package com.ibm.ws.security.registry.zOS;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.CertificateMapNotSupportedException;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.EntryNotFoundException;
import com.ibm.websphere.security.NotImplementedException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.Result;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.RegExp;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import org.aspectj.apache.bcel.Constants;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/registry/zOS/SAFRegistryImpl.class */
public final class SAFRegistryImpl implements UserRegistry {
    private static final TraceComponent tc = Tr.register(SAFRegistryImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static final String TOKEN_DELIMETER = "::";
    private boolean _strictLength;
    private SecurityConfig security = null;
    private String realm = null;
    private boolean ignoreCase = true;
    private boolean disableGroupLoad = false;
    private boolean disablePrincipalCasePreservation = false;
    private boolean forceCredCreationForValidation = false;
    private boolean useSimpleAuthentication = false;
    private boolean mixedCasePasswordsEnabled = false;
    private PlatformCredentialManager pcManager = PlatformCredentialManager.instance();
    private boolean _truncatePassword = false;

    public SAFRegistryImpl() {
        this._strictLength = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        this._strictLength = new Boolean(SecurityObjectLocator.getSecurityConfig().getProperty(SecurityConfig.COM_IBM_SECURITY_SAF_AUTH_STRICT)).booleanValue();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public void initialize(Properties properties) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        this.mixedCasePasswordsEnabled = ntv_isMixedCasePWEnabled();
        this.realm = ntv_getRealm();
        String property = properties.getProperty("WAS_Realm");
        String property2 = properties.getProperty("WAS_UseRegistryRealm");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "realmFromProperty = " + property + " useRegistryRealm = " + property2);
        }
        String str = null;
        if (property2 != null && property2.equalsIgnoreCase("false") && property != null && property.length() > 0) {
            str = property;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "a user-defined realm is provided. " + property);
            }
        }
        if (str != null && str.length() > 0) {
            this.realm = str;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "reset user registry realm to its user-defined value of: " + str);
            }
        }
        this.disableGroupLoad = "true".equalsIgnoreCase(properties.getProperty(CommonConstants.SAF_DISABLE_GROUP_LOAD));
        this.useSimpleAuthentication = Boolean.valueOf(properties.getProperty("com.ibm.websphere.security.SimpleAuthentication")).booleanValue();
        this.forceCredCreationForValidation = "true".equalsIgnoreCase(properties.getProperty("force.credential.creation.for.validation"));
        this.disablePrincipalCasePreservation = "true".equalsIgnoreCase(properties.getProperty("disable.principal.case.preservation"));
        this._truncatePassword = "true".equalsIgnoreCase(properties.getProperty("com.ibm.security.SAF.truncatePassword"));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE, this);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String checkPassword(String str, String str2) throws PasswordCheckFailedException, CustomRegistryException {
        String str3;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = str2 == null ? null : "****";
            Tr.entry(traceComponent, "checkPassword", objArr);
        }
        String normalizeUserId = normalizeUserId(str);
        String normalizePassword = normalizePassword(str2);
        try {
            if (this._strictLength && (str.length() > 8 || str2.length() > 8)) {
                PasswordCheckFailedException passwordCheckFailedException = new PasswordCheckFailedException("Authentication failed for user: " + str);
                Tr.error(tc, "security.authn.failed.foruser", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authenticate", passwordCheckFailedException);
                }
                throw passwordCheckFailedException;
            }
            if (this._truncatePassword && normalizePassword != null && normalizePassword.length() > 8) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "before adjusting, length is " + normalizePassword.length());
                }
                normalizePassword = normalizePassword.substring(0, 8);
            }
            if (!this.useSimpleAuthentication) {
                String keyFromCredential = this.pcManager.getKeyFromCredential(this.pcManager.createPasswordCredential(normalizeUserId, normalizePassword));
                str3 = this.disablePrincipalCasePreservation ? keyFromCredential + "::" + normalizeUserId : keyFromCredential + "::" + str;
            } else if (this.disablePrincipalCasePreservation) {
                str3 = ntv_checkPassword(normalizeUserId, normalizePassword);
            } else {
                str3 = ntv_checkPassword(normalizeUserId, normalizePassword) != null ? str : null;
            }
            if (str3 == null) {
                throw new PasswordCheckFailedException("Authentication failed for user: " + str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkPassword", str3);
            }
            return str3;
        } catch (PasswordCheckFailedException e) {
            Tr.error(tc, "security.authn.failed.foruser", new Object[]{str});
            throw e;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.checkPassword", "368", this);
            Tr.error(tc, "security.authn.error", new Object[]{str, th});
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapNotSupportedException, CertificateMapFailedException, CustomRegistryException {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate", x509CertificateArr);
        }
        try {
            if (this.useSimpleAuthentication) {
                byte[] encoded = x509CertificateArr[0].getEncoded();
                str = ntv_mapCertificate(encoded, encoded.length);
            } else {
                PlatformCredential createCertificateCredential = this.pcManager.createCertificateCredential(x509CertificateArr);
                str = this.pcManager.getKeyFromCredential(createCertificateCredential) + "::" + createCertificateCredential.getUserId();
            }
            if (str == null) {
                throw new CertificateMapFailedException("Certificate could not be mapped to a valid SAF user ID");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "mapCertificate", str);
            }
            return str;
        } catch (CertificateMapFailedException e) {
            Tr.error(tc, "security.registry.mapcertificate.failed");
            throw e;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.mapCertificate", "428", this);
            Tr.error(tc, "security.registry.mapcertificate.failed");
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        String ntv_getRealm = this.realm == null ? ntv_getRealm() : this.realm;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", ntv_getRealm);
        }
        return ntv_getRealm;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsers(String str, int i) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsers", new Object[]{str, new Integer(i)});
        }
        Result result = new Result();
        List users = getUsers(str);
        if (i > 0 && users.size() > i) {
            users = new ArrayList(users.subList(0, i - 1));
            result.setHasMore();
        }
        result.setList(users);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUsers", result);
        }
        return result;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserDisplayName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserDisplayName", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        try {
            if (!isValidUser(str)) {
                throw new EntryNotFoundException("Display name not found in registry");
            }
            if (this.disablePrincipalCasePreservation) {
                str = normalizeUserId(str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUserDisplayName", str);
            }
            return str;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                Tr.error(tc, "security.registry.userdisplayname.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUserDisplayName", new Object[]{e});
            }
            throw e;
        } catch (Throwable th) {
            if (!equals) {
                FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUserDisplayName", "570", this);
                Tr.error(tc, "security.registry.userdisplayname.error", new Object[]{str, th});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUserDisplayName1", new Object[]{th});
            }
            throw new EntryNotFoundException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueUserId(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueUserId", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        if (str.length() == 0) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId", str);
            }
            return str;
        }
        try {
            if (!isValidUser(str)) {
                throw new EntryNotFoundException("User " + str + " not found");
            }
            if (this.disablePrincipalCasePreservation) {
                str = normalizeUserId(str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId", str);
            }
            return str;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUniqueUserId", "627", this);
                Tr.error(tc, "security.registry.uniqueusrid.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId", new Object[]{e});
            }
            throw e;
        } catch (Throwable th) {
            if (!equals) {
                FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUniqueUserId", "638", this);
                Tr.error(tc, "security.registry.uniqueusrid.error", new Object[]{str, th});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId1", new Object[]{th});
            }
            throw new EntryNotFoundException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserSecurityName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserSecurityName", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        if (isValidUser(str)) {
            if (this.disablePrincipalCasePreservation) {
                str = normalizeUserId(str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUserSecurityName", str);
            }
            return str;
        }
        if (!equals) {
            Tr.error(tc, "security.registry.usersecurityname.notfound", new Object[]{str});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserSecurityName", new Object[]{"Invalid user, throwing EntryNotFoundException.", str});
        }
        throw new EntryNotFoundException("User " + str + " not found");
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidUser(String str) throws CustomRegistryException {
        boolean ntv_isValidUser;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidUser", str);
        }
        try {
            String normalizeUserId = normalizeUserId(str);
            if (this.forceCredCreationForValidation) {
                ntv_isValidUser = this.pcManager.getKeyFromCredential(this.pcManager.createCredential(normalizeUserId)) != null;
            } else {
                StringTokenizer stringTokenizer = new StringTokenizer(normalizeUserId, "::");
                if (stringTokenizer.hasMoreTokens()) {
                    stringTokenizer.nextToken();
                }
                ntv_isValidUser = ntv_isValidUser(stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : normalizeUserId);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isValidUser", new Boolean(ntv_isValidUser));
            }
            return ntv_isValidUser;
        } catch (SAFRegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.isValidUser", "731", this);
            Tr.error(tc, "security.registry.isvaliduser.error", new Object[]{str, e});
            throw new CustomRegistryException(e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getGroups(String str, int i) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups", new Object[]{str, new Integer(i)});
        }
        Result result = new Result();
        List groups = getGroups(str);
        if (i > 0 && groups.size() > i) {
            groups = new ArrayList(groups.subList(0, i - 1));
            result.setHasMore();
        }
        result.setList(groups);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroups", result);
        }
        return result;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupDisplayName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupDisplayName", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        try {
            if (!isValidGroup(str)) {
                throw new EntryNotFoundException("Group entry not found");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupDisplayName", str);
            }
            return str;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupDisplayName", "824", this);
                Tr.error(tc, "security.registry.groupdisplayname.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupDisplayName", new Object[]{e});
            }
            throw e;
        } catch (Throwable th) {
            if (!equals) {
                FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupDisplayName", "835", this);
                Tr.error(tc, "security.registry.groupdisplayname.error", new Object[]{str, th});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupDisplayName1", new Object[]{th});
            }
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueGroupId(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupId", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        try {
            if (!isValidGroup(str)) {
                throw new EntryNotFoundException("Group entry not found");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueGroupId", str);
            }
            return str;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUniqueGroupId", "882", this);
                Tr.error(tc, "security.registry.uniquegrpid.notfound", new Object[]{str});
            }
            Tr.exit(tc, "getUniqueGroupId", new Object[]{"Invalid user, throwing EntryNotFoundException.", str});
            throw e;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUniqueGroupId", "890", this);
            Tr.error(tc, "security.registry.uniquegrpid.error", new Object[]{str, th});
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List getUniqueGroupIds(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupIds", str);
        }
        List groupsForUser = getGroupsForUser(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueGroupIds", groupsForUser);
        }
        return groupsForUser;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupSecurityName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupSecurityName", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        if (isValidGroup(str)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupSecurityName", str);
            }
            return str;
        }
        if (!equals) {
            Tr.error(tc, "security.registry.groupsecurityname.notfound", new Object[]{str});
        }
        Tr.exit(tc, "getGroupSecurityName", new Object[]{"Invalid group, throwing EntryNotFoundException.", str});
        throw new EntryNotFoundException("Group " + str + " not found");
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidGroup(String str) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isValidGroup", str);
        }
        try {
            str = normalizeGroupName(str);
            boolean ntv_isValidGroup = ntv_isValidGroup(str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isValidGroup", new Boolean(ntv_isValidGroup));
            }
            return ntv_isValidGroup;
        } catch (SAFRegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.isValidGroup", "992", this);
            Tr.error(tc, "security.registry.isvalidgroup.error", new Object[]{str, e});
            throw new CustomRegistryException(e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List getGroupsForUser(String str) throws CustomRegistryException, EntryNotFoundException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupsForUser", str);
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        try {
            List ntv_getGroupsForUser = ntv_getGroupsForUser(normalizeUserId(str), new ArrayList());
            List arrayList = ntv_getGroupsForUser == null ? new ArrayList() : ntv_getGroupsForUser;
            if (arrayList.size() == 0 && !isValidUser(str)) {
                throw new EntryNotFoundException("User " + str + " not found");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupsForUser", arrayList);
            }
            return arrayList;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1046", this);
                Tr.error(tc, "security.registry.getgrpsforuser.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupsForUser", new Object[]{e});
            }
            throw e;
        } catch (SAFRegistryException e2) {
            if (!equals) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1057", this);
                Tr.error(tc, "security.registry.getgrpsforuser.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupsForUser", new Object[]{e2});
            }
            throw new EntryNotFoundException("User " + str + " not found");
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1066", this);
            Tr.error(tc, "security.registry.getgrpsforuser.error", new Object[]{str, th});
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsersForGroup(String str, int i) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsersForGroup", new Object[]{str, new Integer(i)});
        }
        boolean equals = "WIMUserRegistry".equals(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType());
        Result result = new Result();
        try {
            List ntv_getUsersForGroup = ntv_getUsersForGroup(normalizeGroupName(str), new ArrayList());
            List arrayList = ntv_getUsersForGroup == null ? new ArrayList() : ntv_getUsersForGroup;
            if (arrayList.size() == 0 && !isValidGroup(str)) {
                throw new EntryNotFoundException("Group " + str + " not found");
            }
            if (i > 0 && arrayList.size() > i) {
                arrayList = new ArrayList(arrayList.subList(0, i - 1));
                result.setHasMore();
            }
            result.setList(arrayList);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup", result);
            }
            return result;
        } catch (EntryNotFoundException e) {
            if (!equals) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1143", this);
                Tr.error(tc, "security.registry.uniquegrpid.notfound", new Object[]{str});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup", new Object[]{e});
            }
            throw e;
        } catch (SAFRegistryException e2) {
            if (!equals) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1154", this);
                Tr.error(tc, "security.registry.getusrsforgrp.error", new Object[]{str, e2});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup", new Object[]{e2});
            }
            throw new EntryNotFoundException("Group " + str + " not found");
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroupsForUser", "1163", this);
            Tr.error(tc, "security.registry.getusrsforgrp.error", new Object[]{str, th});
            throw new CustomRegistryException(th);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public WSCredential createCredential(String str) throws CustomRegistryException, NotImplementedException, EntryNotFoundException {
        List uniqueGroupIds;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCredential", str);
        }
        String[] split = str.split("::", 2);
        String str2 = split.length > 1 ? split[0] : null;
        String str3 = str2 == null ? str : split[1];
        final String normalizeUserId = this.disablePrincipalCasePreservation ? normalizeUserId(str3) : str3;
        try {
            final String realm = getRealm();
            final ArrayList arrayList = new ArrayList();
            if (!this.disableGroupLoad && (uniqueGroupIds = getUniqueGroupIds(normalizeUserId)) != null) {
                for (String str4 : (String[]) uniqueGroupIds.toArray(new String[uniqueGroupIds.size()])) {
                    arrayList.add(RegistryUtil.appendRealm("group", str4, realm));
                }
            }
            final String appendRealm = RegistryUtil.appendRealm("user", normalizeUserId, realm);
            final String str5 = arrayList.size() > 0 ? (String) arrayList.get(0) : RegistryUtil.nullString;
            final WSCredential wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.registry.zOS.SAFRegistryImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return new WSCredentialImpl(realm, normalizeUserId, normalizeUserId, str5, appendRealm, null, arrayList);
                }
            });
            PlatformCredential platformCredential = null;
            if (str2 != null) {
                try {
                    platformCredential = this.pcManager.getCredentialFromKey(str2);
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e.getException(), "com.ibm.ws.security.SAFRegistryImpl", "1270", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception setting PlatformCredential", e.getException());
                    }
                    throw new CustomRegistryException(e.getException().getMessage());
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.SAFRegistryImpl", "1276", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception setting PlatformCredential", e2);
                    }
                    throw new CustomRegistryException(e2.getMessage());
                }
            }
            if (platformCredential == null && !this.useSimpleAuthentication) {
                platformCredential = this.pcManager.createCredential(normalizeUserId);
            }
            if (platformCredential != null) {
                final PlatformCredential platformCredential2 = platformCredential;
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.registry.zOS.SAFRegistryImpl.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        wSCredential.set(CommonConstants.PLATFORM_CREDENTIAL, platformCredential2);
                        return null;
                    }
                });
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createCredential", wSCredential);
            }
            return wSCredential;
        } catch (EntryNotFoundException e3) {
            throw e3;
        } catch (PrivilegedActionException e4) {
            Exception exception = e4.getException();
            FFDCFilter.processException(exception, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "1228", this);
            throw new CustomRegistryException(exception.getMessage(), exception);
        } catch (Exception e5) {
            FFDCFilter.processException(e5, "com.ibm.ws.security.registry.UserRegistryImpl.createCredential", "1237", this);
            Tr.error(tc, "security.registry.createcredential.error", new Object[]{normalizeUserId, e5});
            throw new CustomRegistryException(e5.getMessage(), e5);
        }
    }

    List getGroups() throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups");
        }
        List groups = getGroups("*");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroups", groups);
        }
        return groups;
    }

    List getGroups(String str) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups", str);
        }
        try {
            List ntv_getGroups = ntv_getGroups(new ArrayList());
            List filterList = filterList(ntv_getGroups == null ? new ArrayList() : ntv_getGroups, str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroups", filterList);
            }
            return filterList;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getGroups", "1321", this);
            Tr.error(tc, "security.registry.getgroups.error", new Object[]{"*", th});
            throw new CustomRegistryException(th);
        }
    }

    private List getUsers(String str) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsers", str);
        }
        try {
            List ntv_getUsers = ntv_getUsers(new ArrayList());
            List filterList = filterList(ntv_getUsers == null ? new ArrayList() : ntv_getUsers, str);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", filterList);
            }
            return filterList;
        } catch (SAFRegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.zOS.SAFRegistryImpl.getUsers", "1348", this);
            Tr.error(tc, "security.registry.getusers.error", new Object[]{str, e});
            throw new CustomRegistryException(e);
        }
    }

    private List filterList(List list, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "filterArray", new Object[]{list, str});
        }
        RegExp regExp = new RegExp(str.toUpperCase());
        Iterator it = list.iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (regExp.match(str2)) {
                arrayList.add(str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "filterArray", arrayList);
        }
        return arrayList;
    }

    private String normalizeUserId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normailzeUserId", str);
        }
        String trim = this.ignoreCase ? str.toUpperCase().trim() : str.trim();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "normalizeUserId", trim);
        }
        return trim;
    }

    private String normalizePassword(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normalizePassword");
        }
        if (!this.mixedCasePasswordsEnabled) {
            str = str.toUpperCase().trim();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "normalizePassword");
        }
        return str;
    }

    private String normalizeGroupName(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "normalizeGroupName", str);
        }
        String trim = this.ignoreCase ? str.toUpperCase().trim() : str.trim();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "nomralizeGroupName", trim);
        }
        return trim;
    }

    public String toString() {
        return super.toString() + "[realm=" + this.realm + ";ignoreCase=" + this.ignoreCase + ";disableGroupLoad=" + this.disableGroupLoad + ";useSimpleAuthentication=" + this.useSimpleAuthentication + ";mixedCasePasswordsEnabled=" + this.mixedCasePasswordsEnabled + "]";
    }

    private static native synchronized List ntv_getUsers(List list) throws SAFRegistryException;

    private static native synchronized List ntv_getGroups(List list) throws SAFRegistryException;

    private static native List ntv_getGroupsForUser(String str, List list) throws SAFRegistryException;

    private static native List ntv_getUsersForGroup(String str, List list) throws SAFRegistryException;

    private static native boolean ntv_isValidGroup(String str) throws SAFRegistryException;

    private static native boolean ntv_isValidUser(String str) throws SAFRegistryException;

    private static native String ntv_checkPassword(String str, String str2) throws SAFRegistryException;

    private static native String ntv_mapCertificate(byte[] bArr, int i) throws SAFRegistryException;

    private static native boolean ntv_isMixedCasePWEnabled();

    private static native String ntv_getRealm();
}
