package com.ibm.ws.management.repository.member.internal.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.websphere.ssl.SSLConfigurationNotAvailableException;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.collective.security.CollectiveDNUtil;
import com.ibm.ws.collective.utils.RepositoryPathUtility;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.management.repository.member.internal.CollectiveHostName;
import com.ibm.ws.management.repository.member.internal.TraceConstants;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.FrameworkState;
import com.ibm.wsspi.ssl.SSLConfiguration;
import com.ibm.wsspi.ssl.SSLSupport;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.naming.InvalidNameException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = ExtensionConstants.CORE_EXTENSION, messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:lib/com.ibm.ws.management.repository.member_1.0.2.cl50220140506-1346.jar:com/ibm/ws/management/repository/member/internal/security/CollectiveIdentityValidator.class */
public class CollectiveIdentityValidator {
    private static final TraceComponent tc = Tr.register(CollectiveIdentityValidator.class);
    static final String SSL_CONFIG_ID = "controllerConnectionConfig";
    static final String SERVER_IDENTITY_KEYSTORE_NAME = "serverIdentity";
    static final String SERVER_IDENTITY_KEY_ALIAS = "serveridentity";
    static final String KEY_LOCATION_ADMIN_REF = "locationAdmin";
    static final String KEY_COLLECTIVE_HOSTNAME_REF = "collectiveHostName";
    static final String KEY_KEYSTORE_SERVICE_REF = "keyStoreService";
    static final String KEY_SSL_SUPPORT_REF = "sslSupport";
    static final String KEY_EXECUTOR_SERVICE_REF = "executorService";
    private final AtomicServiceReference<WsLocationAdmin> locationAdminRef = new AtomicServiceReference<>(KEY_LOCATION_ADMIN_REF);
    private final AtomicServiceReference<CollectiveHostName> collectiveHostNameRef = new AtomicServiceReference<>(KEY_COLLECTIVE_HOSTNAME_REF);
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE_REF);
    private final AtomicServiceReference<SSLSupport> sslSupportRef = new AtomicServiceReference<>(KEY_SSL_SUPPORT_REF);
    private final AtomicServiceReference<ScheduledExecutorService> executorServiceRef = new AtomicServiceReference<>(KEY_EXECUTOR_SERVICE_REF);
    private ScheduledValidate scheduledValidate;
    static final long serialVersionUID = 8042601922098607474L;

    @TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = ExtensionConstants.CORE_EXTENSION, messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:lib/com.ibm.ws.management.repository.member_1.0.2.cl50220140506-1346.jar:com/ibm/ws/management/repository/member/internal/security/CollectiveIdentityValidator$ScheduledValidate.class */
    class ScheduledValidate implements Callable<Void> {
        private final int MAX_ATTEMPTS = 5;
        private int attempts = 0;
        private boolean isCanceled = false;
        private boolean scheduled = false;
        private ScheduledFuture<Void> scheduledFuture = null;
        static final long serialVersionUID = -2597330771298095652L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(ScheduledValidate.class);

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        ScheduledValidate() {
        }

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        public synchronized void schedule() {
            if (this.scheduled) {
                return;
            }
            if (FrameworkState.isStopping()) {
                if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                    Tr.event(CollectiveIdentityValidator.tc, "Framework is stopping, will not schedule any new attempts.", new Object[0]);
                }
            } else if (this.isCanceled) {
                if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                    Tr.event(CollectiveIdentityValidator.tc, "Task is canceled, will not schedule any new attempts.", new Object[0]);
                }
            } else {
                if (CollectiveIdentityValidator.tc.isDebugEnabled()) {
                    Tr.debug(CollectiveIdentityValidator.tc, "Scheduling a connection attempt in 5 seconds", new Object[0]);
                }
                this.scheduledFuture = ((ScheduledExecutorService) CollectiveIdentityValidator.this.executorServiceRef.getService()).schedule(this, 5L, TimeUnit.SECONDS);
                this.scheduled = true;
            }
        }

        /* JADX WARN: Can't rename method to resolve collision */
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v17 */
        /* JADX WARN: Type inference failed for: r0v28, types: [com.ibm.ws.management.repository.member.internal.security.CollectiveIdentityValidator] */
        /* JADX WARN: Type inference failed for: r0v5, types: [int] */
        /* JADX WARN: Type inference failed for: r0v6 */
        @Override // java.util.concurrent.Callable
        @FFDCIgnore({SSLConfigurationNotAvailableException.class})
        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        public synchronized Void call() throws Exception {
            this.scheduled = false;
            if (this.isCanceled) {
                if (!CollectiveIdentityValidator.tc.isEventEnabled()) {
                    return null;
                }
                Tr.event(CollectiveIdentityValidator.tc, "Work has been explicitly canceled, no performing any work.", new Object[0]);
                return null;
            }
            this.attempts++;
            Throwable th = this.attempts;
            try {
                if (th > 5) {
                    if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                        Tr.event(CollectiveIdentityValidator.tc, "Max number of attempts to validate have been exceeded, giving up", new Object[0]);
                    }
                    Tr.warning(CollectiveIdentityValidator.tc, "IDENTITY_CANNOT_BE_VALIDATED", new Object[0]);
                    cancel();
                    return null;
                }
                try {
                    ((SSLSupport) CollectiveIdentityValidator.this.sslSupportRef.getService()).getJSSEHelper().getSSLContext(CollectiveIdentityValidator.SSL_CONFIG_ID, (Map) null, (SSLConfigChangeListener) null, false);
                    th = CollectiveIdentityValidator.this;
                    th.validateServerIdentity();
                    return null;
                } catch (SSLException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.repository.member.internal.security.CollectiveIdentityValidator$ScheduledValidate", "209", this, new Object[0]);
                    throw th;
                } catch (SSLConfigurationNotAvailableException e2) {
                    if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                        Tr.event(CollectiveIdentityValidator.tc, "SSL configuration controllerConnectionConfig is not yet ready, scheduling another attempt.", e2);
                    }
                    schedule();
                    return null;
                }
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.management.repository.member.internal.security.CollectiveIdentityValidator$ScheduledValidate", "212", this, new Object[0]);
                Object obj = th;
                if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                    Tr.event(CollectiveIdentityValidator.tc, "Unexpected Exception caught while trying to validate the server identity", obj);
                }
                Tr.warning(CollectiveIdentityValidator.tc, "IDENTITY_CANNOT_BE_VALIDATED", new Object[0]);
                return null;
            }
        }

        @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
        public synchronized void cancel() {
            if (CollectiveIdentityValidator.tc.isEventEnabled()) {
                Tr.event(CollectiveIdentityValidator.tc, "Canceling the currently scheduled future", new Object[0]);
            }
            this.isCanceled = true;
            if (this.scheduledFuture != null) {
                this.scheduledFuture.cancel(true);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public CollectiveIdentityValidator() {
    }

    @Reference(name = KEY_COLLECTIVE_HOSTNAME_REF, service = CollectiveHostName.class, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCollectiveHostName(ServiceReference<CollectiveHostName> serviceReference) {
        this.collectiveHostNameRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCollectiveHostName(ServiceReference<CollectiveHostName> serviceReference) {
        this.collectiveHostNameRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_LOCATION_ADMIN_REF, service = WsLocationAdmin.class, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.unsetReference(serviceReference);
    }

    @Reference(service = SSLConfiguration.class, target = "(id=controllerConnectionConfig)")
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSSLConfiguration(ServiceReference<SSLConfiguration> serviceReference) {
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetSSLConfiguration(ServiceReference<SSLConfiguration> serviceReference) {
    }

    @Reference(name = KEY_KEYSTORE_SERVICE_REF, service = KeyStoreService.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_SSL_SUPPORT_REF, service = SSLSupport.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSSLSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetSSLSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_EXECUTOR_SERVICE_REF, service = ScheduledExecutorService.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setExecutorService(ServiceReference<ScheduledExecutorService> serviceReference) {
        this.executorServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetExecutorService(ServiceReference<ScheduledExecutorService> serviceReference) {
        this.executorServiceRef.unsetReference(serviceReference);
    }

    @Activate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext) {
        this.locationAdminRef.activate(componentContext);
        this.collectiveHostNameRef.activate(componentContext);
        this.keyStoreServiceRef.activate(componentContext);
        this.sslSupportRef.activate(componentContext);
        this.executorServiceRef.activate(componentContext);
        this.scheduledValidate = new ScheduledValidate();
        this.executorServiceRef.getService().submit(this.scheduledValidate);
    }

    @Deactivate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext) {
        if (this.scheduledValidate != null) {
            this.scheduledValidate.cancel();
        }
        this.locationAdminRef.deactivate(componentContext);
        this.collectiveHostNameRef.deactivate(componentContext);
        this.keyStoreServiceRef.deactivate(componentContext);
        this.sslSupportRef.deactivate(componentContext);
        this.executorServiceRef.deactivate(componentContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void validateServerIdentity() throws KeyStoreException, CertificateException, InvalidNameException {
        String name = ((X509Certificate) this.keyStoreServiceRef.getService().getCertificateFromKeyStore(SERVER_IDENTITY_KEYSTORE_NAME, SERVER_IDENTITY_KEY_ALIAS)).getSubjectDN().getName();
        String hostName = CollectiveDNUtil.getHostName(name);
        String decodeURLEncodedDir = RepositoryPathUtility.decodeURLEncodedDir(CollectiveDNUtil.getURLEncodedUserDir(name));
        String serverName = CollectiveDNUtil.getServerName(name);
        String hostName2 = this.collectiveHostNameRef.getService().getHostName();
        String decodeURLEncodedDir2 = RepositoryPathUtility.decodeURLEncodedDir(RepositoryPathUtility.getURLEncodedPath(this.locationAdminRef.getService().resolveString(WsLocationConstants.SYMBOL_USER_DIR)));
        String serverName2 = this.locationAdminRef.getService().getServerName();
        if (!hostName.equals(hostName2)) {
            Tr.error(tc, "IDENTITY_HOSTNAME_HAS_CHANGED_SINCE_IDENTITY_CREATED", hostName, hostName2);
        }
        if (!decodeURLEncodedDir.equals(decodeURLEncodedDir2)) {
            Tr.error(tc, "IDENTITY_USERDIR_HAS_CHANGED_SINCE_IDENTITY_CREATED", decodeURLEncodedDir, decodeURLEncodedDir2);
        }
        if (serverName.equals(serverName2)) {
            return;
        }
        Tr.error(tc, "IDENTITY_SERVERNAME_HAS_CHANGED_SINCE_IDENTITY_CREATED", serverName, serverName2);
    }
}
