealm == UNCHECKED ? do_getOutboundTrustedAuthenticationRealm() : this.outboundTrustedAuthenticationRealm;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getOutboundTrustedAuthenticationRealm " + this.cacheKey, do_getOutboundTrustedAuthenticationRealm);
        }
        return do_getOutboundTrustedAuthenticationRealm;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public boolean isPropertySet(String str, boolean z) {
        return !z ? this.props.containsKey(str) : this.sco.getProperties().containsKey(str);
    }

    private synchronized void do_getProperties() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "do_getProperties " + this.cacheKey);
        }
        if (this.props == null) {
            Properties properties = this.sco.getProperties();
            if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
                Tr.entry(tc, "Properties defined for this SCO:" + properties);
            }
            if (!this.sco.isDomainConfig() || this.scm.isAdminAgent()) {
                this.props = properties;
            } else {
                Properties properties2 = SecurityObjectLocator.getSecurityConfig("security").getProperties();
                if (properties2 != null) {
                    Properties properties3 = new Properties();
                    properties3.putAll(properties2);
                    Properties properties4 = this.sco.getProperties(false);
                    if (properties4 == null || !properties4.containsKey("com.ibm.CSI.supportedTargetRealms")) {
                        properties3.remove("com.ibm.CSI.supportedTargetRealms");
                        properties.remove("com.ibm.CSI.supportedTargetRealms");
                    }
                    properties3.putAll(properties);
                    this.props = properties3;
                } else {
                    this.props = properties;
                }
                SecurityConfigImpl securityConfigImpl = (SecurityConfigImpl) SecurityObjectLocator.getSecurityConfig("Security");
                if (this.props.containsKey(SecurityConfig.ENABLE_SYNC_TO_OS_THREAD)) {
                    if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Overriding global level property was.security.EnableSyncToOSThread with the value at the domain level: " + ((String) this.props.get(SecurityConfig.ENABLE_SYNC_TO_OS_THREAD)));
                    }
                    securityConfigImpl.setProperty(SecurityConfig.ENABLE_SYNC_TO_OS_THREAD, (String) this.props.get(SecurityConfig.ENABLE_SYNC_TO_OS_THREAD));
                }
                if (this.props.containsKey(SecurityConfig.ENABLE_RUN_AS_IDENTITY)) {
                    if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Overriding global level property was.security.EnableRunAsIdentity with the value at the domain level: " + ((String) this.props.get(SecurityConfig.ENABLE_RUN_AS_IDENTITY)));
                    }
                    securityConfigImpl.setProperty(SecurityConfig.ENABLE_RUN_AS_IDENTITY, (String) this.props.get(SecurityConfig.ENABLE_RUN_AS_IDENTITY));
                }
            }
            if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                dumpProperties();
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "do_getProperties " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public Properties getProperties() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getProperties " + this.cacheKey);
        }
        if (this.props == null) {
            do_getProperties();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getProperties " + this.cacheKey, this.props);
        }
        return this.props;
    }

    private String getDefaultProp(String str) {
        if (this.defaultProps.containsKey(str)) {
            return this.defaultProps.get(str);
        }
        if (!SecurityConfigGlobals.enableVerbose || !tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Default property value for key [" + str + "] in SCO [" + this.sco.toString() + "] is not defined " + this.cacheKey);
        return null;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public String getProperty(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getProperty key=" + str + " " + this.cacheKey);
        }
        String str2 = this.propsCache.get(str);
        if (str2 == null) {
            str2 = System.getProperty(str, null);
            if (str2 == null) {
                if (this.props == null) {
                    getProperties();
                }
                if (this.props == null) {
                    str2 = getDefaultProp(str);
                } else {
                    str2 = (String) this.props.get(str);
                    if (str2 == null) {
                        str2 = getDefaultProp(str);
                    }
                }
            }
            if (str2 != null) {
                this.propsCache.put(str, str2);
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getProperty key=" + str + " " + this.cacheKey, str2);
        }
        return str2;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public boolean getPropertyBool(String str) {
        return getPropertyBool(str, false);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public boolean getPropertyBool(String str, boolean z) {
        Boolean bool;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropertyBool id=" + str + " default=" + z + " " + this.cacheKey);
        }
        if (this._performTAIForUnprotectedURI == null || !str.equals(SecurityConfig.PERFORM_TAI_FOR_UNPROTECTED_URI)) {
            bool = this.boolPropsCache.get(str);
            if (bool == null) {
                String property = getProperty(str);
                bool = property == null ? Boolean.valueOf(z) : Boolean.valueOf(property);
                this.boolPropsCache.put(str, bool);
                if (str.equals(SecurityConfig.PERFORM_TAI_FOR_UNPROTECTED_URI)) {
                    this._performTAIForUnprotectedURI = bool;
                }
            }
        } else {
            bool = this._performTAIForUnprotectedURI;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropertyBool id=" + str + " " + this.cacheKey + " val=" + bool);
        }
        return bool.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProperty(String str, String str2) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "setProperty key=" + str + " value=" + str2 + " " + this.cacheKey);
        }
        if (str != null && str2 != null) {
            if (this.props == null) {
                getProperties();
            }
            if (this.props != null) {
                this.props.put(str, str2);
                this.propsCache.put(str, str2);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to set proprety key=" + str + " because property table is NULL");
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "setProperty key=" + str + " value=" + str2 + " " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.GenericConfigHelperImpl, com.ibm.ws.security.config.GenericConfigHelper
    public Object getObject(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getObject: key=" + str + this.cacheKey);
        }
        Object object = (this.sco.isAdminConfig() || !str.equals("process.jmxConnectorProps")) ? super.getObject(str) : SecurityObjectLocator.getSecurityConfig("security").getObject(str);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getObject" + this.cacheKey, object);
        }
        return object;
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public String getDomain() {
        String domain = this.scm.getDomain();
        return domain == null ? CommonConstants.GLOBAL : domain;
    }

    public void dumpProperties() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "dumpProperties() " + this.cacheKey);
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (this.props != null && this.props.size() > 0) {
            stringBuffer.append("Properties: {\n");
            for (String str : this.props.keySet()) {
                String property = this.props.getProperty(str);
                if (str.toLowerCase().indexOf("password") != -1) {
                    stringBuffer.append(str);
                    stringBuffer.append(" = ");
                    stringBuffer.append(ConfigUtils.mask(property));
                    stringBuffer.append("\n");
                } else {
                    stringBuffer.append(str);
                    stringBuffer.append(" = ");
                    stringBuffer.append(property);
                    stringBuffer.append("\n");
                }
            }
            stringBuffer.append("}");
        }
        if (this.defaultProps != null && this.defaultProps.size() > 0) {
            stringBuffer.append("\nDefaults:\n");
            stringBuffer.append(this.defaultProps.toString());
            stringBuffer.append("\n");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, stringBuffer.toString());
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "dumpProperties() " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public String getSAFProfilePrefix() {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAFProfilePrefix");
        }
        String str = null;
        if (isPropertySet("security.zOS.domainType", false) && isPropertySet("security.zOS.domainName", false)) {
            if ("cellQualified".equalsIgnoreCase(getProperty("security.zOS.domainType")) && getProperty("security.zOS.domainName").length() > 0) {
                str = getProperty("security.zOS.domainName");
            }
        } else if (isPropertySet(SecurityConfig.SAF_PROFILE_PREFIX, false) && SecurityConfig.SAF_PROFILE_PREFIX.length() > 0) {
            str = getProperty(SecurityConfig.SAF_PROFILE_PREFIX);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSAFProfilePrefix: " + str);
        }
        return str;
    }

    private synchronized void do_getJaspiConfiguration() {
        SecurityConfigObject object;
        if (this.jaspiConfig != null || (object = this.sco.getObject("jaspiConfiguration")) == null) {
            return;
        }
        this.jaspiConfig = new JaspiConfigurationImpl(SecurityObjectLocator.getSecurityConfig(), object, this, this.cacheKey);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public JaspiConfiguration getJaspiConfiguration() {
        return getJaspiConfiguration(true);
    }

    @Override // com.ibm.ws.security.config.SecurityConfig
    public JaspiConfiguration getJaspiConfiguration(boolean z) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "JaspiConfiguration " + this.cacheKey, Boolean.valueOf(z));
        }
        if (this.jaspiConfig == null) {
            do_getJaspiConfiguration();
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "JaspiConfiguration " + this.cacheKey, this.loginConfig);
        }
        return this.jaspiConfig;
    }
}
