package com.ibm.ws.ssl.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.wsspi.kernel.service.utils.FrameworkState;
import java.io.IOException;
import java.util.Dictionary;
import java.util.Map;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {SSLConfigValidator.class}, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.ssl_1.1.20.jar:com/ibm/ws/ssl/internal/SSLConfigValidator.class */
public class SSLConfigValidator {
    private static final int VALIDATION_DELAY_IN_SECONDS = 60;
    private static final TraceComponent tc = Tr.register((Class<?>) SSLConfigValidator.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private ConfigurationAdmin configAdmin;
    private ScheduledExecutorService executorService;
    private ScheduledFuture<?> scheduled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wlp/lib/com.ibm.ws.ssl_1.1.20.jar:com/ibm/ws/ssl/internal/SSLConfigValidator$Validator.class */
    public class Validator implements Runnable {
        private final Map<String, Object> map;
        private final Map<String, Map<String, Object>> repertoires;
        private final Map<String, WSKeyStore> keystores;

        public Validator(Map<String, Object> map, Map<String, Map<String, Object>> map2, Map<String, WSKeyStore> map3) {
            this.map = map;
            this.repertoires = map2;
            this.keystores = map3;
        }

        @Override // java.lang.Runnable
        public void run() {
            validateNow();
        }

        private void validateNow() {
            String defaultRepetorieKeyStore = getDefaultRepetorieKeyStore();
            if (defaultRepetorieKeyStore != null) {
                if ("defaultKeyStore".equals(defaultRepetorieKeyStore)) {
                    warnIfUsingUnresolvedDefaultConfiguration();
                } else {
                    reportErrorIfDefaultSSLConfigReferencesMissingKeystore(defaultRepetorieKeyStore);
                }
            }
        }

        private void warnIfUsingUnresolvedDefaultConfiguration() {
            if (isUsingDefaultSSLRepertoire() && defaultRepertoireIsNotAvailable() && defaultKeyStoreIsNotAvailable()) {
                Tr.audit(SSLConfigValidator.tc, "ssl.defaultKeyStore.expected.CWPKI0817A", "defaultKeyStore");
            }
        }

        private boolean isUsingDefaultSSLRepertoire() {
            return this.map.get(Constants.SSLPROP_DEFAULT_ALIAS).equals(LibertyConstants.DEFAULT_SSL_CONFIG_ID);
        }

        private boolean defaultRepertoireIsNotAvailable() {
            return this.repertoires.get(LibertyConstants.DEFAULT_SSL_CONFIG_ID) == null;
        }

        private boolean defaultKeyStoreIsNotAvailable() {
            return this.keystores.get("defaultKeyStore") == null;
        }

        private void reportErrorIfDefaultSSLConfigReferencesMissingKeystore(String str) {
            if (str == null || this.keystores.get(str) != null) {
                return;
            }
            Tr.warning(SSLConfigValidator.tc, "ssl.defaultSSLConfig.noSuchKeyStore.CWPKI0818E", str);
        }

        private String getDefaultRepetorieKeyStore() {
            if (SSLConfigValidator.this.configAdmin == null) {
                return null;
            }
            try {
                Configuration[] listConfigurations = SSLConfigValidator.this.configAdmin.listConfigurations("(service.pid=com.ibm.ws.ssl.repertoire*)");
                if (listConfigurations != null) {
                    for (Configuration configuration : listConfigurations) {
                        Dictionary<String, Object> properties = configuration.getProperties();
                        if (LibertyConstants.DEFAULT_SSL_CONFIG_ID.equals(properties.get("id"))) {
                            return (String) properties.get("keyStoreRef");
                        }
                    }
                }
                return null;
            } catch (IOException e) {
                return null;
            } catch (InvalidSyntaxException e2) {
                return null;
            }
        }
    }

    @Reference(service = ConfigurationAdmin.class)
    protected void setConfigAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = configurationAdmin;
    }

    protected void unsetConfigAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = null;
    }

    @Reference(service = ScheduledExecutorService.class)
    protected void setExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.executorService = scheduledExecutorService;
    }

    protected void unsetExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.executorService = null;
    }

    public void validate(Map<String, Object> map, Map<String, Map<String, Object>> map2, Map<String, WSKeyStore> map3) {
        if (FrameworkState.isStopping()) {
            return;
        }
        Validator validator = new Validator(map, map2, map3);
        if (this.executorService != null) {
            scheduleValidation(validator);
        } else {
            validator.run();
        }
    }

    private void scheduleValidation(Validator validator) {
        if (this.scheduled != null) {
            this.scheduled.cancel(false);
        }
        this.scheduled = this.executorService.schedule(validator, 60L, TimeUnit.SECONDS);
    }
}
