package com.ibm.websphere.security.auth.data;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.auth.data.internal.TraceConstants;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {AuthDataProvider.class}, configurationPolicy = ConfigurationPolicy.IGNORE, immediate = true, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.auth.data.common_1.0.20.jar:com/ibm/websphere/security/auth/data/AuthDataProvider.class */
public class AuthDataProvider {
    protected static final String CFG_KEY_ID = "id";
    protected static final String CFG_KEY_DISPLAY_ID = "config.displayId";
    protected static final String CFG_KEY_USER = "user";
    protected static final String CFG_KEY_PASSWORD = "password";
    private static final TraceComponent tc = Tr.register((Class<?>) AuthDataProvider.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private static final String AUTH_DATA_REF_NAME = "authData";
    private static final ConcurrentServiceReferenceMap<String, AuthData> authDataMap = new ConcurrentServiceReferenceMap<>(AUTH_DATA_REF_NAME);
    private static final ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
    private static final ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
    private static final ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
    private static final Pattern DEFAULT_NESTED_PATTERN = Pattern.compile(".*(\\[default-\\d*\\])$");
    private static final Pattern DEFAULT_PATTERN = Pattern.compile("(default-\\d*)$");
    static final long serialVersionUID = -8843995143814799858L;

    @Reference(name = AUTH_DATA_REF_NAME, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    protected void setAuthData(ServiceReference<AuthData> serviceReference) {
        writeLock.lock();
        try {
            authDataMap.putReference(getKey(serviceReference), serviceReference);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    protected void unsetAuthData(ServiceReference<AuthData> serviceReference) {
        writeLock.lock();
        try {
            authDataMap.removeReference(getKey(serviceReference), serviceReference);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    private String getKey(ServiceReference<AuthData> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        if (str == null || DEFAULT_PATTERN.matcher(str).matches() || DEFAULT_NESTED_PATTERN.matcher(str).matches()) {
            str = (String) serviceReference.getProperty("config.displayId");
        }
        return str;
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        writeLock.lock();
        try {
            authDataMap.activate(componentContext);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        writeLock.lock();
        try {
            authDataMap.deactivate(componentContext);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public static AuthData getAuthData(String str) throws LoginException {
        readLock.lock();
        try {
            AuthData service = authDataMap.getService(str);
            validateAuthDataConfig(str, service);
            readLock.unlock();
            return service;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    private static void validateAuthDataConfig(String str, AuthData authData) throws LoginException {
        validateAuthDataExists(str, authData);
        validateAuthDataAttribute("user", authData.getUserName());
        validateAuthDataAttribute("password", authData.getPassword());
    }

    private static void validateAuthDataExists(String str, AuthData authData) throws LoginException {
        if (authData == null) {
            Object[] objArr = {str};
            Tr.error(tc, "AUTH_DATA_CONFIG_ERROR_NO_SUCH_ALIAS", objArr);
            throw new LoginException(TraceNLS.getFormattedMessage((Class<?>) AuthDataProvider.class, TraceConstants.MESSAGE_BUNDLE, "AUTH_DATA_CONFIG_ERROR_NO_SUCH_ALIAS", objArr, "CWWKS1300E: A configuration exception has occurred. The requested authentication data alias {0} could not be found."));
        }
    }

    private static void validateAuthDataAttribute(String str, @Sensitive Object obj) throws LoginException {
        String valueOf = obj instanceof char[] ? String.valueOf((char[]) obj) : (String) obj;
        if (valueOf == null || valueOf.trim().length() == 0) {
            Object[] objArr = {str};
            Tr.error(tc, "AUTH_DATA_CONFIG_ERROR_INCOMPLETE", objArr);
            throw new LoginException(TraceNLS.getFormattedMessage((Class<?>) AuthDataProvider.class, TraceConstants.MESSAGE_BUNDLE, "AUTH_DATA_CONFIG_ERROR_INCOMPLETE", objArr, "CWWKS1301E: A configuration error has occurred. The attribute {0} must be defined."));
        }
    }
}
