package com.ibm.mq.ese.service;

import com.ibm.mq.ese.config.ConfigException;
import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.EseUser;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.core.X500NameWrapper;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.mq.ese.pki.KeyStoreAccessFactory;
import com.ibm.mq.ese.pki.MissingCertificateException;
import com.ibm.mq.ese.util.ConfFile;
import com.ibm.mq.ese.util.DuplicateKeyException;
import com.ibm.mq.ese.util.PathResolver;
import com.ibm.mq.ese.util.TraceUtil;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;

/* loaded from: input_file:com/ibm/mq/ese/service/UserMapServiceImpl.class */
public class UserMapServiceImpl implements UserMapService {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-R36, 5724-L26, 5655-L82, 5724-Z94 (c) Copyright IBM Corp. 2010, 2011, 2012 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    public static final String sccsid = "@(#) MQMBID sn=p750-007-160721 su=_5-oPAE9GEeaPKcVnHyiksg pn=com.ibm.mq.ese/src/com/ibm/mq/ese/service/UserMapServiceImpl.java";
    private static final String CLASS;

    @Override // com.ibm.mq.ese.service.UserMapService
    public String getExternalUsername() throws UserMapException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getExternalUsername()");
        }
        String standaloneAppUserName = getStandaloneAppUserName();
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getExternalUsername()", new Object[]{standaloneAppUserName});
        }
        return standaloneAppUserName;
    }

    private String getStandaloneAppUserName() throws UserMapException {
        try {
            String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return System.getProperty("user.name");
                }
            });
            if (str != null) {
                return str;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, "user.name");
            throw new UserMapException(AmsErrorMessages.mju_cfg_ambi_cfg_err_getting_system_properties, hashMap);
        } catch (SecurityException e) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, "user.name");
            throw new UserMapException(AmsErrorMessages.mju_cfg_ambi_cfg_err_getting_system_properties, hashMap2, e);
        }
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public KeyStoreConfig readKeystoreConfig(File file) throws ConfigException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        FileInputStream fileInputStream2 = new FileInputStream(file);
                        ConfFile confFile = new ConfFile();
                        confFile.load(fileInputStream2);
                        KeyStoreConfig keyStoreConfig = new KeyStoreConfig(confFile);
                        Object[] validate = keyStoreConfig.validate();
                        if (validate != null && validate.length > 0) {
                            HashMap hashMap = new HashMap();
                            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, TraceUtil.join(validate));
                            AmsErrorMessages.log(CLASS, "readKeystoreConfig", AmsErrorMessages.mju_wrong_key, hashMap);
                            throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties);
                        }
                        confFile.clear();
                        if (Trace.isOn) {
                            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "readKeystoreConfig(File)");
                        }
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e) {
                            }
                        }
                        return keyStoreConfig;
                    } catch (ConfigException e2) {
                        throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e2);
                    }
                } catch (DuplicateKeyException e3) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CONFIG_KEY, e3.getKey());
                    throw new ConfigException(AmsErrorMessages.mqo_s_usermap_error_duplicate_key, hashMap2, e3);
                }
            } catch (IOException e4) {
                throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e4);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public EseUser getCredentials() throws UserMapException, ConfigException, AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials()");
        }
        EseUser credentials = getCredentials(getExternalUsername());
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials()", new Object[]{credentials});
        }
        return credentials;
    }

    @Override // com.ibm.mq.ese.service.UserMapService
    public EseUser getCredentials(String str) throws ConfigException, AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", new Object[]{str});
        }
        final File keystorePath = PathResolver.getKeystorePath();
        if (Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", "using keystore configuration: ", keystorePath.getAbsolutePath());
        }
        try {
            KeyStoreConfig keyStoreConfig = (KeyStoreConfig) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws ConfigException {
                    return UserMapServiceImpl.this.readKeystoreConfig(keystorePath);
                }
            });
            KeyStoreAccess keyStoreAccessFactory = KeyStoreAccessFactory.getInstance(keyStoreConfig);
            if (keyStoreAccessFactory instanceof Lifecycle) {
                ((Lifecycle) keyStoreAccessFactory).init();
            }
            EseUser constructUser = constructUser(str, keyStoreConfig, keyStoreAccessFactory);
            keyStoreConfig.cleanUp();
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)", "keystore: ", keyStoreAccessFactory);
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "getCredentials(String)");
            }
            return constructUser;
        } catch (PrivilegedActionException e) {
            throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e);
        }
    }

    private EseUser constructUser(String str, final KeyStoreConfig keyStoreConfig, KeyStoreAccess keyStoreAccess) throws ConfigException, AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)");
        }
        String keyStorePath = keyStoreConfig.getKeyStorePath();
        if (keyStorePath == null) {
            keyStorePath = keyStoreConfig.getType();
        }
        String alias = keyStoreConfig.getAlias();
        if (!keyStoreAccess.containsAlias(alias)) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, alias);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, keyStorePath);
            throw new ConfigException(new MissingCertificateException(AmsErrorMessages.mju_credential_alias_not_found_keystore_MissingCertificateException, (HashMap<String, ? extends Object>) hashMap));
        }
        X509Certificate certificate = keyStoreAccess.getCertificate(alias);
        if (certificate == null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, alias);
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, keyStorePath);
            throw new ConfigException(new MissingCertificateException(AmsErrorMessages.mju_user_certificate_not_found_MissingCertificateException, (HashMap<String, ? extends Object>) hashMap2));
        }
        X500NameWrapper x500NameWrapper = new X500NameWrapper(certificate.getSubjectDN().getName());
        EseUser eseUser = new EseUser();
        eseUser.setKeyStore(keyStoreAccess);
        eseUser.setUserDN(x500NameWrapper.toString());
        eseUser.setUserName(str);
        eseUser.setUserCertificate(certificate);
        eseUser.setAlias(alias);
        eseUser.setProvider(keyStoreConfig.getProvider());
        eseUser.setPkiSpec(keyStoreConfig.getPkiConfig().pkiSpec);
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.mq.ese.service.UserMapServiceImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                if (System.getProperty("com.ibm.security.enableCRLDP") == null && keyStoreConfig.getPkiConfig().pkiSpec.checkCDP) {
                    return System.setProperty("com.ibm.security.enableCRLDP", "true");
                }
                return null;
            }
        });
        if (Trace.isOn) {
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "userDN is: ", x500NameWrapper);
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "alias is: ", alias);
            Trace.traceInfo(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)", "certificate is: '", certificate);
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.service.UserMapServiceImpl", "constructUser(final String, final KeyStoreConfig, final KeyStoreAccess)");
        }
        return eseUser;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.service.UserMapServiceImpl", "static", "SCCS id", (Object) sccsid);
        }
        CLASS = UserMapServiceImpl.class.getName();
    }
}
