package com.ibm.ws.security.wim.adapter.ldap.context;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.wim.ras.WIMMessageHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.kerberos.auth.KerberosService;
import com.ibm.ws.security.wim.adapter.ldap.BEROutputStream;
import com.ibm.ws.security.wim.adapter.ldap.LdapConnection;
import com.ibm.ws.security.wim.adapter.ldap.LdapConstants;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import com.ibm.wsspi.security.wim.exception.EntityAlreadyExistsException;
import com.ibm.wsspi.security.wim.exception.EntityHasDescendantsException;
import com.ibm.wsspi.security.wim.exception.EntityNotFoundException;
import com.ibm.wsspi.security.wim.exception.InvalidInitPropertyException;
import com.ibm.wsspi.security.wim.exception.OperationNotSupportedException;
import com.ibm.wsspi.security.wim.exception.PropertyNotDefinedException;
import com.ibm.wsspi.security.wim.exception.WIMApplicationException;
import com.ibm.wsspi.security.wim.exception.WIMSystemException;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Pattern;
import javax.naming.CommunicationException;
import javax.naming.ContextNotEmptyException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/context/ContextManager.class */
public class ContextManager {
    private static final int DEFAULT_INIT_POOL_SIZE = 1;
    private static final int DEFAULT_MAX_POOL_SIZE = 0;
    private static final int DEFAULT_POOL_TIME_OUT = 0;
    private static final int DEFAULT_POOL_WAIT_TIME = 3000;
    private static final int DEFAULT_PREF_POOL_SIZE = 3;
    private static final long DEFAULT_CONNECT_TIMEOUT = 60000;
    private static final long DEFAULT_READ_TIMEOUT = 60000;
    private static final String ENVKEY_ACTIVE_URL = "_ACTIVE_URL_";
    private static final String ENVKEY_URL_LIST = "_URL_LIST_";
    private static final int LDAP_CONNECT_TIMEOUT_TRACE = 1000;
    private static final String LDAP_ENV_PROP_ATTRIBUTES_BINARY = "java.naming.ldap.attributes.binary";
    private static final String LDAP_ENV_PROP_CONNECT_TIMEOUT = "com.sun.jndi.ldap.connect.timeout";
    private static final String LDAP_ENV_PROP_DEREF_ALIASES = "java.naming.ldap.derefAliases";
    private static final String LDAP_ENV_PROP_FACTORY_SOCKET = "java.naming.ldap.factory.socket";
    private static final String LDAP_ENV_PROP_READ_TIMEOUT = "com.sun.jndi.ldap.read.timeout";
    private static final String LDAP_ENV_PROP_JNDI_BER_OUTPUT = "com.sun.jndi.ldap.trace.ber";
    private static final String LDAP_SUN_SPI = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String LDAP_URL_PREFIX = "ldap://";
    private static final String LDAP_URL_SSL_PREFIX = "ldaps://";
    private static final int URLTYPE_SEQUENCE = 1;
    private static final int URLTYPE_SINGLE = 0;
    private static final String WAS_SSL_SOCKET_FACTORY = "com.ibm.ws.ssl.protocol.LibertySSLSocketFactory";
    private String iBinaryAttributeNames;
    private String iBindDN;
    private SerializableProtectedString iBindPassword;
    private Long iConnectTimeout;
    private HostPort iPrimaryServer;
    private Long iReadTimeout;
    private boolean iSSLEnabled;
    static final long serialVersionUID = 7845134091423625239L;
    private static final AtomicLong LDAP_STATS_TIMER = new AtomicLong(0);
    private static final AtomicInteger QUICK_LDAP_BIND = new AtomicInteger(0);
    private static final TraceComponent tc = Tr.register(ContextManager.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");
    private final Control[] iConnCtls = null;
    private boolean iContextPoolEnabled = true;
    private List<TimedDirContext> iContexts = null;
    private String iDerefAliases = null;
    private Hashtable<String, Object> iEnvironment = null;
    private final List<HostPort> iFailoverServers = new ArrayList();
    private int iInitPoolSize = 1;
    private Boolean iJndiOutputEnabled = false;
    private long iLastQueryTime = System.currentTimeMillis() / 1000;
    private int iLiveContexts = 0;
    private final Object iLock = new Object() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.1
        static final long serialVersionUID = -3208219748235743201L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$1", AnonymousClass1.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");
    };
    private int iMaxPoolSize = 0;
    private long iPoolCreateTimestampMillisec = 0;
    private long iPoolCreateTimestampSeconds = 0;
    private long iPoolTimeOut = 0;
    private long iPoolWaitTime = 3000;
    private int iPrefPoolSize = 3;
    private long iQueryInterval = 900;
    private String iReferral = "ignore";
    private boolean iReturnToPrimary = false;
    private String iSSLAlias = null;
    private boolean iWriteToSecondary = false;
    private String reposId = null;
    private String bindAuthMechanism = null;
    private String krb5Principal = null;
    private Path krb5TicketCache = null;
    private KerberosService kerberosService = null;
    private final ReadWriteLock kerberServiceModifyLock = new ReentrantReadWriteLock();
    private ConfigurationAdmin configAdmin = null;

    /* JADX INFO: Access modifiers changed from: private */
    @Trivial
    /* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/context/ContextManager$HostPort.class */
    public class HostPort {
        final String hostname;
        final Integer port;

        HostPort(String str, Integer num) {
            this.hostname = str;
            this.port = num;
        }

        public String toString() {
            return this.hostname + ":" + this.port;
        }
    }

    @Trivial
    /* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/context/ContextManager$InitializeResult.class */
    public enum InitializeResult {
        MISSING_PASSWORD,
        MISSING_PRIMARY_SERVER,
        SUCCESS,
        MISSING_KRB5_PRINCIPAL_NAME
    }

    public void addFailoverServer(String str, int i) {
        this.iFailoverServers.add(new HostPort(str, Integer.valueOf(i)));
    }

    public void checkWritePermission(TimedDirContext timedDirContext) throws OperationNotSupportedException {
        if (this.iWriteToSecondary) {
            return;
        }
        String providerURL = getProviderURL(timedDirContext);
        if (!getPrimaryURL().equalsIgnoreCase(providerURL)) {
            throw new OperationNotSupportedException("WRITE_TO_SECONDARY_SERVERS_NOT_ALLOWED", Tr.formatMessage(tc, "WRITE_TO_SECONDARY_SERVERS_NOT_ALLOWED", WIMMessageHelper.generateMsgParms(providerURL)));
        }
    }

    @FFDCIgnore({NamingException.class})
    private TimedDirContext checkPrimaryServer(TimedDirContext timedDirContext, String str, long j) throws WIMSystemException {
        if (this.iReturnToPrimary && j - this.iLastQueryTime > this.iQueryInterval) {
            try {
                String primaryURL = getPrimaryURL();
                if (!primaryURL.equalsIgnoreCase(str)) {
                    Hashtable<String, Object> environment = getEnvironment(0, primaryURL);
                    boolean z = false;
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "checkPrimaryServer Ping primary server '" + primaryURL + "'...", new Object[0]);
                        }
                        TimedDirContext createDirContext = createDirContext(environment);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "checkPrimaryServer Ping primary server '" + primaryURL + "': success", new Object[0]);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "CURRENT_LDAP_SERVER", WIMMessageHelper.generateMsgParms(getActiveURL()));
                        }
                        z = true;
                        if (timedDirContext != null) {
                            try {
                                timedDirContext.close();
                            } catch (NamingException e) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "checkPrimaryServer Can not close LDAP connection: " + e.toString(true), new Object[0]);
                                }
                            }
                        }
                        timedDirContext = createDirContext;
                    } catch (NamingException e2) {
                        if (tc.isInfoEnabled()) {
                            Tr.info(tc, "CANNOT_CONNECT_TO_LDAP_SERVER", WIMMessageHelper.generateMsgParms(primaryURL));
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "checkPrimaryServer Ping primary server '" + primaryURL + "': fail", new Object[0]);
                        }
                    }
                    if (z && this.iContextPoolEnabled) {
                        synchronized (this.iLock) {
                            if (!getActiveURL().equalsIgnoreCase(primaryURL)) {
                                createContextPool(Integer.valueOf(this.iLiveContexts - 1), primaryURL);
                                timedDirContext.setCreateTimestamp(this.iPoolCreateTimestampSeconds);
                            }
                        }
                    }
                }
                this.iLastQueryTime = j;
            } catch (NamingException e3) {
                throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e3.toString(true))), e3);
            }
        }
        return timedDirContext;
    }

    @FFDCIgnore({NamingException.class})
    private void closeContextPool(List<TimedDirContext> list) {
        if (list != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "closeContextPool Context pool being closed by " + Thread.currentThread() + ", Context pool size=" + list.size(), new Object[0]);
            }
            for (int i = 0; i < list.size(); i++) {
                try {
                    list.get(i).close();
                    this.iLiveContexts--;
                } catch (NamingException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "closeContextPool Can not close LDAP connection: " + e.toString(true), new Object[0]);
                    }
                }
            }
        }
    }

    private void createContextPool(Integer num, String str) throws NamingException {
        if (str == null) {
            str = getPrimaryURL();
        }
        if (num == null) {
            num = 1;
        }
        if (!this.iContextPoolEnabled) {
            setActiveURL(str);
            return;
        }
        long currentTimeMillis = System.currentTimeMillis();
        long roundToSeconds = roundToSeconds(currentTimeMillis);
        if (currentTimeMillis - this.iPoolCreateTimestampMillisec <= 1000) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "createContextPool Pool has already been purged within past second... skipping purge", new Object[0]);
                return;
            }
            return;
        }
        Vector vector = new Vector(num.intValue());
        Hashtable<String, Object> environment = getEnvironment(1, str);
        for (int i = 0; i < num.intValue(); i++) {
            try {
                TimedDirContext createDirContext = createDirContext(environment, roundToSeconds);
                String providerURL = getProviderURL(createDirContext);
                if (!str.equalsIgnoreCase(providerURL)) {
                    environment = getEnvironment(1, providerURL);
                    str = providerURL;
                }
                vector.add(createDirContext);
            } catch (NamingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "449", this, new Object[]{num, str});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "createContextPool Context Pool creation FAILED for " + Thread.currentThread() + ", iLiveContext=" + this.iLiveContexts, new Object[]{e});
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "createContextPool Cleanup contexts in temp pool: " + vector.size(), new Object[0]);
                }
                for (int i2 = 0; i2 < vector.size(); i2++) {
                    try {
                        ((TimedDirContext) vector.get(i2)).close();
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "460", this, new Object[]{num, str});
                    }
                }
                throw e;
            }
        }
        this.iLiveContexts += num.intValue();
        setActiveURL(str);
        List<TimedDirContext> list = this.iContexts;
        this.iContexts = vector;
        this.iPoolCreateTimestampSeconds = roundToSeconds;
        this.iPoolCreateTimestampMillisec = currentTimeMillis;
        closeContextPool(list);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "createContextPool Active Provider URL: " + getActiveURL(), new Object[0]);
            Tr.debug(tc, "createContextPool ContextPool: total=" + this.iLiveContexts + ", poolSize=" + this.iContexts.size(), new Object[]{", iPoolCreateTimestampSeconds=" + this.iPoolCreateTimestampSeconds});
        }
    }

    private TimedDirContext createDirContext(Hashtable<String, Object> hashtable) throws NamingException {
        return createDirContext(hashtable, roundToSeconds(System.currentTimeMillis()));
    }

    @FFDCIgnore({LoginException.class, PrivilegedActionException.class})
    private TimedDirContext createDirContext(final Hashtable<String, Object> hashtable, final long j) throws NamingException {
        if (isKerberosBindAuth()) {
            try {
                handleKerberos(hashtable);
            } catch (MalformedURLException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "517", this, new Object[]{hashtable, Long.valueOf(j)});
                WIMSystemException wIMSystemException = new WIMSystemException("FILE_NOT_FOUND", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(this.krb5TicketCache)), e);
                NamingException namingException = new NamingException(wIMSystemException.getMessage());
                namingException.setRootCause(wIMSystemException);
                throw namingException;
            } catch (LoginException e2) {
                NamingException namingException2 = new NamingException(e2.getMessage());
                namingException2.setRootCause(e2);
                throw namingException2;
            }
        } else if (hashtable.get("java.naming.security.credentials") instanceof ProtectedString) {
            ProtectedString protectedString = (ProtectedString) hashtable.get("java.naming.security.credentials");
            hashtable.put("java.naming.security.credentials", PasswordUtil.passwordDecode((protectedString == null ? "" : new String(protectedString.getChars())).trim()));
        }
        SSLUtilImpl sSLUtilImpl = new SSLUtilImpl();
        Properties sSLPropertiesOnThread = sSLUtilImpl.getSSLPropertiesOnThread();
        try {
            if (this.iSSLAlias != null) {
                try {
                    sSLUtilImpl.setSSLAlias(this.iSSLAlias, hashtable);
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "545", this, new Object[]{hashtable, Long.valueOf(j)});
                    throw new NamingException(e3.getMessage());
                }
            }
            ClassLoader contextClassLoader = getContextClassLoader();
            setContextClassLoader(getClass());
            try {
                TimedDirContext timedDirContext = null;
                if (isKerberosBindAuth()) {
                    try {
                        timedDirContext = (TimedDirContext) AccessController.doPrivileged(new PrivilegedExceptionAction<TimedDirContext>() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.2
                            static final long serialVersionUID = 4884206199557493881L;
                            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$2", AnonymousClass2.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");

                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public TimedDirContext run() throws NamingException {
                                return new TimedDirContext(hashtable, ContextManager.this.getConnectionRequestControls(), j);
                            }
                        });
                    } catch (PrivilegedActionException e4) {
                        throw e4.getException();
                    }
                }
                if (timedDirContext == null) {
                    timedDirContext = new TimedDirContext(hashtable, getConnectionRequestControls(), j);
                }
                String providerURL = getProviderURL(timedDirContext);
                if (!this.iContextPoolEnabled && !providerURL.equalsIgnoreCase(getActiveURL())) {
                    setActiveURL(providerURL);
                }
                TimedDirContext timedDirContext2 = timedDirContext;
                sSLUtilImpl.setSSLPropertiesOnThread(sSLPropertiesOnThread);
                return timedDirContext2;
            } finally {
                setContextClassLoader(contextClassLoader);
            }
        } catch (Throwable th) {
            sSLUtilImpl.setSSLPropertiesOnThread(sSLPropertiesOnThread);
            throw th;
        }
    }

    @FFDCIgnore({NamingException.class})
    public TimedDirContext createDirContext(String str, byte[] bArr) throws NamingException {
        TimedDirContext timedDirContext;
        String activeURL = getActiveURL();
        Hashtable<String, Object> environment = getEnvironment(0, activeURL);
        environment.put("java.naming.security.principal", str);
        environment.put("java.naming.security.credentials", bArr);
        environment.put("java.naming.security.authentication", "simple");
        SSLUtilImpl sSLUtilImpl = new SSLUtilImpl();
        Properties sSLPropertiesOnThread = sSLUtilImpl.getSSLPropertiesOnThread();
        try {
            if (this.iSSLAlias != null) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "createDirContext(String, byte[]) Use WAS SSL Configuration.", new Object[0]);
                    }
                    sSLUtilImpl.setSSLAlias(this.iSSLAlias, environment);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "617", this, new Object[]{str, bArr});
                    throw new NamingException(e.getMessage());
                }
            }
            ClassLoader contextClassLoader = getContextClassLoader();
            setContextClassLoader(getClass());
            try {
                try {
                    timedDirContext = new TimedDirContext(environment, getConnectionRequestControls(), roundToSeconds(System.currentTimeMillis()));
                } finally {
                    setContextClassLoader(contextClassLoader);
                }
            } catch (NamingException e2) {
                if (!isConnectionException(e2)) {
                    throw e2;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Encountered an exception while creating a context: " + e2.getMessage(), new Object[0]);
                }
                Hashtable<String, Object> environment2 = getEnvironment(1, getNextURL(activeURL));
                environment2.put("java.naming.security.principal", str);
                environment2.put("java.naming.security.credentials", bArr);
                timedDirContext = new TimedDirContext(environment2, getConnectionRequestControls(), roundToSeconds(System.currentTimeMillis()));
                String providerURL = getProviderURL(timedDirContext);
                long currentTimeMillis = System.currentTimeMillis();
                synchronized (this.iLock) {
                    if (currentTimeMillis > this.iPoolCreateTimestampMillisec) {
                        createContextPool(Integer.valueOf(this.iLiveContexts), providerURL);
                        timedDirContext.setCreateTimestamp(this.iPoolCreateTimestampSeconds);
                    }
                }
            }
            TimedDirContext timedDirContext2 = timedDirContext;
            sSLUtilImpl.setSSLPropertiesOnThread(sSLPropertiesOnThread);
            return timedDirContext2;
        } catch (Throwable th) {
            sSLUtilImpl.setSSLPropertiesOnThread(sSLPropertiesOnThread);
            throw th;
        }
    }

    public DirContext createSubcontext(String str, Attributes attributes) throws OperationNotSupportedException, WIMSystemException, EntityAlreadyExistsException, EntityNotFoundException {
        DirContext createSubcontext;
        TimedDirContext dirContext = getDirContext();
        checkWritePermission(dirContext);
        try {
            try {
                try {
                    try {
                        long currentTimeMillis = System.currentTimeMillis();
                        createSubcontext = dirContext.createSubcontext(new LdapName(str), attributes);
                        long currentTimeMillis2 = System.currentTimeMillis();
                        if (currentTimeMillis2 - currentTimeMillis <= 1000) {
                            handleBindStat(currentTimeMillis2 - currentTimeMillis);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "createSubcontext **LDAPConnect time: " + (currentTimeMillis2 - currentTimeMillis) + " ms, lock held " + Thread.holdsLock(this.iLock) + ", principal=" + str, new Object[0]);
                        }
                    } catch (NamingException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "693", this, new Object[]{str, attributes});
                        if (!isConnectionException(e)) {
                            throw e;
                        }
                        dirContext = reCreateDirContext(dirContext, e.toString());
                        long currentTimeMillis3 = System.currentTimeMillis();
                        createSubcontext = dirContext.createSubcontext(new LdapName(str), attributes);
                        long currentTimeMillis4 = System.currentTimeMillis();
                        if (currentTimeMillis4 - currentTimeMillis3 <= 1000) {
                            handleBindStat(currentTimeMillis4 - currentTimeMillis3);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "createSubcontext **LDAPConnect time: " + (currentTimeMillis4 - currentTimeMillis3) + " ms, lock held " + Thread.holdsLock(this.iLock) + ", principal=" + str, new Object[0]);
                        }
                    }
                    releaseDirContext(dirContext);
                    return createSubcontext;
                } catch (NameNotFoundException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "712", this, new Object[]{str, attributes});
                    throw new EntityNotFoundException("PARENT_NOT_FOUND", Tr.formatMessage(tc, "PARENT_NOT_FOUND", WIMMessageHelper.generateMsgParms(e2.toString(true))), e2);
                }
            } catch (NameAlreadyBoundException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "709", this, new Object[]{str, attributes});
                throw new EntityAlreadyExistsException("ENTITY_ALREADY_EXIST", Tr.formatMessage(tc, "ENTITY_ALREADY_EXIST", WIMMessageHelper.generateMsgParms(str)), e3);
            } catch (NamingException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "715", this, new Object[]{str, attributes});
                throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e4.toString(true))), e4);
            }
        } catch (Throwable th) {
            releaseDirContext(dirContext);
            throw th;
        }
    }

    public void destroySubcontext(String str) throws OperationNotSupportedException, EntityHasDescendantsException, EntityNotFoundException, WIMSystemException {
        TimedDirContext dirContext = getDirContext();
        checkWritePermission(dirContext);
        try {
            try {
                try {
                    try {
                        dirContext.destroySubcontext(new LdapName(str));
                    } catch (NamingException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "738", this, new Object[]{str});
                        if (!isConnectionException(e)) {
                            throw e;
                        }
                        dirContext = reCreateDirContext(dirContext, e.toString());
                        dirContext.destroySubcontext(new LdapName(str));
                    }
                    releaseDirContext(dirContext);
                } catch (NameNotFoundException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "748", this, new Object[]{str});
                    throw new EntityNotFoundException("LDAP_ENTRY_NOT_FOUND", Tr.formatMessage(tc, "LDAP_ENTRY_NOT_FOUND", WIMMessageHelper.generateMsgParms(str, e2.toString(true))), e2);
                }
            } catch (NamingException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "751", this, new Object[]{str});
                throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e3.toString(true))), e3);
            } catch (ContextNotEmptyException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "745", this, new Object[]{str});
                throw new EntityHasDescendantsException("ENTITY_HAS_DESCENDENTS", Tr.formatMessage(tc, "ENTITY_HAS_DESCENDENTS", WIMMessageHelper.generateMsgParms(str)), e4);
            }
        } catch (Throwable th) {
            releaseDirContext(dirContext);
            throw th;
        }
    }

    private static String formatIPv6Addr(String str) {
        if (str == null) {
            return null;
        }
        return "[" + str + "]";
    }

    @Trivial
    private String getActiveURL() {
        return (String) this.iEnvironment.get(ENVKEY_ACTIVE_URL);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Control[] getConnectionRequestControls() {
        return this.iConnCtls;
    }

    private static ClassLoader getContextClassLoader() {
        return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.3
            static final long serialVersionUID = 7097684605133880656L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$3", AnonymousClass3.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }

    @FFDCIgnore({InterruptedException.class, NamingException.class})
    public TimedDirContext getDirContext() throws WIMSystemException {
        TimedDirContext timedDirContext = null;
        long roundToSeconds = roundToSeconds(System.currentTimeMillis());
        if (!this.iContextPoolEnabled) {
            try {
                timedDirContext = checkPrimaryServer(null, getActiveURL(), roundToSeconds);
                if (timedDirContext == null) {
                    timedDirContext = createDirContext(getEnvironment(1, getActiveURL()));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CURRENT_LDAP_SERVER", WIMMessageHelper.generateMsgParms(getActiveURL()));
                    }
                }
                return timedDirContext;
            } catch (NamingException e) {
                throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e.toString(true))), e);
            }
        }
        do {
            synchronized (this.iLock) {
                if (this.iContexts == null) {
                    try {
                        createContextPool(Integer.valueOf(this.iInitPoolSize), null);
                    } catch (NamingException e2) {
                        throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e2.toString(true))), e2);
                    }
                }
                if (this.iContexts.size() > 0) {
                    timedDirContext = this.iContexts.remove(this.iContexts.size() - 1);
                } else if (this.iLiveContexts < this.iMaxPoolSize || this.iMaxPoolSize == 0) {
                    this.iLiveContexts++;
                } else {
                    try {
                        this.iLock.wait(this.iPoolWaitTime);
                    } catch (InterruptedException e3) {
                    }
                }
                TimedDirContext timedDirContext2 = null;
                if (timedDirContext != null) {
                    if (this.iPoolTimeOut > 0 && roundToSeconds - timedDirContext.getPoolTimestamp() > this.iPoolTimeOut) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDirContext ContextPool: context is time out. currentTime=" + roundToSeconds + ", createTime=" + timedDirContext.getPoolTimestamp() + ", iPoolTimeOut=" + this.iPoolTimeOut, new Object[0]);
                        }
                        timedDirContext2 = timedDirContext;
                        timedDirContext = null;
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getDirContext ContextPool: no free context, create a new one...", new Object[0]);
                }
                timedDirContext = checkPrimaryServer(timedDirContext, getActiveURL(), roundToSeconds);
                if (timedDirContext == null) {
                    try {
                        timedDirContext = createDirContext(getEnvironment(1, getActiveURL()));
                    } catch (NamingException e4) {
                        this.iLiveContexts--;
                        throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e4.toString(true))), e4);
                    }
                }
                if (timedDirContext2 != null) {
                    try {
                        timedDirContext2.close();
                    } catch (NamingException e5) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDirContext Can not close LDAP connection: " + e5.toString(true), new Object[0]);
                        }
                    }
                }
            }
        } while (timedDirContext == null);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getDirContext ContextPool: total=" + this.iLiveContexts + ", poolSize=" + this.iContexts.size() + ", currentTime=" + roundToSeconds + ", createTime=" + timedDirContext.getPoolTimestamp(), new Object[0]);
        }
        return timedDirContext;
    }

    private Hashtable<String, Object> getEnvironment(int i, String str) {
        Hashtable<String, Object> hashtable = new Hashtable<>(this.iEnvironment);
        List<String> list = (List) hashtable.remove(ENVKEY_URL_LIST);
        int size = list.size();
        int uRLIndex = getURLIndex(str, list);
        String str2 = null;
        int i2 = uRLIndex;
        while (i2 < uRLIndex + size) {
            str2 = i2 > uRLIndex ? str2 + " " + list.get(i2 % size) : list.get(i2 % size);
            if (i == 0) {
                break;
            }
            i2++;
        }
        hashtable.put("java.naming.provider.url", str2);
        hashtable.remove(ENVKEY_ACTIVE_URL);
        return hashtable;
    }

    @Trivial
    private List<String> getEnvURLList() {
        return (List) this.iEnvironment.get(ENVKEY_URL_LIST);
    }

    @Trivial
    private String getNextURL(String str) {
        List<String> envURLList = getEnvURLList();
        return envURLList.get((getURLIndex(str, envURLList) + 1) % envURLList.size());
    }

    @Trivial
    private String getPrimaryURL() {
        return getEnvURLList().get(0);
    }

    @FFDCIgnore({NamingException.class})
    @Trivial
    private String getProviderURL(TimedDirContext timedDirContext) {
        try {
            return (String) timedDirContext.getEnvironment().get("java.naming.provider.url");
        } catch (NamingException e) {
            if (!tc.isDebugEnabled()) {
                return "(null)";
            }
            Tr.debug(tc, "getProviderURL", new Object[]{e.toString(true)});
            return "(null)";
        }
    }

    private int getURLIndex(String str, List<String> list) {
        int i = 0;
        int size = list.size();
        if (str != null) {
            int i2 = 0;
            while (true) {
                if (i2 >= size) {
                    break;
                }
                if (list.get(i2).equalsIgnoreCase(str)) {
                    i = i2;
                    break;
                }
                i2++;
            }
        }
        return i;
    }

    private void handleBindStat(long j) {
        if (j < 1000) {
            QUICK_LDAP_BIND.getAndIncrement();
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - LDAP_STATS_TIMER.get() <= 1800000 || currentTimeMillis - LDAP_STATS_TIMER.getAndSet(currentTimeMillis) <= 1800000 || !tc.isDebugEnabled()) {
            return;
        }
        Tr.debug(tc, "handleBindStat(long) **LDAPBindStat: " + QUICK_LDAP_BIND.get() + " binds took less then " + LDAP_CONNECT_TIMEOUT_TRACE + " ms", new Object[0]);
    }

    public InitializeResult initialize() throws WIMApplicationException {
        String str;
        this.iEnvironment = new Hashtable<>();
        this.iEnvironment.put("java.naming.factory.initial", LDAP_SUN_SPI);
        if (this.iSSLEnabled) {
            this.iEnvironment.put(LDAP_ENV_PROP_FACTORY_SOCKET, WAS_SSL_SOCKET_FACTORY);
            this.iEnvironment.put("java.naming.security.protocol", "ssl");
            str = LDAP_URL_SSL_PREFIX;
        } else {
            str = LDAP_URL_PREFIX;
        }
        ArrayList arrayList = new ArrayList();
        if (this.iPrimaryServer == null || this.iPrimaryServer.hostname == null || this.iPrimaryServer.hostname.trim().isEmpty()) {
            return InitializeResult.MISSING_PRIMARY_SERVER;
        }
        arrayList.add(str + this.iPrimaryServer.hostname.trim() + ":" + this.iPrimaryServer.port.intValue());
        for (HostPort hostPort : this.iFailoverServers) {
            String str2 = hostPort.hostname;
            if (str2 != null && !str2.trim().isEmpty()) {
                if ((!str2.startsWith("[") || !str2.endsWith("]")) && isIPv6Addr(str2)) {
                    str2 = formatIPv6Addr(str2);
                }
                if (hostPort.port != null) {
                    arrayList.add(str + str2.trim() + ":" + hostPort.port);
                }
            }
        }
        if (arrayList != null && arrayList.size() > 0) {
            String str3 = (String) arrayList.get(0);
            this.iEnvironment.put(ENVKEY_URL_LIST, arrayList);
            this.iEnvironment.put(ENVKEY_ACTIVE_URL, str3);
            this.iEnvironment.put("java.naming.provider.url", str3);
        }
        if (this.bindAuthMechanism != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize Using bindAuthMechanism for admin bind: " + this.bindAuthMechanism, new Object[0]);
            }
            this.iEnvironment.put("java.naming.security.authentication", this.bindAuthMechanism);
        }
        if (!isKerberosBindAuth() && this.iBindDN != null && !this.iBindDN.isEmpty()) {
            this.iEnvironment.put("java.naming.security.principal", this.iBindDN);
            SerializableProtectedString serializableProtectedString = this.iBindPassword;
            String passwordDecode = PasswordUtil.passwordDecode((serializableProtectedString == null ? "" : new String(serializableProtectedString.getChars())).trim());
            if (passwordDecode == null || passwordDecode.length() == 0) {
                return InitializeResult.MISSING_PASSWORD;
            }
            this.iEnvironment.put("java.naming.security.credentials", new ProtectedString(passwordDecode.toCharArray()));
        }
        if (isKerberosBindAuth() && (this.krb5Principal == null || this.krb5Principal.trim().isEmpty())) {
            return InitializeResult.MISSING_KRB5_PRINCIPAL_NAME;
        }
        if (this.iConnectTimeout != null) {
            this.iEnvironment.put(LDAP_ENV_PROP_CONNECT_TIMEOUT, this.iConnectTimeout.toString());
        } else {
            this.iEnvironment.put(LDAP_ENV_PROP_CONNECT_TIMEOUT, String.valueOf(60000L));
        }
        if (this.iReadTimeout != null) {
            this.iEnvironment.put(LDAP_ENV_PROP_READ_TIMEOUT, this.iReadTimeout.toString());
        } else {
            this.iEnvironment.put(LDAP_ENV_PROP_READ_TIMEOUT, String.valueOf(60000L));
        }
        if (this.iJndiOutputEnabled != null && this.iJndiOutputEnabled.booleanValue()) {
            this.iEnvironment.put(LDAP_ENV_PROP_JNDI_BER_OUTPUT, new BEROutputStream());
        }
        this.iEnvironment.put("java.naming.referral", this.iReferral);
        if (this.iDerefAliases != null && !"always".equalsIgnoreCase(this.iDerefAliases)) {
            this.iEnvironment.put(LDAP_ENV_PROP_DEREF_ALIASES, this.iDerefAliases);
        }
        if (this.iBinaryAttributeNames != null && this.iBinaryAttributeNames.length() > 0) {
            this.iEnvironment.put(LDAP_ENV_PROP_ATTRIBUTES_BINARY, this.iBinaryAttributeNames);
        }
        boolean z = false;
        if (this.iContextPoolEnabled && isKerberosBindAuth() && this.kerberosService != null && this.kerberosService.getKeytab() == null && this.kerberosService.getConfigFile() == null && this.configAdmin != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize The Kerberos config is currently null for the keytab and config file, double check that there isn't an incoming modify with non-null config", new Object[0]);
            }
            try {
                if (this.configAdmin != null) {
                    Configuration[] listConfigurations = this.configAdmin.listConfigurations("(service.pid=com.ibm.ws.security.kerberos.auth.KerberosService)");
                    if (listConfigurations != null) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "initialize Kerberos configuration ref found, check the config and keytab properties.", new Object[0]);
                        }
                        int i = 0;
                        while (true) {
                            if (i >= listConfigurations.length) {
                                break;
                            }
                            Dictionary properties = listConfigurations[i].getProperties();
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "initialize Checking props: " + properties, new Object[0]);
                            }
                            if (properties != null) {
                                if (properties.get("keytab") != null) {
                                    z = true;
                                    break;
                                }
                                if (properties.get("configFile") != null) {
                                    z = true;
                                    break;
                                }
                            }
                            i++;
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "initialize The Kerberos config object is null, nothing to double check.", new Object[0]);
                    }
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "initialize METHODNAME + \" ConfigAdmin is null, nothing to double check.", new Object[0]);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "1256", this, new Object[0]);
                if (tc.isEventEnabled()) {
                    Tr.event(tc, "initialize Exception trying to review Kerberos config", new Object[]{e});
                }
            }
        }
        try {
            if (!z) {
                createContextPool(Integer.valueOf(this.iInitPoolSize), null);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize Delay creating the context pool until the Kerberos service completes a config update and notifies LdapRegistry.", new Object[0]);
            }
        } catch (NamingException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "1275", this, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize Can not create context pool: " + e2.toString(true), new Object[0]);
            }
        }
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("\nLDAP Server(s): ").append(arrayList).append("\n");
            stringBuffer.append("\tBindAuthMechanism: ").append(this.bindAuthMechanism).append("\n");
            if (isKerberosBindAuth()) {
                stringBuffer.append("\tKrb5Principal: ").append(this.krb5Principal).append("\n");
                stringBuffer.append("\tKrb5TicketCache: ").append(this.krb5TicketCache).append("\n");
                if (this.kerberosService != null) {
                    stringBuffer.append("\tkeytab (from KerberosService): ").append(this.kerberosService.getKeytab()).append("\n");
                    stringBuffer.append("\tconfig (from KerberosService): ").append(this.kerberosService.getConfigFile()).append("\n");
                }
            } else {
                stringBuffer.append("\tBind DN: ").append(this.iBindDN).append("\n");
            }
            stringBuffer.append("\tReferral: ").append(this.iReferral).append("\n");
            stringBuffer.append("\tDeref Aliases: ").append(this.iDerefAliases).append("\n");
            stringBuffer.append("\tBinary Attributes: ").append(this.iBinaryAttributeNames).append("\n");
            if (this.iContextPoolEnabled) {
                stringBuffer.append("\nContext Pool is enabled: ").append("\n");
                stringBuffer.append("\tInitPoolSize: ").append(this.iInitPoolSize).append("\n");
                stringBuffer.append("\tMaxPoolSize: ").append(this.iMaxPoolSize).append("\n");
                stringBuffer.append("\tPrefPoolSize: ").append(this.iPrefPoolSize).append("\n");
                stringBuffer.append("\tPoolTimeOut: ").append(this.iPoolTimeOut).append("\n");
                stringBuffer.append("\tPoolWaitTime: ").append(this.iPoolWaitTime);
            } else {
                stringBuffer.append("\nContext Pool is disabled");
            }
            Tr.debug(tc, "initialize" + stringBuffer.toString(), new Object[0]);
        }
        return InitializeResult.SUCCESS;
    }

    public static boolean isConnectionException(NamingException namingException) {
        return (namingException instanceof CommunicationException) || (namingException instanceof ServiceUnavailableException);
    }

    private static boolean isIPv6Addr(String str) {
        if (str == null) {
            return false;
        }
        if (str.contains("[") && str.contains("]")) {
            str = str.substring(str.indexOf("[") + 1, str.indexOf("]"));
        }
        String lowerCase = str.toLowerCase();
        return Pattern.compile("^(?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9](?::|$)){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))$").matcher(lowerCase).matches() && (!Pattern.compile("^(\\d{1,3}\\.){3}\\d{1,3}$").matcher(lowerCase).matches());
    }

    public TimedDirContext reCreateDirContext(TimedDirContext timedDirContext, String str) throws WIMSystemException {
        TimedDirContext createDirContext;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "DirContext reCreateDirContext(String errorMessage) Communication exception occurs: " + str + " Creating a new connection.", new Object[0]);
        }
        try {
            Long valueOf = Long.valueOf(timedDirContext.getCreateTimestamp());
            if (valueOf.longValue() < this.iPoolCreateTimestampSeconds) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "DirContext reCreateDirContext(String errorMessage) Pool refreshed, skip to getDirContext. oldCreateTimeStamp: " + valueOf + " iPoolCreateTimestampSeconds:" + this.iPoolCreateTimestampSeconds, new Object[0]);
                }
                createDirContext = getDirContext();
            } else {
                createDirContext = createDirContext(getEnvironment(1, getNextURL(getProviderURL(timedDirContext))));
                String providerURL = getProviderURL(createDirContext);
                synchronized (this.iLock) {
                    if (timedDirContext.getCreateTimestamp() >= this.iPoolCreateTimestampSeconds) {
                        createContextPool(Integer.valueOf(this.iLiveContexts - 1), providerURL);
                        createDirContext.setCreateTimestamp(this.iPoolCreateTimestampSeconds);
                    }
                }
            }
            timedDirContext.close();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CURRENT_LDAP_SERVER", WIMMessageHelper.generateMsgParms(getActiveURL()));
            }
            return createDirContext;
        } catch (NamingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "1401", this, new Object[]{timedDirContext, str});
            throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e.toString(true))), e);
        }
    }

    @FFDCIgnore({NamingException.class})
    public void releaseDirContext(TimedDirContext timedDirContext) throws WIMSystemException {
        if (!this.iContextPoolEnabled) {
            try {
                timedDirContext.close();
                return;
            } catch (NamingException e) {
                throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e.toString(true))), e);
            }
        }
        synchronized (this.iLock) {
            if (this.iContexts.size() >= this.iPrefPoolSize || ((this.iMaxPoolSize != 0 && this.iLiveContexts > this.iMaxPoolSize) || timedDirContext.getCreateTimestamp() < this.iPoolCreateTimestampSeconds || !getProviderURL(timedDirContext).equalsIgnoreCase(getActiveURL()))) {
                try {
                    this.iLiveContexts--;
                    timedDirContext.close();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "releaseDirContext Context is discarded.", new Object[0]);
                    }
                } catch (NamingException e2) {
                    throw new WIMSystemException("NAMING_EXCEPTION", Tr.formatMessage(tc, "NAMING_EXCEPTION", WIMMessageHelper.generateMsgParms(e2.toString(true))), e2);
                }
            } else {
                if (this.iContexts == null || this.iContexts.size() <= 0 || !this.iContexts.contains(timedDirContext)) {
                    if (this.iContexts != null) {
                        this.iContexts.add(timedDirContext);
                    }
                    if (this.iPoolTimeOut > 0) {
                        timedDirContext.setPoolTimeStamp(roundToSeconds(System.currentTimeMillis()));
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "releaseDirContext Before Notifying the waiting threads and Context is back to pool.  ContextPool: total=" + this.iLiveContexts + ", poolSize=" + this.iContexts.size(), new Object[0]);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "releaseDirContext Context already present in Context pool. No need to add it again to context pool.  ContextPool: total=" + this.iLiveContexts + ", poolSize=" + this.iContexts.size(), new Object[0]);
                }
                this.iLock.notifyAll();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "releaseDirContext Context is back to pool.", new Object[0]);
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "releaseDirContext ContextPool: total=" + this.iLiveContexts + ", poolSize=" + this.iContexts.size(), new Object[0]);
        }
    }

    private static long roundToSeconds(long j) {
        long j2 = j / 1000;
        if (j % 1000 > 499) {
            j2++;
        }
        return j2;
    }

    @Trivial
    private void setActiveURL(String str) {
        synchronized (this.iLock) {
            this.iEnvironment.put(ENVKEY_ACTIVE_URL, str);
        }
    }

    public void setBinaryAttributeNames(String str) {
        this.iBinaryAttributeNames = str;
    }

    public void setConnectTimeout(Long l) {
        this.iConnectTimeout = l;
    }

    private static void setContextClassLoader(final Class<?> cls) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.4
            static final long serialVersionUID = 8523965291282484108L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$4", AnonymousClass4.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Thread.currentThread().setContextClassLoader(cls.getClassLoader());
                return null;
            }
        });
    }

    private static void setContextClassLoader(final ClassLoader classLoader) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.5
            static final long serialVersionUID = 770795150276733621L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$5", AnonymousClass5.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Thread.currentThread().setContextClassLoader(classLoader);
                return null;
            }
        });
    }

    public void setContextPool(boolean z, Integer num, Integer num2, Integer num3, Long l, Long l2) throws InvalidInitPropertyException {
        this.iContextPoolEnabled = z;
        if (!this.iContextPoolEnabled) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "setContextPool Context Pool is disabled.", new Object[0]);
                return;
            }
            return;
        }
        this.iInitPoolSize = num == null ? 1 : num.intValue();
        this.iMaxPoolSize = num3 == null ? 0 : num3.intValue();
        this.iPrefPoolSize = num2 == null ? 3 : num2.intValue();
        this.iPoolTimeOut = l == null ? 0L : l.longValue();
        this.iPoolWaitTime = l2 == null ? 3000L : l2.longValue();
        if (this.iMaxPoolSize != 0 && this.iMaxPoolSize < this.iInitPoolSize) {
            throw new InvalidInitPropertyException("INIT_POOL_SIZE_TOO_BIG", Tr.formatMessage(tc, "INIT_POOL_SIZE_TOO_BIG", WIMMessageHelper.generateMsgParms(Integer.valueOf(this.iInitPoolSize), Integer.valueOf(this.iMaxPoolSize))));
        }
        if (this.iMaxPoolSize != 0 && this.iPrefPoolSize != 0 && this.iMaxPoolSize < this.iPrefPoolSize) {
            throw new InvalidInitPropertyException("PREF_POOL_SIZE_TOO_BIG", Tr.formatMessage(tc, "PREF_POOL_SIZE_TOO_BIG", WIMMessageHelper.generateMsgParms(Integer.valueOf(this.iInitPoolSize), Integer.valueOf(this.iMaxPoolSize))));
        }
    }

    public void setDerefAliases(String str) {
        this.iDerefAliases = str;
    }

    public void setPrimaryServer(String str, int i) {
        this.iPrimaryServer = new HostPort(str, Integer.valueOf(i));
    }

    public void setQueryInterval(long j) {
        this.iQueryInterval = j;
    }

    public void setReadTimeout(Long l) {
        this.iReadTimeout = l;
    }

    public void setJndiOutputEnabled(Boolean bool) {
        this.iJndiOutputEnabled = bool;
    }

    public void setReferral(String str) {
        this.iReferral = str;
    }

    public void setReturnToPrimary(boolean z) {
        this.iReturnToPrimary = z;
    }

    public void setSimpleCredentials(String str, SerializableProtectedString serializableProtectedString) {
        this.iBindDN = str;
        this.iBindPassword = serializableProtectedString;
    }

    public void setBindAuthMechanism(String str) {
        this.bindAuthMechanism = str;
    }

    @FFDCIgnore({MalformedURLException.class, URISyntaxException.class, IllegalArgumentException.class})
    public void setKerberosCredentials(String str, KerberosService kerberosService, String str2, String str3, ConfigurationAdmin configurationAdmin) throws PropertyNotDefinedException {
        if (!isKerberosBindAuth() && tc.isDebugEnabled()) {
            Tr.debug(tc, "setKerberosCredentials was called, but Kerberos is not enabled. BindAuthMechanism is " + this.bindAuthMechanism, new Object[0]);
        }
        acquireKrb5WriteLock();
        try {
            this.krb5Principal = str2;
            this.reposId = str;
            this.kerberosService = kerberosService;
            this.configAdmin = configurationAdmin;
            if (str3 != null && !str3.trim().isEmpty()) {
                this.krb5TicketCache = Paths.get(str3, new String[0]);
                if (!this.krb5TicketCache.toFile().exists()) {
                    try {
                        try {
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "krb5TicketCache is not a path to a file. Checking if it is a file URL.", new Object[0]);
                            }
                            File file = new File(new URL(str3).toURI());
                            if (!file.exists()) {
                                Tr.error(tc, "KRB5_FILE_NOT_FOUND", new Object[]{"krb5TicketCache", "<ldapRegistry>", str3});
                            } else if (!file.canRead()) {
                                Tr.error(tc, "CANNOT_READ_KRB5_FILE", new Object[]{this.reposId, str3});
                            }
                        } catch (IllegalArgumentException e) {
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Could not find krb5TicketCache as a Path or URL: ", new Object[]{e});
                            }
                            Tr.error(tc, "KRB5_FILE_NOT_FOUND", new Object[]{"krb5TicketCache", "<ldapRegistry>", str3});
                        }
                    } catch (MalformedURLException e2) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not find krb5TicketCache as a Path or URL: ", new Object[]{e2});
                        }
                        Tr.error(tc, "KRB5_FILE_NOT_FOUND", new Object[]{"krb5TicketCache", "<ldapRegistry>", str3});
                    } catch (URISyntaxException e3) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not find krb5TicketCache as a Path or URL: ", new Object[]{e3});
                        }
                        Tr.error(tc, "KRB5_FILE_NOT_FOUND", new Object[]{"krb5TicketCache", "<ldapRegistry>", str3});
                    }
                } else if (!new File(str3).canRead()) {
                    Tr.error(tc, "CANNOT_READ_KRB5_FILE", new Object[]{this.reposId, str3});
                }
            }
            if (this.krb5TicketCache != null && this.kerberosService != null && this.kerberosService.getKeytab() != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "setKerberosCredentials the ticketCache and keytab were both configured, ticketCache is tried first, then keytab", new Object[0]);
            }
            if (this.kerberosService != null && str2 != null && !str2.trim().isEmpty()) {
                try {
                    this.kerberosService.clearPrincipalFromCache(str2);
                } catch (IllegalArgumentException e4) {
                    if (tc.isEventEnabled()) {
                        Tr.event(tc, "Failed to clear subjectCache", new Object[]{e4});
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("\tKrb5Principal: ").append(str2).append("\n");
                stringBuffer.append("\tKrb5TicketCache: ").append(this.krb5TicketCache).append("\n");
                if (this.kerberosService != null) {
                    stringBuffer.append("\tkeytab (from KerberosService): ").append(this.kerberosService.getKeytab()).append("\n");
                    stringBuffer.append("\tconfig (from KerberosService): ").append(this.kerberosService.getConfigFile()).append("\n");
                }
                Tr.debug(tc, "setKerberosCredentials" + stringBuffer.toString(), new Object[0]);
            }
        } finally {
            releaseKrb5WriteLock();
        }
    }

    public void setSSLAlias(String str) {
        this.iSSLAlias = str;
    }

    public void setSSLEnabled(boolean z) {
        this.iSSLEnabled = z;
    }

    public void setWriteToSecondary(boolean z) {
        this.iWriteToSecondary = z;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("ContextManager {");
        stringBuffer.append("iBindDN=").append(this.iBindDN);
        stringBuffer.append(", iBindPassword=").append(this.iBindPassword);
        stringBuffer.append(", iSSLAlias=").append(this.iSSLAlias);
        stringBuffer.append(", iSSLEnabled=").append(this.iSSLEnabled);
        stringBuffer.append(", iConnectTimeout=").append(this.iConnectTimeout);
        stringBuffer.append(", iReadTimeout=").append(this.iReadTimeout);
        stringBuffer.append(", iJndiOutputEnabled=").append(this.iJndiOutputEnabled);
        stringBuffer.append(", iPrimaryServer=").append(this.iPrimaryServer);
        stringBuffer.append(", iFailoverServers=").append(this.iFailoverServers);
        stringBuffer.append(", iContextPoolEnabled=").append(this.iContextPoolEnabled);
        stringBuffer.append(", iInitPoolSize=").append(this.iInitPoolSize);
        stringBuffer.append(", iPrefPoolSize=").append(this.iPrefPoolSize);
        stringBuffer.append(", iMaxPoolSize=").append(this.iMaxPoolSize);
        stringBuffer.append(", iPoolTimeOut=").append(this.iPoolTimeOut);
        stringBuffer.append(", iPoolWaitTime=").append(this.iPoolWaitTime);
        stringBuffer.append(", iWriteToSecondary=").append(this.iWriteToSecondary);
        stringBuffer.append(", iQueryInterval=").append(this.iQueryInterval);
        stringBuffer.append(", iReturnToPrimary=").append(this.iReturnToPrimary);
        stringBuffer.append(", iReferral=").append(this.iReferral);
        stringBuffer.append(", iBinaryAttributeNames=").append(this.iBinaryAttributeNames);
        stringBuffer.append(", bindAuthMechanism=").append(this.bindAuthMechanism);
        stringBuffer.append(", krb5Principal=").append(this.krb5Principal);
        stringBuffer.append(", krb5TicketCache=").append(this.krb5TicketCache);
        stringBuffer.append("}");
        return stringBuffer.toString();
    }

    @FFDCIgnore({LoginException.class, IllegalArgumentException.class, PrivilegedActionException.class})
    private void handleKerberos(final Hashtable<String, Object> hashtable) throws LoginException, MalformedURLException {
        if (!isKerberosBindAuth()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "handleKerberos Kerberos login method was called, but Kerberos is not enabled. BindAuthMechanism is " + this.bindAuthMechanism, new Object[0]);
                return;
            }
            return;
        }
        acquireKrb5ReadLock();
        try {
            if (this.kerberosService == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "handleKerberos Kerberos login method was called, but the KerberosService is null. BindAuthMechanism is " + this.bindAuthMechanism, new Object[0]);
                }
                Tr.error(tc, "KRB5_SERVICE_NOT_AVAILABLE", new Object[]{this.reposId, this.krb5Principal, this.bindAuthMechanism});
                throw new LoginException(Tr.formatMessage(tc, "KRB5_SERVICE_NOT_AVAILABLE", WIMMessageHelper.generateMsgParms(this.reposId, this.krb5Principal, this.bindAuthMechanism)));
            }
            try {
                try {
                    try {
                        AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>() { // from class: com.ibm.ws.security.wim.adapter.ldap.context.ContextManager.6
                            static final long serialVersionUID = -4558731687287029339L;
                            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.adapter.ldap.context.ContextManager$6", AnonymousClass6.class, "ldapUtil", "com.ibm.ws.security.wim.adapter.ldap.resources.LdapUtilMessages");

                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public Subject run() throws LoginException {
                                Subject orCreateSubject = ContextManager.this.kerberosService.getOrCreateSubject(ContextManager.this.krb5Principal, (SerializableProtectedString) null, ContextManager.this.krb5TicketCache);
                                hashtable.put("javax.security.sasl.credentials", SubjectHelper.getGSSCredentialFromSubject(orCreateSubject));
                                return orCreateSubject;
                            }
                        });
                    } catch (PrivilegedActionException e) {
                        throw ((LoginException) e.getException());
                    }
                } catch (IllegalArgumentException e2) {
                    LoginException loginException = new LoginException(Tr.formatMessage(tc, "INVALID_KRB5_PRINCIPAL", WIMMessageHelper.generateMsgParms(this.krb5Principal)) + " " + e2.getClass().getName() + (e2.getMessage() == null ? "" : ": " + e2.getMessage()));
                    loginException.initCause(e2);
                    throw loginException;
                }
            } catch (LoginException e3) {
                LoginException loginException2 = new LoginException((this.krb5TicketCache != null ? Tr.formatMessage(tc, "KRB5_LOGIN_FAILED_CACHE", WIMMessageHelper.generateMsgParms(this.krb5Principal, this.krb5TicketCache)) : this.kerberosService.getKeytab() != null ? Tr.formatMessage(tc, "KRB5_LOGIN_FAILED_KEYTAB", WIMMessageHelper.generateMsgParms(this.krb5Principal, this.kerberosService.getKeytab())) : Tr.formatMessage(tc, "KRB5_LOGIN_FAILED_DEFAULT_KEYTAB", WIMMessageHelper.generateMsgParms(this.krb5Principal, this.kerberosService.getKeytab()))) + " " + e3.getClass().getName() + ": " + e3.getMessage());
                loginException2.initCause(e3);
                throw loginException2;
            }
        } finally {
            releaseKrb5ReadLock();
        }
    }

    @Trivial
    private boolean isKerberosBindAuth() {
        return "GSSAPI".equals(this.bindAuthMechanism);
    }

    public void updateKerberosService(KerberosService kerberosService, LdapConnection ldapConnection) {
        if (isKerberosBindAuth()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "updateKerberosService Kerberos is enabled and the KerberosService was updated, acquire write lock and process krb5 update tasks", new Object[0]);
            }
            acquireKrb5WriteLock();
            try {
                this.kerberosService = kerberosService;
                if (this.iContextPoolEnabled) {
                    try {
                        reCreateDirContext(getDirContext(), LdapConstants.KERBEROS_UDPATE_MSG);
                    } catch (WIMSystemException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.wim.adapter.ldap.context.ContextManager", "2003", this, new Object[]{kerberosService, ldapConnection});
                        if (tc.isEventEnabled()) {
                            Tr.event(tc, "updateKerberosService Exception processing reCreateDirContext after a KerberosService update.", new Object[]{e});
                        }
                    }
                }
                ldapConnection.clearCaches();
                releaseKrb5WriteLock();
            } catch (Throwable th) {
                releaseKrb5WriteLock();
                throw th;
            }
        }
    }

    @Trivial
    void acquireKrb5WriteLock() {
        this.kerberServiceModifyLock.writeLock().lock();
    }

    @Trivial
    void releaseKrb5WriteLock() {
        this.kerberServiceModifyLock.writeLock().unlock();
    }

    @Trivial
    void acquireKrb5ReadLock() {
        this.kerberServiceModifyLock.readLock().lock();
    }

    @Trivial
    void releaseKrb5ReadLock() {
        this.kerberServiceModifyLock.readLock().unlock();
    }
}
