package com.ibm.ws.jaxws.security.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.jaxws.security.JaxWsSecurityConfigurationService;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.ssl.SSLSupport;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.http.HTTPConduit;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {JaxWsSecurityConfigurationService.class}, configurationPolicy = ConfigurationPolicy.IGNORE, immediate = false, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.jaxws.security_1.0.19.jar:com/ibm/ws/jaxws/security/internal/JaxWsSecurityConfigurationServiceImpl.class */
public class JaxWsSecurityConfigurationServiceImpl implements JaxWsSecurityConfigurationService {
    private final TraceComponent tc = Tr.register(JaxWsSecurityConfigurationServiceImpl.class);
    private final AtomicServiceReference<SSLSupport> sslSupportSR = new AtomicServiceReference<>("SSLSupportService");
    static final long serialVersionUID = -2551135993411125657L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(JaxWsSecurityConfigurationServiceImpl.class);

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.sslSupportSR.activate(componentContext);
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.sslSupportSR.deactivate(componentContext);
    }

    @Reference(name = "SSLSupportService", service = SSLSupport.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setSSLSupportService(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportSR.setReference(serviceReference);
        JaxWsSSLManager.init(this.sslSupportSR);
    }

    protected void unsetSSLSupportService(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportSR.unsetReference(serviceReference);
    }

    @Override // com.ibm.ws.jaxws.security.JaxWsSecurityConfigurationService
    public void configBasicAuth(Conduit conduit, String str, ProtectedString protectedString) {
        if (null == str || null == protectedString) {
            if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
                Tr.debug(this.tc, "The userName or the password is empty", new Object[0]);
                return;
            }
            return;
        }
        if (conduit instanceof HTTPConduit) {
            HTTPConduit hTTPConduit = (HTTPConduit) conduit;
            AuthorizationPolicy authorization = hTTPConduit.getAuthorization();
            if (null == authorization) {
                authorization = new AuthorizationPolicy();
            }
            String passwordDecode = PasswordUtil.passwordDecode(new String(protectedString.getChars()));
            authorization.setUserName(str);
            authorization.setPassword(passwordDecode);
            hTTPConduit.setAuthorization(authorization);
        }
    }

    @Override // com.ibm.ws.jaxws.security.JaxWsSecurityConfigurationService
    public void configClientSSL(Conduit conduit, String str, String str2) {
        HTTPConduit hTTPConduit;
        TLSClientParameters retriveHTTPTLSClientParametersUsingSSLRef;
        HashMap hashMap = new HashMap();
        if (null != str2) {
            hashMap.put(JaxWsSecurityConstants.CLIENT_KEY_STORE_ALIAS, str2);
        }
        if (!(conduit instanceof HTTPConduit) || null == (retriveHTTPTLSClientParametersUsingSSLRef = retriveHTTPTLSClientParametersUsingSSLRef((hTTPConduit = (HTTPConduit) conduit), str, hashMap))) {
            return;
        }
        hTTPConduit.setTlsClientParameters(retriveHTTPTLSClientParametersUsingSSLRef);
    }

    private TLSClientParameters retriveHTTPTLSClientParametersUsingSSLRef(HTTPConduit hTTPConduit, String str, Map<String, Object> map) {
        TLSClientParameters tlsClientParameters = hTTPConduit.getTlsClientParameters();
        if (StringUtils.isEmpty(str)) {
            if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
                Tr.debug(this.tc, "Get the Liberty default SSLSocketFactory.", new Object[0]);
            }
        } else if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "Use the sslRef = " + str + " to create the SSLSocketFactory.", new Object[0]);
        }
        SSLSocketFactory proxySSLSocketFactoryBySSLRef = JaxWsSSLManager.getProxySSLSocketFactoryBySSLRef(str, map);
        if (null != proxySSLSocketFactoryBySSLRef) {
            if (null == tlsClientParameters) {
                tlsClientParameters = new TLSClientParameters();
            }
            tlsClientParameters.setSSLSocketFactory(proxySSLSocketFactoryBySSLRef);
            if (null == str) {
                if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
                    Tr.debug(this.tc, "Set the disableCNCheck is true as using the default server ssl configuration, and the server should trust itself.", new Object[0]);
                }
                tlsClientParameters.setDisableCNCheck(true);
            }
        }
        return tlsClientParameters;
    }
}
