package com.ibm.mq.ese.service;

import com.ibm.mq.ese.config.ConfigException;
import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.EseUser;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.core.X500NameWrapper;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.mq.ese.pki.KeyStoreAccessFactory;
import com.ibm.mq.ese.pki.MissingCertificateException;
import com.ibm.mq.ese.util.ConfFile;
import com.ibm.mq.ese.util.DuplicateKeyException;
import com.ibm.mq.ese.util.PathResolver;
import com.ibm.mq.ese.util.TraceUtil;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;

/* loaded from: input_file:com/ibm/mq/ese/service/UserMapServiceImpl.class */
public class UserMapServiceImpl implements UserMapService {
    public static final String sccsid = "@(#) MQMBID sn=p930-011-230929 su=_zeu1816cEe61NJUItrVmPw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/service/UserMapServiceImpl.java";
    private static final String CLASS;

    @Override // com.ibm.mq.ese.service.UserMapService
    public String getExternalUsername() throws UserMapException {
        String standaloneAppUserName = getStandaloneAppUserName();
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getExternalUsername()", "getter", standaloneAppUserName);
        }
        return standaloneAppUserName;
    }

    private String getStandaloneAppUserName() throws UserMapException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getStandaloneAppUserName()");
        }
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    if (Trace.isOn) {
                        Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "run()");
                    }
                    String property = System.getProperty("user.name");
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.service.null", "run()", property);
                    }
                    return property;
                }
            });
            if (str != null) {
                if (Trace.isOn) {
                    Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getStandaloneAppUserName()", str);
                }
                return str;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, "user.name");
            UserMapException userMapException = new UserMapException(AmsErrorMessages.mju_cfg_ambi_cfg_err_getting_system_properties, hashMap);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getStandaloneAppUserName()", userMapException, 1);
            }
            throw userMapException;
        } catch (SecurityException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getStandaloneAppUserName()", e);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, "user.name");
            UserMapException userMapException2 = new UserMapException(AmsErrorMessages.mju_cfg_ambi_cfg_err_getting_system_properties, hashMap2, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getStandaloneAppUserName()", userMapException2, 2);
            }
            throw userMapException2;
        }
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public KeyStoreConfig readKeystoreConfig(File file) throws ConfigException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", new Object[]{file});
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        FileInputStream fileInputStream2 = new FileInputStream(file);
                        ConfFile confFile = new ConfFile();
                        confFile.load(fileInputStream2);
                        KeyStoreConfig keyStoreConfig = new KeyStoreConfig(confFile);
                        Object[] validate = keyStoreConfig.validate();
                        if (validate != null && validate.length > 0) {
                            HashMap hashMap = new HashMap();
                            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, TraceUtil.join(validate));
                            AmsErrorMessages.log(CLASS, "readKeystoreConfig", AmsErrorMessages.mju_wrong_key, hashMap);
                            ConfigException configException = new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties);
                            if (Trace.isOn) {
                                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", configException, 1);
                            }
                            throw configException;
                        }
                        confFile.clear();
                        if (Trace.isOn) {
                            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", keyStoreConfig);
                        }
                        if (Trace.isOn) {
                            Trace.finallyBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)");
                        }
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e) {
                                if (Trace.isOn) {
                                    Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", e, 4);
                                }
                            }
                        }
                        return keyStoreConfig;
                    } catch (ConfigException e2) {
                        if (Trace.isOn) {
                            Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", e2, 3);
                        }
                        ConfigException configException2 = new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e2);
                        if (Trace.isOn) {
                            Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", configException2, 4);
                        }
                        throw configException2;
                    }
                } catch (IOException e3) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", e3, 2);
                    }
                    ConfigException configException3 = new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e3);
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", configException3, 3);
                    }
                    throw configException3;
                }
            } catch (DuplicateKeyException e4) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", e4, 1);
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CONFIG_KEY, e4.getKey());
                ConfigException configException4 = new ConfigException(AmsErrorMessages.mqo_s_usermap_error_duplicate_key, hashMap2, e4);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", configException4, 2);
                }
                throw configException4;
            }
        } catch (Throwable th) {
            if (Trace.isOn) {
                Trace.finallyBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)");
            }
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)", e5, 4);
                    }
                }
            }
            throw th;
        }
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public EseUser getCredentials() throws UserMapException, ConfigException, AMBIException {
        EseUser credentials = getCredentials(getExternalUsername());
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials()", "getter", credentials);
        }
        return credentials;
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public EseUser getCredentials(String str) throws ConfigException, AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", new Object[]{str});
        }
        final File keystorePath = PathResolver.getKeystorePath();
        if (Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", "using keystore configuration: ", keystorePath.getAbsolutePath());
        }
        try {
            KeyStoreConfig keyStoreConfig = (KeyStoreConfig) AccessController.doPrivileged(new PrivilegedExceptionAction<KeyStoreConfig>() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public KeyStoreConfig run() throws ConfigException {
                    if (Trace.isOn) {
                        Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "run()");
                    }
                    KeyStoreConfig readKeystoreConfig = UserMapServiceImpl.this.readKeystoreConfig(keystorePath);
                    if (Trace.isOn) {
                        Trace.exit(this, "com.ibm.mq.ese.service.null", "run()", readKeystoreConfig);
                    }
                    return readKeystoreConfig;
                }
            });
            KeyStoreAccess keyStoreAccessFactory = KeyStoreAccessFactory.getInstance(keyStoreConfig);
            if (keyStoreAccessFactory instanceof Lifecycle) {
                ((Lifecycle) keyStoreAccessFactory).init();
            }
            EseUser constructUser = constructUser(str, keyStoreConfig, keyStoreAccessFactory);
            keyStoreConfig.cleanUp();
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", "keystore: ", keyStoreAccessFactory);
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", constructUser);
            }
            return constructUser;
        } catch (PrivilegedActionException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", e);
            }
            ConfigException configException = new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", configException);
            }
            throw configException;
        }
    }

    private EseUser constructUser(String str, final KeyStoreConfig keyStoreConfig, KeyStoreAccess keyStoreAccess) throws ConfigException, AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String,final KeyStoreConfig,final KeyStoreAccess)", new Object[]{str, keyStoreConfig, keyStoreAccess});
        }
        String keyStorePath = keyStoreConfig.getKeyStorePath();
        if (keyStorePath == null) {
            keyStorePath = keyStoreConfig.getType();
        }
        String alias = keyStoreConfig.getAlias();
        if (!keyStoreAccess.containsAlias(alias)) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, alias);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, keyStorePath);
            ConfigException configException = new ConfigException(new MissingCertificateException(AmsErrorMessages.mju_credential_alias_not_found_keystore_MissingCertificateException, (HashMap<String, ? extends Object>) hashMap));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String,final KeyStoreConfig,final KeyStoreAccess)", configException, 1);
            }
            throw configException;
        }
        X509Certificate certificate = keyStoreAccess.getCertificate(alias);
        if (certificate == null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, alias);
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, keyStorePath);
            ConfigException configException2 = new ConfigException(new MissingCertificateException(AmsErrorMessages.mju_user_certificate_not_found_MissingCertificateException, (HashMap<String, ? extends Object>) hashMap2));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String,final KeyStoreConfig,final KeyStoreAccess)", configException2, 2);
            }
            throw configException2;
        }
        X500NameWrapper x500NameWrapper = new X500NameWrapper(certificate.getSubjectX500Principal().getName());
        EseUser eseUser = new EseUser();
        eseUser.setKeyStoreAccess(keyStoreAccess);
        eseUser.setUserDN(x500NameWrapper.toString());
        eseUser.setUserName(str);
        eseUser.setUserCertificate(certificate);
        eseUser.setAlias(alias);
        eseUser.setProvider(keyStoreConfig.getProvider());
        eseUser.setPkiSpec(keyStoreConfig.getPkiConfig().pkiSpec);
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                if (Trace.isOn) {
                    Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "run()");
                }
                if (System.getProperty("com.ibm.security.enableCRLDP") != null || !keyStoreConfig.getPkiConfig().pkiSpec.checkCDP) {
                    if (!Trace.isOn) {
                        return null;
                    }
                    Trace.exit(this, "com.ibm.mq.ese.service.null", "run()", null, 2);
                    return null;
                }
                System.setProperty("com.ibm.security.enableCRLDP", "true");
                if (!Trace.isOn) {
                    return null;
                }
                Trace.exit(this, "com.ibm.mq.ese.service.null", "run()", null, 1);
                return null;
            }
        });
        if (Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "userDN is: ", x500NameWrapper);
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "alias is: ", alias);
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "certificate is: '", certificate);
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String,final KeyStoreConfig,final KeyStoreAccess)", eseUser);
        }
        return eseUser;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.service.UserMapServiceImpl", "static", "SCCS id", (Object) sccsid);
        }
        CLASS = UserMapServiceImpl.class.getName();
    }
}
