package com.bea.common.security.saml.registry;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.legacy.spi.LegacyEncryptorSpi;
import com.bea.common.security.saml.utils.SAMLProfile;
import com.bea.common.security.saml.utils.SAMLUtil;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.regex.Pattern;
import weblogic.management.utils.InvalidParameterException;
import weblogic.security.providers.saml.registry.SAMLCommonPartner;

/* loaded from: input_file:com/bea/common/security/saml/registry/SAMLCommonPartnerEntry.class */
public abstract class SAMLCommonPartnerEntry extends SAMLPartnerEntry implements SAMLCommonPartner {
    private static final long serialVersionUID = -7621988038720443842L;
    private static final String SERIALIZED_AUTH_PASSWORD = "SerAuthPass";
    private static final String SERIALIZED_PASSWORD_SET = "SerPassSet";
    private static final String SERIALIZED_PASSWORD_ENCRYPTED = "SerPassEncrypt";
    private static final String COMMON_ATTR_PROFILE = "beaSAMLProfile";
    private static final String COMMON_ATTR_TARGET_URL = "beaSAMLTargetURL";
    private static final String COMMON_ATTR_AUTH_USERNAME = "beaSAMLAuthUsername";
    private static final String COMMON_ATTR_AUTH_PASSWORD = "beaSAMLAuthPassword";
    private static final String COMMON_ATTR_AUDIENCE_URI = "beaSAMLAudienceURI";
    private static final String COMMON_ATTR_SIGNED_ASSERTIONS = "beaSAMLSignedAssertions";
    private static final String COMMON_ATTR_NAME_MAPPER = "beaSAMLNameMapperClass";
    private static final String COMMON_ATTR_GROUPS_ENABLED = "beaSAMLGroupsAttributeEnabled";
    private transient boolean isARSPasswordSet;
    private transient boolean isARSPasswordEncrypted;
    private SAMLProfile profile;
    private boolean isWildcardTarget;
    private boolean isDefaultTarget;
    private static final String[] COMMON_OBJECT_CLASSES = new String[0];
    private static final String[] COMMON_ATTRIBUTES = {"beaSAMLProfile", "beaSAMLTargetURL", "beaSAMLAuthUsername", "beaSAMLAuthPassword", "beaSAMLAudienceURI", "beaSAMLSignedAssertions", "beaSAMLNameMapperClass", "beaSAMLGroupsAttributeEnabled"};
    private static final Pattern paramsPattern = Pattern.compile("^[\\S&&[^=]]+=[\\S&&[^=]]+$");

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLCommonPartnerEntry(LoggerSpi loggerSpi, LegacyEncryptorSpi legacyEncryptorSpi) {
        super(loggerSpi, legacyEncryptorSpi);
        this.isARSPasswordSet = false;
        this.isARSPasswordEncrypted = false;
        this.profile = null;
        this.isWildcardTarget = false;
        this.isDefaultTarget = false;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        if (containsAttribute(SERIALIZED_PASSWORD_SET)) {
            this.isARSPasswordSet = getBooleanAttribute(SERIALIZED_PASSWORD_SET);
        }
        if (containsAttribute(SERIALIZED_PASSWORD_ENCRYPTED)) {
            this.isARSPasswordEncrypted = getBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED);
        }
        if ((containsAttribute(SERIALIZED_AUTH_PASSWORD) || !containsAttribute("beaSAMLAuthPassword")) && !(containsAttribute(SERIALIZED_AUTH_PASSWORD) && containsAttribute("beaSAMLAuthPassword") && !isPasswordEqual(getAttribute(SERIALIZED_AUTH_PASSWORD), getAttribute("beaSAMLAuthPassword")))) {
            return;
        }
        String attribute = getAttribute("beaSAMLAuthPassword");
        if (attribute == null || attribute.length() == 0) {
            attribute = null;
            this.isARSPasswordSet = false;
            this.isARSPasswordEncrypted = false;
            setAttribute("beaSAMLAuthPassword", null);
        } else if (isValueEncrypted(attribute)) {
            this.isARSPasswordSet = true;
            this.isARSPasswordEncrypted = true;
        } else {
            this.isARSPasswordSet = true;
            this.isARSPasswordEncrypted = false;
        }
        setAttribute(SERIALIZED_AUTH_PASSWORD, attribute);
        setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
        setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
    }

    private boolean isPasswordEqual(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str != null && str2 == null) {
            return false;
        }
        if (str != null || str2 == null) {
            return str.equals(str2);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String[] getCommonLDAPObjectClasses() {
        return SAMLUtil.mergeArrays(getBaseLDAPObjectClasses(), COMMON_OBJECT_CLASSES);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String[] getCommonLDAPAttributes() {
        return SAMLUtil.mergeArrays(getBaseLDAPAttributes(), COMMON_ATTRIBUTES);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getProfile() {
        return getAttribute("beaSAMLProfile");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setProfile(String str) {
        setAttribute("beaSAMLProfile", str);
        if (SAMLProfile.mapProfileNameToId(str) == 3) {
            setBooleanAttribute("beaSAMLSignedAssertions", true);
        }
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getTargetURL() {
        return getAttribute("beaSAMLTargetURL");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setTargetURL(String str) {
        setAttribute("beaSAMLTargetURL", str);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getARSUsername() {
        return getAttribute("beaSAMLAuthUsername");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setARSUsername(String str) {
        setAttribute("beaSAMLAuthUsername", str);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getARSPasswordEncrypted() {
        if (this.isARSPasswordSet && this.isARSPasswordEncrypted) {
            return getAttribute("beaSAMLAuthPassword");
        }
        return null;
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public boolean isARSPasswordSet() {
        return this.isARSPasswordSet;
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setARSPassword(String str) {
        if (str == null || str.length() != 0) {
            this.isARSPasswordSet = true;
        } else {
            str = null;
            this.isARSPasswordSet = false;
        }
        this.isARSPasswordEncrypted = false;
        setAttribute("beaSAMLAuthPassword", str);
        setAttribute(SERIALIZED_AUTH_PASSWORD, str);
        setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
        setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getAudienceURI() {
        return getAttribute("beaSAMLAudienceURI");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setAudienceURI(String str) {
        setAttribute("beaSAMLAudienceURI", str);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public boolean isSignedAssertions() {
        return getBooleanAttribute("beaSAMLSignedAssertions");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setSignedAssertions(boolean z) {
        setBooleanAttribute("beaSAMLSignedAssertions", z);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public String getNameMapperClass() {
        return getAttribute("beaSAMLNameMapperClass");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setNameMapperClass(String str) {
        setAttribute("beaSAMLNameMapperClass", str);
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public boolean isGroupsAttributeEnabled() {
        return getBooleanAttribute("beaSAMLGroupsAttributeEnabled");
    }

    @Override // weblogic.security.providers.saml.registry.SAMLCommonPartner
    public void setGroupsAttributeEnabled(boolean z) {
        setBooleanAttribute("beaSAMLGroupsAttributeEnabled", z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getProfileId() {
        return this.profile.getProfileId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getProfileConfMethodName() {
        return this.profile.getProfileConfMethodName();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getProfileConfMethodURN() {
        return this.profile.getProfileConfMethodURN();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isWildcardTarget() {
        return this.isWildcardTarget;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isDefaultTarget() {
        return this.isDefaultTarget;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getARSPassword() {
        return getEncryptedAttribute("beaSAMLAuthPassword");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getAudienceURIs() {
        return getMultiValuedAttribute("beaSAMLAudienceURI");
    }

    @Override // com.bea.common.security.saml.registry.SAMLPartnerEntry, weblogic.security.providers.saml.registry.SAMLPartner
    public void validate() throws InvalidParameterException {
        super.validate();
        if (isEnabled()) {
            String profile = getProfile();
            if (profile == null) {
                throw new InvalidParameterException("No profile set");
            }
            this.profile = new SAMLProfile(profile);
            if (!this.profile.isValid()) {
                throw new InvalidParameterException("Invalid Profile: " + profile);
            }
            if (getTargetURL() == null) {
                int profileId = getProfileId();
                if (profileId == 3 || profileId == 4 || profileId == 5) {
                    throw new InvalidParameterException("Missing Target Endpoint");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.bea.common.security.saml.registry.SAMLPartnerEntry
    public void handleEncryption(boolean z) {
        super.handleEncryption(z);
        if (!z) {
            if (!this.isARSPasswordSet || this.isARSPasswordEncrypted) {
                return;
            }
            setEncryptedAttribute("beaSAMLAuthPassword", getAttribute("beaSAMLAuthPassword"));
            this.isARSPasswordEncrypted = true;
            setAttribute(SERIALIZED_AUTH_PASSWORD, getAttribute("beaSAMLAuthPassword"));
            setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
            return;
        }
        String attribute = getAttribute("beaSAMLAuthPassword");
        if (attribute == null || attribute.length() == 0) {
            this.isARSPasswordSet = false;
            this.isARSPasswordEncrypted = false;
            setAttribute("beaSAMLAuthPassword", null);
            setAttribute(SERIALIZED_AUTH_PASSWORD, null);
            setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
            setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
            return;
        }
        if (!isValueEncrypted(attribute)) {
            this.isARSPasswordSet = true;
            this.isARSPasswordEncrypted = false;
            setAttribute(SERIALIZED_AUTH_PASSWORD, attribute);
            setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
            setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
            return;
        }
        String decrypt = decrypt(attribute);
        if (decrypt != null && decrypt.length() != 0) {
            this.isARSPasswordSet = true;
            this.isARSPasswordEncrypted = true;
            setAttribute(SERIALIZED_AUTH_PASSWORD, attribute);
            setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
            setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
            return;
        }
        this.isARSPasswordSet = false;
        this.isARSPasswordEncrypted = false;
        setAttribute("beaSAMLAuthPassword", null);
        setAttribute(SERIALIZED_AUTH_PASSWORD, null);
        setBooleanAttribute(SERIALIZED_PASSWORD_SET, this.isARSPasswordSet);
        setBooleanAttribute(SERIALIZED_PASSWORD_ENCRYPTED, this.isARSPasswordEncrypted);
    }

    @Override // com.bea.common.security.saml.registry.SAMLPartnerEntry
    public void construct() throws InvalidParameterException {
        String targetURL;
        super.construct();
        if (isEnabled() && (targetURL = getTargetURL()) != null) {
            if (targetURL.equals("default")) {
                this.isDefaultTarget = true;
            } else if (targetURL.endsWith("*")) {
                setTargetURL(targetURL.substring(0, targetURL.length() - 1));
                this.isWildcardTarget = true;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidURL(String str) {
        if (str == null) {
            return false;
        }
        try {
            new URL(str);
            return true;
        } catch (MalformedURLException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidURI(String str) {
        if (str == null) {
            return false;
        }
        try {
            new URI(str);
            return true;
        } catch (URISyntaxException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidContextPath(String str) {
        return isValidURI(str) && str.startsWith("/");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidCertAlias(String str) {
        return str != null && str.length() > 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidParameters(String[] strArr) {
        for (int i = 0; strArr != null && i < strArr.length; i++) {
            if (strArr[i] != null && !paramsPattern.matcher(strArr[i]).matches()) {
                return false;
            }
        }
        return true;
    }
}
