package com.ibm.ws.security.authentication.internal.jaas;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.CertificateAuthenticator;
import com.ibm.ws.security.authentication.collective.CollectiveAuthenticationPlugin;
import com.ibm.ws.security.authentication.internal.JAASService;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.jaas.common.JAASChangeNotifier;
import com.ibm.ws.security.jaas.common.JAASConfigurationFactory;
import com.ibm.ws.security.jaas.common.JAASLoginContextEntry;
import com.ibm.ws.security.jaas.common.callback.AuthenticationDataCallbackHandler;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(immediate = true, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:com/ibm/ws/security/authentication/internal/jaas/JAASServiceImpl.class */
public class JAASServiceImpl implements JAASService {
    public static final String KEY_JAAS_LOGIN_CONTEXT_ENTRY = "JaasLoginContextEntry";
    public static final String KEY_JAAS_LOGIN_MODULE_CONFIG = "jaasLoginModuleConfig";
    static final String KEY_CHANGE_SERVICE = "jaasChangeNotifier";
    static final String KEY_ID = "id";
    static final String KEY_COMPONENT_NAME = "component.name";
    public ConcurrentServiceReferenceMap<String, JAASLoginContextEntry> jaasLoginContextEntries = new ConcurrentServiceReferenceMap<>(KEY_JAAS_LOGIN_CONTEXT_ENTRY);
    private final AtomicServiceReference<JAASChangeNotifier> jaasChangeNotifierService = new AtomicServiceReference<>(KEY_CHANGE_SERVICE);
    protected ComponentContext cc;
    protected Map<String, Object> properties;
    private JAASConfigurationFactory jaasConfigurationFactory;
    private static AuthenticationService authenticationService;
    static final long serialVersionUID = -8947955617225539183L;
    static final TraceComponent tc = Tr.register(JAASServiceImpl.class);
    public static final String KEY_TOKEN_MANAGER = "tokenManager";
    private static final AtomicServiceReference<TokenManager> tokenManager = new AtomicServiceReference<>(KEY_TOKEN_MANAGER);
    public static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    private static final AtomicServiceReference<CredentialsService> credentialService = new AtomicServiceReference<>(KEY_CREDENTIALS_SERVICE);
    public static final String KEY_USER_REGISTRY_SERVICE = "userRegistryService";
    private static final AtomicServiceReference<UserRegistryService> userRegistryService = new AtomicServiceReference<>(KEY_USER_REGISTRY_SERVICE);
    public static final String KEY_COLLECTIVE_AUTHENTICATON_PLUGIN = "collectiveAuthenticationPlugin";
    private static final AtomicServiceReference<CollectiveAuthenticationPlugin> collectiveAuthenticationPlugin = new AtomicServiceReference<>(KEY_COLLECTIVE_AUTHENTICATON_PLUGIN);
    public static final String KEY_JAAS_CONFIG_FACTORY = "jaasConfigurationFactory";
    private static final AtomicServiceReference<JAASConfigurationFactory> jaasConfigurationFactoryRef = new AtomicServiceReference<>(KEY_JAAS_CONFIG_FACTORY);
    public static final String KEY_CERT_AUTHENTICATOR = "certificateAuthenticator";
    public static ConcurrentServiceReferenceMap<String, CertificateAuthenticator> certificateAuthenticators = new ConcurrentServiceReferenceMap<>(KEY_CERT_AUTHENTICATOR);
    private static CollectiveAuthenticationPlugin cap = null;

    @Reference(service = CollectiveAuthenticationPlugin.class, name = KEY_COLLECTIVE_AUTHENTICATON_PLUGIN, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    public void setCollectiveAuthenticationPlugin(CollectiveAuthenticationPlugin collectiveAuthenticationPlugin2) {
        cap = collectiveAuthenticationPlugin2;
        Tr.info(tc, "JAAS_LOGIN_COLLECTIVE_PLUGIN_AVAILABLE", new Object[]{collectiveAuthenticationPlugin2.getClass().getSimpleName()});
    }

    public void unsetCollectiveAuthenticationPlugin(CollectiveAuthenticationPlugin collectiveAuthenticationPlugin2) {
        if (collectiveAuthenticationPlugin2 == cap) {
            Tr.info(tc, "JAAS_LOGIN_COLLECTIVE_PLUGIN_UNAVAILABLE", new Object[]{collectiveAuthenticationPlugin2.getClass().getSimpleName()});
            cap = null;
        }
    }

    public static CollectiveAuthenticationPlugin getCollectiveAuthenticationPlugin() {
        return cap;
    }

    @Reference(service = UserRegistryService.class, name = KEY_USER_REGISTRY_SERVICE)
    public void setUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        userRegistryService.setReference(serviceReference);
    }

    public void unsetUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        userRegistryService.unsetReference(serviceReference);
    }

    public static UserRegistry getUserRegistry() throws RegistryException {
        return ((UserRegistryService) userRegistryService.getService()).getUserRegistry();
    }

    @Reference(service = TokenManager.class, name = KEY_TOKEN_MANAGER)
    public void setTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.setReference(serviceReference);
    }

    public static TokenManager getTokenManager() {
        return (TokenManager) tokenManager.getService();
    }

    public void unsetTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.unsetReference(serviceReference);
    }

    @Reference(service = CredentialsService.class, name = KEY_CREDENTIALS_SERVICE)
    public void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        credentialService.setReference(serviceReference);
    }

    public void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        credentialService.unsetReference(serviceReference);
    }

    public static CredentialsService getCredentialsService() {
        return (CredentialsService) credentialService.getService();
    }

    public static void setAuthenticationService(AuthenticationService authenticationService2) {
        authenticationService = authenticationService2;
    }

    public static AuthenticationService getAuthenticationService() {
        return authenticationService;
    }

    public static void unsetAuthenticationService(AuthenticationService authenticationService2) {
        if (authenticationService == authenticationService2) {
            authenticationService = null;
        }
    }

    @Reference(service = JAASLoginContextEntry.class, name = KEY_JAAS_LOGIN_CONTEXT_ENTRY, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        processContextEntry(serviceReference);
    }

    protected void updatedJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        processContextEntry(serviceReference);
    }

    protected void unsetJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        if (this.jaasLoginContextEntries.removeReference((String) serviceReference.getProperty(KEY_ID), serviceReference)) {
            modified(this.properties);
        }
    }

    @Reference(service = CertificateAuthenticator.class, name = KEY_CERT_AUTHENTICATOR, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setCertificateAuthenticator(ServiceReference<CertificateAuthenticator> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "CertificateAuthenticator key: " + serviceReference.getProperty(KEY_COMPONENT_NAME), new Object[0]);
        }
        certificateAuthenticators.putReference(serviceReference.getProperty(KEY_COMPONENT_NAME).toString(), serviceReference);
    }

    protected void unsetCertificateAuthenticator(ServiceReference<CertificateAuthenticator> serviceReference) {
        certificateAuthenticators.removeReference(serviceReference.getProperty(KEY_COMPONENT_NAME).toString(), serviceReference);
    }

    public static ConcurrentServiceReferenceMap<String, CertificateAuthenticator> getCertificateAuthenticators() {
        return certificateAuthenticators;
    }

    private void processContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        boolean removeReference;
        String str = (String) serviceReference.getProperty(KEY_ID);
        String[] strArr = (String[]) serviceReference.getProperty("loginModuleRef");
        if (strArr != null && strArr.length != 0) {
            this.jaasLoginContextEntries.putReference(str, serviceReference);
            removeReference = true;
        } else if (JAASConfigurationImpl.defaultEntryIds.contains(str)) {
            this.jaasLoginContextEntries.putReference(str, serviceReference);
            removeReference = true;
        } else {
            Tr.error(tc, "JAAS_LOGIN_CONTEXT_ENTRY_HAS_NO_LOGIN_MODULE", new Object[]{str});
            removeReference = false | this.jaasLoginContextEntries.removeReference(str, serviceReference);
        }
        if (removeReference) {
            modified(this.properties);
        }
    }

    @Reference(service = JAASChangeNotifier.class, name = KEY_CHANGE_SERVICE)
    protected void setJaasChangeNotifier(ServiceReference<JAASChangeNotifier> serviceReference) {
        this.jaasChangeNotifierService.setReference(serviceReference);
    }

    protected void unsetJaasChangeNotifier(ServiceReference<JAASChangeNotifier> serviceReference) {
        this.jaasChangeNotifierService.unsetReference(serviceReference);
    }

    @Reference(service = JAASConfigurationFactory.class, name = KEY_JAAS_CONFIG_FACTORY)
    public void setJaasConfigurationFactory(ServiceReference<JAASConfigurationFactory> serviceReference) {
        jaasConfigurationFactoryRef.setReference(serviceReference);
    }

    public void unsetJaasConfigurationFactory(ServiceReference<JAASConfigurationFactory> serviceReference) {
        jaasConfigurationFactoryRef.unsetReference(serviceReference);
    }

    @Activate
    public void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.jaasLoginContextEntries.activate(componentContext);
        tokenManager.activate(componentContext);
        credentialService.activate(componentContext);
        userRegistryService.activate(componentContext);
        this.jaasChangeNotifierService.activate(componentContext);
        collectiveAuthenticationPlugin.activate(componentContext);
        jaasConfigurationFactoryRef.activate(componentContext);
        certificateAuthenticators.activate(componentContext);
        modified(map);
    }

    @Modified
    protected void modified(Map<String, Object> map) {
        this.properties = map;
        this.jaasConfigurationFactory = (JAASConfigurationFactory) jaasConfigurationFactoryRef.getService();
        if (this.jaasConfigurationFactory != null) {
            this.jaasConfigurationFactory.installJAASConfiguration(this.jaasLoginContextEntries);
            configReady();
        }
    }

    @Deactivate
    public void deactivate(ComponentContext componentContext) {
        tokenManager.deactivate(componentContext);
        credentialService.deactivate(componentContext);
        userRegistryService.deactivate(componentContext);
        this.jaasLoginContextEntries.deactivate(componentContext);
        this.jaasChangeNotifierService.deactivate(componentContext);
        collectiveAuthenticationPlugin.deactivate(componentContext);
        jaasConfigurationFactoryRef.deactivate(componentContext);
        certificateAuthenticators.deactivate(componentContext);
        Configuration.setConfiguration((Configuration) null);
    }

    @Override // com.ibm.ws.security.authentication.internal.JAASService
    public Subject performLogin(String str, AuthenticationData authenticationData, Subject subject) throws LoginException {
        return performLogin(str, createCallbackHandlerForAuthenticationData(authenticationData), subject);
    }

    @Override // com.ibm.ws.security.authentication.internal.JAASService
    public Subject performLogin(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        LoginContext doLoginContext = doLoginContext(str, callbackHandler, subject);
        if (doLoginContext == null) {
            return null;
        }
        return doLoginContext.getSubject();
    }

    private LoginContext doLoginContext(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        LoginContext createLoginContext = createLoginContext(str, callbackHandler, subject);
        createLoginContext.login();
        return createLoginContext;
    }

    public CallbackHandler createCallbackHandlerForAuthenticationData(AuthenticationData authenticationData) {
        return new AuthenticationDataCallbackHandler(authenticationData);
    }

    public LoginContext createLoginContext(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        return subject != null ? new LoginContext(str, subject, callbackHandler) : new LoginContext(str, callbackHandler);
    }

    public void configReady() {
        JAASChangeNotifier jAASChangeNotifier;
        if (authenticationService == null || (jAASChangeNotifier = (JAASChangeNotifier) this.jaasChangeNotifierService.getService()) == null) {
            return;
        }
        jAASChangeNotifier.notifyListeners();
    }
}
