package com.ibm.ws.security.web;

import com.ibm.ejs.models.base.config.security.AuthMechanism;
import com.ibm.ejs.models.base.config.security.LTPA;
import com.ibm.ejs.models.base.config.security.LocalOSAuthentication;
import com.ibm.ejs.models.base.config.security.Security;
import com.ibm.ejs.models.base.config.security.SingleSignon;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.util.Constants;
import com.ibm.ejs.sm.exception.InvalidRuntimeConfigException;
import com.ibm.etools.webapplication.FormLoginConfig;
import com.ibm.etools.webapplication.LoginConfig;
import com.ibm.etools.webapplication.WebApp;
import com.ibm.ws.runtime.Server;
import javax.servlet.http.Cookie;

/* loaded from: input_file:lib/security.jar:com/ibm/ws/security/web/WebAttributes.class */
public class WebAttributes {
    private static final TraceComponent tc;
    public static final String LOCALOS = "LOCALOS";
    public static final String LTPA = "LTPA";
    public static final String UNSUPPORTED = "UNSUPPORTED";
    private static Object lockObject;
    private static Security securityConfig;
    private static Cookie cookieAttrs;
    private static boolean secureSSO;
    private static String loginCookieName;
    private static String cookieSuffix;
    private static final String SSO_COOKIE_SUFFIX = "Token";
    private static boolean isSecurityEnabled;
    private static String authMechanism;
    private static final char CERTIFICATE_FLAG = 'C';
    private static final char COOKIE_FLAG = 'K';
    private static final char AUTHORIZATION_FLAG = 'A';
    private boolean isProtected;
    private String realm;
    private String challengeType;
    private boolean useSSL;
    private boolean defaultToBasic;
    private String pluginCfg;
    private String loginURL;
    private String reloginURL;
    private String webAppName;
    static Class class$com$ibm$ws$security$web$WebAttributes;

    public WebAttributes() {
        this.isProtected = true;
        this.realm = null;
        this.useSSL = false;
        this.defaultToBasic = false;
        this.loginURL = null;
        this.reloginURL = null;
        this.webAppName = null;
        this.isProtected = false;
    }

    public WebAttributes(WebApp webApp) throws InvalidRuntimeConfigException {
        this.isProtected = true;
        this.realm = null;
        this.useSSL = false;
        this.defaultToBasic = false;
        this.loginURL = null;
        this.reloginURL = null;
        this.webAppName = null;
        initializeConfig();
        try {
            this.webAppName = webApp.getDisplayName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Webattrs for webApp =  ").append(this.webAppName).toString());
            }
            LoginConfig loginConfig = webApp.getLoginConfig();
            if (loginConfig != null) {
                this.realm = loginConfig.getRealmName();
                int valueAuthMethod = loginConfig.getValueAuthMethod();
                if (valueAuthMethod == 1) {
                    this.challengeType = "Basic";
                } else if (valueAuthMethod == 4) {
                    this.challengeType = Constants.CERT;
                } else if (valueAuthMethod == 3) {
                    this.challengeType = "Custom";
                    FormLoginConfig formLoginConfig = loginConfig.getFormLoginConfig();
                    if (formLoginConfig != null) {
                        if (formLoginConfig.isSetFormLoginPage()) {
                            this.loginURL = formLoginConfig.getFormLoginPage();
                            if (!this.loginURL.startsWith("/")) {
                                this.loginURL = new StringBuffer().append("/").append(this.loginURL).toString();
                            }
                        }
                        if (formLoginConfig.isSetFormErrorPage()) {
                            this.reloginURL = formLoginConfig.getFormErrorPage();
                            if (!this.reloginURL.startsWith("/")) {
                                this.reloginURL = new StringBuffer().append("/").append(this.reloginURL).toString();
                            }
                        }
                    }
                } else if (valueAuthMethod == 2) {
                    this.challengeType = Constants.DIGEST;
                } else {
                    this.challengeType = "Basic";
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Login Config is not available for webApp ").append(this.webAppName).append(" Assuming Basic Authentication").toString());
                }
                this.challengeType = "Basic";
                this.realm = "Default Realm";
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "realm is {0}", this.realm);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "use SSL is {0}", new Boolean(this.useSSL));
            }
            this.isProtected = !this.challengeType.equals("none");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "challenge type is {0}", this.challengeType);
            }
            StringBuffer stringBuffer = new StringBuffer(3);
            if (this.challengeType.equals(Constants.CERT)) {
                stringBuffer.append('C');
            }
            if (isSSOEnabled()) {
                stringBuffer.append('K');
            }
            if (this.defaultToBasic || this.challengeType.equals("Basic")) {
                stringBuffer.append('A');
            }
            this.pluginCfg = stringBuffer.toString();
            Tr.exit(tc, "WebAttributes");
        } catch (Exception e) {
            throw new InvalidRuntimeConfigException(e.getMessage());
        }
    }

    public boolean isProtected() {
        return this.isProtected;
    }

    public String getRealm() {
        return this.realm;
    }

    public String getChallengeType() {
        return this.challengeType;
    }

    public String getAuthMechanism() {
        return securityConfig.getActiveAuthMechanism() instanceof LocalOSAuthentication ? "LOCALOS" : "LTPA";
    }

    public boolean isSSLEnabled() {
        return this.useSSL;
    }

    public boolean isSSOEnabled() {
        AuthMechanism activeAuthMechanism = securityConfig.getActiveAuthMechanism();
        if (activeAuthMechanism instanceof LTPA) {
            return ((LTPA) activeAuthMechanism).getSingleSignon().isEnabled();
        }
        return false;
    }

    public boolean isSecureSSO() {
        return secureSSO;
    }

    public boolean isDefaultToBasic() {
        return this.defaultToBasic;
    }

    public String getLTPACookieName() {
        return Constants.LTPA_COOKIENAME;
    }

    public String getLoginCookieName() {
        return loginCookieName;
    }

    public String getCookieSuffix() {
        return cookieSuffix;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer(256);
        stringBuffer.append(new StringBuffer().append("webAppName[").append(this.webAppName).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nisProtected[").append(isProtected()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nrealm[").append(getRealm()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nchallengeType[").append(getChallengeType()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nauthMechanism[").append(getAuthMechanism()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nSSLEnabled[").append(isSSLEnabled()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nSSOEnabled[").append(isSSOEnabled()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nsecureSSO[").append(isSecureSSO()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\ndefaultToBasic[").append(isDefaultToBasic()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nLTPACookieName[").append(getLTPACookieName()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nloginCookieName[").append(getLoginCookieName()).append("]").toString());
        stringBuffer.append(new StringBuffer().append("\nCookieSuffix[").append(getCookieSuffix()).append("]").toString());
        return stringBuffer.toString();
    }

    public String getLoginURL() {
        return this.loginURL;
    }

    public String getReloginURL() {
        return this.reloginURL;
    }

    public String getWebAppName() {
        return this.webAppName;
    }

    public void copyInto(Cookie cookie) {
        if (System.getProperty("com.ibm.ejs.security.setSSODomain", "true").equals("false")) {
            Tr.debug(tc, "setSSO Domain = false");
        } else {
            cookie.setDomain(cookieAttrs.getDomain());
        }
        cookie.setMaxAge(cookieAttrs.getMaxAge());
        cookie.setPath(cookieAttrs.getPath());
        cookie.setSecure(cookieAttrs.getSecure());
    }

    private static void initializeConfig() throws InvalidRuntimeConfigException {
        if (securityConfig != null) {
            return;
        }
        synchronized (lockObject) {
            if (securityConfig != null) {
                return;
            }
            Tr.entry(tc, "initializeConfig");
            try {
                securityConfig = Server.getServerInstance().getApplicationServer().getNode().getDomain().getSecurity();
                isSecurityEnabled = securityConfig.isEnabled();
                AuthMechanism activeAuthMechanism = securityConfig.getActiveAuthMechanism();
                authMechanism = activeAuthMechanism instanceof LocalOSAuthentication ? "LOCALOS" : "LTPA";
                if (authMechanism.equals("LTPA")) {
                    cookieAttrs = new Cookie(Constants.LTPA_COOKIENAME, null);
                    SingleSignon singleSignon = ((LTPA) activeAuthMechanism).getSingleSignon();
                    boolean isEnabled = singleSignon.isEnabled();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("SSO is ").append(isEnabled).toString());
                    }
                    String domainName = singleSignon.getDomainName();
                    if (domainName == null) {
                        domainName = "";
                    } else if (domainName.length() > 0) {
                        domainName = domainName.trim();
                        if (domainName.charAt(0) != '.') {
                            domainName = new StringBuffer().append(".").append(domainName).toString();
                        }
                    }
                    cookieAttrs.setDomain(domainName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("SSO Domain is ").append(domainName).toString());
                    }
                    secureSSO = singleSignon.isRequiresSSL();
                    cookieAttrs.setSecure(secureSSO);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("SSO is secure ").append(secureSSO).toString());
                    }
                    cookieAttrs.setPath("/");
                    cookieAttrs.setMaxAge(-1);
                }
                Tr.exit(tc, "initializeConfig");
            } catch (Exception e) {
                Tr.warning(tc, Constants.nls.getString("security.web.config.initerror", "Error while initializing web configuration"), e);
                throw new InvalidRuntimeConfigException(e.getMessage());
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$WebAttributes == null) {
            cls = class$("com.ibm.ws.security.web.WebAttributes");
            class$com$ibm$ws$security$web$WebAttributes = cls;
        } else {
            cls = class$com$ibm$ws$security$web$WebAttributes;
        }
        tc = Tr.register(cls);
        lockObject = new Object();
        securityConfig = null;
        loginCookieName = null;
        cookieSuffix = null;
    }
}
