package com.ibm.ws.ssl.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.JSSEProvider;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.kernel.feature.FeatureProvisioner;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.optional.SSLSupportOptional;
import com.ibm.ws.ssl.protocol.LibertySSLSocketFactory;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SSLSocketFactory;
import org.apache.felix.scr.component.ExtComponentContext;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(immediate = true, configurationPid = {"com.ibm.ws.ssl.default"}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.ssl_1.1.20.jar:com/ibm/ws/ssl/internal/SSLComponent.class */
public class SSLComponent extends GenericSSLConfigService implements SSLSupportOptional {
    private static final String SSL_SUPPORT_VALUE_ACTIVE = "active";
    private static final String SSL_SUPPORT_KEY = "SSLSupport";
    private static final TraceComponent tc = Tr.register(SSLComponent.class);
    protected static final String MY_ALIAS = "sslDefault";
    private final Map<String, RepertoireConfigService> repertoireMap = new HashMap();
    private final Map<String, String> repertoirePIDMap = new HashMap();
    private final Map<String, Map<String, Object>> repertoirePropertiesMap = new HashMap();
    private final Map<String, WSKeyStore> keystoreIdMap = new HashMap();
    private final Map<String, WSKeyStore> keystorePidMap = new HashMap();
    private volatile WsLocationAdmin locSvc;
    private FeatureProvisioner provisionerService;
    private SSLConfigValidator validator;
    private boolean transportSecurityEnabled;
    private ExtComponentContext componentContext;

    @Activate
    protected synchronized void activate(ComponentContext componentContext, Map<String, Object> map) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Activated: " + map, new Object[0]);
        }
        if (this.provisionerService.getInstalledFeatures().contains("transportSecurity-1.0")) {
            this.transportSecurityEnabled = true;
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "transportSecurityEnable installed", new Object[0]);
            }
        } else {
            this.transportSecurityEnabled = false;
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "transportSecurityEnable is not installed", new Object[0]);
            }
        }
        super.activate(MY_ALIAS, map);
        this.componentContext = (ExtComponentContext) componentContext;
        SSLConfigManager.getInstance().setConfigValidator(this.validator);
        processConfig(true);
    }

    @Deactivate
    protected synchronized void deactivate(int i) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Deactivated: " + i, new Object[0]);
        }
        super.deactivate(MY_ALIAS, i);
        this.repertoireMap.clear();
        this.repertoirePIDMap.clear();
        this.keystoreIdMap.clear();
        this.keystorePidMap.clear();
        processConfig(true);
        this.componentContext = null;
    }

    @Modified
    protected synchronized void modified(Map<String, Object> map) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Modified: " + map, new Object[0]);
        }
        super.modified(MY_ALIAS, map);
        processConfig(true);
    }

    @Reference(service = KeystoreConfig.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, target = "(id=*)")
    protected synchronized void setKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Adding keystore: " + keystoreConfig.getId(), new Object[0]);
        }
        addKeyStores(false, keystoreConfig);
    }

    protected synchronized void updatedKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Updating keystore: " + keystoreConfig.getId(), new Object[0]);
        }
        addKeyStores(false, keystoreConfig);
    }

    protected synchronized void unsetKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Removing keystore: " + keystoreConfig.getId(), new Object[0]);
        }
        this.keystoreIdMap.remove(keystoreConfig.getId());
        this.keystorePidMap.remove(keystoreConfig.getPid());
        KeyStoreManager.getInstance().clearKeyStoreFromMap(keystoreConfig.getId());
        Iterator<Map.Entry<String, RepertoireConfigService>> it = this.repertoireMap.entrySet().iterator();
        while (it.hasNext()) {
            RepertoireConfigService value = it.next().getValue();
            if (value.getKeyStore() == keystoreConfig || value.getTrustStore() == keystoreConfig) {
                it.remove();
                this.repertoirePropertiesMap.remove(value.getAlias());
                this.repertoirePIDMap.remove(value.getPID());
            }
        }
        processConfig(true);
    }

    private void addKeyStores(boolean z, KeystoreConfig... keystoreConfigArr) {
        for (KeystoreConfig keystoreConfig : keystoreConfigArr) {
            WSKeyStore keyStore = keystoreConfig.getKeyStore();
            if (keyStore != this.keystoreIdMap.put(keystoreConfig.getId(), keyStore)) {
                z = true;
                this.keystorePidMap.put(keystoreConfig.getPid(), keyStore);
            }
        }
        processConfig(z);
    }

    @Reference(service = RepertoireConfigService.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, target = "(id=*)")
    protected synchronized void setRepertoire(RepertoireConfigService repertoireConfigService) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Adding repertoire: " + repertoireConfigService.getAlias(), new Object[0]);
        }
        Map<String, Object> properties = repertoireConfigService.getProperties();
        this.repertoireMap.put(repertoireConfigService.getAlias(), repertoireConfigService);
        this.repertoirePIDMap.put(repertoireConfigService.getPID(), repertoireConfigService.getAlias());
        this.repertoirePropertiesMap.put(repertoireConfigService.getAlias(), properties);
        addKeyStores(true, repertoireConfigService.getKeyStore(), repertoireConfigService.getTrustStore());
    }

    protected synchronized void updatedRepertoire(RepertoireConfigService repertoireConfigService) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Updating repertoire: " + repertoireConfigService.getAlias(), new Object[0]);
        }
        Map<String, Object> properties = repertoireConfigService.getProperties();
        this.repertoirePropertiesMap.put((String) properties.get("id"), properties);
        this.repertoirePIDMap.put(repertoireConfigService.getPID(), repertoireConfigService.getAlias());
        addKeyStores(true, repertoireConfigService.getKeyStore(), repertoireConfigService.getTrustStore());
    }

    protected synchronized void unsetRepertoire(RepertoireConfigService repertoireConfigService) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Removing repertoire: " + repertoireConfigService.getAlias(), new Object[0]);
        }
        this.repertoireMap.remove(repertoireConfigService.getAlias());
        this.repertoirePIDMap.remove(repertoireConfigService.getPID());
        this.repertoirePropertiesMap.remove(repertoireConfigService.getAlias());
        processConfig(this.repertoirePropertiesMap.remove(repertoireConfigService.getAlias()) != null);
    }

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setLocMgr(WsLocationAdmin wsLocationAdmin) {
        this.locSvc = wsLocationAdmin;
    }

    protected void unsetLocMgr(ServiceReference<WsLocationAdmin> serviceReference) {
    }

    @Reference(service = FeatureProvisioner.class)
    protected synchronized void setKernelProvisioner(FeatureProvisioner featureProvisioner) {
        this.provisionerService = featureProvisioner;
    }

    protected synchronized void unsetKernelProvisioner(FeatureProvisioner featureProvisioner) {
        this.transportSecurityEnabled = false;
        this.provisionerService = null;
    }

    @Reference(service = SSLConfigValidator.class)
    protected synchronized void setSSLConfigValidator(SSLConfigValidator sSLConfigValidator) {
        this.validator = sSLConfigValidator;
    }

    protected synchronized void unsetSSLConfigValidator(SSLConfigValidator sSLConfigValidator) {
        this.validator = null;
    }

    private synchronized void processConfig(boolean z) {
        if (this.componentContext == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Not yet activated, can not process config", new Object[0]);
                return;
            }
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Processing configuration", new Object[0]);
        }
        boolean equals = this.locSvc.resolveString(WsLocationConstants.SYMBOL_PROCESS_TYPE).equals("server");
        Hashtable hashtable = new Hashtable(this.config);
        hashtable.put(SSLSupportOptional.REPERTOIRE_IDS, this.repertoireMap.keySet().toArray(new String[this.repertoireMap.size()]));
        hashtable.put(SSLSupportOptional.KEYSTORE_IDS, this.keystoreIdMap.keySet().toArray(new String[this.keystoreIdMap.size()]));
        hashtable.put(SSLSupportOptional.REPERTOIRE_PIDS, this.repertoirePIDMap.keySet().toArray(new String[this.repertoirePIDMap.size()]));
        if (z) {
            try {
                SSLConfigManager.getInstance().initializeSSL(getGlobalProps(), getRepertoireProps(), getKeyStores(), true, equals, this.transportSecurityEnabled, this.repertoirePIDMap);
            } catch (SSLException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                    Tr.event(tc, "Exception processing SSL configuration; " + e, new Object[0]);
                }
            }
        }
        if (!this.repertoireMap.isEmpty() && !this.keystoreIdMap.isEmpty()) {
            hashtable.put(SSL_SUPPORT_KEY, "active");
        }
        this.componentContext.setServiceProperties(hashtable);
    }

    Map<String, Object> getGlobalProps() {
        Map<String, Object> properties = getProperties();
        String str = (String) properties.get(LibertyConstants.KEY_DEFAULT_REPERTOIRE);
        if (str != null) {
            properties.put(Constants.SSLPROP_DEFAULT_ALIAS, str);
        } else {
            properties.put(Constants.SSLPROP_DEFAULT_ALIAS, LibertyConstants.DEFAULT_SSL_CONFIG_ID);
        }
        String str2 = (String) properties.get(LibertyConstants.KEY_OUTBOUND_DEFAULT_REPERTOIRE);
        if (str2 != null) {
            properties.put(LibertyConstants.SSLPROP_OUTBOUND_DEFAULT_ALIAS, str2);
        }
        String str3 = (String) properties.get(LibertyConstants.KEY_OUTBOUND_HOSTNAME_VERIFICATION);
        if (str3 != null) {
            properties.put(Constants.SSLPROP_URL_HOSTNAME_VERIFICATION, str3);
        }
        return properties;
    }

    Map<String, Map<String, Object>> getRepertoireProps() {
        return this.repertoirePropertiesMap;
    }

    Map<String, WSKeyStore> getKeyStores() {
        HashMap hashMap = new HashMap(this.keystoreIdMap);
        hashMap.putAll(this.keystorePidMap);
        return hashMap;
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public synchronized JSSEHelper getJSSEHelper() {
        return JSSEHelper.getInstance();
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public JSSEProvider getJSSEProvider() {
        return JSSEProviderFactory.getInstance();
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public JSSEProvider getJSSEProvider(String str) {
        return JSSEProviderFactory.getInstance(str);
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public SSLSocketFactory getSSLSocketFactory() {
        return new LibertySSLSocketFactory();
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public SSLSocketFactory getSSLSocketFactory(String str) throws javax.net.ssl.SSLException {
        return str != null ? new LibertySSLSocketFactory(str) : new LibertySSLSocketFactory();
    }

    @Override // com.ibm.wsspi.ssl.SSLSupport
    public SSLSocketFactory getSSLSocketFactory(Properties properties) throws javax.net.ssl.SSLException {
        return ((properties == null || !properties.isEmpty()) && properties != null) ? new LibertySSLSocketFactory(properties) : new LibertySSLSocketFactory();
    }
}
