package com.ibm.ws.security.admintask;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.sslite140.t;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.admintask.securityDomain.SecConfigTaskHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.registry.ldap.LdapRegistryImpl;
import com.ibm.ws.security.util.ConfigUtils;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import java.io.IOException;
import java.io.InputStream;
import java.util.Locale;
import java.util.Properties;
import java.util.ResourceBundle;
import javax.management.ObjectName;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/admintask/ValidateLDAPConnection.class */
public class ValidateLDAPConnection extends AbstractTaskCommand {
    private String hostName;
    private Integer portNumber;
    private Boolean sslEnabled;
    private String sslAlias;
    private String type;
    private String baseDN;
    private String bindDN;
    private String bindPwd;
    private String securityDomain;
    private SetLdapConfig ldapConfig;
    public static final String GROUP_FILTER = "group.filter";
    private static final String iPlanet_OBJECT_FILTER = "(|(objectclass=*)(objectclass=ldapsubentry))";
    private static final String MS_OBJECT_FILTER = "(objectCategory=*)";
    private static String BUNDLE_NAME = AdminConstants.MSG_BUNDLE_NAME;
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private static TraceComponent tc = Tr.register(ValidateLDAPConnection.class, "ValidateLDAPConnection", "com.ibm.ws.security.admintask");
    static String ldapPropsFile = "/com/ibm/websphere/security/ldap/LdapConfig.properties";
    private static String objectFilter = LdapRegistryImpl.OBJECT_FILTER;

    public ValidateLDAPConnection(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.hostName = null;
        this.portNumber = new Integer(t.a);
        this.sslEnabled = null;
        this.sslAlias = null;
        this.type = null;
        this.baseDN = null;
        this.bindDN = null;
        this.bindPwd = null;
        this.securityDomain = null;
    }

    public ValidateLDAPConnection(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.hostName = null;
        this.portNumber = new Integer(t.a);
        this.sslEnabled = null;
        this.sslAlias = null;
        this.type = null;
        this.baseDN = null;
        this.bindDN = null;
        this.bindPwd = null;
        this.securityDomain = null;
    }

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        ConfigServiceFactory.getConfigService();
        getConfigSession();
        this.hostName = (String) getParameter("hostname");
        if (((Integer) getParameter("port")) != null) {
            this.portNumber = (Integer) getParameter("port");
        }
        this.sslEnabled = (Boolean) getParameter("sslEnabled");
        this.sslAlias = (String) getParameter("sslAlias");
        this.type = (String) getParameter("type");
        this.baseDN = (String) getParameter(UserRegistryConfig.BASE_DN);
        if (this.baseDN != null) {
            this.baseDN = ConfigUtils.variableMapExpand(this.baseDN);
        } else {
            this.baseDN = "";
        }
        this.bindDN = (String) getParameter(UserRegistryConfig.BIND_DN);
        this.bindPwd = (String) getParameter(UserRegistryConfig.BIND_PASSWORD);
        if (this.hostName != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "hostName = " + this.hostName);
        }
        this.securityDomain = (String) getParameter("securityDomainName");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        ObjectName regObj;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "unsuccessful at getting TaskCommandResultImpl afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            StringBuffer stringBuffer = new StringBuffer();
            int i = 0;
            if (this.hostName.indexOf(":") != -1) {
                stringBuffer.append("ldap://").append(WorkSpaceConstant.FIELD_SEPERATOR + this.hostName + "]");
            } else {
                stringBuffer.append("ldap://").append(this.hostName);
            }
            if (this.portNumber != null && this.portNumber.intValue() > 0) {
                stringBuffer.append(":" + this.portNumber.intValue());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ldapUrl = " + stringBuffer.toString());
            }
            String str = new String(this.hostName + ":" + this.portNumber);
            Properties properties = new Properties();
            if (this.type != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "ldapServerType = " + this.type);
                }
                try {
                    InputStream resourceAsStream = getClass().getResourceAsStream(ldapPropsFile);
                    Properties properties2 = new Properties();
                    properties2.load(resourceAsStream);
                    if (properties2 != null) {
                        if (this.type.equalsIgnoreCase("IBM_DIRECTORY_SERVER")) {
                            i = 0;
                        } else if (this.type.equalsIgnoreCase("SECUREWAY")) {
                            i = 1;
                        } else if (this.type.equalsIgnoreCase("IPLANET")) {
                            i = 2;
                        } else if (this.type.equalsIgnoreCase("NETSCAPE")) {
                            i = 3;
                        } else if (this.type.equalsIgnoreCase("DOMINO502")) {
                            i = 4;
                        } else if (this.type.equalsIgnoreCase("NDS")) {
                            i = 5;
                        } else if (this.type.equalsIgnoreCase("ACTIVE_DIRECTORY")) {
                            i = 6;
                        } else if (this.type.equalsIgnoreCase("CUSTOM")) {
                            i = 7;
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "ldapServerTypeValue = " + i);
                        }
                        switch (i) {
                            case 0:
                                properties.setProperty("user.filter", properties2.getProperty("ibm_dir_server.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("ibm_dir_server.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("ibm_dir_server.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("ibm_dir_server.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("ibm_dir_server.groupmember.idmap"));
                                break;
                            case 1:
                                properties.setProperty("user.filter", properties2.getProperty("secureway.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("secureway.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("secureway.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("secureway.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("secureway.groupmember.idmap"));
                                break;
                            case 2:
                                properties.setProperty("user.filter", properties2.getProperty("iplanet.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("iplanet.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("iplanet.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("iplanet.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("iplanet.groupmember.idmap"));
                                break;
                            case 3:
                                properties.setProperty("user.filter", properties2.getProperty("netscape.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("netscape.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("netscape.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("netscape.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("netscape.groupmember.idmap"));
                                break;
                            case 4:
                                properties.setProperty("user.filter", properties2.getProperty("domino50.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("domino50.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("domino50.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("domino50.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("domino50.groupmember.idmap"));
                                break;
                            case 5:
                                properties.setProperty("user.filter", properties2.getProperty("edirectory.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("edirectory.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("edirectory.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("edirectory.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("edirectory.groupmember.idmap"));
                                break;
                            case 6:
                                properties.setProperty("user.filter", properties2.getProperty("actived.user.filter"));
                                properties.setProperty("group.filter", properties2.getProperty("actived.group.filter"));
                                properties.setProperty("user.idmap", properties2.getProperty("actived.user.idmap"));
                                properties.setProperty("group.idmap", properties2.getProperty("actived.group.idmap"));
                                properties.setProperty("groupmember.idmap", properties2.getProperty("actived.groupmember.idmap"));
                                break;
                        }
                    }
                } catch (IOException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "IOException opening ldapPropsFile");
                    }
                    e.printStackTrace();
                    taskCommandResultImpl.setResult(new Boolean(false));
                    taskCommandResultImpl.setException(new CommandException(e, getMsg(resBundle, "security.admintask.ExceptionLDAPConnect", null)));
                    return;
                }
            }
            properties.setProperty(CommonConstants.LDAP_REUSE_CONN, "true");
            properties.setProperty("CustUserRegImplClass", CommonConstants.LDAP_REG_IMPL_CLASS);
            properties.setProperty(CommonConstants.LDAP_SEARCH_TIME_LIMIT, "120");
            properties.setProperty("dirType", this.type);
            properties.setProperty("LDAP.server.realm", str);
            properties.setProperty("ldap.basedn", this.baseDN);
            properties.setProperty("java.naming.provider.url", stringBuffer.toString());
            properties.setProperty("sslEnabled", this.sslEnabled.toString());
            if (this.sslAlias != null) {
                properties.setProperty("sslAlias", this.sslAlias);
                properties.put("LDAP.validation", "true");
                properties.put(CommonConstants.LDAP_SSL_ALIAS, this.sslAlias);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "LDAP.validation is set to truesecurity.registry.ldap.SSLAlias is set to" + this.sslAlias);
                }
            }
            if (this.bindDN != null) {
                properties.setProperty("java.naming.security.principal", this.bindDN);
            }
            if (this.bindPwd != null) {
                properties.setProperty("java.naming.security.credentials", this.bindPwd);
            } else if (this.bindDN != null) {
                try {
                    ConfigService configService = getConfigService();
                    Session configSession = getConfigSession();
                    ObjectName secDomain = this.securityDomain != null ? SecConfigTaskHelper.getSecDomain(configSession, configService, this.securityDomain) : SecConfigTaskHelper.getSecurityObjectName(configSession, configService);
                    if (secDomain != null && (regObj = SecConfigTaskHelper.getRegObj(configSession, configService, secDomain, "LDAPUserRegistry")) != null) {
                        this.bindPwd = (String) configService.getAttribute(configSession, regObj, UserRegistryConfig.BIND_PASSWORD);
                        if (this.bindPwd != null) {
                            properties.setProperty("java.naming.security.credentials", this.bindPwd);
                        }
                    }
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "caught exception testing ldapConfig");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, e2.toString());
                    }
                    String exc = e2.toString();
                    taskCommandResultImpl.addWarnings(exc);
                    taskCommandResultImpl.setResult(new Boolean(false));
                    taskCommandResultImpl.setException(new CommandException(exc));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "afterStepsExecuted");
                        return;
                    }
                    return;
                }
            }
            properties.setProperty("certificate.map.mode", "exactDNMode");
            Properties expandProps = ConfigUtils.expandProps(properties);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "props = " + SetLdapConfig.clearPasswordProps(expandProps).toString());
            }
            try {
                this.ldapConfig = new SetLdapConfig(expandProps);
                SetLdapConfig setLdapConfig = new SetLdapConfig(this.ldapConfig);
                if (i != 7) {
                    String lowerCase = setLdapConfig.getFilter("group.filter").prepare("*").toLowerCase();
                    if (lowerCase.indexOf("ldapsubentry") > -1) {
                        objectFilter = iPlanet_OBJECT_FILTER;
                    }
                    if (lowerCase.indexOf("objectcategory") > -1) {
                        objectFilter = MS_OBJECT_FILTER;
                    }
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(0);
                searchControls.setReturningObjFlag(false);
                searchControls.setTimeLimit(120);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "baseDN: " + this.baseDN + " objectFilter = " + objectFilter);
                }
                try {
                    InitialDirContext initialDirContext = new InitialDirContext(setLdapConfig);
                    initialDirContext.search(this.baseDN, objectFilter, searchControls);
                    initialDirContext.close();
                    taskCommandResultImpl.setResult(new Boolean(true));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "afterStepsExecuted");
                    }
                } catch (AuthenticationException e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "javax.naming.AuthenticationException" + e3.getExplanation());
                    }
                    String concat = getMsg(resBundle, "security.admintask.ExceptionLDAPConnect", null).concat(": AuthenticationException: ").concat(e3.getExplanation());
                    taskCommandResultImpl.addWarnings(concat);
                    taskCommandResultImpl.setResult(new Boolean(false));
                    taskCommandResultImpl.setException(new CommandException(concat));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "afterStepsExecuted");
                    }
                } catch (NamingException e4) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "javax.naming.NamingException " + e4.getExplanation());
                    }
                    e4.printStackTrace();
                    String concat2 = getMsg(resBundle, "security.admintask.ExceptionLDAPConnect", null).concat(": NamingException: ").concat(e4.getExplanation()).concat(" " + e4.getCause());
                    taskCommandResultImpl.addWarnings(concat2);
                    taskCommandResultImpl.setResult(new Boolean(false));
                    taskCommandResultImpl.setException(new CommandException(concat2));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "afterStepsExecuted");
                    }
                } catch (AuthenticationNotSupportedException e5) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "javax.naming.AuthenticationNotSupportedException");
                    }
                    String concat3 = getMsg(resBundle, "security.admintask.ExceptionLDAPConnect", null).concat(": AuthenticationNotSupportedException: ").concat(e5.getExplanation());
                    taskCommandResultImpl.addWarnings(concat3);
                    taskCommandResultImpl.setResult(new Boolean(false));
                    taskCommandResultImpl.setException(new CommandException(concat3));
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "afterStepsExecuted");
                    }
                }
            } catch (Exception e6) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "caught exception creating ldapConfig");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, e6.toString());
                }
                String exc2 = e6.toString();
                taskCommandResultImpl.addWarnings(exc2);
                taskCommandResultImpl.setResult(new Boolean(false));
                taskCommandResultImpl.setException(new CommandException(exc2));
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "afterStepsExecuted");
                }
            }
        } catch (Exception e7) {
            e7.printStackTrace();
            taskCommandResultImpl.setResult(new Boolean(false));
            FFDCFilter.processException(e7, "com.ibm.ws.security.admintask.ValidateLDAPConnection", "460");
            taskCommandResultImpl.setException(new CommandException(e7, getMsg(resBundle, "security.admintask.ExceptionLDAPConnect", null)));
        }
    }
}
