package com.ibm.ws.security.authentication.internal.cache.keyproviders;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.cache.AuthCacheService;
import com.ibm.ws.security.authentication.cache.CacheContext;
import com.ibm.ws.security.authentication.cache.CacheKeyProvider;
import com.ibm.ws.security.authentication.internal.SSOTokenHelper;
import com.ibm.ws.security.authentication.internal.jaas.JAASServiceImpl;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/authentication/internal/cache/keyproviders/CustomCacheKeyProvider.class */
public class CustomCacheKeyProvider implements CacheKeyProvider {
    private final SubjectHelper subjectHelper = new SubjectHelper();
    private static final String OIDC_ACCESS_TOKEN = "oidc_access_token";
    private static final String LTPA_OID = "oid:1.3.18.0.2.30.2";
    private static final String JWT_OID = "oid:1.3.18.0.2.30.3";
    static final long serialVersionUID = -53305334163998608L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.authentication.internal.cache.keyproviders.CustomCacheKeyProvider", CustomCacheKeyProvider.class, (String) null, (String) null);
    private static final String[] hashtableProperties = {"com.ibm.wsspi.security.cred.cacheKey"};
    private static final AtomicServiceReference<TokenManager> tokenManager = new AtomicServiceReference<>(JAASServiceImpl.KEY_TOKEN_MANAGER);

    protected void setTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.setReference(serviceReference);
    }

    protected void unsetTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.setReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        tokenManager.activate(componentContext);
    }

    protected void deactivate(ComponentContext componentContext) {
        tokenManager.deactivate(componentContext);
    }

    public Object provideKey(CacheContext cacheContext) {
        return getCustomCacheKey(cacheContext.getSubject());
    }

    @FFDCIgnore({InvalidTokenException.class, TokenExpiredException.class})
    public static String getCustomCacheKey(AuthCacheService authCacheService, byte[] bArr, AuthenticationData authenticationData) throws AuthenticationException {
        String str = null;
        TokenManager tokenManager2 = (TokenManager) tokenManager.getService();
        if (tokenManager2 == null) {
            return null;
        }
        try {
            Token recreateTokenFromBytes = tokenManager2.recreateTokenFromBytes(bArr, new String[0]);
            String[] attributes = recreateTokenFromBytes.getAttributes("com.ibm.wsspi.security.cred.cacheKey");
            if (attributes != null && attributes.length > 0) {
                str = attributes[0];
            }
            String[] attributes2 = recreateTokenFromBytes.getAttributes(OIDC_ACCESS_TOKEN);
            if (attributes2 != null && attributes2.length > 0) {
                ((HttpServletRequest) authenticationData.get("HTTP_SERVLET_REQUEST")).setAttribute(OIDC_ACCESS_TOKEN, attributes2[0]);
            }
            return str;
        } catch (TokenExpiredException e) {
            throw new AuthenticationException(e.getMessage());
        } catch (InvalidTokenException e2) {
            throw new AuthenticationException(e2.getMessage());
        }
    }

    private String getCustomCacheKey(final Subject subject) {
        SingleSignonToken singleSignonToken;
        String[] attributes;
        String str = null;
        Hashtable hashtableFromSubject = this.subjectHelper.getHashtableFromSubject(subject, hashtableProperties);
        if (hashtableFromSubject != null) {
            str = (String) hashtableFromSubject.get("com.ibm.wsspi.security.cred.cacheKey");
        }
        if (str == null && (singleSignonToken = (SingleSignonToken) AccessController.doPrivileged(new PrivilegedAction<SingleSignonToken>() { // from class: com.ibm.ws.security.authentication.internal.cache.keyproviders.CustomCacheKeyProvider.1
            static final long serialVersionUID = -3718579988527352627L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.authentication.internal.cache.keyproviders.CustomCacheKeyProvider$1", AnonymousClass1.class, (String) null, (String) null);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SingleSignonToken run() {
                return SSOTokenHelper.getSSOToken(subject);
            }
        })) != null && (attributes = singleSignonToken.getAttributes("com.ibm.wsspi.security.cred.cacheKey")) != null) {
            str = attributes[0];
        }
        return str;
    }
}
