package com.ibm.ws.security.spnego.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.spnego.ErrorPageConfig;
import com.ibm.ws.security.spnego.SpnegoConfig;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.location.WsResource;
import java.net.InetAddress;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.ietf.jgss.GSSCredential;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.spnego_1.0.14.jar:com/ibm/ws/security/spnego/internal/SpnegoConfigImpl.class */
public class SpnegoConfigImpl implements SpnegoConfig {
    public static final String KEY_ID = "id";
    public static final String KEY_AUTH_FILTER_REF = "authFilterRef";
    public static final String KEY_HOST_NAME = "hostName";
    public static final String KEY_ALLOW_LOCAL_HOST = "allowLocalHost";
    public static final String KEY_CANONICAL_HOST_NAME = "canonicalHostName";
    public static final String KEY_KRB5_CONFIG = "krb5Config";
    public static final String KEY_KRB5_KEYTAB = "krb5Keytab";
    public static final String KEY_KERBEROR_REALM_NAME = "kerberosRealmName";
    public static final String KEY_SERVICE_PRINCIPAL_NAMES = "servicePrincipalNames";
    public static final String KEY_SKIP_FOR_UNPROTECTED_URI = "skipForUnprotectedURI";
    public static final String KEY_DISABLE_FAIL_OVER_TO_APP_AUTH_TYPE = "disableFailOverToAppAuthType";
    public static final String KEY_INVOKE_AFTER_SSO = "invokeAfterSSO";
    public static final String KEY_SPNEGO_NOT_SUPPORTED_ERROR_PAGE_URL = "spnegoNotSupportedErrorPageURL";
    public static final String KEY_NTLM_TOKEN_RECEIVED_ERROR_PAGE_URL = "ntlmTokenReceivedErrorPageURL";
    public static final String KEY_TRIM_KERBEROS_REALM_NAME_FROM_PRINCIPAL = "trimKerberosRealmNameFromPrincipal";
    public static final String KEY_INCLUDE_CLIENT_GSS_CREDENTIAL_IN_SUBJECT = "includeClientGSSCredentialInSubject";
    public static final String KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT = "includeCustomCacheKeyInSubject";
    public static final String LOCAL_HOST = "localhost";
    public static final String HTTP_LOCAL_HOST = "HTTP/localhost";
    static final String KEY_CONFIGURATION_ADMIN = "configurationAdmin";
    private WsLocationAdmin locationAdmin;
    private String id;
    private String authFilterRef;
    private boolean allowLocalHost;
    private String hostName;
    private boolean canonicalHostName;
    private String krb5Config;
    private String krb5Keytab;
    private String kerberosRealmName;
    private List<String> servicePrincipalNames;
    private boolean skipForUnprotectedURI;
    private boolean disableFailOverToAppAuthType;
    private boolean invokeAfterSSO;
    private String spnegoNotSupportedErrorPageURL;
    private String ntlmTokenReceivedErrorPageURL;
    private boolean includeCustomCacheKeyInSubject;
    private boolean trimKerberosRealmNameFromPrincipal;
    private boolean includeClientGSSCredentialInSubject;
    private ErrorPageConfig errorPageConfig = null;
    private final SpnGssCredential spnGssCredential = new SpnGssCredential();
    private Krb5DefaultFile krb5DefaultFile;
    static final long serialVersionUID = 2923667145828436416L;
    private static final TraceComponent tc = Tr.register(SpnegoConfigImpl.class);
    public static final String[] localhost = {"localhost"};

    public SpnegoConfigImpl(WsLocationAdmin wsLocationAdmin, Map<String, Object> map) {
        this.locationAdmin = null;
        this.krb5DefaultFile = null;
        this.locationAdmin = wsLocationAdmin;
        this.krb5DefaultFile = new Krb5DefaultFile(wsLocationAdmin);
        processConfig(map);
        initSpnGssCrendential();
    }

    protected boolean initSpnGssCrendential() {
        boolean z = true;
        this.errorPageConfig = new ErrorPageConfig(this.spnegoNotSupportedErrorPageURL, this.ntlmTokenReceivedErrorPageURL);
        if (this.krb5Keytab == null || this.krb5Keytab.length() == 0) {
            z = false;
        } else {
            this.spnGssCredential.init(this.servicePrincipalNames, this);
            if (this.spnGssCredential.isEmpty()) {
                z = false;
            }
        }
        return z;
    }

    protected void processConfig(Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        this.id = (String) map.get("id");
        this.authFilterRef = (String) map.get("authFilterRef");
        this.hostName = (String) map.get(KEY_HOST_NAME);
        this.allowLocalHost = ((Boolean) map.get(KEY_ALLOW_LOCAL_HOST)).booleanValue();
        this.canonicalHostName = ((Boolean) map.get(KEY_CANONICAL_HOST_NAME)).booleanValue();
        this.krb5Config = processKrb5Config(map);
        this.krb5Keytab = processKrb5Keytab(map);
        String str = (String) map.get(KEY_SERVICE_PRINCIPAL_NAMES);
        this.skipForUnprotectedURI = ((Boolean) map.get(KEY_SKIP_FOR_UNPROTECTED_URI)).booleanValue();
        this.disableFailOverToAppAuthType = ((Boolean) map.get(KEY_DISABLE_FAIL_OVER_TO_APP_AUTH_TYPE)).booleanValue();
        this.invokeAfterSSO = ((Boolean) map.get("invokeAfterSSO")).booleanValue();
        this.spnegoNotSupportedErrorPageURL = (String) map.get(KEY_SPNEGO_NOT_SUPPORTED_ERROR_PAGE_URL);
        this.ntlmTokenReceivedErrorPageURL = (String) map.get(KEY_NTLM_TOKEN_RECEIVED_ERROR_PAGE_URL);
        this.trimKerberosRealmNameFromPrincipal = ((Boolean) map.get(KEY_TRIM_KERBEROS_REALM_NAME_FROM_PRINCIPAL)).booleanValue();
        this.includeClientGSSCredentialInSubject = ((Boolean) map.get(KEY_INCLUDE_CLIENT_GSS_CREDENTIAL_IN_SUBJECT)).booleanValue();
        this.servicePrincipalNames = resolveServicePrincipalNames((String) map.get(KEY_SERVICE_PRINCIPAL_NAMES));
        this.includeCustomCacheKeyInSubject = ((Boolean) map.get("includeCustomCacheKeyInSubject")).booleanValue();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "id: " + this.id, new Object[0]);
            Tr.debug(tc, "authFilterRef: " + this.authFilterRef, new Object[0]);
            Tr.debug(tc, "hostName: " + this.hostName, new Object[0]);
            Tr.debug(tc, "allowLocalHost: " + this.allowLocalHost, new Object[0]);
            Tr.debug(tc, "canonicalHostName: " + this.canonicalHostName, new Object[0]);
            Tr.debug(tc, "krb5Config: " + this.krb5Config, new Object[0]);
            Tr.debug(tc, "krb5Keytab: " + this.krb5Keytab, new Object[0]);
            Tr.debug(tc, "kerberosRealmName: " + this.kerberosRealmName, new Object[0]);
            Tr.debug(tc, "spns: " + str, new Object[0]);
            Tr.debug(tc, "skipForUnprotectedURI: " + this.skipForUnprotectedURI, new Object[0]);
            Tr.debug(tc, "disableFailOverToAppAuthType: " + this.disableFailOverToAppAuthType, new Object[0]);
            Tr.debug(tc, "invokeAfterSSO: " + this.invokeAfterSSO, new Object[0]);
            Tr.debug(tc, "spnegoNotSupportedErrorPageURL: " + this.spnegoNotSupportedErrorPageURL, new Object[0]);
            Tr.debug(tc, "ntlmTokenReceivedErrorPageURL: " + this.ntlmTokenReceivedErrorPageURL, new Object[0]);
            Tr.debug(tc, "trimKerberosRealmNameFromPrincipal: " + this.trimKerberosRealmNameFromPrincipal, new Object[0]);
            Tr.debug(tc, "includeClientGSSCredentialInSubject: " + this.includeClientGSSCredentialInSubject, new Object[0]);
            Tr.debug(tc, "includeCustomCacheKeyInSubject: " + this.includeCustomCacheKeyInSubject, new Object[0]);
        }
    }

    protected String processKrb5Keytab(Map<String, Object> map) {
        String str = (String) map.get(KEY_KRB5_KEYTAB);
        if (str == null) {
            return this.krb5DefaultFile.getDefaultKrb5KeytabFile();
        }
        WsResource resolveResource = this.locationAdmin.resolveResource(str);
        if (resolveResource != null && resolveResource.exists()) {
            return str;
        }
        Tr.error(tc, "SPNEGO_KRB5_KEYTAB_FILE_NOT_FOUND", str);
        return null;
    }

    protected String processKrb5Config(Map<String, Object> map) {
        String str = (String) map.get(KEY_KRB5_CONFIG);
        if (str == null) {
            return this.krb5DefaultFile.getDefaultKrb5ConfigFile();
        }
        WsResource resolveResource = this.locationAdmin.resolveResource(str);
        if (resolveResource != null && resolveResource.exists()) {
            return str;
        }
        Tr.error(tc, "SPNEGO_KRB5_CONFIG_FILE_NOT_FOUND", str);
        return null;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getId() {
        return this.id;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean getAllowLocalHost() {
        return this.allowLocalHost;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isCanonicalHostName() {
        return this.canonicalHostName;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getKrb5Config() {
        return this.krb5Config;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getKrb5Keytab() {
        return this.krb5Keytab;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean getSkipForUnprotectedURI() {
        return this.skipForUnprotectedURI;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean getDisableFailOverToAppAuthType() {
        return this.disableFailOverToAppAuthType;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isInvokeAfterSSO() {
        return this.invokeAfterSSO;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getSpnegoNotSupportedErrorPageURL() {
        return this.spnegoNotSupportedErrorPageURL;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getNtlmTokenReceivedErrorPageURL() {
        return this.ntlmTokenReceivedErrorPageURL;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isTrimKerberosRealmNameFromPrincipal() {
        return this.trimKerberosRealmNameFromPrincipal;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isIncludeClientGSSCredentialInSubject() {
        return this.includeClientGSSCredentialInSubject;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isIncludeCustomCacheKeyInSubject() {
        return this.includeCustomCacheKeyInSubject;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public ErrorPageConfig getErrorPageConfig() {
        return this.errorPageConfig;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public GSSCredential getSpnGSSCredential(String str) {
        return this.spnGssCredential.getSpnGSSCredential(str);
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public boolean isSpnGssCredentialEmpty() {
        return this.spnGssCredential.isEmpty();
    }

    public List<String> resolveServicePrincipalNames(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null || str.length() == 0) {
            if (this.allowLocalHost) {
                arrayList.add(HTTP_LOCAL_HOST);
            }
            String hostName = getHostName();
            if (hostName != null) {
                arrayList.add("HTTP/" + hostName);
            }
            Tr.info(tc, "SPNEGO_DEFAULT_SPNS", arrayList.toString());
        } else {
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (!trim.startsWith("HTTP/")) {
                    trim = "HTTP/" + trim;
                }
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.security.spnego.SpnegoConfig
    public String getHostName() {
        String str = null;
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction<String>() { // from class: com.ibm.ws.security.spnego.internal.SpnegoConfigImpl.1
                static final long serialVersionUID = 7047802552377136765L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() throws Exception {
                    return SpnegoConfigImpl.this.canonicalHostName ? InetAddress.getLocalHost().getCanonicalHostName() : InetAddress.getLocalHost().getHostName();
                }
            });
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.spnego.internal.SpnegoConfigImpl", "348", this, new Object[0]);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Un-expected exception: ", e);
            }
        }
        return str;
    }
}
