package com.ibm.ws.security.authentication.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.AccessIdUtil;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.UnauthenticatedSubjectService;
import com.ibm.ws.security.credentials.CredentialProvider;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistryChangeListener;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.Hashtable;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/authentication/internal/UnauthenticatedSubjectServiceImpl.class */
public class UnauthenticatedSubjectServiceImpl implements UnauthenticatedSubjectService, UserRegistryChangeListener {
    private static final TraceComponent tc = Tr.register(UnauthenticatedSubjectServiceImpl.class, (String) null, (String) null);
    static final String KEY_SECURITY_SERVICE = "securityService";
    static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    protected final AtomicServiceReference<SecurityService> securityServiceRef = new AtomicServiceReference<>(KEY_SECURITY_SERVICE);
    protected final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>("credentialsService");
    private Subject unauthenticatedSubject = null;
    private final Object unauthenticatedSubjectLock = new Object() { // from class: com.ibm.ws.security.authentication.internal.UnauthenticatedSubjectServiceImpl.1
        static final long serialVersionUID = 2234913038336933277L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class, (String) null, (String) null);
    };
    static final long serialVersionUID = -259576979582176405L;

    protected void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.setReference(serviceReference);
    }

    protected void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.unsetReference(serviceReference);
    }

    protected void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    protected void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    protected void setCredentialProvider(ServiceReference<CredentialProvider> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as new CredentialProvider has been set", new Object[0]);
        }
        synchronized (this.unauthenticatedSubjectLock) {
            this.unauthenticatedSubject = null;
        }
    }

    protected void unsetCredentialProvider(ServiceReference<CredentialProvider> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as CredentialProvider has been unset", new Object[0]);
        }
        synchronized (this.unauthenticatedSubjectLock) {
            this.unauthenticatedSubject = null;
        }
    }

    protected void activate(ComponentContext componentContext) {
        this.securityServiceRef.activate(componentContext);
        this.credentialsServiceRef.activate(componentContext);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.securityServiceRef.deactivate(componentContext);
        this.credentialsServiceRef.deactivate(componentContext);
    }

    public void notifyOfUserRegistryChange() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as UserRegistry configuration has changed", new Object[0]);
        }
        synchronized (this.unauthenticatedSubjectLock) {
            this.unauthenticatedSubject = null;
        }
    }

    @FFDCIgnore({RegistryException.class})
    private String getUserRegistryRealm() {
        String str = "defaultRealm";
        try {
            UserRegistryService userRegistryService = ((SecurityService) this.securityServiceRef.getService()).getUserRegistryService();
            if (userRegistryService.isUserRegistryConfigured()) {
                str = userRegistryService.getUserRegistry().getRealm();
            }
        } catch (RegistryException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "RegistryException while trying to get the realm", new Object[]{e});
            }
        }
        return str;
    }

    @FFDCIgnore({Exception.class})
    public Subject getUnauthenticatedSubject() {
        if (this.unauthenticatedSubject == null) {
            String unauthenticatedUserid = ((CredentialsService) this.credentialsServiceRef.getService()).getUnauthenticatedUserid();
            try {
                Subject subject = new Subject();
                Hashtable hashtable = new Hashtable();
                hashtable.put("com.ibm.wsspi.security.cred.securityName", unauthenticatedUserid);
                hashtable.put("com.ibm.wsspi.security.cred.uniqueId", AccessIdUtil.createAccessId("user", getUserRegistryRealm(), unauthenticatedUserid));
                subject.getPublicCredentials().add(hashtable);
                Subject authenticate = ((SecurityService) this.securityServiceRef.getService()).getAuthenticationService().authenticate("system.UNAUTHENTICATED", subject);
                authenticate.setReadOnly();
                synchronized (this.unauthenticatedSubjectLock) {
                    if (this.unauthenticatedSubject == null) {
                        this.unauthenticatedSubject = authenticate;
                    }
                }
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Internal error creating UNAUTHENTICATED subject.", new Object[]{e});
                }
            }
        }
        return this.unauthenticatedSubject;
    }
}
