package com.ibm.wps.sso.vaultservice;

import com.ibm.wps.ac.esm.GenericExternalAccessControlImpl;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.User;
import com.ibm.wps.sso.credentialvault.CredentialVaultMessages;
import com.ibm.wps.sso.credentialvault.secrets.CredentialSecret;
import com.ibm.wps.sso.credentialvault.secrets.UserPasswordCredentialSecret;
import com.ibm.wps.sso.vaultservice.exceptions.SecretTypeNotSupportedException;
import com.ibm.wps.util.DataBackendException;
import com.tivoli.pd.jadmin.PDAdmin;
import com.tivoli.pd.jutil.PDException;
import com.tivoli.pd.jutil.PDMessages;
import com.tivoli.pdlib.admin.PDContext;
import com.tivoli.pdlib.admin.SSOCred;
import com.tivoli.pdlib.admin.SSOGroup;
import com.tivoli.pdlib.admin.SSOWeb;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Properties;

/* loaded from: input_file:wps.jar:com/ibm/wps/sso/vaultservice/AccessManagerVaultAdapter.class */
public class AccessManagerVaultAdapter extends VaultAdapter implements Runnable {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Logger logger;
    protected static final String LOGGER = "com.ibm.wps.sso.vaultservice";
    private static final String VERSION = "WPS Access Manager Vault Implementation";
    private static final int[] SUPPORTED_SECRETS;
    private String pd_user;
    private String pd_pw;
    static Class class$com$ibm$wps$sso$vaultservice$AccessManagerVaultAdapter;
    private PDContextHolder pdContextHolder = null;
    public int interval = 7200000;

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void addCredential(CredentialSecret credentialSecret, User user, String str) throws SecretTypeNotSupportedException, DataBackendException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "addCredential", new Object[]{credentialSecret, user, str});
        if (!isSecretTypeSupported(credentialSecret.getType())) {
            throw new SecretTypeNotSupportedException(new StringBuffer().append("Secret Type ").append(credentialSecret.getType()).append(" is not supported").toString());
        }
        UserPasswordCredentialSecret userPasswordCredentialSecret = (UserPasswordCredentialSecret) credentialSecret;
        PDContext pDContext = this.pdContextHolder.getPDContext();
        try {
            if (isLogging) {
                try {
                    logger.text(Logger.TRACE_MEDIUM, "addCredential", new StringBuffer().append(pDContext.getId()).append(",").append(str).append(",").append(SSOCred.IVADMIN_SSOCRED_SSOWEB).append(",").append(user.getId()).append(",").append(userPasswordCredentialSecret.getUserId()).append(",").append((Object) userPasswordCredentialSecret.getPassword()).append(") -- ").toString());
                } catch (Exception e) {
                    logger.message(100, "addCredential", CredentialVaultMessages.ERROR_ADDING_CREDENTIAL_TO_PD_0, e);
                    throw new DataBackendException(CredentialVaultMessages.ERROR_ADDING_CREDENTIAL_TO_PD_0, null, e);
                }
            }
            SSOCred.create(pDContext, str, SSOCred.IVADMIN_SSOCRED_SSOWEB, user.getUid(), userPasswordCredentialSecret.getUserId(), new String(userPasswordCredentialSecret.getPassword()));
            logger.exit(Logger.TRACE_HIGH, "addCredential", true);
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public boolean containsResource(String str) throws DataBackendException {
        boolean z = false;
        logger.entry(Logger.TRACE_HIGH, "containsResource", str);
        Iterator listResources = listResources();
        while (true) {
            if (!listResources.hasNext()) {
                break;
            }
            if (((String) listResources.next()).equals(str)) {
                z = true;
                break;
            }
        }
        logger.exit(Logger.TRACE_HIGH, "containsResource", z);
        return z;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void createResource(String str) throws DataBackendException {
        PDContext pDContext = this.pdContextHolder.getPDContext();
        logger.entry(Logger.TRACE_HIGH, "createResource", str);
        try {
            try {
                SSOWeb.create(pDContext, str, new StringBuffer().append("WPS Vault Resource: ").append(str).toString());
                logger.exit(Logger.TRACE_HIGH, "createResource", true);
            } catch (Exception e) {
                logger.message(100, "createResource", CredentialVaultMessages.ERROR_CREATING_ACCESSMANAGER_VAULT_RESOURCE_0, e);
                throw new DataBackendException(CredentialVaultMessages.ERROR_CREATING_ACCESSMANAGER_VAULT_RESOURCE_0, null, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void deleteCredential(int i, User user, String str) throws SecretTypeNotSupportedException, DataBackendException {
        logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "deleteCredential", new Object[]{Integer.toString(i), user, str});
        if (!isSecretTypeSupported(i)) {
            throw new SecretTypeNotSupportedException(new StringBuffer().append("Secret Type ").append(i).append(" is not supported").toString());
        }
        try {
            try {
                new SSOCred(this.pdContextHolder.getPDContext(), str, SSOCred.IVADMIN_SSOCRED_SSOWEB, user.getUid()).delete();
                logger.exit(Logger.TRACE_HIGH, "deleteCredential", false);
            } catch (Exception e) {
                logger.message(100, "deleteCredential", CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()});
                throw new DataBackendException(CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()}, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void deleteResource(String str) throws DataBackendException {
        PDContext pDContext = this.pdContextHolder.getPDContext();
        logger.entry(Logger.TRACE_HIGH, "deleteResource", str);
        try {
            try {
                SSOWeb.delete(pDContext, str);
                logger.exit(Logger.TRACE_HIGH, "deleteResource", true);
            } catch (Exception e) {
                logger.message(100, "deleteResource", CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()});
                throw new DataBackendException(CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()}, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void destroy() {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        try {
            PDAdmin.shutdown(new PDMessages());
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "destroy", "-- Policy Director shutdown Successful");
            }
        } catch (PDException e) {
            logger.message(100, "destroy", CredentialVaultMessages.POLICY_DIRECTOR_SHUTDOWN_NOT_SUCCESSFUL_0, e);
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public CredentialSecret getCredential(int i, User user, String str) throws SecretTypeNotSupportedException, DataBackendException {
        logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "getCredential", new Object[]{Integer.toString(i), user, str});
        if (!isSecretTypeSupported(i)) {
            throw new SecretTypeNotSupportedException(new StringBuffer().append("Secret Type ").append(i).append(" is not supported").toString());
        }
        PDContext pDContext = this.pdContextHolder.getPDContext();
        new CredentialSecret();
        try {
            try {
                SSOCred sSOCred = new SSOCred(pDContext, str, SSOCred.IVADMIN_SSOCRED_SSOWEB, user.getUid());
                UserPasswordCredentialSecret userPasswordCredentialSecret = new UserPasswordCredentialSecret(sSOCred.getSSOUser(), sSOCred.getSSOPwd().toCharArray());
                logger.exit(Logger.TRACE_HIGH, "getCredential");
                return userPasswordCredentialSecret;
            } catch (Exception e) {
                logger.message(100, "getCredential", CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()});
                throw new DataBackendException(CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()}, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public int[] getSupportedSecretTypes() {
        return SUPPORTED_SECRETS;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public boolean init(String str) {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        if (isLogging) {
            try {
                logger.text(Logger.TRACE_MEDIUM, "init", new StringBuffer().append("-- trying to get resource :/config/").append(str).toString());
            } catch (Exception e) {
                logger.message(100, "init", CredentialVaultMessages.INITIALIZATION_NOT_SUCCESSFUL_1, new Object[]{VERSION}, e);
                return false;
            }
        }
        InputStream resourceAsStream = getClass().getResourceAsStream(new StringBuffer().append("/config/").append(str).toString());
        Properties properties = new Properties();
        properties.load(resourceAsStream);
        this.pd_pw = GenericExternalAccessControlImpl.decryptWASPassword(properties.getProperty("pdpw"));
        this.pd_user = properties.getProperty("pduser");
        String property = properties.getProperty("pd_refresh_interval");
        if (null != property) {
            this.interval = Integer.parseInt(property);
        }
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "init", "-- starting PDContext Manager thread");
        }
        new Thread(this).start();
        super.setVersion(VERSION);
        PDMessages pDMessages = new PDMessages();
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "init", new StringBuffer().append("-- initializing PD Context for ").append(this.pd_user).append(".").toString());
        }
        PDAdmin.initialize(VERSION, pDMessages);
        if (this.pd_pw == null || this.pd_user == null) {
            logger.message(100, "init", CredentialVaultMessages.USERNAME_OR_PASSWORD_NULL_0);
            return false;
        }
        this.pdContextHolder = new PDContextHolder(new PDContext(this.pd_user, this.pd_pw));
        if (!isLogging) {
            return true;
        }
        logger.text(Logger.TRACE_MEDIUM, "init", "WPS Access Manager Vault Implementation initialization successful.");
        return true;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public boolean isSecretTypeSupported(int i) {
        for (int i2 = 0; i2 < SUPPORTED_SECRETS.length; i2++) {
            if (i == SUPPORTED_SECRETS[i2]) {
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public Iterator listResources() throws DataBackendException {
        PDContext pDContext = this.pdContextHolder.getPDContext();
        logger.entry(Logger.TRACE_HIGH, "listResources");
        ArrayList arrayList = new ArrayList();
        try {
            try {
                String[] list = SSOWeb.list(pDContext);
                if (list.length > 0) {
                    arrayList.addAll(Arrays.asList(list));
                }
                String[] list2 = SSOGroup.list(pDContext);
                if (list2.length > 0) {
                    arrayList.addAll(Arrays.asList(list2));
                }
                Iterator it = arrayList.iterator();
                logger.exit(Logger.TRACE_HIGH, "listResources", it);
                return it;
            } catch (Exception e) {
                logger.message(100, "listResources", CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()});
                throw new DataBackendException(CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()}, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultAdapter
    public void modifyCredential(CredentialSecret credentialSecret, User user, String str) throws SecretTypeNotSupportedException, DataBackendException {
        logger.entry(Logger.TRACE_HIGH, "modifyCredential", new Object[]{credentialSecret, user, str});
        if (!isSecretTypeSupported(credentialSecret.getType())) {
            throw new SecretTypeNotSupportedException(new StringBuffer().append("Secret Type ").append(credentialSecret.getType()).append(" is not supported").toString());
        }
        UserPasswordCredentialSecret userPasswordCredentialSecret = (UserPasswordCredentialSecret) credentialSecret;
        try {
            try {
                new SSOCred(this.pdContextHolder.getPDContext(), str, SSOCred.IVADMIN_SSOCRED_SSOWEB, user.getUid()).modify(userPasswordCredentialSecret.getUserId(), new String(userPasswordCredentialSecret.getPassword()));
                logger.exit(Logger.TRACE_HIGH, "modifyCredential", true);
            } catch (Exception e) {
                logger.message(100, "modifyCredential", CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()});
                throw new DataBackendException(CredentialVaultMessages.CVM_1, new Object[]{e.getMessage()}, e);
            }
        } finally {
            this.pdContextHolder.done();
        }
    }

    private void refreshPDContext() {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        boolean z = false;
        logger.entry(Logger.TRACE_HIGH, "refreshPDContext");
        PDContextHolder pDContextHolder = null;
        try {
            PDContext pDContext = new PDContext(this.pd_user, this.pd_pw);
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- formed new PDContext. Time to remove the old one");
            }
            z = true;
            pDContextHolder = new PDContextHolder(pDContext);
        } catch (com.tivoli.pdlib.admin.PDException e) {
            logger.message(100, "refreshPDContext", CredentialVaultMessages.EXCEPTION_REFRESHING_PDCONTEXT_1, new Object[]{e});
        }
        if (z) {
            PDContextHolder pDContextHolder2 = this.pdContextHolder;
            this.pdContextHolder = pDContextHolder;
            pDContextHolder2.makeUnavailable();
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- finalized on pd_ctx.");
            }
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- pd_ctx reassigned");
            }
        } else if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- pd_ctx kept");
        }
        logger.exit(Logger.TRACE_HIGH, "refreshPDContext");
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            try {
                Thread.sleep(this.interval);
            } catch (InterruptedException e) {
            }
            boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- context manager thread waking to refresh context");
            }
            refreshPDContext();
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "refreshPDContext", "-- context manager thread sleeping now");
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$sso$vaultservice$AccessManagerVaultAdapter == null) {
            cls = class$("com.ibm.wps.sso.vaultservice.AccessManagerVaultAdapter");
            class$com$ibm$wps$sso$vaultservice$AccessManagerVaultAdapter = cls;
        } else {
            cls = class$com$ibm$wps$sso$vaultservice$AccessManagerVaultAdapter;
        }
        logger = logManager.getLogger(cls);
        SUPPORTED_SECRETS = new int[]{1};
    }
}
