package com.ibm.ws.security.csiv2;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.wsspi.security.csiv2.TrustedIDEvaluator;
import java.security.cert.X509Certificate;
import java.util.StringTokenizer;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ws/security/csiv2/TrustedIDEvaluatorImpl.class */
public class TrustedIDEvaluatorImpl implements TrustedIDEvaluator {
    private static final TraceComponent tc = Tr.register((Class<?>) TrustedIDEvaluatorImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);

    public TrustedIDEvaluatorImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(String str, String str2) {
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        String string = cSIv2Config.getString(CSIv2Config.PERFORM_ALTERNATE_INDENTITY_ASSERTION_TRUSTED_ID);
        String string2 = cSIv2Config.getString(CSIv2Config.PERFORM_ALTERNATE_INDENTITY_ASSERTION_TRUSTED_PASSWORD);
        String string3 = cSIv2Config.getString("com.ibm.CORBA.loginUserid");
        String string4 = cSIv2Config.getString("com.ibm.CORBA.loginPassword");
        if (string3 != null && !string3.equals("") && str != null && str.equalsIgnoreCase(string3) && string4 != null && !string4.equals("") && str2 != null && str2.equalsIgnoreCase(string4)) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The server ID/password is from this cell, returning true.");
            return true;
        }
        if (string != null && str.equalsIgnoreCase(string) && string2 != null && str2 != null && str2.equalsIgnoreCase(string2)) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The alternate ID/password is from this cell, returning true.");
            return true;
        }
        if (string3 != null && !string3.equals("") && (string4 == null || string4.equals(""))) {
            if (str != null && str.equalsIgnoreCase(string3)) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "The server ID is from this cell, returning true.");
                return true;
            }
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(ContextManagerFactory.getInstance().getServerSubject());
                if (wSCredentialFromSubject != null) {
                    String accessId = wSCredentialFromSubject.getAccessId();
                    String uniqueSecurityName = wSCredentialFromSubject.getUniqueSecurityName();
                    String securityName = wSCredentialFromSubject.getSecurityName();
                    if ((accessId != null && str.equalsIgnoreCase(accessId)) || ((uniqueSecurityName != null && str.equalsIgnoreCase(uniqueSecurityName)) || (securityName != null && str.equalsIgnoreCase(securityName)))) {
                        if (!tc.isDebugEnabled()) {
                            return true;
                        }
                        Tr.debug(tc, "The server access ID, secuirty name, or unique server ID is from this cell, returning true.");
                        return true;
                    }
                }
            } catch (Exception e) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "Exception getting access ID from server credential.", new Object[]{e});
                return false;
            }
        }
        return isTrusted(str);
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(String str) {
        String string = SecurityObjectLocator.getCSIv2Config().getString(CSIv2Config.TRUSTED_PRINCIPAL_LIST);
        StringTokenizer stringTokenizer = new StringTokenizer(string, CommandSecurityUtil.PARAM_DELIM);
        while (stringTokenizer.hasMoreTokens()) {
            if (clean(stringTokenizer.nextToken()).equalsIgnoreCase(str)) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "The serverID " + str + " has been found in the trusted list.");
                return true;
            }
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(string, ",");
        while (stringTokenizer2.hasMoreTokens()) {
            if (clean(stringTokenizer2.nextToken()).equalsIgnoreCase(str)) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "The serverID " + str + " has been found in the trusted list.");
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.wsspi.security.csiv2.TrustedIDEvaluator
    public boolean isTrusted(X509Certificate[] x509CertificateArr) {
        boolean z = false;
        if (x509CertificateArr == null || x509CertificateArr[0] == null) {
            Tr.debug(tc, "cert chain or the first cert is null");
        } else {
            z = isTrusted(x509CertificateArr[0].getIssuerDN().getName());
        }
        return z;
    }

    public static String clean(String str) {
        String str2 = null;
        if (str != null) {
            str2 = str.trim();
            if ((str2.startsWith("\"") && str2.endsWith("\"")) || (str2.startsWith("'") && str2.endsWith("'"))) {
                str2 = str2.substring(1, str2.length() - 1).trim();
            }
        }
        return str2;
    }
}
