package com.ibm.ws.security.quickstart.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.management.security.ManagementRole;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Set;
import java.util.concurrent.ConcurrentSkipListSet;
import org.apache.felix.scr.ext.annotation.DSExt;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(configurationPolicy = ConfigurationPolicy.REQUIRE, configurationPid = {"com.ibm.ws.security.quickStartSecurity"}, property = {"service.vendor=IBM"})
@DSExt.ConfigureWithInterfaces
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.quickstart_1.0.20.jar:com/ibm/ws/security/quickstart/internal/QuickStartSecurity.class */
public class QuickStartSecurity {
    private static final TraceComponent tc = Tr.register(QuickStartSecurity.class);
    static final String KEY_MANAGEMENT_ROLE = "ManagementRole";
    static final String QUICK_START_SECURITY_REGISTRY_ID = "com.ibm.ws.management.security.QuickStartSecurity";
    static final String QUICK_START_SECURITY_REGISTRY_TYPE = "QuickStartSecurityRegistry";
    static final String QUICK_START_ADMINISTRATOR_ROLE_NAME = "QuickStartSecurityAdministratorRole";
    static final String CFG_KEY_USER = "userName";
    static final String CFG_KEY_PASSWORD = "userPassword";
    private QuickStartSecurityConfig config;
    static final long serialVersionUID = -7436412887173142665L;
    private final Set<ServiceReference<UserRegistry>> urs = new ConcurrentSkipListSet();
    private final Set<ServiceReference<ManagementRole>> managementRoles = new ConcurrentSkipListSet();
    private BundleContext bc = null;
    private ServiceRegistration<UserRegistry> urConfigReg = null;
    private QuickStartSecurityRegistry quickStartRegistry = null;
    private ServiceRegistration<ManagementRole> managementRoleReg = null;
    private ManagementRole managementRole = null;

    @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MULTIPLE, target = "(!(com.ibm.ws.security.registry.type=QuickStartSecurityRegistry))")
    protected synchronized void setUserRegistry(ServiceReference<UserRegistry> serviceReference) {
        this.urs.add(serviceReference);
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    protected synchronized void unsetUserRegistry(ServiceReference<UserRegistry> serviceReference) {
        this.urs.remove(serviceReference);
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MULTIPLE, target = "(!(com.ibm.ws.management.security.role.name=QuickStartSecurityAdministratorRole))")
    protected synchronized void setManagementRole(ServiceReference<ManagementRole> serviceReference) {
        this.managementRoles.add(serviceReference);
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    protected synchronized void unsetManagementRole(ServiceReference<ManagementRole> serviceReference) {
        this.managementRoles.remove(serviceReference);
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    @Activate
    protected synchronized void activate(BundleContext bundleContext, QuickStartSecurityConfig quickStartSecurityConfig) {
        this.bc = bundleContext;
        this.config = quickStartSecurityConfig;
        validateConfigurationProperties();
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    @Modified
    protected synchronized void modify(QuickStartSecurityConfig quickStartSecurityConfig) {
        this.config = quickStartSecurityConfig;
        validateConfigurationProperties();
        if (this.urConfigReg == null) {
            registerQuickStartSecurityRegistryConfiguration();
        } else {
            updateQuickStartSecurityRegistryConfiguration();
        }
        unregisterQuickStartSecurityAdministratorRole();
        registerQuickStartSecurityAdministratorRole();
    }

    @Deactivate
    protected synchronized void deactivate() {
        this.bc = null;
        this.config = null;
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    @Trivial
    private boolean isStringValueUndefined(Object obj) {
        if (!(obj instanceof SerializableProtectedString)) {
            return obj == null || ((String) obj).trim().isEmpty();
        }
        for (char c : ((SerializableProtectedString) obj).getChars()) {
            if (c > ' ') {
                return false;
            }
        }
        return true;
    }

    private void validateConfigurationProperties() {
        if (isStringValueUndefined(this.config.userName()) && !isStringValueUndefined(this.config.userPassword())) {
            Tr.error(tc, "QUICK_START_SECURITY_MISSING_ATTIRBUTES", CFG_KEY_USER);
        }
        if (!isStringValueUndefined(this.config.userName()) && isStringValueUndefined(this.config.userPassword())) {
            Tr.error(tc, "QUICK_START_SECURITY_MISSING_ATTIRBUTES", "userPassword");
        }
        errorOnAnotherRegistry();
        errorOnAnotherManagementRole();
    }

    private void errorOnAnotherRegistry() {
        if ((isStringValueUndefined(this.config.userName()) && isStringValueUndefined(this.config.userPassword())) || this.config.UserRegistry() == null || this.config.UserRegistry().length <= 0) {
            return;
        }
        Tr.error(tc, "QUICK_START_SECURITY_WITH_ANOTHER_REGISTRY", new Object[0]);
    }

    private void errorOnAnotherManagementRole() {
        if ((isStringValueUndefined(this.config.userName()) && isStringValueUndefined(this.config.userPassword())) || this.config.ManagementRole() == null || this.config.ManagementRole().length <= 0) {
            return;
        }
        Tr.error(tc, "QUICK_START_SECURITY_WITH_OTHER_MANAGEMENT_AUTHORIZATION", new Object[0]);
    }

    private Dictionary<String, Object> buildUserRegistryConfigProps() {
        Hashtable hashtable = new Hashtable();
        hashtable.put("config.id", QUICK_START_SECURITY_REGISTRY_ID);
        hashtable.put("id", QUICK_START_SECURITY_REGISTRY_ID);
        hashtable.put(UserRegistryService.REGISTRY_TYPE, QUICK_START_SECURITY_REGISTRY_TYPE);
        hashtable.put(CFG_KEY_USER, this.config.userName());
        hashtable.put("userPassword", getPasswordValue(this.config.userPassword()));
        hashtable.put(Constants.SERVICE_VENDOR, "IBM");
        return hashtable;
    }

    private void registerQuickStartSecurityRegistryConfiguration() {
        if (this.bc == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "BundleContext is null, we must be deactivated.", new Object[0]);
                return;
            }
            return;
        }
        if (this.urConfigReg != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityRegistry configuration is already registered.", new Object[0]);
                return;
            }
            return;
        }
        if (isStringValueUndefined(this.config.userName()) || isStringValueUndefined(this.config.userPassword())) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Incomplete configuration. This should already have been reported. Will not register QuickStartSecurityRegistry configuration.", new Object[0]);
                return;
            }
            return;
        }
        if (this.config.UserRegistry() != null && this.config.UserRegistry().length > 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Other UserRegistryConfiguration are present, will not register the QuickStartSecurityRegistry configuration.", new Object[0]);
                return;
            }
            return;
        }
        if (this.managementRoles.isEmpty()) {
            Dictionary<String, ?> buildUserRegistryConfigProps = buildUserRegistryConfigProps();
            this.quickStartRegistry = new QuickStartSecurityRegistry(this.config.userName(), getPasswordValue(this.config.userPassword()));
            this.urConfigReg = this.bc.registerService((Class<Class>) UserRegistry.class, (Class) this.quickStartRegistry, buildUserRegistryConfigProps);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Other ManagementRole are present, will not register the QuickStartSecurityRegistry configuration.", new Object[0]);
        }
    }

    private void updateQuickStartSecurityRegistryConfiguration() {
        if (!isStringValueUndefined(this.config.userName()) && !isStringValueUndefined(this.config.userPassword()) && ((this.config.UserRegistry() == null || this.config.UserRegistry().length == 0) && (this.config.ManagementRole() == null || this.config.ManagementRole().length == 0))) {
            this.quickStartRegistry.update(this.config.userName(), getPasswordValue(this.config.userPassword()));
            this.urConfigReg.setProperties(buildUserRegistryConfigProps());
        } else {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Lost required configuration information, removing the configuration (if its registered).", new Object[0]);
            }
            unregisterQuickStartSecurityRegistryConfiguration();
        }
    }

    private void unregisterQuickStartSecurityRegistryConfiguration() {
        if (this.urConfigReg != null) {
            this.urConfigReg.unregister();
            this.urConfigReg = null;
            this.quickStartRegistry = null;
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "QuickStartSecurityRegistry configuration is not registered.", new Object[0]);
        }
    }

    private void registerQuickStartSecurityAdministratorRole() {
        if (this.bc == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "BundleContext is null, we must be deactivated.", new Object[0]);
                return;
            }
            return;
        }
        if (this.managementRoleReg != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityAdministratorRole is already registered.", new Object[0]);
                return;
            }
            return;
        }
        if (this.urConfigReg == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityRegistry configuration is not registered, will not register QuickStartSecurityAdministratorRole.", new Object[0]);
                return;
            }
            return;
        }
        if (isStringValueUndefined(this.config.userName())) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "User is not set, can not register the QuickStartSecurityAdministratorRole", new Object[0]);
                return;
            }
            return;
        }
        if (!this.managementRoles.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Other managment roles are present, will not register the QuickStartSecurityAdministratorRole", new Object[0]);
                return;
            }
            return;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put(ManagementRole.MANAGEMENT_ROLE_NAME, QUICK_START_ADMINISTRATOR_ROLE_NAME);
        hashtable.put(Constants.SERVICE_VENDOR, "IBM");
        this.managementRole = new QuickStartSecurityAdministratorRole(this.config.userName());
        this.managementRoleReg = this.bc.registerService((Class<Class>) ManagementRole.class, (Class) this.managementRole, (Dictionary<String, ?>) hashtable);
    }

    private void unregisterQuickStartSecurityAdministratorRole() {
        if (this.managementRoleReg != null) {
            this.managementRoleReg.unregister();
            this.managementRoleReg = null;
            this.managementRole = null;
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "QuickStartSecurityAdministratorRole is not registered.", new Object[0]);
        }
    }

    private ProtectedString getPasswordValue(SerializableProtectedString serializableProtectedString) {
        if (serializableProtectedString == null) {
            return null;
        }
        String passwordDecode = PasswordUtil.passwordDecode(new String(serializableProtectedString.getChars()).trim());
        char[] cArr = new char[passwordDecode.length()];
        passwordDecode.getChars(0, passwordDecode.length(), cArr, 0);
        return new ProtectedString(cArr);
    }
}
