package com.ibm.wps.sso.vaultservice;

import com.ibm.portal.WpsException;
import com.ibm.wps.ac.NotAllowedException;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.User;
import com.ibm.wps.puma.UserManager;
import com.ibm.wps.sso.credentialvault.CredentialSlot;
import com.ibm.wps.sso.credentialvault.CredentialVaultMessages;
import com.ibm.wps.sso.credentialvault.secrets.CredentialSecret;
import com.ibm.wps.sso.vaultservice.exceptions.SecretTypeNotSupportedException;
import com.ibm.wps.sso.vaultservice.exceptions.VaultServiceException;
import com.ibm.wps.util.ConcurrentModificationException;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.ObjectID;
import com.ibm.wps.util.Properties;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/sso/vaultservice/VaultServiceImpl.class */
public class VaultServiceImpl extends VaultService {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Logger logger;
    private static final String LOGGER = "com.ibm.wps.sso.vaultservice";
    private static final String SYSTEMCRED_DN = "systemcred.dn";
    private static final char DELIMITER = '|';
    private VaultAdapterManager adapterManager;
    private VaultSegmentManager segmentManager;
    private boolean initialized = false;
    private User systemCredUser = null;
    private String systemCredUserDN;
    static Class class$com$ibm$wps$sso$vaultservice$VaultServiceImpl;

    public VaultServiceImpl() {
        this.adapterManager = null;
        this.segmentManager = null;
        logger.entry(Logger.TRACE_HIGH, "<init>");
        this.adapterManager = new VaultAdapterManager();
        this.segmentManager = new VaultSegmentManager();
        logger.exit(Logger.TRACE_HIGH, "<init>");
    }

    @Override // com.ibm.wps.services.Service
    public void init(Properties properties) throws Exception {
        if (this.initialized) {
            return;
        }
        logger.entry(Logger.TRACE_HIGH, "init");
        this.systemCredUserDN = properties.getString(SYSTEMCRED_DN);
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.text(Logger.TRACE_MEDIUM, "init", new StringBuffer().append("VaultServiceImpl.init: systemCredUserDN set to '").append(this.systemCredUserDN).append("'").toString());
        }
        this.adapterManager.init(properties);
        this.segmentManager.init(this.adapterManager);
        this.initialized = true;
        logger.exit(Logger.TRACE_HIGH, "init");
    }

    public void checkSystemDNInitialized() throws VaultServiceException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        if (this.systemCredUser != null) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "checkSystemDNInitialized", "User for system credentials is already retrieved");
                return;
            }
            return;
        }
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "checkSystemDNInitialized", new StringBuffer().append("Trying to retrieve user '").append(this.systemCredUserDN).append("'").toString());
        }
        if (null != this.systemCredUserDN) {
            try {
                this.systemCredUser = UserManager.instance().findById(this.systemCredUserDN);
            } catch (WpsException e) {
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "checkSystemDNInitialized", new StringBuffer().append("Couldn't retrieve user '").append(this.systemCredUserDN).append("' for storing system credentials").toString());
                }
                logger.message(100, "checkSystemDNInitialized", CredentialVaultMessages.SYSTEMCRED_DN_PROPERTY_VALUE_INVALID_1, new Object[]{SYSTEMCRED_DN});
                throw new IllegalStateException("The systemcred.dn property is invalid.  Please make sure the value of systemcred.dn is a valid user in the Vault Service Properties File");
            }
        }
        if (null == this.systemCredUser) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "checkSystemDNInitialized", new StringBuffer().append("Couldn't retrieve user '").append(this.systemCredUserDN).append("' for storing system credentials").toString());
            }
            logger.message(100, "checkSystemDNInitialized", CredentialVaultMessages.SYSTEMCRED_DN_PROPERTY_VALUE_INVALID_1, new Object[]{SYSTEMCRED_DN});
            throw new IllegalStateException("The systemcred.dn property is invalid.  Please make sure the value of systemcred.dn is a valid user in the Vault Service Properties File");
        }
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "checkSystemDNInitialized", new StringBuffer().append("Will use the following user for system credentials:").append(this.systemCredUser).toString());
        }
    }

    @Override // com.ibm.wps.services.Service
    public void destroy() throws Exception {
        logger.entry(Logger.TRACE_HIGH, "destroy");
        if (this.initialized) {
            this.adapterManager.destroy();
        }
        logger.exit(Logger.TRACE_HIGH, "destroy");
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Map listVaultAdapters() {
        return this.adapterManager.getAdapterConfigs();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listResourcesInVault(String str) throws DataBackendException, VaultServiceException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "listResourcesInVault", str);
        VaultAdapter adapter = this.adapterManager.getAdapter(str);
        if (null == adapter) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "listResourcesInVault", new StringBuffer().append("Vault Adapter of type '").append(str).append("' does not exist").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("Vault Adapter of type '").append(str).append("' does not exist").toString());
        }
        Iterator listResources = adapter.listResources();
        logger.exit(Logger.TRACE_HIGH, "listResourcesInVault", listResources);
        return listResources;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public boolean isResourceInVault(String str, String str2) throws DataBackendException, VaultServiceException {
        logger.entry(Logger.TRACE_HIGH, "listResourcesInVault", new Object[]{str, str2});
        VaultAdapter adapter = this.adapterManager.getAdapter(str);
        if (null == adapter) {
            throw new VaultServiceException(new StringBuffer().append("Vault Adapter of type \"").append(str).append("\" does not exist").toString());
        }
        boolean containsResource = adapter.containsResource(str2);
        logger.exit(Logger.TRACE_HIGH, "listResourcesInVault", containsResource);
        return containsResource;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public VaultSegmentConfig createSegment(String str, String str2, String str3, boolean z, ObjectID objectID) throws DataBackendException, VaultServiceException, ConcurrentModificationException {
        logger.entry(Logger.TRACE_HIGH, "createSegment", new Object[]{str, str2, str3, new Boolean(z)});
        VaultAdapter adapter = this.adapterManager.getAdapter(str3);
        if (null == adapter) {
            throw new VaultServiceException(new StringBuffer().append("Vault Adapter of type \"").append(str3).append("\" does not exist").toString());
        }
        VaultSegmentConfig createSegment = this.segmentManager.createSegment(str, str2, adapter, z, objectID);
        logger.exit(Logger.TRACE_HIGH, "createSegment", createSegment);
        return createSegment;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void deleteSegment(ObjectID objectID) throws DataBackendException, ConcurrentModificationException {
        logger.entry(Logger.TRACE_HIGH, "deleteSegment", objectID);
        this.segmentManager.deleteSegment(objectID);
        logger.exit(Logger.TRACE_HIGH, "deleteSegment");
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public VaultSegmentConfig getSegment(ObjectID objectID) throws DataBackendException {
        return this.segmentManager.getSegmentConfig(objectID);
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Map listSegments() {
        return this.segmentManager.listSegmentConfigs();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Map listSegmentsWithoutVaultSlots() {
        return null;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public int[] getSupportedSecretTypes(ObjectID objectID) throws VaultServiceException, DataBackendException {
        logger.entry(Logger.TRACE_HIGH, "getSupportedSecretTypes", objectID);
        VaultSegment segment = this.segmentManager.getSegment(objectID);
        if (null == segment) {
            throw new VaultServiceException(new StringBuffer().append("The specified segment \"").append(objectID).append("\" does not exist").toString());
        }
        int[] supportedSecretTypes = segment.getSupportedSecretTypes();
        logger.exit(Logger.TRACE_HIGH, "getSupportedSecretTypes", supportedSecretTypes);
        return supportedSecretTypes;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public boolean isSecretTypeSupported(ObjectID objectID, int i) throws VaultServiceException, DataBackendException {
        logger.entry(Logger.TRACE_HIGH, "isSecretTypeSupported", new Object[]{objectID, new Integer(i)});
        VaultSegment segment = this.segmentManager.getSegment(objectID);
        if (null == segment) {
            throw new VaultServiceException(new StringBuffer().append("The specified segment \"").append(objectID).append("\" does not exist").toString());
        }
        boolean isSecretTypeSupported = segment.isSecretTypeSupported(i);
        logger.exit(Logger.TRACE_HIGH, "isSecretTypeSupported", isSecretTypeSupported);
        return isSecretTypeSupported;
    }

    private void isValidVaultSlot(VaultSlotConfig vaultSlotConfig) throws VaultServiceException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "isValidVaultSlot", vaultSlotConfig);
        if (!vaultSlotConfig.isUserManaged() || null != vaultSlotConfig.getUserObjectID()) {
            logger.exit(Logger.TRACE_HIGH, "isValidVaultSlot");
        } else {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "isValidVaultSlot", "Hmm, a vault slot that is userManaged must have a user associated with it. . .  No good.");
            }
            throw new VaultServiceException(new StringBuffer().append("Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" is not valid, it is user managed and does not have a user assciated with it.").toString());
        }
    }

    private String generateVaultSlotKey(VaultSlotConfig vaultSlotConfig) throws VaultServiceException {
        String stringBuffer;
        if (-1 != vaultSlotConfig.getResourceName().indexOf(DELIMITER)) {
            throw new VaultServiceException("The Resource Name may not contain the \"|\" character");
        }
        if (null != vaultSlotConfig.getVaultSlotKey() && -1 != vaultSlotConfig.getVaultSlotKey().indexOf(DELIMITER)) {
            throw new VaultServiceException("The Vault Slot Key may not contain the \"|\" character");
        }
        if (vaultSlotConfig.isUserManaged()) {
            StringBuffer stringBuffer2 = new StringBuffer(vaultSlotConfig.getResourceName());
            stringBuffer2.append('|');
            stringBuffer2.append(vaultSlotConfig.getUserObjectID().toString());
            if (null != vaultSlotConfig.getCPIID()) {
                stringBuffer2.append('|');
                stringBuffer2.append(vaultSlotConfig.getCPIID().toString());
            }
            stringBuffer = stringBuffer2.toString();
        } else {
            stringBuffer = vaultSlotConfig.getResourceName();
        }
        if (logger.isLogging(Logger.TRACE_MEDIUM)) {
            logger.text(Logger.TRACE_MEDIUM, "generateVaultSlotKey", new StringBuffer().append("Resource is now \"").append(stringBuffer).append("\"").toString());
        }
        return stringBuffer;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public VaultSlotConfig createVaultSlot(VaultSlotConfig vaultSlotConfig) throws DataBackendException, VaultServiceException, ConcurrentModificationException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "createVaultSlot", vaultSlotConfig);
        VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
        if (null == segment) {
            logger.message(100, "createVaultSlot", CredentialVaultMessages.SEGMENT_NOT_EXIST_VAULT_SLOT_CANNOT_CREATED_1, new Object[]{vaultSlotConfig.getSegmentObjectID()});
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "createVaultSlot", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist, the vault slot cannot be created").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("Segment ").append(vaultSlotConfig.getSegmentObjectID()).append(" does not exist").toString());
        }
        vaultSlotConfig.setUserManaged(segment.isUserMapped());
        isValidVaultSlot(vaultSlotConfig);
        vaultSlotConfig.setResourceName(generateVaultSlotKey(vaultSlotConfig));
        if (null == vaultSlotConfig.getVaultSlotKey() || 0 == vaultSlotConfig.getVaultSlotKey().length()) {
            vaultSlotConfig.setVaultSlotKey(vaultSlotConfig.getResourceName());
        }
        vaultSlotConfig.store();
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "createVaultSlot", new StringBuffer().append("Stored vault slot \"").append(vaultSlotConfig.getVaultSlotKey()).append("\"").toString());
        }
        String resourceName = vaultSlotConfig.getResourceName();
        VaultAdapter vaultAdapter = segment.getVaultAdapter();
        if (null == vaultAdapter) {
            throw new VaultServiceException(new StringBuffer().append("The VaultAdapter of type ").append(segment.getVaultAdapterType()).append(" does not exist").toString());
        }
        if (!vaultAdapter.isReadOnly() && vaultAdapter.isManagingResources() && !vaultAdapter.containsResource(resourceName)) {
            vaultAdapter.createResource(resourceName);
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "createVaultSlot", new StringBuffer().append("Created resource ").append(resourceName).toString());
            }
        } else if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "createVaultSlot", new StringBuffer().append("The adapter ").append(vaultAdapter.getType()).append(" is read only or is not managing resources.  The Vault Service will not create the resource").toString());
        }
        if (vaultAdapter.containsResource(resourceName)) {
            logger.exit(Logger.TRACE_HIGH, "createVaultSlot", vaultSlotConfig);
            return vaultSlotConfig;
        }
        logger.message(100, "createVaultSlot", CredentialVaultMessages.RESOURCE_NOT_EXIST_IN_SEGMENT_2, new Object[]{resourceName, segment.getName()});
        if (isLogging) {
            logger.text(Logger.TRACE_MEDIUM, "createVaultSlot", new StringBuffer().append("Resource ").append(resourceName).append(" doesn't exist. . .").toString());
        }
        vaultSlotConfig.delete();
        throw new VaultServiceException(new StringBuffer().append("The resource ").append(resourceName).append(" does not exist in the vault.  The Vault Slot could not be created").toString());
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public VaultSlotConfig modifyVaultSlot(VaultSlotConfig vaultSlotConfig) throws DataBackendException, VaultServiceException, ConcurrentModificationException {
        logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "modifyVaultSlot", vaultSlotConfig);
        isValidVaultSlot(vaultSlotConfig);
        vaultSlotConfig.store();
        logger.exit(Logger.TRACE_HIGH, "modifyVaultSlot", vaultSlotConfig);
        return vaultSlotConfig;
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void deleteVaultSlot(VaultSlotConfig vaultSlotConfig) throws DataBackendException, VaultServiceException, ConcurrentModificationException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "deleteVaultSlot", vaultSlotConfig);
        vaultSlotConfig.delete();
        VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
        if (null == segment) {
            logger.message(101, "deleteVaultSlot", CredentialVaultMessages.VAULT_SLOT_DELETED_BUT_SEGMENT_NOT_EXIST_2, new Object[]{vaultSlotConfig.getVaultSlotKey(), vaultSlotConfig.getSegmentObjectID()});
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "deleteVaultSlot", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist!!").toString());
            }
        } else {
            String resourceName = vaultSlotConfig.getResourceName();
            VaultAdapter vaultAdapter = segment.getVaultAdapter();
            if (null == vaultAdapter) {
                throw new VaultServiceException(new StringBuffer().append("The VaultAdapter of type ").append(segment.getVaultAdapterType()).append(" does not exist").toString());
            }
            if (!vaultAdapter.isReadOnly() && vaultAdapter.isManagingResources() && vaultAdapter.containsResource(resourceName)) {
                CredentialSlot[] listForResource = CredentialSlot.listForResource(resourceName);
                if (null == listForResource || 0 == listForResource.length) {
                    vaultAdapter.deleteResource(resourceName);
                }
            } else if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "deleteVaultSlot", new StringBuffer().append("The adapter ").append(vaultAdapter.getType()).append(" is read only or is not managing resources.  The Vault Service will not delete the resource").toString());
            }
        }
        logger.exit(Logger.TRACE_HIGH, "deleteVaultSlot");
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listAdminDefinedVaultSlots() throws DataBackendException {
        return Arrays.asList(CredentialSlot.listAdminDefined()).iterator();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listUserMappedVaultSlots() throws DataBackendException {
        return Arrays.asList(CredentialSlot.listUserMapped()).iterator();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listUserMappedVaultSlots(User user) throws DataBackendException {
        return Arrays.asList(CredentialSlot.listUserMapped((ObjectID) user.getObjectID())).iterator();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listUserMappedVaultSlots(User user, ObjectID objectID) throws DataBackendException {
        return Arrays.asList(CredentialSlot.listUserMapped((ObjectID) user.getObjectID(), objectID)).iterator();
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Iterator listUserAccessibleVaultSlots(User user, ObjectID objectID) throws DataBackendException {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(Arrays.asList(CredentialSlot.listAdminDefined()));
        linkedList.addAll(Arrays.asList(CredentialSlot.listUserMapped((ObjectID) user.getObjectID())));
        linkedList.addAll(Arrays.asList(CredentialSlot.listUserMapped((ObjectID) user.getObjectID(), objectID)));
        return linkedList.iterator();
    }

    private final void isAccessValid(VaultSlotConfig vaultSlotConfig, User user, ObjectID objectID) throws NotAllowedException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "isAccessValid", new Object[]{vaultSlotConfig, user, objectID});
        if (vaultSlotConfig.isUserManaged()) {
            if (null == user) {
                String stringBuffer = new StringBuffer().append("Someone is trying to access Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" without identifying themself!").toString();
                logger.message(100, "isAccessValid", CredentialVaultMessages.CVM_1, new Object[]{stringBuffer});
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "isAccessValid", stringBuffer);
                }
                throw new NotAllowedException(VaultServiceMessages.ACCESS_NOT_ALLOWED_ERROR_0);
            }
            if (null != vaultSlotConfig.getCPIID()) {
                if (false == (user.getObjectID().equals(vaultSlotConfig.getUserObjectID()) && vaultSlotConfig.getCPIID().equals(objectID))) {
                    String stringBuffer2 = new StringBuffer().append("Access is not granted to Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" since user ").append(user.getId()).append(" along with portlet ").append(objectID).append(" does not own it").toString();
                    logger.message(100, "isAccessValid", CredentialVaultMessages.CVM_1, new Object[]{stringBuffer2});
                    if (isLogging) {
                        logger.text(Logger.TRACE_MEDIUM, "isAccessValid", stringBuffer2);
                    }
                    throw new NotAllowedException(VaultServiceMessages.ACCESS_NOT_ALLOWED_ERROR_0);
                }
            } else if (false == user.getObjectID().equals(vaultSlotConfig.getUserObjectID())) {
                String stringBuffer3 = new StringBuffer().append("Access is not granted to Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" since user ").append(user.getId()).append(" does not own it").toString();
                logger.message(100, "isAccessValid", CredentialVaultMessages.CVM_1, new Object[]{stringBuffer3});
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "isAccessValid", stringBuffer3);
                }
                throw new NotAllowedException(VaultServiceMessages.ACCESS_NOT_ALLOWED_ERROR_0);
            }
        }
        logger.exit(Logger.TRACE_HIGH, "isAccessValid");
    }

    private final void isAccessValid(VaultSlotConfig vaultSlotConfig, User user) throws NotAllowedException {
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "isAccessValid", new Object[]{vaultSlotConfig, user});
        if (vaultSlotConfig.isUserManaged()) {
            if (null == user) {
                String stringBuffer = new StringBuffer().append("Someone is trying to access Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" without identifying themself!").toString();
                logger.message(100, "isAccessValid", CredentialVaultMessages.CVM_1, new Object[]{stringBuffer});
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "isAccessValid", stringBuffer);
                }
                throw new NotAllowedException(VaultServiceMessages.ACCESS_NOT_ALLOWED_ERROR_0);
            }
            if (false == user.getObjectID().equals(vaultSlotConfig.getUserObjectID())) {
                String stringBuffer2 = new StringBuffer().append("Access is not granted to Vault Slot ").append(vaultSlotConfig.getVaultSlotKey()).append(" since user ").append(user.getId()).append(" does not own it").toString();
                logger.message(100, "isAccessValid", CredentialVaultMessages.CVM_1, new Object[]{stringBuffer2});
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "isAccessValid", stringBuffer2);
                }
                throw new NotAllowedException(VaultServiceMessages.ACCESS_NOT_ALLOWED_ERROR_0);
            }
        }
        logger.exit(Logger.TRACE_HIGH, "isAccessValid");
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void addCredential(VaultSlotConfig vaultSlotConfig, CredentialSecret credentialSecret, User user) throws SecretTypeNotSupportedException, NotAllowedException, VaultServiceException, DataBackendException {
        addCredential(vaultSlotConfig, credentialSecret, user, null);
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void addCredential(VaultSlotConfig vaultSlotConfig, CredentialSecret credentialSecret, User user, ObjectID objectID) throws SecretTypeNotSupportedException, NotAllowedException, VaultServiceException, DataBackendException {
        checkSystemDNInitialized();
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "addCredential", new Object[]{vaultSlotConfig, credentialSecret, user, objectID});
        VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
        if (null == segment) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "addCredential", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist!!").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist, credential could not be added for VaultSlot ").append(vaultSlotConfig.getVaultSlotKey()).toString());
        }
        VaultAdapter vaultAdapter = segment.getVaultAdapter();
        if (null == vaultAdapter) {
            throw new VaultServiceException(new StringBuffer().append("The adapter of type ").append(segment.getVaultAdapterType()).append(" does not exist").toString());
        }
        if (vaultAdapter.isReadOnly()) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "addCredential", new StringBuffer().append("The credential could not be added, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("The credential could not be added, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
        }
        try {
            isAccessValid(vaultSlotConfig, user, objectID);
            User user2 = user;
            if (vaultSlotConfig.referencesSystemCredential()) {
                user2 = this.systemCredUser;
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "addCredential", new StringBuffer().append("Going to use user with ObjectID ").append(vaultSlotConfig.getUserObjectID()).toString());
                }
            }
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "addCredential", new StringBuffer().append("Using user ").append(user2).toString());
            }
            vaultAdapter.addCredential(credentialSecret, user2, vaultSlotConfig.getResourceName());
            logger.exit(Logger.TRACE_HIGH, "addCredential");
        } catch (NotAllowedException e) {
            logger.message(100, "addCredential", CredentialVaultMessages.FAILED_TO_ADD_CREDENTIAL_USER_PORTLET_NOT_ACCESS_VAULT_SLOT_0);
            throw e;
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public Subject getCredential(VaultSlotConfig vaultSlotConfig, User user, ObjectID objectID) throws SecretTypeNotSupportedException, VaultServiceException, NotAllowedException, DataBackendException {
        checkSystemDNInitialized();
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "getCredential", new Object[]{vaultSlotConfig, user, objectID});
        try {
            isAccessValid(vaultSlotConfig, user, objectID);
            VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
            if (null == segment) {
                if (isLogging) {
                    logger.text(Logger.TRACE_MEDIUM, "getCredential", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist!!").toString());
                }
                throw new VaultServiceException(new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist, credential could not be retrieved for VaultSlot ").append(vaultSlotConfig.getVaultSlotKey()).toString());
            }
            User user2 = user;
            if (vaultSlotConfig.referencesSystemCredential()) {
                user2 = this.systemCredUser;
            }
            VaultAdapter vaultAdapter = segment.getVaultAdapter();
            if (null == vaultAdapter) {
                throw new VaultServiceException(new StringBuffer().append("The adapter of type ").append(segment.getVaultAdapterType()).append(" could not be found").toString());
            }
            CredentialSecret credential = vaultAdapter.getCredential(vaultSlotConfig.getSecretType(), user2, vaultSlotConfig.getResourceName());
            Subject subject = null;
            if (null != credential) {
                subject = new Subject();
                subject.getPrivateCredentials().add(credential);
            }
            logger.exit(Logger.TRACE_HIGH, "getCredential", subject);
            return subject;
        } catch (NotAllowedException e) {
            logger.message(100, "getCredential", CredentialVaultMessages.FAILED_TO_RETRIEVE_CREDENTIAL_USER_PORTLET_NOT_ACCESS_VAULT_SLOT_0);
            throw e;
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void deleteCredential(VaultSlotConfig vaultSlotConfig, User user) throws SecretTypeNotSupportedException, NotAllowedException, VaultServiceException, DataBackendException {
        checkSystemDNInitialized();
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "deleteCredential", new Object[]{vaultSlotConfig, user});
        VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
        if (null == segment) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "deleteCredential", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist!!").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist, credential could not be deleted for VaultSlot ").append(vaultSlotConfig.getVaultSlotKey()).toString());
        }
        VaultAdapter vaultAdapter = segment.getVaultAdapter();
        if (null == vaultAdapter) {
            throw new VaultServiceException(new StringBuffer().append("The adapter of type ").append(segment.getVaultAdapterType()).append(" does not exist").toString());
        }
        if (vaultAdapter.isReadOnly()) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "deleteCredential", new StringBuffer().append("The credential could not be deleted, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("The credential could not be deleted, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
        }
        try {
            isAccessValid(vaultSlotConfig, user);
            User user2 = user;
            if (vaultSlotConfig.referencesSystemCredential()) {
                user2 = this.systemCredUser;
            }
            vaultAdapter.deleteCredential(vaultSlotConfig.getSecretType(), user2, vaultSlotConfig.getResourceName());
            logger.exit(Logger.TRACE_HIGH, "deleteCredential");
        } catch (NotAllowedException e) {
            logger.message(100, "deleteCredential", CredentialVaultMessages.FAILED_TO_DELETE_CREDENTIAL_USER_NOT_ACCESS_VAULT_SLOT_0);
            throw e;
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void modifyCredential(VaultSlotConfig vaultSlotConfig, CredentialSecret credentialSecret, User user, ObjectID objectID) throws SecretTypeNotSupportedException, NotAllowedException, VaultServiceException, DataBackendException {
        checkSystemDNInitialized();
        boolean isLogging = logger.isLogging(Logger.TRACE_MEDIUM);
        logger.entry(Logger.TRACE_HIGH, "modifyCredential", new Object[]{vaultSlotConfig, credentialSecret, user, objectID});
        VaultSegment segment = this.segmentManager.getSegment(vaultSlotConfig.getSegmentObjectID());
        if (null == segment) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "modifyCredential", new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist!!").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("Segment \"").append(vaultSlotConfig.getSegmentObjectID()).append("\" does not exist, credential could not be added for VaultSlot ").append(vaultSlotConfig.getVaultSlotKey()).toString());
        }
        VaultAdapter vaultAdapter = segment.getVaultAdapter();
        if (null == vaultAdapter) {
            throw new VaultServiceException(new StringBuffer().append("The adapter of type ").append(segment.getVaultAdapterType()).append(" does not exist").toString());
        }
        if (vaultAdapter.isReadOnly()) {
            if (isLogging) {
                logger.text(Logger.TRACE_MEDIUM, "modifyCredential", new StringBuffer().append("The credential could not be modified, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
            }
            throw new VaultServiceException(new StringBuffer().append("The credential could not be modified, the vault type ").append(vaultAdapter.getType()).append(" is read only.").toString());
        }
        try {
            isAccessValid(vaultSlotConfig, user, objectID);
            User user2 = user;
            if (vaultSlotConfig.referencesSystemCredential()) {
                user2 = this.systemCredUser;
            }
            vaultAdapter.modifyCredential(credentialSecret, user2, vaultSlotConfig.getResourceName());
            logger.exit(Logger.TRACE_HIGH, "modifyCredential");
        } catch (NotAllowedException e) {
            logger.message(100, "modifyCredential", CredentialVaultMessages.FAILED_TO_MODIFY_CREDENTIAL_USER_PORTLET_NOT_ACCESS_VAULT_SLOT_0);
            throw e;
        }
    }

    @Override // com.ibm.wps.sso.vaultservice.VaultService
    public void modifyCredential(VaultSlotConfig vaultSlotConfig, CredentialSecret credentialSecret, User user) throws SecretTypeNotSupportedException, NotAllowedException, VaultServiceException, DataBackendException {
        modifyCredential(vaultSlotConfig, credentialSecret, user, null);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$sso$vaultservice$VaultServiceImpl == null) {
            cls = class$("com.ibm.wps.sso.vaultservice.VaultServiceImpl");
            class$com$ibm$wps$sso$vaultservice$VaultServiceImpl = cls;
        } else {
            cls = class$com$ibm$wps$sso$vaultservice$VaultServiceImpl;
        }
        logger = logManager.getLogger(cls);
    }
}
