package com.ibm.ws.security.csiv2.config.css;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.csiv2.Authenticator;
import com.ibm.ws.security.csiv2.CommonCfg;
import com.ibm.ws.security.csiv2.TraceConstants;
import com.ibm.ws.security.csiv2.config.ssl.SSLConfig;
import com.ibm.ws.security.csiv2.util.SecurityServices;
import com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSCompoundSecMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSCompoundSecMechListConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSNULLASMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSNULLTransportConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSSASITTAbsent;
import com.ibm.ws.transport.iiop.security.config.css.CSSSASMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSSSLTransportConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSTransportMechConfig;
import com.ibm.ws.transport.iiop.security.config.tss.OptionsKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/security/csiv2/config/css/CommonClientCfg.class */
public abstract class CommonClientCfg extends CommonCfg {
    private static TraceComponent tc = Tr.register((Class<?>) CommonClientCfg.class, "CSIv2", TraceConstants.MESSAGE_BUNDLE);
    public static final String KEY_POLICY = "clientPolicy";
    public static final String KEY_TRUSTED_IDENTITY = "trustedIdentity";
    public static final String KEY_TRUSTED_PASSWORD = "trustedPassword";
    public static final String KEY_AUTHENTICATION_USER = "user";
    public static final String KEY_AUTHENTICATION_PASSWORD = "password";
    public static final String KEY_AUTHENTICATION_REALM = "realm";
    protected final String domain;
    private final String TYPE;
    private final Authenticator authenticator;
    private final SSLConfig sslConfig;
    static final long serialVersionUID = 4283514725284447220L;

    public CommonClientCfg(Authenticator authenticator, String str, String str2, String str3) {
        super(str2);
        this.TYPE = str3;
        this.authenticator = authenticator;
        this.domain = str;
        this.sslConfig = SecurityServices.getSSLConfig();
    }

    public CSSConfig getCSSConfig(Map<String, Object> map) throws Exception {
        CSSConfig cSSConfig = new CSSConfig();
        printTrace("IIOP Client Policy", null, 0);
        CommonCfg.PolicyData extractPolicyData = extractPolicyData(map, KEY_POLICY, this.TYPE);
        if (extractPolicyData != null) {
            printTrace("CSIV2", null, 1);
            CSSCompoundSecMechListConfig mechList = cSSConfig.getMechList();
            mechList.setStateful(extractPolicyData.stateful);
            printTrace("Stateful", Boolean.valueOf(mechList.isStateful()), 2);
            populateSecMechList(mechList, extractPolicyData.layersData);
        }
        return cSSConfig;
    }

    private void populateSecMechList(CSSCompoundSecMechListConfig cSSCompoundSecMechListConfig, List<CommonCfg.LayersData> list) throws Exception {
        Iterator<CommonCfg.LayersData> it = list.iterator();
        while (it.hasNext()) {
            Iterator<CSSCompoundSecMechConfig> it2 = extractCompoundSecMech(it.next()).iterator();
            while (it2.hasNext()) {
                cSSCompoundSecMechListConfig.add(it2.next());
            }
        }
    }

    protected List<CSSCompoundSecMechConfig> extractCompoundSecMech(CommonCfg.LayersData layersData) throws Exception {
        printTrace("Layers", null, 1);
        ArrayList arrayList = new ArrayList();
        setAuthenticationLayerConfig(arrayList, layersData);
        setTransportLayerConfig(arrayList, layersData);
        setAttributeLayerConfig(arrayList, layersData);
        return arrayList;
    }

    private void setTransportLayerConfig(List<CSSCompoundSecMechConfig> list, CommonCfg.LayersData layersData) throws SSLException {
        CSSTransportMechConfig cSSNULLTransportConfig;
        Map<String, Object> map = layersData.transportLayer;
        if (map != null) {
            printTrace("Transport Layer", null, 2);
            cSSNULLTransportConfig = (!((Boolean) map.get("sslEnabled")).booleanValue() || "".equals((String) map.get("sslRef"))) ? new CSSNULLTransportConfig() : extractSSLTransport(map);
        } else {
            cSSNULLTransportConfig = new CSSNULLTransportConfig();
        }
        Iterator<CSSCompoundSecMechConfig> it = list.iterator();
        while (it.hasNext()) {
            it.next().setTransport_mech(cSSNULLTransportConfig);
        }
    }

    private CSSTransportMechConfig extractSSLTransport(Map<String, Object> map) throws SSLException {
        String str = (String) map.get("sslRef");
        if (str == null) {
            str = this.defaultAlias;
        }
        OptionsKey associationOptions = this.sslConfig.getAssociationOptions(str);
        CSSSSLTransportConfig cSSSSLTransportConfig = new CSSSSLTransportConfig();
        cSSSSLTransportConfig.setSupports(associationOptions.supports);
        cSSSSLTransportConfig.setRequires(associationOptions.requires);
        cSSSSLTransportConfig.setSslConfigName(str);
        return cSSSSLTransportConfig;
    }

    private void setAuthenticationLayerConfig(List<CSSCompoundSecMechConfig> list, CommonCfg.LayersData layersData) {
        Map<String, Object> map = layersData.authenticationLayer;
        if (map == null) {
            CSSCompoundSecMechConfig cSSCompoundSecMechConfig = new CSSCompoundSecMechConfig();
            cSSCompoundSecMechConfig.setAs_mech(new CSSNULLASMechConfig());
            list.add(cSSCompoundSecMechConfig);
            return;
        }
        printTrace("Authentication Layer", null, 2);
        for (CSSASMechConfig cSSASMechConfig : extractASMech(map)) {
            CSSCompoundSecMechConfig cSSCompoundSecMechConfig2 = new CSSCompoundSecMechConfig();
            cSSCompoundSecMechConfig2.setAs_mech(cSSASMechConfig);
            list.add(cSSCompoundSecMechConfig2);
        }
    }

    private List<CSSASMechConfig> extractASMech(Map<String, Object> map) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        String str = (String) map.get(CommonCfg.KEY_ESTABLISH_TRUST_IN_CLIENT);
        printTrace("EstablishTrustInClient", str, 3);
        boolean z = false;
        if ("Required".equals(str)) {
            z = true;
        } else if (CommonCfg.OPTION_NEVER.equals(str)) {
            logWarning("CSIv2_COMMON_AUTH_LAYER_DISABLED", str);
            arrayList.add(new CSSNULLASMechConfig());
            return arrayList;
        }
        List<String> asMechanisms = getAsMechanisms(map);
        if (asMechanisms.isEmpty()) {
            logWarning("CSIv2_CLIENT_AUTH_MECHANISMS_NULL", new Object[0]);
            arrayList.add(new CSSNULLASMechConfig());
        } else {
            for (String str2 : asMechanisms) {
                if (!arrayList2.contains(str2.toUpperCase())) {
                    CSSASMechConfig handleASMech = handleASMech(str2, this.authenticator, this.domain, z, map);
                    if (handleASMech != null) {
                        arrayList.add(handleASMech);
                    } else {
                        logWarning("CSIv2_CLIENT_AUTH_MECHANISM_INVALID", new Object[0]);
                    }
                    arrayList2.add(str2.toUpperCase());
                }
            }
            if (arrayList.isEmpty()) {
                arrayList.add(new CSSNULLASMechConfig());
            }
        }
        return arrayList;
    }

    private void setAttributeLayerConfig(List<CSSCompoundSecMechConfig> list, CommonCfg.LayersData layersData) {
        CSSSASMechConfig cSSSASMechConfig;
        Map<String, Object> attributeLayerProperties = getAttributeLayerProperties(layersData);
        if (attributeLayerProperties != null) {
            printTrace("Attribute Layer", null, 2);
            cSSSASMechConfig = extractSASMech(attributeLayerProperties);
        } else {
            cSSSASMechConfig = new CSSSASMechConfig();
            cSSSASMechConfig.addIdentityToken(new CSSSASITTAbsent());
        }
        Iterator<CSSCompoundSecMechConfig> it = list.iterator();
        while (it.hasNext()) {
            it.next().setSas_mech(cSSSASMechConfig);
        }
    }

    protected CSSSASMechConfig extractSASMech(Map<String, Object> map) {
        CSSSASMechConfig cSSSASMechConfig = new CSSSASMechConfig();
        cSSSASMechConfig.addIdentityToken(new CSSSASITTAbsent());
        return cSSSASMechConfig;
    }

    public Set<String> extractSslRefs(Map<String, Object> map) {
        return extractSslRefs(map, KEY_POLICY, this.TYPE);
    }

    public abstract CSSASMechConfig handleASMech(String str, Authenticator authenticator, String str2, boolean z, Map<String, Object> map);

    public abstract void logWarning(String str, Object... objArr);

    public abstract Map<String, Object> getAttributeLayerProperties(CommonCfg.LayersData layersData);
}
