package dev.galasa.zossecurity.internal;

import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import dev.galasa.ICredentialsUsernamePassword;
import dev.galasa.framework.spi.DynamicStatusStoreException;
import dev.galasa.framework.spi.IDynamicStatusStoreKeyAccess;
import dev.galasa.framework.spi.IDynamicStatusStoreService;
import dev.galasa.framework.spi.IFramework;
import dev.galasa.framework.spi.creds.CredentialsException;
import dev.galasa.http.HttpClientException;
import dev.galasa.http.HttpClientResponse;
import dev.galasa.http.IHttpClient;
import dev.galasa.http.spi.IHttpManagerSpi;
import dev.galasa.zos.IZosImage;
import dev.galasa.zos.ZosManagerException;
import dev.galasa.zos.spi.IZosManagerSpi;
import dev.galasa.zosfile.IZosFileHandler;
import dev.galasa.zosfile.ZosFileManagerException;
import dev.galasa.zosfile.spi.IZosFileSpi;
import dev.galasa.zossecurity.IZosCertificate;
import dev.galasa.zossecurity.IZosCicsClassSet;
import dev.galasa.zossecurity.IZosIdMap;
import dev.galasa.zossecurity.IZosKerberosPrincipal;
import dev.galasa.zossecurity.IZosKeyring;
import dev.galasa.zossecurity.IZosPreDefinedProfile;
import dev.galasa.zossecurity.IZosProfile;
import dev.galasa.zossecurity.IZosSecurity;
import dev.galasa.zossecurity.IZosUserid;
import dev.galasa.zossecurity.KerberosInitiator;
import dev.galasa.zossecurity.KerberosToken;
import dev.galasa.zossecurity.ZosSecurityManagerException;
import dev.galasa.zossecurity.datatypes.RACFAccessType;
import dev.galasa.zossecurity.datatypes.RACFCertificateTrust;
import dev.galasa.zossecurity.datatypes.RACFCertificateType;
import dev.galasa.zossecurity.internal.properties.CicsSharedClassets;
import dev.galasa.zossecurity.internal.properties.CreateUserid;
import dev.galasa.zossecurity.internal.properties.KerberosDomainController;
import dev.galasa.zossecurity.internal.properties.KerberosRealm;
import dev.galasa.zossecurity.internal.properties.OutputReporting;
import dev.galasa.zossecurity.internal.properties.PredefinedProfiles;
import dev.galasa.zossecurity.internal.properties.ResourceReporting;
import dev.galasa.zossecurity.internal.properties.ServerApikey;
import dev.galasa.zossecurity.internal.properties.ServerUrl;
import dev.galasa.zossecurity.internal.properties.SetroptsDelay;
import dev.galasa.zossecurity.internal.properties.UseridDefaultGroup;
import dev.galasa.zossecurity.internal.properties.UseridDefaultGroups;
import dev.galasa.zossecurity.internal.properties.UseridPool;
import dev.galasa.zossecurity.internal.resources.RacfOutputProcessing;
import dev.galasa.zossecurity.internal.resources.ZosCertificateImpl;
import dev.galasa.zossecurity.internal.resources.ZosCicsClassSetImpl;
import dev.galasa.zossecurity.internal.resources.ZosCicsSharedClassSetImpl;
import dev.galasa.zossecurity.internal.resources.ZosIdMapImpl;
import dev.galasa.zossecurity.internal.resources.ZosKerberosClientPrincipalImpl;
import dev.galasa.zossecurity.internal.resources.ZosKerberosPrincipalImpl;
import dev.galasa.zossecurity.internal.resources.ZosKeyringImpl;
import dev.galasa.zossecurity.internal.resources.ZosPreDefinedProfileImpl;
import dev.galasa.zossecurity.internal.resources.ZosProfileImpl;
import dev.galasa.zossecurity.internal.resources.ZosUseridImpl;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:dev/galasa/zossecurity/internal/ZosSecurityImpl.class */
public class ZosSecurityImpl implements IZosSecurity {
    private static final Log logger = LogFactory.getLog(ZosSecurityImpl.class);
    public static final Pattern ZOS_CERTIFICATE_PATTERN = Pattern.compile("^" + ResourceType.ZOS_CERTIFICATE.getName() + ".run\\.(\\w+)\\.(\\w+)\\/(\\w+)\\/([^\\.]+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_CICS_CLASS_SET_PATTERN = Pattern.compile("^" + ResourceType.ZOS_CICS_CLASS_SET.getName() + ".run\\.(\\w+)\\.(\\w+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_ID_MAP_PATTERN = Pattern.compile("^" + ResourceType.ZOS_ID_MAP.getName() + ".run\\.(\\w+)\\.(\\w+)\\/([\\S]+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_KERBEROS_PRINCIPAL_PATTERN = Pattern.compile("^" + ResourceType.ZOS_KERBEROS_PRINCIPAL.getName() + ".run\\.(\\w+)\\.([\\S]+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_KEYRING_PATTERN = Pattern.compile("^" + ResourceType.ZOS_KEYRING.getName() + ".run\\.(\\w+)\\.(\\w+)\\/([\\S]+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_PRE_DEFINED_PROFILE_PERMIT_PATTERN = Pattern.compile("^" + ResourceType.ZOS_PRE_DEFINED_PROFILE_PERMIT.getName() + ".run\\.(\\w+)\\.(\\w+)\\/([\\S]+)\\/(\\w+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_PROFILE_PATTERN = Pattern.compile("^" + ResourceType.ZOS_PROFILE.getName() + ".run\\.(\\w+)\\.(\\w+)\\/([\\S]+)\\.sysplex\\.(\\w+)$");
    public static final Pattern ZOS_USERID_PATTERN = Pattern.compile("^" + ResourceType.ZOS_USERID.getName() + ".run\\.(\\w+)\\.(\\w+)\\.sysplex\\.(\\w+)$");
    private IFramework framework;
    private final IDynamicStatusStoreService dss;
    private IZosManagerSpi zosManager;
    private IZosFileSpi zosFileManager;
    private IHttpManagerSpi httpManager;
    public final ArrayList<IZosCicsClassSet> preAllocatedCicsClassSets;
    private final HashMap<String, IHttpClient> zossecServerClients;
    private final HashMap<String, HashSet<String>> classesRequiringRefresh;
    private int certificateStoreNumber;
    private IZosUserid runUser;
    private IZosImage image;
    private IZosUserid imageUser;
    private boolean resourceReporting;
    private boolean outputReporting;
    private final Map<String, String> zosSecurityServerQueryParams;
    private int setroptsDelay;
    private IZosFileHandler zosFileHandler;
    private String runDatasetHLQ;
    private List<String> useridPool;
    private List<String> cicsSharedClassSets;
    private boolean createUserid;
    private String useridDefaultGroup;
    private List<String> useridDefaultGroups;

    /* loaded from: input_file:dev/galasa/zossecurity/internal/ZosSecurityImpl$HttpMethod.class */
    public enum HttpMethod {
        GET,
        PUT,
        POST,
        DELETE
    }

    /* loaded from: input_file:dev/galasa/zossecurity/internal/ZosSecurityImpl$ResourceType.class */
    public enum ResourceType {
        ZOS_CERTIFICATE("zoscertificate"),
        ZOS_CICS_CLASS_SET("zoscicsclassset"),
        ZOS_ID_MAP("zosidmap"),
        ZOS_KERBEROS_PRINCIPAL("zoskerberosprincipal"),
        ZOS_KEYRING("zoskeyring"),
        ZOS_PRE_DEFINED_PROFILE_PERMIT("zospredefinedprofilepermit"),
        ZOS_PROFILE("zosprofile"),
        ZOS_USERID("zosuserid");

        private String name;

        ResourceType(String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }
    }

    public ZosSecurityImpl(ZosSecurityManagerImpl zosSecurityManagerImpl, IZosImage iZosImage) throws ZosSecurityManagerException {
        this.preAllocatedCicsClassSets = new ArrayList<>();
        this.zossecServerClients = new HashMap<>();
        this.classesRequiringRefresh = new HashMap<>();
        this.zosSecurityServerQueryParams = new HashMap();
        this.framework = zosSecurityManagerImpl.getFramework();
        this.dss = zosSecurityManagerImpl.getDss();
        this.zosManager = zosSecurityManagerImpl.getZosManager();
        this.zosFileManager = zosSecurityManagerImpl.getZosFileManager();
        this.httpManager = zosSecurityManagerImpl.getHttpManager();
        this.image = iZosImage;
        try {
            this.resourceReporting = ResourceReporting.get(getZosImage().getSysplexID());
            this.outputReporting = OutputReporting.get(getZosImage().getSysplexID());
            this.setroptsDelay = SetroptsDelay.get();
            this.useridPool = UseridPool.get(iZosImage.getSysplexID());
            this.cicsSharedClassSets = CicsSharedClassets.get(iZosImage.getSysplexID());
            this.createUserid = CreateUserid.get();
            if (this.resourceReporting) {
                logger.info("Resource Reporting has been enabled by configuration properties");
            }
            if (this.outputReporting) {
                logger.info("Output Reporting has been enabled by configuration properties");
            }
            try {
                ICredentialsUsernamePassword defaultCredentials = getZosImage().getDefaultCredentials();
                this.imageUser = new ZosUseridImpl(this, defaultCredentials.getUsername(), defaultCredentials.getPassword(), null, iZosImage);
            } catch (ZosManagerException e) {
                throw new ZosSecurityManagerException("Problem getting default credentials fo image " + iZosImage.getImageID(), e);
            }
        } catch (ZosSecurityManagerException e2) {
            throw new ZosSecurityManagerException("Unable to obtain manager properties", e2);
        }
    }

    public ZosSecurityImpl(IFramework iFramework, IDynamicStatusStoreService iDynamicStatusStoreService, IHttpManagerSpi iHttpManagerSpi) throws ZosSecurityManagerException {
        this.preAllocatedCicsClassSets = new ArrayList<>();
        this.zossecServerClients = new HashMap<>();
        this.classesRequiringRefresh = new HashMap<>();
        this.zosSecurityServerQueryParams = new HashMap();
        this.framework = iFramework;
        this.dss = iDynamicStatusStoreService;
        this.zosManager = null;
        this.zosFileManager = null;
        this.httpManager = iHttpManagerSpi;
        this.image = null;
        this.resourceReporting = true;
        this.outputReporting = true;
        try {
            this.setroptsDelay = SetroptsDelay.get();
        } catch (ZosSecurityManagerException e) {
            throw new ZosSecurityManagerException("Unable to obtain manager properties", e);
        }
    }

    public IZosUserid allocateUserid(boolean z) throws ZosSecurityManagerException {
        IZosUserid allocateUserid = allocateUserid();
        if (z) {
            setRunUserid(allocateUserid);
        }
        return allocateUserid;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosUserid getRunUserid() throws ZosSecurityManagerException {
        if (this.runUser == null) {
            this.runUser = this.imageUser;
        }
        return this.runUser;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosUserid allocateUserid() throws ZosSecurityManagerException {
        try {
            ZosUseridImpl allocateUserId = ZosUseridImpl.allocateUserId(this);
            if (allocateUserId == null) {
                throw new ZosSecurityManagerException("There are no zOS Userids available in the pool for image " + getZosImage());
            }
            return allocateUserId;
        } catch (ZosSecurityManagerException e) {
            throw new ZosSecurityManagerException("Problem allocating zOS Userid for image " + getZosImage(), e);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeUserid(IZosUserid iZosUserid) throws ZosSecurityManagerException {
        try {
            ((ZosUseridImpl) iZosUserid).free();
        } catch (Exception e) {
            throw new ZosSecurityManagerException("Free of userid " + iZosUserid.getUserid() + "' failed", e);
        }
    }

    public IZosCicsClassSet allocateCicsClassSet(boolean z, boolean z2) throws ZosSecurityManagerException {
        IZosCicsClassSet allocateSharedCicsClassSet = z2 ? allocateSharedCicsClassSet() : allocateCicsClassSet();
        if (z) {
            allocateSharedCicsClassSet.allowAllAccess();
        }
        return allocateSharedCicsClassSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [dev.galasa.zossecurity.IZosCicsClassSet] */
    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCicsClassSet allocateCicsClassSet() throws ZosSecurityManagerException {
        ZosCicsClassSetImpl allocateClassset;
        if (this.preAllocatedCicsClassSets.isEmpty()) {
            allocateClassset = ZosCicsClassSetImpl.allocateClassset(this);
            if (allocateClassset == null) {
                throw new ZosSecurityManagerException("There are no zOS Classsets available in the pool for system '" + this.image + "'");
            }
        } else {
            allocateClassset = this.preAllocatedCicsClassSets.remove(0);
        }
        return allocateClassset;
    }

    private IZosCicsClassSet allocateSharedCicsClassSet() throws ZosSecurityManagerException {
        IZosCicsClassSet allocateClassset = ZosCicsSharedClassSetImpl.allocateClassset(this, getZosImage());
        if (allocateClassset == null) {
            throw new ZosSecurityManagerException("There are no zOS Shared Classsets available for system '" + this.image + "'");
        }
        return allocateClassset;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeCicsClassSet(IZosCicsClassSet iZosCicsClassSet) throws ZosSecurityManagerException {
        try {
            ((ZosCicsClassSetImpl) iZosCicsClassSet).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free CICS Class Set", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IZosPreDefinedProfile createPredefinedProfile(String str, String str2) throws ZosSecurityManagerException {
        String str3 = str + "/" + str2;
        logger.info("Associating Pre Defined Profile '" + str3 + "'");
        try {
            if (!PredefinedProfiles.get(getZosImage()).contains(str3)) {
                throw new ZosSecurityManagerException("Requested predefined profile '" + str3 + "' is not authorised");
            }
            IZosImage iZosImage = null;
            try {
                iZosImage = getZosImage();
                return new ZosPreDefinedProfileImpl(this, iZosImage, str, str2);
            } catch (Exception e) {
                throw new ZosSecurityManagerException("Unable to retrieve image for tag '" + iZosImage.getImageID() + "'", e);
            }
        } catch (ZosSecurityManagerException e2) {
            throw new ZosSecurityManagerException("Unable to retrieve valid predefined profiles", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, RACFAccessType rACFAccessType) throws ZosSecurityManagerException {
        return createProfile(getZosImage().getImageID(), str, str2, null, rACFAccessType, true);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, RACFAccessType rACFAccessType, boolean z) throws ZosSecurityManagerException {
        return createProfile(getZosImage().getImageID(), str, str2, null, rACFAccessType, z);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, String str3, RACFAccessType rACFAccessType) throws ZosSecurityManagerException {
        return createProfile(str, str2, str3, null, rACFAccessType, true);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, Map<String, String> map, RACFAccessType rACFAccessType) throws ZosSecurityManagerException {
        return createProfile(getZosImage().getImageID(), str, str2, map, rACFAccessType, true);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, String str3, RACFAccessType rACFAccessType, boolean z) throws ZosSecurityManagerException {
        return createProfile(str, str2, str3, null, rACFAccessType, z);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosProfile createProfile(String str, String str2, String str3, Map<String, String> map, RACFAccessType rACFAccessType, boolean z) throws ZosSecurityManagerException {
        try {
            IZosProfile createProfile = ZosProfileImpl.createProfile(this, getZosManager().getImage(str), str2, str3, map, rACFAccessType, z);
            if (createProfile == null) {
                throw new ZosSecurityManagerException("Profile " + str2 + "/" + str3 + " is already in use by another run");
            }
            logger.debug("zOS Profile '" + createProfile.toString() + "' was allocated to this run");
            return createProfile;
        } catch (ZosManagerException e) {
            throw new ZosSecurityManagerException("Unable to retrieve the run image", e);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeProfile(IZosProfile iZosProfile) throws ZosSecurityManagerException {
        try {
            ((ZosProfileImpl) iZosProfile).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free profile", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void deleteProfile(IZosProfile iZosProfile) throws ZosSecurityManagerException {
        iZosProfile.delete(true);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void deleteProfile(IZosProfile iZosProfile, boolean z) throws ZosSecurityManagerException {
        iZosProfile.delete(z);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosKeyring createKeyring(IZosUserid iZosUserid, String str) throws ZosSecurityManagerException {
        return createKeyring(iZosUserid.getUserid(), str);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosKeyring createKeyring(String str, String str2) throws ZosSecurityManagerException {
        IZosKeyring createKeyring = ZosKeyringImpl.createKeyring(this, getZosImage(), str, str2);
        if (createKeyring == null) {
            throw new ZosSecurityManagerException("Keyring " + str + "/" + str2 + " is already in use by another run");
        }
        logger.debug("zOS keyring '" + createKeyring.toString() + "' was allocated to this run");
        return createKeyring;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeKeyring(IZosKeyring iZosKeyring) throws ZosSecurityManagerException {
        try {
            ((ZosKeyringImpl) iZosKeyring).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free keyring", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void deleteKeyring(IZosKeyring iZosKeyring) throws ZosSecurityManagerException {
        iZosKeyring.delete();
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(IZosUserid iZosUserid, String str, KeyStore keyStore, String str2, RACFCertificateType rACFCertificateType) throws ZosSecurityManagerException {
        return createCertificate(iZosUserid.getUserid(), str, keyStore, str2, rACFCertificateType, (RACFCertificateTrust) null);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, String str2, KeyStore keyStore, String str3, RACFCertificateType rACFCertificateType) throws ZosSecurityManagerException {
        return createCertificate(getZosImage().getImageID(), str, str2, keyStore, str3, rACFCertificateType, (RACFCertificateTrust) null);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, IZosUserid iZosUserid, String str2, KeyStore keyStore, String str3, RACFCertificateType rACFCertificateType) throws ZosSecurityManagerException {
        return createCertificate(str, iZosUserid.getUserid(), str2, keyStore, str3, rACFCertificateType, (RACFCertificateTrust) null);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, String str2, String str3, KeyStore keyStore, String str4, RACFCertificateType rACFCertificateType) throws ZosSecurityManagerException {
        return createCertificate(str, str2, str3, keyStore, str4, rACFCertificateType, (RACFCertificateTrust) null);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(IZosUserid iZosUserid, String str, KeyStore keyStore, String str2, RACFCertificateType rACFCertificateType, RACFCertificateTrust rACFCertificateTrust) throws ZosSecurityManagerException {
        return createCertificate(iZosUserid.getUserid(), str, keyStore, str2, rACFCertificateType, rACFCertificateTrust);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, String str2, KeyStore keyStore, String str3, RACFCertificateType rACFCertificateType, RACFCertificateTrust rACFCertificateTrust) throws ZosSecurityManagerException {
        return createCertificate(getZosImage().getImageID(), str, str2, keyStore, str3, rACFCertificateType, rACFCertificateTrust);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, IZosUserid iZosUserid, String str2, KeyStore keyStore, String str3, RACFCertificateType rACFCertificateType, RACFCertificateTrust rACFCertificateTrust) throws ZosSecurityManagerException {
        return createCertificate(str, iZosUserid.getUserid(), str2, keyStore, str3, rACFCertificateType, rACFCertificateTrust);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosCertificate createCertificate(String str, String str2, String str3, KeyStore keyStore, String str4, RACFCertificateType rACFCertificateType, RACFCertificateTrust rACFCertificateTrust) throws ZosSecurityManagerException {
        try {
            IZosImage image = getZosManager().getImage(str);
            this.certificateStoreNumber++;
            IZosCertificate createCertificate = ZosCertificateImpl.createCertificate(this, image, str2, str3, keyStore, str4, rACFCertificateType, rACFCertificateTrust, this.certificateStoreNumber);
            if (createCertificate == null) {
                throw new ZosSecurityManagerException("Certificate " + str2 + "/" + str3 + " is already in use by another run");
            }
            logger.debug("zOS Certificate '" + createCertificate.toString() + "' was allocated to this run");
            return createCertificate;
        } catch (ZosManagerException e) {
            throw new ZosSecurityManagerException("Unable to retrieve the run image", e);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeCertificate(IZosCertificate iZosCertificate) throws ZosSecurityManagerException {
        try {
            ((ZosCertificateImpl) iZosCertificate).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free certificate", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void deleteCertificate(IZosCertificate iZosCertificate) throws ZosSecurityManagerException {
        iZosCertificate.delete();
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KeyStore generateSelfSignedCertificate(String str, String str2, int i, int i2, String str3, String str4) throws ZosSecurityManagerException {
        return generateSelfSignedCertificate(str, str2, i, i2, str3, str4, false);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KeyStore generateSelfSignedCertificate(String str, String str2, int i, int i2, String str3, String str4, boolean z) throws ZosSecurityManagerException {
        if (str3 == null) {
            str3 = "RSA";
        }
        if (str4 == null) {
            str4 = "SHA1withRSA";
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3);
            keyPairGenerator.initialize(i, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(6, i2);
            ContentSigner build = new JcaContentSignerBuilder(str4).build(generateKeyPair.getPrivate());
            X500Name x500Name = new X500Name(str2);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), gregorianCalendar.getTime(), gregorianCalendar2.getTime(), x500Name, generateKeyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(z));
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(build).getEncoded()));
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry(str, generateKeyPair.getPrivate(), "password".toCharArray(), new Certificate[]{x509Certificate});
            logger.info("Selfsigned certificate generated with dn='" + x509Certificate.getSubjectDN().getName() + "' and serial '" + x509Certificate.getSerialNumber() + "'");
            return keyStore;
        } catch (Exception e) {
            throw new ZosSecurityManagerException("Unable to generate self signed certificate", e);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KeyStore generateSignedCertificate(String str, String str2, int i, int i2, KeyStore keyStore, String str3, String str4) throws ZosSecurityManagerException {
        return generateSignedCertificate(str, str2, i, i2, keyStore, str3, str4, false);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KeyStore generateSignedCertificate(String str, String str2, int i, int i2, KeyStore keyStore, String str3, String str4, boolean z) throws ZosSecurityManagerException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Key key = keyStore.getKey(str3, str4.toCharArray());
            Certificate[] certificateChain = keyStore.getCertificateChain(str3);
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateChain[0].getEncoded()));
            String sigAlgName = x509Certificate.getSigAlgName();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(key.getAlgorithm());
            keyPairGenerator.initialize(i, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(6, i2);
            ContentSigner build = new JcaContentSignerBuilder(sigAlgName).build((PrivateKey) key);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(PrincipalUtil.getSubjectX509Principal(x509Certificate).getName()), BigInteger.valueOf(System.currentTimeMillis()), gregorianCalendar.getTime(), gregorianCalendar2.getTime(), new X500Name(str2), generateKeyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(z));
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(build).getEncoded()));
            Certificate[] certificateArr = new Certificate[1 + certificateChain.length];
            certificateArr[0] = x509Certificate2;
            int i3 = 1;
            for (Certificate certificate : certificateChain) {
                certificateArr[i3] = certificate;
                i3++;
            }
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
            keyStore2.load(null, null);
            keyStore2.setKeyEntry(str, generateKeyPair.getPrivate(), "password".toCharArray(), certificateArr);
            logger.info("Certificate generated with dn='" + x509Certificate2.getSubjectDN().getName() + "' and serial '" + x509Certificate2.getSerialNumber() + "'");
            return keyStore2;
        } catch (Exception e) {
            throw new ZosSecurityManagerException("Unable to generate signed certificate", e);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosIdMap createIdMap(String str, String str2, String str3, String str4) throws ZosSecurityManagerException {
        IZosIdMap createIdMap = ZosIdMapImpl.createIdMap(this, getZosImage(), str, str2, str3, str4);
        if (createIdMap == null) {
            throw new ZosSecurityManagerException("IDMap " + str + "/" + str2 + " is already in use by another run");
        }
        logger.debug("zOS id map '" + createIdMap.toString() + "' was allocated to this run");
        return createIdMap;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosIdMap createIdMap(IZosUserid iZosUserid, String str, String str2, String str3) throws ZosSecurityManagerException {
        return createIdMap(iZosUserid.getUserid(), str, str2, str3);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freeIdMap(IZosIdMap iZosIdMap) throws ZosSecurityManagerException {
        try {
            ((ZosIdMapImpl) iZosIdMap).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free idmap", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void deleteIdMap(IZosIdMap iZosIdMap) throws ZosSecurityManagerException {
        iZosIdMap.delete();
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosKerberosPrincipal createKerberosClientPrincipal(IZosKerberosPrincipal iZosKerberosPrincipal, IZosUserid iZosUserid) throws ZosSecurityManagerException {
        if (!this.image.getImageID().equals(iZosKerberosPrincipal.getUserid().getZosImage().getImageID())) {
            throw new ZosSecurityManagerException("Service Principal image does not match provided image");
        }
        if (!this.image.getImageID().equals(iZosUserid.getZosImage().getImageID())) {
            throw new ZosSecurityManagerException("Client Userid image does not match provided image");
        }
        IZosKerberosPrincipal createPrincipal = ZosKerberosClientPrincipalImpl.createPrincipal(this, iZosKerberosPrincipal, iZosUserid);
        if (createPrincipal == null) {
            throw new ZosSecurityManagerException("Kerberos Principal " + ZosKerberosClientPrincipalImpl.generatePrincipalName(iZosUserid) + " is already in use by another run");
        }
        logger.debug("zOS Kerberos Client Principal '" + createPrincipal.toString() + "' was allocated to this run");
        return createPrincipal;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosKerberosPrincipal createKerberosPrincipal(IZosUserid iZosUserid, String str) throws ZosSecurityManagerException {
        if (!this.image.getImageID().equals(iZosUserid.getZosImage().getImageID())) {
            throw new ZosSecurityManagerException("Userid image does not match provided image");
        }
        IZosKerberosPrincipal createPrincipal = ZosKerberosPrincipalImpl.createPrincipal(this, iZosUserid, str);
        if (createPrincipal == null) {
            throw new ZosSecurityManagerException("Kerberos Principal " + ZosKerberosPrincipalImpl.generatePrincipalName(iZosUserid) + " is already in use by another run");
        }
        logger.debug("zOS Kerberos Principal '" + ((ZosKerberosPrincipalImpl) createPrincipal).getResourceName() + "' was allocated to this run");
        return createPrincipal;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void freePrincipal(IZosKerberosPrincipal iZosKerberosPrincipal) throws ZosSecurityManagerException {
        try {
            ((ZosKerberosPrincipalImpl) iZosKerberosPrincipal).free();
        } catch (ZosSecurityManagerException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to free idmap", e2);
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public String getDefaultKerberosRealm() throws ZosSecurityManagerException {
        return KerberosRealm.get(this.image);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public String getDefaultKerberosDomainController() throws ZosSecurityManagerException {
        return KerberosDomainController.get(this.image);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KerberosToken retrieveKerberosToken(IZosKerberosPrincipal iZosKerberosPrincipal, IZosKerberosPrincipal iZosKerberosPrincipal2, String str) throws ZosSecurityManagerException {
        KerberosInitiator createKerberosInitiator = createKerberosInitiator(iZosKerberosPrincipal, iZosKerberosPrincipal2, str);
        createKerberosInitiator.create();
        return createKerberosInitiator.initiate();
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public KerberosInitiator createKerberosInitiator(IZosKerberosPrincipal iZosKerberosPrincipal, IZosKerberosPrincipal iZosKerberosPrincipal2, String str) {
        return new KerberosInitiator(iZosKerberosPrincipal, iZosKerberosPrincipal2, str);
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void setRunUserid(IZosUserid iZosUserid) throws ZosSecurityManagerException {
        this.runUser = iZosUserid;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void resetRunUserid() {
        this.runUser = this.imageUser;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public IZosImage getZosImage() throws ZosSecurityManagerException {
        return this.image;
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void setResourceReporting(boolean z) {
        this.resourceReporting = z;
        if (this.resourceReporting) {
            logger.info("Resource Reporting has been enabled");
        } else {
            logger.info("Resource Reporting has been disabled");
        }
    }

    @Override // dev.galasa.zossecurity.IZosSecurity
    public void setOutputReporting(boolean z) {
        this.outputReporting = z;
        if (this.outputReporting) {
            logger.info("Output Reporting has been enabled");
        } else {
            logger.info("Output Reporting has been disabled");
        }
    }

    public boolean isResourceReporting() {
        return this.resourceReporting;
    }

    public boolean isOutputReporting() {
        return this.outputReporting;
    }

    private IFramework getFramework() {
        return this.framework;
    }

    private IZosManagerSpi getZosManager() {
        return this.zosManager;
    }

    private IZosFileSpi getZosFileManager() {
        return this.zosFileManager;
    }

    private IHttpManagerSpi getHttpManager() {
        return this.httpManager;
    }

    public IHttpClient getZossecServerClient(String str) throws ZosSecurityManagerException {
        IHttpClient iHttpClient = this.zossecServerClients.get(str);
        if (iHttpClient != null) {
            return iHttpClient;
        }
        try {
            IHttpClient newHttpClient = getHttpManager().newHttpClient();
            URI uri = new URI(ServerUrl.get(str));
            newHttpClient.setURI(uri);
            try {
                ICredentialsUsernamePassword credentials = getFramework().getCredentialsService().getCredentials("w3");
                if (credentials == null || !(credentials instanceof ICredentialsUsernamePassword)) {
                    throw new ZosSecurityManagerException("Unable to get w3 credentials");
                }
                newHttpClient.setAuthorisation(credentials.getUsername(), credentials.getPassword());
                newHttpClient.addCommonHeader("ejat-zossec-apikey", ServerApikey.get());
                newHttpClient.addOkResponseCode(500);
                newHttpClient.addOkResponseCode(415);
                if (uri.getScheme().equals("https")) {
                    newHttpClient.setTrustingSSLContext();
                }
                this.zossecServerClients.put(str, newHttpClient);
                return newHttpClient;
            } catch (CredentialsException e) {
                throw new ZosSecurityManagerException("Problem accessing credentials store", e);
            }
        } catch (Exception e2) {
            throw new ZosSecurityManagerException("Unable to create zossec server client for " + this.image.getSysplexID(), e2);
        }
    }

    public void addClassToBeRefreshed(String str, String str2) {
        synchronized (this.classesRequiringRefresh) {
            HashSet<String> hashSet = this.classesRequiringRefresh.get(str);
            if (hashSet == null) {
                hashSet = new HashSet<>();
                this.classesRequiringRefresh.put(str, hashSet);
            }
            hashSet.add(str2);
        }
    }

    public void refreshClasses(String str) throws ZosSecurityManagerException {
        HashSet<String> remove;
        synchronized (this.classesRequiringRefresh) {
            remove = this.classesRequiringRefresh.remove(str);
        }
        if (remove == null || remove.isEmpty()) {
            logger.debug("No classes required to be refreshed on " + this.image.getSysplexID() + ", ignoring");
        }
        logger.info("Requesting SETROPTS refresh of " + remove);
        try {
            JsonObject jsonObject = new JsonObject();
            JsonArray jsonArray = new JsonArray();
            Iterator<String> it = remove.iterator();
            while (it.hasNext()) {
                jsonArray.add(it.next());
            }
            jsonObject.add("classes", jsonArray);
            long currentTimeMillis = System.currentTimeMillis();
            JsonObject clientRequest = clientRequest(str, HttpMethod.PUT, "/api/refresh", this.zosSecurityServerQueryParams, jsonObject);
            long currentTimeMillis2 = System.currentTimeMillis();
            RacfOutputProcessing.analyseOutput(clientRequest, RacfOutputProcessing.COMMAND.REFRESH, remove.toString(), isOutputReporting());
            Log log = logger;
            int i = this.setroptsDelay;
            log.debug("SETROPTS command took " + (currentTimeMillis2 - currentTimeMillis) + "ms to action, includes mandatory " + log + "ms wait");
        } catch (ZosSecurityManagerException e) {
            throw new ZosSecurityManagerException("REFRESH of " + remove.toString() + " failed", e);
        }
    }

    public void dssRegister(String str, String str2) throws ZosSecurityManagerException {
        try {
            String sysplexID = getZosImage().getSysplexID();
            String instant = Instant.now().toString();
            String runName = getRunName();
            HashMap hashMap = new HashMap();
            hashMap.put(str + "." + str2 + ".sysplex." + sysplexID + ".run", runName);
            hashMap.put(str + ".run." + runName + "." + str2 + ".sysplex." + sysplexID, "active");
            this.dss.put(hashMap);
            HashMap hashMap2 = new HashMap();
            hashMap2.put(str2 + ".sysplex." + sysplexID + ".run", runName);
            hashMap2.put(str2 + ".sysplex." + sysplexID + ".run." + runName + ".allocated", instant);
            getDynamicResource(str).put(hashMap2);
        } catch (DynamicStatusStoreException e) {
            throw new ZosSecurityManagerException("Problem setting slot for zOS " + str + " " + str2, e);
        }
    }

    public void dssUnregister(String str, String str2, String str3, String str4) throws ZosSecurityManagerException {
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(str2 + ".sysplex." + str3 + ".run");
            hashSet.add(str2 + ".sysplex." + str3 + ".run." + str4 + ".allocated");
            getDynamicResource(str).delete(hashSet);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(str + "." + str2 + ".sysplex." + str3 + ".run");
            hashSet2.add(str + ".run." + str4 + "." + str2 + ".sysplex." + str3);
            this.dss.delete(hashSet2);
        } catch (DynamicStatusStoreException e) {
            throw new ZosSecurityManagerException("Problem removing slot for zOS " + str + " " + str2, e);
        }
    }

    public void dssFree(String str, String str2) throws ZosSecurityManagerException {
        try {
            String sysplexID = getZosImage().getSysplexID();
            this.dss.put(str + ".run." + getRunName() + "." + str2 + ".sysplex." + sysplexID, "free");
        } catch (DynamicStatusStoreException e) {
            throw new ZosSecurityManagerException("Problem updating slot for zOS " + str + " " + str2, e);
        }
    }

    private IDynamicStatusStoreKeyAccess getDynamicResource(String str) {
        return this.dss.getDynamicResource(str);
    }

    public String getRunName() {
        return this.framework.getTestRunName();
    }

    public JsonObject clientRequest(String str, HttpMethod httpMethod, String str2, Map<String, String> map, JsonObject jsonObject) throws ZosSecurityManagerException {
        HttpClientResponse deleteJson;
        if (jsonObject == null) {
            jsonObject = new JsonObject();
        }
        IHttpClient zossecServerClient = getZossecServerClient(str);
        try {
            switch (httpMethod) {
                case GET:
                    deleteJson = zossecServerClient.getJson(buildUri(str2, map));
                    break;
                case PUT:
                    deleteJson = zossecServerClient.putJson(buildUri(str2, map), jsonObject);
                    break;
                case POST:
                    deleteJson = zossecServerClient.postJson(buildUri(str2, map), jsonObject);
                    break;
                case DELETE:
                    deleteJson = zossecServerClient.deleteJson(buildUri(str2, map));
                    break;
                default:
                    throw new ZosSecurityManagerException("Invalid HTTP method \"" + httpMethod + "\"");
            }
            return (JsonObject) deleteJson.getContent();
        } catch (HttpClientException e) {
            throw new ZosSecurityManagerException("Server request failed", e);
        }
    }

    private String buildUri(String str, Map<String, String> map) {
        if (map.isEmpty()) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append("?");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!sb.toString().endsWith("?")) {
                sb.append("&");
            }
            sb.append(entry.getKey());
            sb.append("=");
            sb.append(entry.getValue());
        }
        return sb.toString();
    }

    public String toString() {
        return "[zOS Security] " + this.image;
    }

    public IZosFileHandler getZosFileHandler() throws ZosSecurityManagerException {
        if (this.zosFileHandler == null) {
            try {
                this.zosFileHandler = getZosFileManager().getZosFileHandler();
            } catch (ZosFileManagerException e) {
                throw new ZosSecurityManagerException("Unable to get zOS File Handler", e);
            }
        }
        return this.zosFileHandler;
    }

    public String getRunDatasetHLQ(IZosImage iZosImage) throws ZosSecurityManagerException {
        if (this.runDatasetHLQ == null) {
            try {
                this.runDatasetHLQ = getZosManager().getRunDatasetHLQ(iZosImage);
            } catch (ZosManagerException e) {
                throw new ZosSecurityManagerException("Unable to get Run Dataset HLQ", e);
            }
        }
        return this.runDatasetHLQ;
    }

    public List<String> getUseridPool() {
        return this.useridPool;
    }

    public String getUseridFromPool(boolean z) throws ZosSecurityManagerException {
        String sysplexID = getZosImage().getSysplexID();
        String name = ResourceType.ZOS_USERID.getName();
        for (String str : this.useridPool) {
            try {
                if (this.dss.getPrefix(name + "." + str + ".sysplex." + sysplexID + ".run").isEmpty()) {
                    dssRegister(name, str);
                    return str;
                }
            } catch (DynamicStatusStoreException e) {
                throw new ZosSecurityManagerException("Problem getting userid from pool for image " + getZosImage(), e);
            }
        }
        throw new ZosSecurityManagerException("No Userids available in pool for image " + getZosImage());
    }

    public String getCicsClassSetFromPool() throws ZosSecurityManagerException {
        String sysplexID = getZosImage().getSysplexID();
        String name = ResourceType.ZOS_CICS_CLASS_SET.getName();
        for (String str : this.cicsSharedClassSets) {
            try {
                if (this.dss.getPrefix(name + "." + str + ".sysplex." + sysplexID + ".run").isEmpty()) {
                    dssRegister(name, str);
                    return str;
                }
            } catch (DynamicStatusStoreException e) {
                throw new ZosSecurityManagerException("Problem getting CICS Class Set from pool for image " + getZosImage(), e);
            }
        }
        throw new ZosSecurityManagerException("No CICS Class Sets available in pool for image " + getZosImage());
    }

    public boolean createUserid() {
        return this.createUserid;
    }

    public String getUseridDefaultGroup() throws ZosSecurityManagerException {
        if (this.useridDefaultGroup == null) {
            this.useridDefaultGroup = UseridDefaultGroup.get();
        }
        return this.useridDefaultGroup;
    }

    public List<String> getUseridGroups() throws ZosSecurityManagerException {
        if (this.useridDefaultGroups == null) {
            this.useridDefaultGroups = UseridDefaultGroups.get();
        }
        return this.useridDefaultGroups;
    }
}
