package com.ibm.ws.webcontainer.security.internal.extended;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.tai.TAIService;
import com.ibm.ws.security.collaborator.CollaboratorUtils;
import com.ibm.ws.webcontainer.security.AuthenticateApi;
import com.ibm.ws.webcontainer.security.PostParameterHelper;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.UnprotectedResourceService;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.WebAuthenticator;
import com.ibm.ws.webcontainer.security.WebAuthenticatorFactory;
import com.ibm.ws.webcontainer.security.WebAuthenticatorProxy;
import com.ibm.ws.webcontainer.security.WebProviderAuthenticatorProxy;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.extended.AuthenticateApiExtended;
import com.ibm.ws.webcontainer.security.extended.WebAppSecurityConfigExtended;
import com.ibm.ws.webcontainer.security.extended.WebAuthenticatorProxyExtended;
import com.ibm.ws.webcontainer.security.extended.WebProviderAuthenticatorProxyExtended;
import com.ibm.ws.webcontainer.security.internal.WebSecurityHelperImpl;
import com.ibm.ws.webcontainer.security.oauth20.OAuth20Service;
import com.ibm.ws.webcontainer.security.openid20.OpenidClientService;
import com.ibm.ws.webcontainer.security.openidconnect.OidcClient;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServer;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {WebAuthenticatorFactory.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM", "service.ranking:Integer=100"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security.provider_1.0.20.jar:com/ibm/ws/webcontainer/security/internal/extended/WebAuthenticatorFactoryImplExtended.class */
public class WebAuthenticatorFactoryImplExtended implements WebAuthenticatorFactory {
    static final String KEY_OAUTH_SERVICE = "oauthService";
    static final String KEY_OIDC_SERVER = "oidcServer";
    static final String KEY_OIDC_CLIENT = "oidcClient";
    static final String KEY_OPENID_CLIENT_SERVICE = "openidClientService";
    protected final AtomicServiceReference<OAuth20Service> oauthServiceRef = new AtomicServiceReference<>(KEY_OAUTH_SERVICE);
    protected final AtomicServiceReference<OidcServer> oidcServerRef = new AtomicServiceReference<>(KEY_OIDC_SERVER);
    protected final AtomicServiceReference<OidcClient> oidcClientRef = new AtomicServiceReference<>(KEY_OIDC_CLIENT);
    protected final AtomicServiceReference<OpenidClientService> openidClientRef = new AtomicServiceReference<>(KEY_OPENID_CLIENT_SERVICE);
    static final long serialVersionUID = -1477921690833372224L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(WebAuthenticatorFactoryImplExtended.class);

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticatorFactory
    public WebAppSecurityConfig createWebAppSecurityConfigImpl(Map<String, Object> map, AtomicServiceReference<WsLocationAdmin> atomicServiceReference, AtomicServiceReference<SecurityService> atomicServiceReference2) {
        return new WebAppSecurityConfigImplExtended(map, atomicServiceReference, atomicServiceReference2, this.oidcServerRef, this.oidcClientRef);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticatorFactory
    public AuthenticateApi createAuthenticateApi(SSOCookieHelper sSOCookieHelper, AtomicServiceReference<SecurityService> atomicServiceReference, CollaboratorUtils collaboratorUtils, ConcurrentServiceReferenceMap<String, WebAuthenticator> concurrentServiceReferenceMap, ConcurrentServiceReferenceMap<String, UnprotectedResourceService> concurrentServiceReferenceMap2) {
        return new AuthenticateApiExtended(sSOCookieHelper, atomicServiceReference, collaboratorUtils, concurrentServiceReferenceMap, concurrentServiceReferenceMap2);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticatorFactory
    public WebProviderAuthenticatorProxy createWebProviderAuthenticatorProxy(AtomicServiceReference<SecurityService> atomicServiceReference, AtomicServiceReference<TAIService> atomicServiceReference2, ConcurrentServiceReferenceMap<String, TrustAssociationInterceptor> concurrentServiceReferenceMap, WebAppSecurityConfig webAppSecurityConfig, ConcurrentServiceReferenceMap<String, WebAuthenticator> concurrentServiceReferenceMap2) {
        return new WebProviderAuthenticatorProxyExtended(atomicServiceReference, atomicServiceReference2, concurrentServiceReferenceMap, webAppSecurityConfig, this.oauthServiceRef, this.openidClientRef, this.oidcServerRef, this.oidcClientRef, concurrentServiceReferenceMap2);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticatorFactory
    public WebAuthenticatorProxy createWebAuthenticatorProxy(WebAppSecurityConfig webAppSecurityConfig, PostParameterHelper postParameterHelper, AtomicServiceReference<SecurityService> atomicServiceReference, WebProviderAuthenticatorProxy webProviderAuthenticatorProxy) {
        return new WebAuthenticatorProxyExtended(webAppSecurityConfig, postParameterHelper, atomicServiceReference, webProviderAuthenticatorProxy, this.oidcServerRef);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticatorFactory
    public Boolean needToAuthenticateSubject(WebRequest webRequest) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        OAuth20Service service = this.oauthServiceRef.getService();
        OidcServer service2 = this.oidcServerRef.getService();
        if (!isProviderSpecialProtectedURI(httpServletRequest, service, service2, false)) {
            return null;
        }
        if (!isProviderSpecialProtectedURI(httpServletRequest, service, service2, true)) {
            return Boolean.FALSE;
        }
        webRequest.setProviderSpecialUnprotectedURI(true);
        return Boolean.TRUE;
    }

    private boolean isProviderSpecialProtectedURI(HttpServletRequest httpServletRequest, OAuth20Service oAuth20Service, OidcServer oidcServer, boolean z) {
        if (oidcServer == null || !oidcServer.isOIDCSpecificURI(httpServletRequest, z)) {
            return oAuth20Service != null && oAuth20Service.isOauthSpecificURI(httpServletRequest, z);
        }
        return true;
    }

    @Reference(name = KEY_OAUTH_SERVICE, service = OAuth20Service.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setOauthService(ServiceReference<OAuth20Service> serviceReference) {
        this.oauthServiceRef.setReference(serviceReference);
    }

    protected void unsetOauthService(ServiceReference<OAuth20Service> serviceReference) {
        this.oauthServiceRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_OIDC_SERVER, service = OidcServer.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setOidcServer(ServiceReference<OidcServer> serviceReference) {
        this.oidcServerRef.setReference(serviceReference);
        WebAppSecurityConfig webAppSecurityConfig = WebSecurityHelperImpl.getWebAppSecurityConfig();
        if (webAppSecurityConfig == null || !(webAppSecurityConfig instanceof WebAppSecurityConfigExtended)) {
            return;
        }
        ((WebAppSecurityConfigExtended) webAppSecurityConfig).setSsoCookieName(this.oidcServerRef, this.oidcClientRef);
    }

    protected void unsetOidcServer(ServiceReference<OidcServer> serviceReference) {
        this.oidcServerRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_OIDC_CLIENT, service = OidcClient.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setOidcClient(ServiceReference<OidcClient> serviceReference) {
        this.oidcClientRef.setReference(serviceReference);
        WebAppSecurityConfig webAppSecurityConfig = WebSecurityHelperImpl.getWebAppSecurityConfig();
        if (webAppSecurityConfig == null || !(webAppSecurityConfig instanceof WebAppSecurityConfigExtended)) {
            return;
        }
        ((WebAppSecurityConfigExtended) webAppSecurityConfig).setSsoCookieName(this.oidcServerRef, this.oidcClientRef);
    }

    protected void unsetOidcClient(ServiceReference<OidcClient> serviceReference) {
        this.oidcClientRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_OPENID_CLIENT_SERVICE, service = OpenidClientService.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setOpenidClientService(ServiceReference<OpenidClientService> serviceReference) {
        this.openidClientRef.setReference(serviceReference);
    }

    protected void unsetOpenidClientService(ServiceReference<OpenidClientService> serviceReference) {
        this.openidClientRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.oauthServiceRef.activate(componentContext);
        this.oidcServerRef.activate(componentContext);
        this.oidcClientRef.activate(componentContext);
        this.openidClientRef.activate(componentContext);
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.oauthServiceRef.deactivate(componentContext);
        this.oidcServerRef.deactivate(componentContext);
        this.oidcClientRef.deactivate(componentContext);
        this.openidClientRef.deactivate(componentContext);
    }
}
