package com.ibm.ws.security.social.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.filter.AuthenticationFilter;
import com.ibm.ws.security.common.config.CommonConfigUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.SocialLoginService;
import com.ibm.ws.security.social.SslRefInfo;
import com.ibm.ws.security.social.UserApiConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.utils.Cache;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialHashUtils;
import com.ibm.ws.security.social.tai.SocialLoginTAI;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import com.ibm.wsspi.ssl.SSLSupport;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(name = "com.ibm.ws.security.social.oauth2login", configurationPolicy = ConfigurationPolicy.REQUIRE, immediate = true, service = {SocialLoginConfig.class}, property = {"service.vendor=IBM", "type=oauth2Login"})
/* loaded from: input_file:com/ibm/ws/security/social/internal/Oauth2LoginConfigImpl.class */
public class Oauth2LoginConfigImpl implements SocialLoginConfig {
    protected static final String KEY_UNIQUE_ID = "id";
    public static final String KEY_clientId = "clientId";
    public static final String KEY_clientSecret = "clientSecret";
    public static final String KEY_displayName = "displayName";
    public static final String KEY_website = "website";
    public static final String KEY_authorizationEndpoint = "authorizationEndpoint";
    public static final String KEY_tokenEndpoint = "tokenEndpoint";
    public static final String KEY_userApi = "userApi";
    public static final String KEY_authFilterRef = "authFilterRef";
    protected String authFilterRef;
    protected String authFilterId;
    public static final String KEY_sslRef = "sslRef";
    protected String sslRef;
    public static final String KEY_keyAliasName = "keyAliasName";
    protected String keyAliasName;
    public static final String KEY_scope = "scope";
    public static final String KEY_responseType = "responseType";
    public static final String KEY_nonce = "nonce";
    public static final String KEY_resource = "resource";
    public static final String KEY_isClientSideRedirectSupported = "isClientSideRedirectSupported";
    public static final String KEY_tokenEndpointAuthMethod = "tokenEndpointAuthMethod";
    public static final String KEY_userApiNeedsSpecialHeader = "userApiNeedsSpecialHeader";
    public static final String KEY_redirectToRPHostAndPort = "redirectToRPHostAndPort";
    public static final String KEY_jwksUri = "jwksUri";
    public static final String KEY_realmName = "realmName";
    public static final String KEY_realmNameAttribute = "realmNameAttribute";
    public static final String KEY_userNameAttribute = "userNameAttribute";
    public static final String KEY_groupNameAttribute = "groupNameAttribute";
    public static final String KEY_userUniqueIdAttribute = "userUniqueIdAttribute";
    public static final String KEY_mapToUserRegistry = "mapToUserRegistry";
    public static final String KEY_requestTokenUrl = "requestTokenUrl";
    public static final String CFG_KEY_jwt = "jwt";
    public static final String CFG_KEY_jwtRef = "builder";
    public static final String CFG_KEY_jwtClaims = "claims";
    protected String[] jwtClaims;
    public static final String DEFAULT_JWT_BUILDER = "defaultJWT";
    static final String KEY_SOCIAL_LOGIN_SERVICE = "socialLoginService";
    public static final String KEY_USE_SYSPROPS_FOR_HTTPCLIENT_CONNECTONS = "useSystemPropertiesForHttpClientConnections";
    private String bundleLocation;
    static final long serialVersionUID = -6412462490959908673L;
    public static final TraceComponent tc = Tr.register(Oauth2LoginConfigImpl.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    public static final String DEFAULT_CONTEXT_ROOT = "/ibm/api/social-login";
    static String contextRoot = DEFAULT_CONTEXT_ROOT;
    protected final boolean IS_REQUIRED = true;
    protected final boolean IS_NOT_REQUIRED = false;
    protected String uniqueId = null;
    protected Cache cache = null;
    protected String clientId = null;

    @Sensitive
    protected String clientSecret = null;
    protected String displayName = null;
    protected String website = null;
    protected String authorizationEndpoint = null;
    protected String tokenEndpoint = null;
    protected String userApi = null;
    protected String[] userApis = null;
    protected AuthenticationFilter authFilter = null;
    protected SSLContext sslContext = null;
    protected SSLSocketFactory sslSocketFactory = null;
    protected String algorithm = "AES";
    protected String scope = null;
    protected String responseType = null;
    protected String grantType = null;
    protected boolean nonce = false;
    protected String resource = null;
    protected boolean isClientSideRedirectSupported = true;
    protected String tokenEndpointAuthMethod = null;
    protected boolean userApiNeedsSpecialHeader = false;
    protected String redirectToRPHostAndPort = null;
    protected UserApiConfig[] userApiConfigs = null;
    protected String userApiResponseIdentifier = null;
    protected SslRefInfo sslRefInfo = null;
    protected String jwksUri = null;
    protected String realmName = null;
    protected String realmNameAttribute = null;
    protected String userNameAttribute = null;
    protected String groupNameAttribute = null;
    protected String userUniqueIdAttribute = null;
    protected boolean mapToUserRegistry = false;
    protected String requestTokenUrl = null;
    protected String jwtRef = null;
    protected boolean useSystemPropertiesForHttpClientConnections = false;
    protected CommonConfigUtils configUtils = new CommonConfigUtils();
    final AtomicServiceReference<SocialLoginService> socialLoginServiceRef = new AtomicServiceReference<>(KEY_SOCIAL_LOGIN_SERVICE);

    @Reference(service = SocialLoginService.class, name = KEY_SOCIAL_LOGIN_SERVICE, cardinality = ReferenceCardinality.MANDATORY)
    protected void setSocialLoginService(ServiceReference<SocialLoginService> serviceReference) {
        this.socialLoginServiceRef.setReference(serviceReference);
    }

    public static String getContextRoot() {
        return contextRoot;
    }

    public static void setContextRoot(String str) {
        contextRoot = str;
    }

    protected void unsetSocialLoginService(ServiceReference<SocialLoginService> serviceReference) {
        this.socialLoginServiceRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) throws SocialLoginException {
        this.socialLoginServiceRef.activate(componentContext);
        this.bundleLocation = componentContext.getBundleContext().getBundle().getLocation();
        this.uniqueId = this.configUtils.getConfigAttribute(map, "id");
        initProps(componentContext, map);
        Tr.info(tc, "SOCIAL_LOGIN_CONFIG_PROCESSED", new Object[]{this.uniqueId});
    }

    @Modified
    protected void modified(ComponentContext componentContext, Map<String, Object> map) throws SocialLoginException {
        initProps(componentContext, map);
        Tr.info(tc, "SOCIAL_LOGIN_CONFIG_MODIFIED", new Object[]{this.uniqueId});
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.socialLoginServiceRef.deactivate(componentContext);
        Tr.info(tc, "SOCIAL_LOGIN_CONFIG_DEACTIVATED", new Object[]{this.uniqueId});
    }

    public void initProps(ComponentContext componentContext, Map<String, Object> map) throws SocialLoginException {
        setRequiredConfigAttributes(map);
        setOptionalConfigAttributes(map);
        initializeMembersAfterConfigAttributesPopulated(map);
        debug();
    }

    protected void setRequiredConfigAttributes(Map<String, Object> map) {
        this.clientId = getRequiredConfigAttribute(map, KEY_clientId);
        this.clientSecret = getRequiredSerializableProtectedStringConfigAttribute(map, KEY_clientSecret);
        this.authorizationEndpoint = getRequiredConfigAttribute(map, KEY_authorizationEndpoint);
        this.scope = getRequiredConfigAttribute(map, "scope");
    }

    protected void setOptionalConfigAttributes(Map<String, Object> map) throws SocialLoginException {
        this.useSystemPropertiesForHttpClientConnections = this.configUtils.getBooleanConfigAttribute(map, KEY_USE_SYSPROPS_FOR_HTTPCLIENT_CONNECTONS, false);
        this.displayName = this.configUtils.getConfigAttribute(map, KEY_displayName);
        this.website = this.configUtils.getConfigAttribute(map, "website");
        this.tokenEndpoint = this.configUtils.getConfigAttribute(map, KEY_tokenEndpoint);
        this.jwksUri = this.configUtils.getConfigAttribute(map, KEY_jwksUri);
        this.responseType = this.configUtils.getConfigAttributeWithDefaultValue(map, KEY_responseType, ClientConstants.CODE);
        this.tokenEndpointAuthMethod = this.configUtils.getConfigAttributeWithDefaultValue(map, KEY_tokenEndpointAuthMethod, "client_secret_post");
        this.sslRef = this.configUtils.getConfigAttribute(map, KEY_sslRef);
        this.authFilterRef = this.configUtils.getConfigAttribute(map, KEY_authFilterRef);
        this.redirectToRPHostAndPort = this.configUtils.getConfigAttribute(map, KEY_redirectToRPHostAndPort);
        this.userNameAttribute = this.configUtils.getConfigAttribute(map, KEY_userNameAttribute);
        this.userApi = this.configUtils.getConfigAttribute(map, KEY_userApi);
        this.realmName = this.configUtils.getConfigAttribute(map, KEY_realmName);
        this.realmNameAttribute = this.configUtils.getConfigAttribute(map, KEY_realmNameAttribute);
        this.groupNameAttribute = this.configUtils.getConfigAttribute(map, KEY_groupNameAttribute);
        this.userUniqueIdAttribute = this.configUtils.getConfigAttribute(map, KEY_userUniqueIdAttribute);
        this.mapToUserRegistry = this.configUtils.getBooleanConfigAttribute(map, KEY_mapToUserRegistry, this.mapToUserRegistry);
        this.isClientSideRedirectSupported = this.configUtils.getBooleanConfigAttribute(map, KEY_isClientSideRedirectSupported, this.isClientSideRedirectSupported);
        this.nonce = this.configUtils.getBooleanConfigAttribute(map, KEY_nonce, this.nonce);
        this.userApiNeedsSpecialHeader = this.configUtils.getBooleanConfigAttribute(map, KEY_userApiNeedsSpecialHeader, this.userApiNeedsSpecialHeader);
    }

    protected void initializeMembersAfterConfigAttributesPopulated(Map<String, Object> map) throws SocialLoginException {
        initializeUserApiConfigs();
        initializeJwt(map);
        resetLazyInitializedMembers();
        setGrantType();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeUserApiConfigs() throws SocialLoginException {
        this.userApiConfigs = initUserApiConfigs(this.userApi);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Configuration getCustomConfiguration(String str) {
        if (this.socialLoginServiceRef.getService() == null) {
            return null;
        }
        try {
            return ((SocialLoginService) this.socialLoginServiceRef.getService()).getConfigAdmin().getConfiguration(str, "");
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl", "273", this, new Object[]{str});
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeJwt(Map<String, Object> map) {
        Dictionary properties;
        Configuration configuration = null;
        if (this.socialLoginServiceRef.getService() != null) {
            configuration = handleJwtElement(map, ((SocialLoginService) this.socialLoginServiceRef.getService()).getConfigAdmin());
        }
        if (configuration == null || (properties = configuration.getProperties()) == null) {
            return;
        }
        this.jwtRef = CommonConfigUtils.trim((String) properties.get(CFG_KEY_jwtRef));
        this.jwtClaims = CommonConfigUtils.trim((String[]) properties.get(CFG_KEY_jwtClaims));
    }

    protected Configuration handleJwtElement(Map<String, Object> map, ConfigurationAdmin configurationAdmin) {
        String configAttribute = this.configUtils.getConfigAttribute(map, "jwt");
        Configuration configuration = null;
        if (configAttribute != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "jwt element exists", new Object[0]);
            }
            if (configurationAdmin != null) {
                try {
                    configuration = configurationAdmin.getConfiguration(configAttribute, this.bundleLocation);
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl", "304", this, new Object[]{map, configurationAdmin});
                }
            }
        }
        return configuration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetLazyInitializedMembers() {
        this.userApis = null;
        this.sslRefInfo = null;
        this.authFilter = null;
        this.sslContext = null;
        this.sslSocketFactory = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setGrantType() {
        this.grantType = ClientConstants.AUTHORIZATION_CODE;
        if (this.responseType == null || !this.responseType.contains(ClientConstants.TOKEN)) {
            return;
        }
        this.grantType = ClientConstants.IMPLICIT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequiredConfigAttribute(Map<String, Object> map, String str) {
        String configAttribute = this.configUtils.getConfigAttribute(map, str);
        if (configAttribute == null) {
            logErrorForMissingRequiredAttribute(str);
        }
        return configAttribute;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Sensitive
    public String getRequiredSerializableProtectedStringConfigAttribute(Map<String, Object> map, String str) {
        String decodeString = SocialHashUtils.decodeString((SerializableProtectedString) map.get(str));
        if (decodeString == null) {
            logErrorForMissingRequiredAttribute(str);
        }
        return decodeString;
    }

    void logErrorForMissingRequiredAttribute(String str) {
        Tr.error(tc, "CONFIG_REQUIRED_ATTRIBUTE_NULL", new Object[]{str, this.uniqueId});
    }

    protected String defaultJwtBuilder() {
        return DEFAULT_JWT_BUILDER;
    }

    protected void debug() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "" + this, new Object[0]);
            Tr.debug(tc, "clientId = " + this.clientId, new Object[0]);
            Tr.debug(tc, "clientSecret is null = " + (this.clientSecret == null), new Object[0]);
            Tr.debug(tc, "displayName = " + this.displayName, new Object[0]);
            Tr.debug(tc, "website = " + this.website, new Object[0]);
            Tr.debug(tc, "authorizationEndpoint = " + this.authorizationEndpoint, new Object[0]);
            Tr.debug(tc, "tokenEndpoint = " + this.tokenEndpoint, new Object[0]);
            Tr.debug(tc, "jwksUri = " + this.jwksUri, new Object[0]);
            Tr.debug(tc, "responseType = " + this.responseType, new Object[0]);
            Tr.debug(tc, "tokenEndpointAuthMethod = " + this.tokenEndpointAuthMethod, new Object[0]);
            Tr.debug(tc, "sslRef = " + this.sslRef, new Object[0]);
            Tr.debug(tc, "scope = " + this.scope, new Object[0]);
            Tr.debug(tc, "authFilterRef = " + this.authFilterRef, new Object[0]);
            Tr.debug(tc, "redirectToRPHostAndPort = " + this.redirectToRPHostAndPort, new Object[0]);
            Tr.debug(tc, "userNameAttribute = " + this.userNameAttribute, new Object[0]);
            Tr.debug(tc, "userApi = " + this.userApi, new Object[0]);
            Tr.debug(tc, "userApiConfigs = " + (this.userApiConfigs == null ? "null" : Integer.valueOf(this.userApiConfigs.length)), new Object[0]);
            Tr.debug(tc, "realmName = " + this.realmName, new Object[0]);
            Tr.debug(tc, "realmNameAttribute = " + this.realmNameAttribute, new Object[0]);
            Tr.debug(tc, "groupNameAttribute = " + this.groupNameAttribute, new Object[0]);
            Tr.debug(tc, "userUniqueIdAttribute = " + this.userUniqueIdAttribute, new Object[0]);
            Tr.debug(tc, "mapToUserRegistry = " + this.mapToUserRegistry, new Object[0]);
            Tr.debug(tc, "builder = " + this.jwtRef, new Object[0]);
            Tr.debug(tc, "claims = " + (this.jwtClaims == null ? null : Arrays.toString(this.jwtClaims)), new Object[0]);
            Tr.debug(tc, "isClientSideRedirectSupported = " + this.isClientSideRedirectSupported, new Object[0]);
            Tr.debug(tc, "nonce = " + this.nonce, new Object[0]);
            Tr.debug(tc, "userApiNeedsSpecialHeader = " + this.userApiNeedsSpecialHeader, new Object[0]);
        }
    }

    UserApiConfig[] initUserApiConfigs(String str) throws SocialLoginException {
        if (str != null) {
            return new UserApiConfig[]{new UserApiConfigImpl(str)};
        }
        return null;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getUniqueId() {
        return this.uniqueId;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public AuthenticationFilter getAuthFilter() {
        if (this.authFilter == null) {
            this.authFilter = SocialLoginTAI.getAuthFilter(this.authFilterRef);
        }
        return this.authFilter;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getClientId() {
        return this.clientId;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    @Sensitive
    public String getClientSecret() {
        return this.clientSecret;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getDisplayName() {
        return this.displayName;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getWebsite() {
        return this.website;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getAuthorizationEndpoint() {
        return this.authorizationEndpoint;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public UserApiConfig[] getUserApis() {
        if (this.userApiConfigs == null) {
            return null;
        }
        return (UserApiConfig[]) this.userApiConfigs.clone();
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getUserApi() {
        return this.userApi;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public Cache getSocialLoginCookieCache() {
        if (this.cache == null) {
            this.cache = new Cache(0, 0L);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "socialLoginCockieCache cache:" + this.cache, new Object[0]);
        }
        return this.cache;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getSslRef() {
        return this.sslRef;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getScope() {
        return this.scope;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getResponseType() {
        return this.responseType;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getGrantType() {
        return this.grantType;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public boolean createNonce() {
        return this.nonce;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getResource() {
        return this.resource;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public boolean isClientSideRedirectSupported() {
        return this.isClientSideRedirectSupported;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getTokenEndpointAuthMethod() {
        return this.tokenEndpointAuthMethod;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getRedirectToRPHostAndPort() {
        return this.redirectToRPHostAndPort;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public HashMap<String, PublicKey> getPublicKeys() throws SocialLoginException {
        if (this.sslRefInfo == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Social login service is not available", new Object[0]);
                return null;
            }
            this.sslRefInfo = createSslRefInfoImpl(socialLoginService);
        }
        return this.sslRefInfo.getPublicKeys();
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public SSLContext getSSLContext() throws SocialLoginException {
        if (this.sslContext == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Social login service is not available", new Object[0]);
                return null;
            }
            SSLSupport sslSupport = socialLoginService.getSslSupport();
            if (sslSupport == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "SSL support could not be found for social login service", new Object[0]);
                return null;
            }
            try {
                JSSEHelper jSSEHelper = sslSupport.getJSSEHelper();
                if (jSSEHelper != null) {
                    this.sslContext = jSSEHelper.getSSLContext(this.sslRef, (Map) null, (SSLConfigChangeListener) null, true);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "sslContext (" + this.sslRef + ") get: " + this.sslContext, new Object[0]);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl", "578", this, new Object[0]);
                throw new SocialLoginException("FAILED_TO_GET_SSL_CONTEXT", e, new Object[]{this.uniqueId, e.getLocalizedMessage()});
            }
        }
        return this.sslContext;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public SSLSocketFactory getSSLSocketFactory() throws SocialLoginException {
        if (this.sslContext == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Social login service is not available", new Object[0]);
                return null;
            }
            SSLSupport sslSupport = socialLoginService.getSslSupport();
            if (sslSupport == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "SSL support could not be found for social login service", new Object[0]);
                return null;
            }
            try {
                this.sslSocketFactory = sslSupport.getSSLSocketFactory(this.sslRef);
                sslSupport.getJSSEHelper();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "sslSocketFactory (" + this.sslRef + ") get: " + this.sslSocketFactory, new Object[0]);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl", "609", this, new Object[0]);
                throw new SocialLoginException("FAILED_TO_GET_SSL_CONTEXT", e, new Object[]{this.uniqueId, e.getLocalizedMessage()});
            }
        }
        return this.sslSocketFactory;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getJwksUri() {
        return this.jwksUri;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getRealmName() {
        return this.realmName;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getRealmNameAttribute() {
        return this.realmNameAttribute;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getUserNameAttribute() {
        return this.userNameAttribute;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getGroupNameAttribute() {
        return this.groupNameAttribute;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getUserUniqueIdAttribute() {
        return this.userUniqueIdAttribute;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public boolean getMapToUserRegistry() {
        return this.mapToUserRegistry;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getJwtRef() {
        return this.jwtRef;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String[] getJwtClaims() {
        if (this.jwtClaims != null) {
            return (String[]) this.jwtClaims.clone();
        }
        return null;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getAlgorithm() {
        return this.algorithm;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public PublicKey getPublicKey() throws SocialLoginException {
        if (this.sslRefInfo == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Social login service is not available", new Object[0]);
                return null;
            }
            this.sslRefInfo = createSslRefInfoImpl(socialLoginService);
        }
        return this.sslRefInfo.getPublicKey();
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public PrivateKey getPrivateKey() throws SocialLoginException {
        if (this.sslRefInfo == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Social login service is not available", new Object[0]);
                return null;
            }
            this.sslRefInfo = createSslRefInfoImpl(socialLoginService);
        }
        return this.sslRefInfo.getPrivateKey();
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getRequestTokenUrl() {
        return this.requestTokenUrl;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getUserApiResponseIdentifier() {
        return this.userApiResponseIdentifier;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public boolean getUserApiNeedsSpecialHeader() {
        return this.userApiNeedsSpecialHeader;
    }

    protected SslRefInfoImpl createSslRefInfoImpl(SocialLoginService socialLoginService) {
        return new SslRefInfoImpl(socialLoginService.getSslSupport(), socialLoginService.getKeyStoreServiceRef(), this.sslRef, this.keyAliasName);
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public String getResponseMode() {
        return null;
    }

    @Override // com.ibm.ws.security.social.SocialLoginConfig
    public boolean getUseSystemPropertiesForHttpClientConnections() {
        return this.useSystemPropertiesForHttpClientConnections;
    }
}
