package com.ibm.ws.security.jwtsso.internal;

import com.ibm.websphere.kernel.server.ServerInfoMBean;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.impl.JWKSet;
import com.ibm.ws.security.jwt.config.ConsumerUtils;
import com.ibm.ws.security.jwt.config.JwtConsumerConfig;
import com.ibm.ws.security.jwt.utils.JwtUtils;
import com.ibm.ws.security.jwtsso.config.JwtSsoConfig;
import com.ibm.ws.security.jwtsso.utils.ConfigUtils;
import com.ibm.ws.security.jwtsso.utils.IssuerUtil;
import com.ibm.ws.security.jwtsso.utils.JwtSsoConstants;
import com.ibm.ws.security.mp.jwt.MicroProfileJwtConfig;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.ws.webcontainer.security.util.WebConfigUtils;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.ssl.SSLSupport;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.List;
import java.util.Map;
import javax.management.DynamicMBean;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {JwtSsoConfig.class, MicroProfileJwtConfig.class, JwtConsumerConfig.class}, immediate = true, configurationPolicy = ConfigurationPolicy.REQUIRE, configurationPid = {"com.ibm.ws.security.jwtsso"}, name = "jwtSsoConfig", property = {"service.vendor=IBM"})
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/jwtsso/internal/JwtSsoComponent.class */
public class JwtSsoComponent implements JwtSsoConfig {
    private static final TraceComponent tc = Tr.register(JwtSsoComponent.class, "JWTSSO", "com.ibm.ws.security.jwtsso.internal.resources.JWTSSOMessages");
    private DynamicMBean httpsendpointInfoMBean;
    private DynamicMBean httpendpointInfoMBean;
    private ServerInfoMBean serverInfoMBean;
    public static final String KEY_SSL_SUPPORT = "sslSupport";
    public static final String KEY_KEYSTORE_SERVICE = "keyStoreService";
    private boolean setCookiePathToWebAppContextPath;
    private boolean includeLtpaCookie;
    private boolean fallbackToLtpa;
    private boolean cookieSecureFlag;
    private String mpjwtConsumerRef;
    private String cookieName;
    private boolean disableJwtCookie;
    private String authFilterRef;
    protected static final String KEY_UNIQUE_ID = "id";
    private String signatureAlgorithm;
    private IssuerUtil issuerUtil;
    static final long serialVersionUID = 3389209968275818482L;
    private final AtomicServiceReference<SSLSupport> sslSupportRef = new AtomicServiceReference<>(KEY_SSL_SUPPORT);
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE);
    protected String uniqueId = null;
    ConsumerUtils consumerUtils = null;

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isHttpOnlyCookies() {
        return WebConfigUtils.getWebAppSecurityConfig().getHttpOnlyCookies();
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isSsoUseDomainFromURL() {
        return WebConfigUtils.getWebAppSecurityConfig().getSSOUseDomainFromURL();
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public List<String> getSsoDomainNames() {
        return WebConfigUtils.getWebAppSecurityConfig().getSSODomainList();
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isSetCookiePathToWebAppContextPath() {
        return this.setCookiePathToWebAppContextPath;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isIncludeLtpaCookie() {
        return this.includeLtpaCookie;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isFallbackToLtpa() {
        return this.fallbackToLtpa;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isCookieSecured() {
        return this.cookieSecureFlag;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public String getJwtConsumerRef() {
        return this.mpjwtConsumerRef;
    }

    @Reference(target = "(jmx.objectname=WebSphere:feature=channelfw,type=endpoint,name=defaultHttpEndpoint)", cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setEndPointInfoMBean(DynamicMBean dynamicMBean) {
        this.httpendpointInfoMBean = dynamicMBean;
    }

    protected void unsetEndPointInfoMBean(DynamicMBean dynamicMBean) {
        if (this.httpendpointInfoMBean == dynamicMBean) {
            this.httpendpointInfoMBean = null;
        }
    }

    @Reference(target = "(jmx.objectname=WebSphere:feature=channelfw,type=endpoint,name=defaultHttpEndpoint-ssl)", cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setHttpsEndPointInfoMBean(DynamicMBean dynamicMBean) {
        this.httpsendpointInfoMBean = dynamicMBean;
    }

    protected void unsetHttpsEndPointInfoMBean(DynamicMBean dynamicMBean) {
        if (this.httpsendpointInfoMBean == dynamicMBean) {
            this.httpsendpointInfoMBean = null;
        }
    }

    @Reference(target = "(jmx.objectname=WebSphere:feature=kernel,name=ServerInfo)", policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MULTIPLE, policyOption = ReferencePolicyOption.GREEDY)
    protected void setServerInfoMBean(ServerInfoMBean serverInfoMBean) {
        this.serverInfoMBean = serverInfoMBean;
    }

    protected void unsetServerInfoMBean(ServerInfoMBean serverInfoMBean) {
        if (this.serverInfoMBean == serverInfoMBean) {
            this.serverInfoMBean = null;
        }
    }

    @Reference(service = KeyStoreService.class, name = KEY_KEYSTORE_SERVICE, policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    @Reference(service = SSLSupport.class, name = KEY_SSL_SUPPORT, policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
    protected void setSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
    }

    protected void updatedSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
    }

    protected void unsetSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(Map<String, Object> map, ComponentContext componentContext) {
        this.uniqueId = (String) map.get(KEY_UNIQUE_ID);
        process(map);
        this.keyStoreServiceRef.activate(componentContext);
        this.sslSupportRef.activate(componentContext);
        JwtUtils.setKeyStoreService(this.keyStoreServiceRef);
        JwtUtils.setSSLSupportService(this.sslSupportRef);
    }

    @Modified
    protected void modify(Map<String, Object> map) {
        process(map);
    }

    @Deactivate
    protected void deactivate(int i, ComponentContext componentContext) {
        this.keyStoreServiceRef.deactivate(componentContext);
        this.sslSupportRef.deactivate(componentContext);
        JwtUtils.setKeyStoreService((AtomicServiceReference) null);
        JwtUtils.setSSLSupportService((AtomicServiceReference) null);
    }

    @ManualTrace
    private void process(Map<String, Object> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "process", new Object[]{map});
        }
        if (map == null || map.isEmpty()) {
            return;
        }
        this.setCookiePathToWebAppContextPath = ((Boolean) map.get(JwtSsoConstants.CFG_KEY_SETCOOKIEPATHTOWEBAPPCONTEXTPATH)).booleanValue();
        this.includeLtpaCookie = ((Boolean) map.get(JwtSsoConstants.CFG_KEY_INCLUDELTPACOOKIE)).booleanValue();
        this.fallbackToLtpa = ((Boolean) map.get(JwtSsoConstants.CFG_USE_LTPA_IF_JWT_ABSENT)).booleanValue();
        this.cookieSecureFlag = ((Boolean) map.get(JwtSsoConstants.CFG_KEY_COOKIESECUREFLAG)).booleanValue();
        this.disableJwtCookie = ((Boolean) map.get(JwtSsoConstants.CFG_KEY_DISABLE_JWT_COOKIE)).booleanValue();
        this.authFilterRef = (String) map.get(JwtSsoConstants.CFG_KEY_AUTH_FILTER_REF);
        this.mpjwtConsumerRef = JwtUtils.trimIt((String) map.get(JwtSsoConstants.CFG_KEY_JWTCONSUMERREF));
        this.cookieName = JwtUtils.trimIt((String) map.get(JwtSsoConstants.CFG_KEY_COOKIENAME));
        this.cookieName = new ConfigUtils().validateCookieName(this.cookieName, true);
        if (this.mpjwtConsumerRef == null) {
            setJwtSsoConsumerDefaults();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "process");
        }
    }

    private void setJwtSsoConsumerDefaults() {
        this.mpjwtConsumerRef = getId();
        this.signatureAlgorithm = "RS256";
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "consumer id = ", new Object[]{this.mpjwtConsumerRef});
        }
        this.issuerUtil = new IssuerUtil();
    }

    public String getId() {
        return getUniqueId();
    }

    public List<String> getAudiences() {
        return null;
    }

    public boolean ignoreAudClaimIfNotConfigured() {
        return false;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public String getSharedKey() {
        return null;
    }

    public String getTrustStoreRef() {
        return null;
    }

    public String getKeyStoreRef() {
        return null;
    }

    public String getTrustedAlias() {
        return null;
    }

    public String getUniqueId() {
        return this.uniqueId;
    }

    public String getUserNameAttribute() {
        return "upn";
    }

    public String getGroupNameAttribute() {
        return "groups";
    }

    public boolean ignoreApplicationAuthMethod() {
        return true;
    }

    public boolean getMapToUserRegistry() {
        return false;
    }

    public String getIssuer() {
        return this.issuerUtil.getResolvedHostAndPortUrl(this.httpsendpointInfoMBean, this.httpendpointInfoMBean, this.serverInfoMBean, this.uniqueId);
    }

    public long getClockSkew() {
        return 300000L;
    }

    public boolean getJwkEnabled() {
        return false;
    }

    public String getJwkEndpointUrl() {
        return null;
    }

    public ConsumerUtils getConsumerUtils() {
        if (this.consumerUtils == null) {
            this.consumerUtils = new ConsumerUtils(this.keyStoreServiceRef);
        }
        return this.consumerUtils;
    }

    public boolean isValidationRequired() {
        return true;
    }

    public boolean isHostNameVerificationEnabled() {
        return false;
    }

    public String getSslRef() {
        return null;
    }

    public JWKSet getJwkSet() {
        return null;
    }

    public boolean getTokenReuse() {
        return true;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public String getCookieName() {
        return this.cookieName;
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public String getAuthFilterRef() {
        return this.authFilterRef;
    }

    public boolean getUseSystemPropertiesForHttpClientConnections() {
        return false;
    }

    public String getAuthorizationHeaderScheme() {
        return "Bearer ";
    }

    @Override // com.ibm.ws.security.jwtsso.config.JwtSsoConfig
    public boolean isDisableJwtCookie() {
        return this.disableJwtCookie;
    }

    public String getTokenHeader() {
        return null;
    }

    public List<String> getAMRClaim() {
        return null;
    }

    public String getKeyManagementKeyAlias() {
        return null;
    }

    public Key getJweDecryptionKey() throws GeneralSecurityException {
        return null;
    }
}
