package com.ibm.ws.messaging.security.internal;

import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.messaging.security.MSTraceConstants;
import com.ibm.ws.messaging.security.MessagingSecurityConstants;
import com.ibm.ws.messaging.security.MessagingSecurityException;
import com.ibm.ws.messaging.security.MessagingSecurityService;
import com.ibm.ws.messaging.security.RuntimeSecurityService;
import com.ibm.ws.messaging.security.authentication.MessagingAuthenticationService;
import com.ibm.ws.messaging.security.authentication.internal.MessagingAuthenticationServiceImpl;
import com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService;
import com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImpl;
import com.ibm.ws.messaging.security.beans.Permission;
import com.ibm.ws.messaging.security.beans.QueuePermission;
import com.ibm.ws.messaging.security.beans.TemporaryDestinationPermission;
import com.ibm.ws.messaging.security.beans.TopicPermission;
import com.ibm.ws.messaging.security.utility.MessagingSecurityUtility;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.sib.utils.ras.SibTr;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import org.osgi.framework.BundleContext;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.ibm.ws.messaging.security"}, configurationPolicy = ConfigurationPolicy.REQUIRE, immediate = true, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.messaging.security_1.0.19.jar:com/ibm/ws/messaging/security/internal/MessagingSecurityServiceImpl.class */
public class MessagingSecurityServiceImpl implements MessagingSecurityService, ConfigurationListener {
    private static final TraceComponent tc = SibTr.register(MessagingSecurityServiceImpl.class, MSTraceConstants.MESSAGING_SECURITY_TRACE_GROUP, MSTraceConstants.MESSAGING_SECURITY_RESOURCE_BUNDLE);
    private static final String CLASS_NAME = "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpl";
    private Map<String, Object> properties;
    private Map<String, QueuePermission> queuePermissions;
    private Map<String, TemporaryDestinationPermission> temporaryDestinationPermissions;
    private Map<String, TopicPermission> topicPermissions;
    private String bundleLocation;
    private SecurityService securityService = null;
    private MessagingAuthenticationService sibAuthenticationService = null;
    private MessagingAuthorizationService sibAuthorizationService = null;
    private ConfigurationAdmin configAdmin = null;
    private final Set<String> pids = new HashSet();
    private final RuntimeSecurityService runtimeSecurityService = RuntimeSecurityService.SINGLETON_INSTANCE;

    @Activate
    protected void activate(BundleContext bundleContext, Map<String, Object> map) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplactivate", map);
        this.properties = map;
        this.bundleLocation = bundleContext.getBundle().getLocation();
        populateDestinationPermissions();
        this.runtimeSecurityService.modifyMessagingServices(this);
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplactivate");
    }

    @Modified
    protected void modify(ComponentContext componentContext, Map<String, Object> map) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplmodify", map);
        this.properties = map;
        populateDestinationPermissions();
        this.runtimeSecurityService.modifyMessagingServices(this);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplmodify");
        }
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpldeactivate", componentContext);
        this.runtimeSecurityService.modifyMessagingServices(null);
        this.queuePermissions = null;
        this.topicPermissions = null;
        this.temporaryDestinationPermissions = null;
        this.sibAuthenticationService = null;
        this.sibAuthorizationService = null;
        this.bundleLocation = null;
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpldeactivate");
    }

    @Reference
    protected void setSecurityService(SecurityService securityService) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplsetSecurityService", securityService);
        this.securityService = securityService;
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplsetSecurityService");
    }

    protected void unsetSecurityService(SecurityService securityService) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplunsetSecurityService", securityService);
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplunsetSecurityService");
    }

    @Reference
    protected void setConfigAdmin(ConfigurationAdmin configurationAdmin) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplsetConfigAdmin", configurationAdmin);
        this.configAdmin = configurationAdmin;
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplsetConfigAdmin");
    }

    protected void unsetConfigAdmin(ConfigurationAdmin configurationAdmin) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplunsetConfigAdmin", configurationAdmin);
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplunsetConfigAdmin");
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    @Override // com.ibm.ws.messaging.security.MessagingSecurityService
    public MessagingAuthenticationService getMessagingAuthenticationService() {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetMessagingAuthenticationService");
        if (this.sibAuthenticationService == null) {
            this.sibAuthenticationService = new MessagingAuthenticationServiceImpl(this);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetMessagingAuthenticationService", this.sibAuthenticationService);
        return this.sibAuthenticationService;
    }

    @Override // com.ibm.ws.messaging.security.MessagingSecurityService
    public MessagingAuthorizationService getMessagingAuthorizationService() {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetMessagingAuthorizationService");
        if (this.sibAuthorizationService == null) {
            this.sibAuthorizationService = new MessagingAuthorizationServiceImpl(this);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetMessagingAuthorizationService", this.sibAuthorizationService);
        return this.sibAuthorizationService;
    }

    @Override // com.ibm.ws.messaging.security.MessagingSecurityService
    public String getUniqueUserName(Subject subject) throws MessagingSecurityException {
        return MessagingSecurityUtility.getUniqueUserName(subject);
    }

    @Override // com.ibm.ws.messaging.security.MessagingSecurityService
    public boolean isUnauthenticated(Subject subject) throws Exception {
        getUserRegistry().getUserSecurityName(getUniqueUserName(subject));
        return MessagingSecurityUtility.isUnauthenticated(subject);
    }

    public UserRegistry getUserRegistry() {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetUserRegistry");
        UserRegistry userRegistry = null;
        if (getSecurityService() != null) {
            UserRegistryService userRegistryService = this.securityService.getUserRegistryService();
            try {
                if (userRegistryService.isUserRegistryConfigured()) {
                    userRegistry = userRegistryService.getUserRegistry();
                } else {
                    MessagingSecurityException messagingSecurityException = new MessagingSecurityException();
                    FFDCFilter.processException(messagingSecurityException, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpl.getUserRegistry", "1005", this);
                    SibTr.exception(tc, (Exception) messagingSecurityException);
                    SibTr.error(tc, "USER_REGISTRY_NOT_CONFIGURED_MSE1005");
                }
            } catch (RegistryException e) {
                MessagingSecurityException messagingSecurityException2 = new MessagingSecurityException((Throwable) e);
                FFDCFilter.processException(messagingSecurityException2, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpl.getUserRegistry", "1006", this);
                SibTr.exception(tc, (Exception) messagingSecurityException2);
                SibTr.error(tc, "USER_REGISTRY_EXCEPTION_MSE1006");
            }
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetUserRegistry", userRegistry);
        return userRegistry;
    }

    public Map<String, QueuePermission> getQueuePermissions() {
        return this.queuePermissions;
    }

    public Map<String, TemporaryDestinationPermission> getTemporaryDestinationPermissions() {
        return this.temporaryDestinationPermissions;
    }

    public Map<String, TopicPermission> getTopicPermissions() {
        return this.topicPermissions;
    }

    private void populateDestinationPermissions() {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplpopulateDestinationPermissions", this.properties);
        this.pids.clear();
        String[] strArr = (String[]) this.properties.get("role");
        initializeMaps();
        if (strArr != null) {
            checkIfRolesAreUnique(strArr);
            for (String str : strArr) {
                Dictionary<String, Object> dictionaryObject = getDictionaryObject(str);
                Set<String> createUserOrGroupSet = createUserOrGroupSet(dictionaryObject, "user");
                Set<String> createUserOrGroupSet2 = createUserOrGroupSet(dictionaryObject, MessagingSecurityConstants.GROUP);
                if (dictionaryObject != null) {
                    populateQueuePermissions(dictionaryObject, createUserOrGroupSet, createUserOrGroupSet2);
                    populateTemporarayDestinationPermissions(dictionaryObject, createUserOrGroupSet, createUserOrGroupSet2);
                    populateTopicPermissions(dictionaryObject, createUserOrGroupSet, createUserOrGroupSet2);
                }
            }
        }
        if (tc.isDebugEnabled()) {
            printDestinationPermissions(this.queuePermissions);
            printDestinationPermissions(this.topicPermissions);
            printDestinationPermissions(this.temporaryDestinationPermissions);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplpopulateDestinationPermissions");
    }

    private void initializeMaps() {
        if (this.queuePermissions != null) {
            this.queuePermissions.clear();
        } else {
            this.queuePermissions = new ConcurrentHashMap();
        }
        if (this.topicPermissions != null) {
            this.topicPermissions.clear();
        } else {
            this.topicPermissions = new ConcurrentHashMap();
        }
        if (this.temporaryDestinationPermissions != null) {
            this.temporaryDestinationPermissions.clear();
        } else {
            this.temporaryDestinationPermissions = new ConcurrentHashMap();
        }
    }

    private void populateQueuePermissions(Dictionary<String, Object> dictionary, Set<String> set, Set<String> set2) {
        String[] strArr = (String[]) dictionary.get(MessagingSecurityConstants.QUEUE_PERMISSION);
        if (strArr != null) {
            for (String str : strArr) {
                QueuePermission createQueuePermission = createQueuePermission(str, set, set2);
                if (createQueuePermission != null) {
                    this.queuePermissions.put(createQueuePermission.getQueueReference(), createQueuePermission);
                }
            }
        }
    }

    private QueuePermission createQueuePermission(String str, Set<String> set, Set<String> set2) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateQueuePermission", new Object[]{str, set, set2});
        QueuePermission queuePermission = null;
        Dictionary<String, Object> dictionaryObject = getDictionaryObject(str);
        if (dictionaryObject != null) {
            String str2 = (String) dictionaryObject.get(MessagingSecurityConstants.QUEUE_REF);
            String[] strArr = (String[]) dictionaryObject.get("action");
            queuePermission = this.queuePermissions.get(str2);
            if (queuePermission == null) {
                queuePermission = new QueuePermission();
                queuePermission.setQueueReference(str2);
            }
            queuePermission.addUserAndGroupsToRole(strArr, set, set2);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateQueuePermission", queuePermission);
        return queuePermission;
    }

    private void populateTopicPermissions(Dictionary<String, Object> dictionary, Set<String> set, Set<String> set2) {
        String[] strArr = (String[]) dictionary.get(MessagingSecurityConstants.TOPIC_PERMISSION);
        if (strArr != null) {
            for (String str : strArr) {
                TopicPermission createTopicPermission = createTopicPermission(str, set, set2);
                if (createTopicPermission != null) {
                    this.topicPermissions.put(getTopicPermissionKey(createTopicPermission.getTopicSpaceName(), createTopicPermission.getTopicName()), createTopicPermission);
                }
            }
        }
    }

    private TopicPermission createTopicPermission(String str, Set<String> set, Set<String> set2) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateTopicPermission", new Object[]{str, set, set2});
        TopicPermission topicPermission = null;
        Dictionary<String, Object> dictionaryObject = getDictionaryObject(str);
        if (dictionaryObject != null) {
            String str2 = (String) dictionaryObject.get(MessagingSecurityConstants.TOPIC_NAME);
            String str3 = (String) dictionaryObject.get(MessagingSecurityConstants.TOPIC_SPACE);
            String[] strArr = (String[]) dictionaryObject.get("action");
            topicPermission = this.topicPermissions.get(getTopicPermissionKey(str3, str2));
            if (topicPermission == null) {
                topicPermission = new TopicPermission();
                topicPermission.setTopicName(str2);
                topicPermission.setTopicSpaceName(str3);
            }
            topicPermission.addUserAndGroupsToRole(strArr, set, set2);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateTopicPermission", topicPermission);
        return topicPermission;
    }

    private void populateTemporarayDestinationPermissions(Dictionary<String, Object> dictionary, Set<String> set, Set<String> set2) {
        String[] strArr = (String[]) dictionary.get(MessagingSecurityConstants.TEMPORARY_DESTINATION_PERMISSION);
        if (strArr != null) {
            for (String str : strArr) {
                TemporaryDestinationPermission createTemporaryDestinationPermission = createTemporaryDestinationPermission(str, set, set2);
                if (createTemporaryDestinationPermission != null) {
                    this.temporaryDestinationPermissions.put(createTemporaryDestinationPermission.getPrefix(), createTemporaryDestinationPermission);
                }
            }
        }
    }

    private TemporaryDestinationPermission createTemporaryDestinationPermission(String str, Set<String> set, Set<String> set2) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateTemporaryDestinationPermission", new Object[]{str, set, set2});
        TemporaryDestinationPermission temporaryDestinationPermission = null;
        Dictionary<String, Object> dictionaryObject = getDictionaryObject(str);
        if (dictionaryObject != null) {
            String str2 = (String) dictionaryObject.get("prefix");
            if (str2.length() > 12) {
                str2 = str2.substring(0, 12);
            }
            String[] strArr = (String[]) dictionaryObject.get("action");
            temporaryDestinationPermission = this.temporaryDestinationPermissions.get(str2);
            if (temporaryDestinationPermission == null) {
                temporaryDestinationPermission = new TemporaryDestinationPermission();
                temporaryDestinationPermission.setPrefix(str2);
            }
            temporaryDestinationPermission.addUserAndGroupsToRole(strArr, set, set2);
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateTemporaryDestinationPermission", temporaryDestinationPermission);
        return temporaryDestinationPermission;
    }

    private String getTopicPermissionKey(String str, String str2) {
        return (str2 == null || str2.isEmpty()) ? str : str + "/" + str2;
    }

    private void checkIfRolesAreUnique(String[] strArr) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcheckIfRolesAreUnique");
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            Dictionary<String, Object> dictionaryObject = getDictionaryObject(str);
            if (dictionaryObject != null) {
                String str2 = (String) dictionaryObject.get("name");
                if (arrayList.contains(str2)) {
                    SibTr.warning(tc, "DUPLICATE_ROLE_NAME_EXISTS_MSE1012", new Object[]{str2});
                }
                arrayList.add(str2);
            }
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcheckIfRolesAreUnique");
    }

    private Set<String> createUserOrGroupSet(Dictionary<String, Object> dictionary, String str) {
        String[] strArr;
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateUserOrGroupSet", new Object[]{dictionary, str});
        HashSet hashSet = new HashSet();
        if (dictionary != null && (strArr = (String[]) dictionary.get(str)) != null) {
            for (String str2 : strArr) {
                Dictionary<String, Object> dictionaryObject = getDictionaryObject(str2);
                if (dictionaryObject != null) {
                    hashSet.add(((String) dictionaryObject.get("name")).trim());
                }
            }
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplcreateUserOrGroupSet", hashSet);
        return hashSet;
    }

    private Dictionary<String, Object> getDictionaryObject(String str) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetDictionaryObject", str);
        try {
            this.pids.add(str);
            Dictionary<String, Object> properties = this.configAdmin.getConfiguration(str, this.bundleLocation).getProperties();
            SibTr.exit(tc, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImplgetDictionaryObject", properties);
            return properties;
        } catch (IOException e) {
            MessagingSecurityException messagingSecurityException = new MessagingSecurityException(e);
            FFDCFilter.processException(messagingSecurityException, "com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpl.getDictionaryObject", "1008", this);
            SibTr.exception(tc, (Exception) messagingSecurityException);
            SibTr.error(tc, "IO_EXCEPTION_READING_CONFIGURATION_MSE1008");
            return new Hashtable();
        }
    }

    private void printDestinationPermissions(Map<String, ?> map) {
        for (String str : map.keySet()) {
            SibTr.debug(tc, "Destination: " + str);
            Permission permission = (Permission) map.get(str);
            SibTr.debug(tc, "  Users having permissions!!!");
            Map<String, Set<String>> roleToUserMap = permission.getRoleToUserMap();
            for (String str2 : roleToUserMap.keySet()) {
                SibTr.debug(tc, "    " + str2 + ": " + roleToUserMap.get(str2));
            }
            SibTr.debug(tc, "  Groups having permissions!!!");
            Map<String, Set<String>> roleToGroupMap = permission.getRoleToGroupMap();
            for (String str3 : roleToGroupMap.keySet()) {
                SibTr.debug(tc, "    " + str3 + ": " + roleToGroupMap.get(str3));
            }
        }
    }

    public void configurationEvent(ConfigurationEvent configurationEvent) {
        if (configurationEvent.getType() == 1 && this.pids.contains(configurationEvent.getPid())) {
            populateDestinationPermissions();
            this.runtimeSecurityService.modifyMessagingServices(this);
        }
    }
}
