package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.SSOCookieHelperImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.WebAuthenticatorProxy;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.21.jar:com/ibm/ws/webcontainer/security/internal/WebAppSecurityConfigImpl.class */
public class WebAppSecurityConfigImpl implements WebAppSecurityConfig {
    public static final String WLP_USER_DIR = "${wlp.user.dir}";
    public static final String AUTO_GEN_COOKIE_NAME_PREFIX = "WAS_";
    public static final String DEFAULT_SSO_COOKIE_NAME = "LtpaToken2";
    static final String CFG_KEY_LOGOUT_ON_HTTP_SESSION_EXPIRE = "logoutOnHttpSessionExpire";
    public static final String CFG_KEY_SINGLE_SIGN_ON_ENABLED = "singleSignonEnabled";
    static final String CFG_KEY_PRESERVE_FULLY_QUALIFIED_REFERRER_URL = "preserveFullyQualifiedReferrerUrl";
    static final String CFG_KEY_POSTPARAM_SAVE_METHOD = "postParamSaveMethod";
    static final String CFG_KEY_POSTPARAM_COOKIE_SIZE = "postParamCookieSize";
    static final String CFG_KEY_ALLOW_LOGOUT_PAGE_REDIRECT_TO_ANY_HOST = "allowLogoutPageRedirectToAnyHost";
    static final String CFG_KEY_LOGOUT_PAGE_REDIRECT_DOMAIN_NAMES = "logoutPageRedirectDomainNames";
    static final String CFG_KEY_WAS_REQ_URL_REDIRECT_DOMAIN_NAMES = "wasReqURLRedirectDomainNames";
    protected static final String CFG_KEY_SSO_COOKIE_NAME = "ssoCookieName";
    static final String CFG_KEY_AUTO_GEN_SSO_COOKIE_NAME = "autoGenSsoCookieName";
    public static final String CFG_KEY_FAIL_OVER_TO_BASICAUTH = "allowFailOverToBasicAuth";
    static final String CFG_KEY_DISPLAY_AUTHENTICATION_REALM = "displayAuthenticationRealm";
    static final String CFG_KEY_HTTP_ONLY_COOKIES = "httpOnlyCookies";
    static final String CFG_KEY_WEB_ALWAYS_LOGIN = "webAlwaysLogin";
    static final String CFG_KEY_SSO_DOMAIN_NAMES = "ssoDomainNames";
    static final String CFG_KEY_SSO_REQUIRES_SSL = "ssoRequiresSSL";
    static final String CFG_KEY_SSO_USE_DOMAIN_FROM_URL = "ssoUseDomainFromURL";
    public static final String CFG_KEY_USE_AUTH_DATA_FOR_UNPROTECTED = "useAuthenticationDataForUnprotectedResource";
    public static final String CFG_KEY_LOGIN_FORM_URL = "loginFormURL";
    public static final String CFG_KEY_LOGIN_ERROR_URL = "loginErrorURL";
    public static final String CFG_KEY_ALLOW_FAIL_OVER_TO_AUTH_METHOD = "allowAuthenticationFailOverToAuthMethod";
    static final String CFG_KEY_INCLUDE_PATH_IN_WAS_REQ_URL = "includePathInWASReqURL";
    static final String CFG_KEY_TRACK_LOGGED_OUT_SSO_COOKIES = "trackLoggedOutSSOCookies";
    static final String CFG_KEY_USE_ONLY_CUSTOM_COOKIE_NAME = "useOnlyCustomCookieName";
    public static final String CFG_KEY_OVERRIDE_HAM = "overrideHttpAuthMethod";
    public static final String CFG_KEY_LOGIN_FORM_CONTEXT_ROOT = "contextRootForFormAuthenticationMechanism";
    public static final String CFG_KEY_BASIC_AUTH_REALM_NAME = "basicAuthenticationMechanismRealmName";
    private final Boolean logoutOnHttpSessionExpire;
    private final Boolean singleSignonEnabled;
    private final Boolean preserveFullyQualifiedReferrerUrl;
    private final String postParamSaveMethod;
    private final Integer postParamCookieSize;
    private final Boolean allowLogoutPageRedirectToAnyHost;
    private final String wasReqURLRedirectDomainNames;
    private final String logoutPageRedirectDomainNames;
    protected String ssoCookieName;
    protected final Boolean autoGenSsoCookieName;
    private final Boolean allowFailOverToBasicAuth;
    private final Boolean displayAuthenticationRealm;
    private final Boolean httpOnlyCookies;
    private final Boolean webAlwaysLogin;
    private final Boolean ssoRequiresSSL;
    private final String ssoDomainNames;
    private final Boolean ssoUseDomainFromURL;
    private final Boolean useAuthenticationDataForUnprotectedResource;
    private final String loginFormURL;
    private final String loginErrorURL;
    private final String allowFailOverToAuthMethod;
    private final Boolean includePathInWASReqURL;
    private final Boolean trackLoggedOutSSOCookies;
    private final Boolean useOnlyCustomCookieName;
    private final String overrideHttpAuthMethod;
    private final String loginFormContextRoot;
    private final String basicAuthRealmName;
    protected final AtomicServiceReference<WsLocationAdmin> locationAdminRef;
    protected final AtomicServiceReference<SecurityService> securityServiceRef;
    static final long serialVersionUID = -5858234088450338637L;
    private static final TraceComponent tc = Tr.register(WebAppSecurityConfigImpl.class);
    static Map<String, String> configAttributes = new TreeMap<String, String>() { // from class: com.ibm.ws.webcontainer.security.internal.WebAppSecurityConfigImpl.1
        private static final long serialVersionUID = -6244999820664139565L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

        {
            put(WebAppSecurityConfigImpl.CFG_KEY_FAIL_OVER_TO_BASICAUTH, WebAppSecurityConfigImpl.CFG_KEY_FAIL_OVER_TO_BASICAUTH);
            put(WebAppSecurityConfigImpl.CFG_KEY_ALLOW_LOGOUT_PAGE_REDIRECT_TO_ANY_HOST, WebAppSecurityConfigImpl.CFG_KEY_ALLOW_LOGOUT_PAGE_REDIRECT_TO_ANY_HOST);
            put(WebAppSecurityConfigImpl.CFG_KEY_DISPLAY_AUTHENTICATION_REALM, WebAppSecurityConfigImpl.CFG_KEY_DISPLAY_AUTHENTICATION_REALM);
            put(WebAppSecurityConfigImpl.CFG_KEY_HTTP_ONLY_COOKIES, WebAppSecurityConfigImpl.CFG_KEY_HTTP_ONLY_COOKIES);
            put(WebAppSecurityConfigImpl.CFG_KEY_LOGOUT_ON_HTTP_SESSION_EXPIRE, WebAppSecurityConfigImpl.CFG_KEY_LOGOUT_ON_HTTP_SESSION_EXPIRE);
            put(WebAppSecurityConfigImpl.CFG_KEY_LOGOUT_PAGE_REDIRECT_DOMAIN_NAMES, WebAppSecurityConfigImpl.CFG_KEY_LOGOUT_PAGE_REDIRECT_DOMAIN_NAMES);
            put(WebAppSecurityConfigImpl.CFG_KEY_PRESERVE_FULLY_QUALIFIED_REFERRER_URL, WebAppSecurityConfigImpl.CFG_KEY_PRESERVE_FULLY_QUALIFIED_REFERRER_URL);
            put(WebAppSecurityConfigImpl.CFG_KEY_POSTPARAM_COOKIE_SIZE, WebAppSecurityConfigImpl.CFG_KEY_POSTPARAM_COOKIE_SIZE);
            put(WebAppSecurityConfigImpl.CFG_KEY_POSTPARAM_SAVE_METHOD, WebAppSecurityConfigImpl.CFG_KEY_POSTPARAM_SAVE_METHOD);
            put(WebAppSecurityConfigImpl.CFG_KEY_SINGLE_SIGN_ON_ENABLED, WebAppSecurityConfigImpl.CFG_KEY_SINGLE_SIGN_ON_ENABLED);
            put(WebAppSecurityConfigImpl.CFG_KEY_SSO_COOKIE_NAME, WebAppSecurityConfigImpl.CFG_KEY_SSO_COOKIE_NAME);
            put(WebAppSecurityConfigImpl.CFG_KEY_AUTO_GEN_SSO_COOKIE_NAME, WebAppSecurityConfigImpl.CFG_KEY_AUTO_GEN_SSO_COOKIE_NAME);
            put(WebAppSecurityConfigImpl.CFG_KEY_SSO_DOMAIN_NAMES, WebAppSecurityConfigImpl.CFG_KEY_SSO_DOMAIN_NAMES);
            put(WebAppSecurityConfigImpl.CFG_KEY_SSO_REQUIRES_SSL, WebAppSecurityConfigImpl.CFG_KEY_SSO_REQUIRES_SSL);
            put(WebAppSecurityConfigImpl.CFG_KEY_SSO_USE_DOMAIN_FROM_URL, WebAppSecurityConfigImpl.CFG_KEY_SSO_USE_DOMAIN_FROM_URL);
            put(WebAppSecurityConfigImpl.CFG_KEY_USE_AUTH_DATA_FOR_UNPROTECTED, WebAppSecurityConfigImpl.CFG_KEY_USE_AUTH_DATA_FOR_UNPROTECTED);
            put(WebAppSecurityConfigImpl.CFG_KEY_WEB_ALWAYS_LOGIN, WebAppSecurityConfigImpl.CFG_KEY_WEB_ALWAYS_LOGIN);
            put(WebAppSecurityConfigImpl.CFG_KEY_LOGIN_FORM_URL, WebAppSecurityConfigImpl.CFG_KEY_LOGIN_FORM_URL);
            put(WebAppSecurityConfigImpl.CFG_KEY_LOGIN_ERROR_URL, WebAppSecurityConfigImpl.CFG_KEY_LOGIN_ERROR_URL);
            put(WebAppSecurityConfigImpl.CFG_KEY_ALLOW_FAIL_OVER_TO_AUTH_METHOD, "allowFailOverToAuthMethod");
            put(WebAppSecurityConfigImpl.CFG_KEY_INCLUDE_PATH_IN_WAS_REQ_URL, WebAppSecurityConfigImpl.CFG_KEY_INCLUDE_PATH_IN_WAS_REQ_URL);
            put(WebAppSecurityConfigImpl.CFG_KEY_TRACK_LOGGED_OUT_SSO_COOKIES, WebAppSecurityConfigImpl.CFG_KEY_TRACK_LOGGED_OUT_SSO_COOKIES);
            put(WebAppSecurityConfigImpl.CFG_KEY_USE_ONLY_CUSTOM_COOKIE_NAME, WebAppSecurityConfigImpl.CFG_KEY_USE_ONLY_CUSTOM_COOKIE_NAME);
            put(WebAppSecurityConfigImpl.CFG_KEY_WAS_REQ_URL_REDIRECT_DOMAIN_NAMES, WebAppSecurityConfigImpl.CFG_KEY_WAS_REQ_URL_REDIRECT_DOMAIN_NAMES);
            put(WebAppSecurityConfigImpl.CFG_KEY_OVERRIDE_HAM, WebAppSecurityConfigImpl.CFG_KEY_OVERRIDE_HAM);
            put(WebAppSecurityConfigImpl.CFG_KEY_LOGIN_FORM_CONTEXT_ROOT, "loginFormContextRoot");
            put(WebAppSecurityConfigImpl.CFG_KEY_BASIC_AUTH_REALM_NAME, "basicAuthRealmName");
        }
    };

    public WebAppSecurityConfigImpl(Map<String, Object> map, AtomicServiceReference<WsLocationAdmin> atomicServiceReference, AtomicServiceReference<SecurityService> atomicServiceReference2) {
        this.locationAdminRef = atomicServiceReference;
        this.securityServiceRef = atomicServiceReference2;
        this.logoutOnHttpSessionExpire = (Boolean) map.get(CFG_KEY_LOGOUT_ON_HTTP_SESSION_EXPIRE);
        this.singleSignonEnabled = (Boolean) map.get(CFG_KEY_SINGLE_SIGN_ON_ENABLED);
        this.preserveFullyQualifiedReferrerUrl = (Boolean) map.get(CFG_KEY_PRESERVE_FULLY_QUALIFIED_REFERRER_URL);
        this.postParamSaveMethod = (String) map.get(CFG_KEY_POSTPARAM_SAVE_METHOD);
        this.postParamCookieSize = (Integer) map.get(CFG_KEY_POSTPARAM_COOKIE_SIZE);
        this.allowLogoutPageRedirectToAnyHost = (Boolean) map.get(CFG_KEY_ALLOW_LOGOUT_PAGE_REDIRECT_TO_ANY_HOST);
        this.wasReqURLRedirectDomainNames = (String) map.get(CFG_KEY_WAS_REQ_URL_REDIRECT_DOMAIN_NAMES);
        this.logoutPageRedirectDomainNames = (String) map.get(CFG_KEY_LOGOUT_PAGE_REDIRECT_DOMAIN_NAMES);
        this.autoGenSsoCookieName = (Boolean) map.get(CFG_KEY_AUTO_GEN_SSO_COOKIE_NAME);
        this.ssoCookieName = resolveSsoCookieName(map);
        this.allowFailOverToBasicAuth = (Boolean) map.get(CFG_KEY_FAIL_OVER_TO_BASICAUTH);
        this.displayAuthenticationRealm = (Boolean) map.get(CFG_KEY_DISPLAY_AUTHENTICATION_REALM);
        this.httpOnlyCookies = (Boolean) map.get(CFG_KEY_HTTP_ONLY_COOKIES);
        this.webAlwaysLogin = (Boolean) map.get(CFG_KEY_WEB_ALWAYS_LOGIN);
        this.ssoRequiresSSL = (Boolean) map.get(CFG_KEY_SSO_REQUIRES_SSL);
        this.ssoDomainNames = (String) map.get(CFG_KEY_SSO_DOMAIN_NAMES);
        this.ssoUseDomainFromURL = (Boolean) map.get(CFG_KEY_SSO_USE_DOMAIN_FROM_URL);
        this.useAuthenticationDataForUnprotectedResource = (Boolean) map.get(CFG_KEY_USE_AUTH_DATA_FOR_UNPROTECTED);
        this.loginFormURL = (String) map.get(CFG_KEY_LOGIN_FORM_URL);
        this.loginErrorURL = (String) map.get(CFG_KEY_LOGIN_ERROR_URL);
        this.allowFailOverToAuthMethod = (String) map.get(CFG_KEY_ALLOW_FAIL_OVER_TO_AUTH_METHOD);
        this.includePathInWASReqURL = (Boolean) map.get(CFG_KEY_INCLUDE_PATH_IN_WAS_REQ_URL);
        this.trackLoggedOutSSOCookies = (Boolean) map.get(CFG_KEY_TRACK_LOGGED_OUT_SSO_COOKIES);
        this.useOnlyCustomCookieName = (Boolean) map.get(CFG_KEY_USE_ONLY_CUSTOM_COOKIE_NAME);
        this.overrideHttpAuthMethod = (String) map.get(CFG_KEY_OVERRIDE_HAM);
        this.loginFormContextRoot = (String) map.get(CFG_KEY_LOGIN_FORM_CONTEXT_ROOT);
        this.basicAuthRealmName = (String) map.get(CFG_KEY_BASIC_AUTH_REALM_NAME);
        WebAppSecurityCollaboratorImpl.setGlobalWebAppSecurityConfig(this);
    }

    protected String resolveSsoCookieName(Map<String, Object> map) {
        String str = null;
        String str2 = (String) map.get(CFG_KEY_SSO_COOKIE_NAME);
        if ("LtpaToken2".equalsIgnoreCase(str2) && this.autoGenSsoCookieName.booleanValue()) {
            str = generateSsoCookieName();
        }
        return str != null ? str : str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateSsoCookieName() {
        WsLocationAdmin service = this.locationAdminRef.getService();
        if (service == null) {
            Tr.error(tc, "OSGI_SERVICE_ERROR", "WsLocationAdmin");
            return null;
        }
        String replace = service.resolveString("${wlp.user.dir}").replace('\\', '/');
        String str = getHostName() + "_" + replace + (replace.endsWith("/") ? "" : "/") + "servers/" + service.getServerName();
        String str2 = AUTO_GEN_COOKIE_NAME_PREFIX + StringUtil.hash(str);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "cookieHashName: " + str2 + " cookieLongName: " + str, new Object[0]);
        }
        return str2;
    }

    private String getHostName() {
        try {
            return InetAddress.getLocalHost().getCanonicalHostName().toLowerCase();
        } catch (UnknownHostException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.WebAppSecurityConfigImpl", "217", this, new Object[0]);
            return "localhost";
        }
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getLogoutOnHttpSessionExpire() {
        return this.logoutOnHttpSessionExpire.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean isIncludePathInWASReqURL() {
        return this.includePathInWASReqURL.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean isSingleSignonEnabled() {
        return this.singleSignonEnabled.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getPreserveFullyQualifiedReferrerUrl() {
        return this.preserveFullyQualifiedReferrerUrl.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getPostParamSaveMethod() {
        return this.postParamSaveMethod;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public int getPostParamCookieSize() {
        return this.postParamCookieSize.intValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getAllowLogoutPageRedirectToAnyHost() {
        return this.allowLogoutPageRedirectToAnyHost.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getSSOCookieName() {
        return this.ssoCookieName;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getAllowFailOverToBasicAuth() {
        if (this.allowFailOverToBasicAuth.booleanValue()) {
            return true;
        }
        return this.allowFailOverToAuthMethod != null && this.allowFailOverToAuthMethod.equalsIgnoreCase("BASIC");
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getAllowFailOverToFormLogin() {
        return this.allowFailOverToAuthMethod != null && this.allowFailOverToAuthMethod.equalsIgnoreCase("FORM");
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getAllowFailOverToAppDefined() {
        return this.allowFailOverToAuthMethod != null && this.allowFailOverToAuthMethod.equalsIgnoreCase(LoginConfiguration.APP_DEFINED);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean allowFailOver() {
        return getAllowFailOverToBasicAuth() || getAllowFailOverToFormLogin() || getAllowFailOverToAppDefined();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getDisplayAuthenticationRealm() {
        return this.displayAuthenticationRealm.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public List<String> getWASReqURLRedirectDomainNames() {
        return domainNamesToList(this.wasReqURLRedirectDomainNames);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public List<String> getLogoutPageRedirectDomainList() {
        return domainNamesToList(this.logoutPageRedirectDomainNames);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getHttpOnlyCookies() {
        return this.httpOnlyCookies.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getWebAlwaysLogin() {
        return this.webAlwaysLogin.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getSSORequiresSSL() {
        return this.ssoRequiresSSL.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public List<String> getSSODomainList() {
        return domainNamesToList(this.ssoDomainNames);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean getSSOUseDomainFromURL() {
        return this.ssoUseDomainFromURL.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean isUseAuthenticationDataForUnprotectedResourceEnabled() {
        return this.useAuthenticationDataForUnprotectedResource.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getLoginFormURL() {
        return this.loginFormURL;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getLoginErrorURL() {
        return this.loginErrorURL;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean isTrackLoggedOutSSOCookiesEnabled() {
        return this.trackLoggedOutSSOCookies.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public boolean isUseOnlyCustomCookieName() {
        return this.useOnlyCustomCookieName.booleanValue();
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getOverrideHttpAuthMethod() {
        return this.overrideHttpAuthMethod;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getLoginFormContextRoot() {
        return this.loginFormContextRoot;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getBasicAuthRealmName() {
        return this.basicAuthRealmName;
    }

    private List<String> domainNamesToList(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split("\\|")) {
            arrayList.add(str2.trim());
        }
        return arrayList;
    }

    private void appendToBufferIfDifferent(StringBuffer stringBuffer, String str, Object obj, Object obj2) {
        if (obj != obj2) {
            if ((obj == null || obj.equals(obj2)) && (obj2 == null || obj2.equals(obj))) {
                return;
            }
            if (stringBuffer.length() > 0) {
                stringBuffer.append(",");
            }
            stringBuffer.append(str);
            stringBuffer.append("=");
            stringBuffer.append(obj == null ? "" : obj.toString());
        }
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public String getChangedProperties(WebAppSecurityConfig webAppSecurityConfig) {
        if (this == webAppSecurityConfig || !(webAppSecurityConfig instanceof WebAppSecurityConfigImpl)) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer();
        WebAppSecurityConfigImpl webAppSecurityConfigImpl = (WebAppSecurityConfigImpl) webAppSecurityConfig;
        for (Map.Entry<String, String> entry : configAttributes.entrySet()) {
            try {
                Field declaredField = WebAppSecurityConfigImpl.class.getDeclaredField(entry.getValue());
                declaredField.setAccessible(true);
                appendToBufferIfDifferent(stringBuffer, entry.getKey(), declaredField.get(this), declaredField.get(webAppSecurityConfigImpl));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.WebAppSecurityConfigImpl", "453", this, new Object[]{webAppSecurityConfig});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception is caught " + e, new Object[0]);
                }
            }
        }
        return stringBuffer.toString();
    }

    private void appendToMapIfDifferent(Map<String, String> map, String str, Object obj, Object obj2) {
        if (obj != obj2) {
            if ((obj == null || obj.equals(obj2)) && (obj2 == null || obj2.equals(obj))) {
                return;
            }
            map.put(str, obj == null ? "" : obj.toString());
        }
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public Map<String, String> getChangedPropertiesMap(WebAppSecurityConfig webAppSecurityConfig) {
        if (this == webAppSecurityConfig || !(webAppSecurityConfig instanceof WebAppSecurityConfigImpl)) {
            return null;
        }
        TreeMap treeMap = new TreeMap();
        WebAppSecurityConfigImpl webAppSecurityConfigImpl = (WebAppSecurityConfigImpl) webAppSecurityConfig;
        for (Map.Entry<String, String> entry : configAttributes.entrySet()) {
            try {
                Field declaredField = WebAppSecurityConfigImpl.class.getDeclaredField(entry.getValue());
                declaredField.setAccessible(true);
                appendToMapIfDifferent(treeMap, entry.getKey(), declaredField.get(this), declaredField.get(webAppSecurityConfigImpl));
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.WebAppSecurityConfigImpl", "499", this, new Object[]{webAppSecurityConfig});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception is caught " + e, new Object[0]);
                }
            }
        }
        if (treeMap.isEmpty()) {
            treeMap = null;
        }
        return treeMap;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public SSOCookieHelper createSSOCookieHelper() {
        return new SSOCookieHelperImpl(this);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public ReferrerURLCookieHandler createReferrerURLCookieHandler() {
        return new ReferrerURLCookieHandler(this);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppSecurityConfig
    public WebAuthenticatorProxy createWebAuthenticatorProxy() {
        return new WebAuthenticatorProxy(this, null, this.securityServiceRef, null);
    }
}
