package com.ibm.ws.security.registry.basic.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.registry.CertificateMapFailedException;
import com.ibm.ws.security.registry.CertificateMapNotSupportedException;
import com.ibm.ws.security.registry.CustomRegistryException;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.NotImplementedException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.SearchResult;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.io.IOException;
import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;

@TraceOptions(traceGroups = {"UserRegistry", "BasicRegistry"}, traceGroup = "", messageBundle = "com.ibm.ws.security.registry.basic.internal.resources.LoggingMessages", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.registry.basic_1.0.3.jar:com/ibm/ws/security/registry/basic/internal/DynamicBasicRegistry.class */
public class DynamicBasicRegistry implements UserRegistry {
    private static final TraceComponent tc = Tr.register(DynamicBasicRegistry.class);
    static final String CFG_KEY_ID = "id";
    static final String CFG_KEY_REALM = "realm";
    static final String CFG_IGNORE_CASE_FOR_AUTHENTICATION = "ignoreCaseForAuthentication";
    static final String CFG_KEY_USER = "user";
    static final String CFG_KEY_GROUP = "group";
    static final String CFG_KEY_MEMBER = "member";
    static final String CFG_KEY_NAME = "name";
    static final String CFG_KEY_PASSWORD = "password";
    private final Map<String, Object> properties;
    private final BasicRegistryFactory caSource;
    private volatile BasicRegistry delegate;
    private final ServiceRegistration<ConfigurationListener> clReg;
    private final Set<String> pids = new HashSet();
    static final long serialVersionUID = 3659833179005074388L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public DynamicBasicRegistry(Map<String, Object> map, BasicRegistryFactory basicRegistryFactory) {
        this.properties = map;
        this.caSource = basicRegistryFactory;
        Hashtable hashtable = new Hashtable();
        if (map.get("config.id") != null) {
            hashtable.put("for.config.id", map.get("config.id"));
        }
        this.clReg = basicRegistryFactory.getBundleContext().registerService((Class<Class>) ConfigurationListener.class, (Class) new ConfigurationListener() { // from class: com.ibm.ws.security.registry.basic.internal.DynamicBasicRegistry.1
            static final long serialVersionUID = -3436518593145287785L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // org.osgi.service.cm.ConfigurationListener
            @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
            public void configurationEvent(ConfigurationEvent configurationEvent) {
                synchronized (DynamicBasicRegistry.this.pids) {
                    if (DynamicBasicRegistry.this.pids.contains(configurationEvent.getPid())) {
                        DynamicBasicRegistry.this.delegate = null;
                        DynamicBasicRegistry.this.caSource.notifyListeners();
                    }
                }
            }
        }, (Dictionary<String, ?>) hashtable);
        getDelegate();
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean valueIsUndefined(String str) {
        return str == null || str.trim().isEmpty();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Set<BasicUser> createBasicUserSet(ConfigurationAdmin configurationAdmin, Map<String, Object> map) {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        String[] strArr = (String[]) map.get("user");
        if (strArr == null || strArr.length == 0) {
            Tr.warning(tc, "BASIC_REGISTRY_NO_USERS_DEFINED", map.get("id"));
            return hashSet;
        }
        for (int i = 0; i < strArr.length; i++) {
            this.pids.add(strArr[i]);
            Configuration configuration = null;
            try {
                configuration = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration == null || configuration.getProperties() == null) {
                    Tr.error(tc, "BASIC_REGISTRY_INVALID_USER_DEFINITION", strArr[i]);
                } else {
                    String str = (String) configuration.getProperties().get("name");
                    Object obj = configuration.getProperties().get("password");
                    String str2 = obj != null ? obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : (String) obj : null;
                    if (valueIsUndefined(str)) {
                        hashSet2.add(str);
                        Tr.error(tc, "BASIC_REGISTRY_INVALID_USER_DEFINITION", TraceNLS.getStringFromBundle(getClass(), "com.ibm.ws.security.registry.basic.internal.resources.LoggingMessages", "USER_MUST_DEFINE_NAME", "A user element must define a name."));
                    } else if (valueIsUndefined(str2)) {
                        hashSet2.add(str);
                        Tr.error(tc, "BASIC_REGISTRY_INVALID_USER_DEFINITION", TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.registry.basic.internal.resources.LoggingMessages", "USER_MUST_DEFINE_PASSWORD", new Object[]{str}, "The user element with name ''{0}'' must define a password."));
                    } else {
                        String trim = str.trim();
                        if (!hashSet2.contains(trim)) {
                            String trim2 = str2.trim();
                            boolean isHashed = PasswordUtil.isHashed(trim2);
                            if (!isHashed) {
                                trim2 = PasswordUtil.passwordDecode(trim2);
                            }
                            BasicPassword basicPassword = new BasicPassword(trim2, isHashed);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding entry for user \"" + trim + "\"", new Object[0]);
                            }
                            BasicUser basicUser = new BasicUser(trim, basicPassword);
                            if (!hashSet.add(basicUser)) {
                                hashSet2.add(trim);
                                Tr.error(tc, "BASIC_REGISTRY_SAME_USER_DEFINITION", trim);
                                hashSet.remove(basicUser);
                            }
                        }
                    }
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.basic.internal.DynamicBasicRegistry", "134", this, new Object[]{configurationAdmin, map});
                Tr.error(tc, "BASIC_REGISTRY_INVALID_USER_DEFINITION", strArr[i]);
            }
        }
        if (hashSet.size() != 0) {
            return hashSet;
        }
        Tr.warning(tc, "BASIC_REGISTRY_NO_USERS_DEFINED", map.get("id"));
        return hashSet;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Set<BasicGroup> createBasicGroupSet(ConfigurationAdmin configurationAdmin, Map<String, Object> map) {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        String[] strArr = (String[]) map.get("group");
        if (strArr == null || strArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No groups were defined", new Object[0]);
            }
            return hashSet;
        }
        for (int i = 0; i < strArr.length; i++) {
            this.pids.add(strArr[i]);
            Configuration configuration = null;
            try {
                configuration = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration == null || configuration.getProperties() == null) {
                    Tr.error(tc, "BASIC_REGISTRY_INVALID_GROUP_DEFINITION", strArr[i]);
                } else {
                    String str = (String) configuration.getProperties().get("name");
                    if (valueIsUndefined(str)) {
                        hashSet2.add(str);
                        Tr.error(tc, "BASIC_REGISTRY_INVALID_GROUP_DEFINITION", TraceNLS.getStringFromBundle(getClass(), "com.ibm.ws.security.registry.basic.internal.resources.LoggingMessages", "GROUP_MUST_DEFINE_NAME", "A group element must define a name."));
                    } else {
                        String trim = str.trim();
                        if (!hashSet2.contains(trim)) {
                            Set<String> createMemberSet = createMemberSet(trim, configurationAdmin, configuration);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding entry for group \"" + trim + "\" with members " + createMemberSet, new Object[0]);
                            }
                            BasicGroup basicGroup = new BasicGroup(trim, createMemberSet);
                            if (!hashSet.add(basicGroup)) {
                                hashSet2.add(trim);
                                Tr.error(tc, "BASIC_REGISTRY_SAME_GROUP_DEFINITION", trim);
                                hashSet.remove(basicGroup);
                            }
                        }
                    }
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.basic.internal.DynamicBasicRegistry", "232", this, new Object[]{configurationAdmin, map});
                Tr.error(tc, "BASIC_REGISTRY_INVALID_GROUP_DEFINITION", strArr[i]);
            }
        }
        return hashSet;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Set<String> createMemberSet(String str, ConfigurationAdmin configurationAdmin, Configuration configuration) {
        HashSet hashSet = new HashSet();
        String[] strArr = (String[]) configuration.getProperties().get("member");
        if (strArr == null || strArr.length == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No members were defined", new Object[0]);
            }
            return hashSet;
        }
        for (int i = 0; i < strArr.length; i++) {
            this.pids.add(strArr[i]);
            Configuration configuration2 = null;
            try {
                configuration2 = configurationAdmin.getConfiguration(strArr[i]);
                if (configuration2 == null || configuration2.getProperties() == null) {
                    Tr.error(tc, "BASIC_REGISTRY_INVALID_MEMBER_DEFINITION", strArr[i]);
                } else {
                    String str2 = (String) configuration2.getProperties().get("name");
                    if (valueIsUndefined(str2)) {
                        Tr.error(tc, "BASIC_REGISTRY_INVALID_MEMBER_DEFINITION", TraceNLS.getStringFromBundle(getClass(), "com.ibm.ws.security.registry.basic.internal.resources.LoggingMessages", "MEMBER_MUST_DEFINE_NAME", "A member element must define a name."));
                    } else {
                        String trim = str2.trim();
                        if (!hashSet.add(trim)) {
                            Tr.warning(tc, "BASIC_REGISTRY_SAME_MEMBER_DEFINITION", trim, str);
                        }
                    }
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.basic.internal.DynamicBasicRegistry", "296", this, new Object[]{str, configurationAdmin, configuration});
                Tr.error(tc, "BASIC_REGISTRY_INVALID_MEMBER_DEFINITION", strArr[i]);
            }
        }
        return hashSet;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateGroupMembersExist(Set<BasicGroup> set, Set<BasicUser> set2) {
        for (BasicGroup basicGroup : set) {
            for (String str : basicGroup.getMembers()) {
                if (!set2.contains(new BasicUser(str, ""))) {
                    Tr.warning(tc, "BASIC_REGISTRY_UNKNOWN_MEMBER_DEFINITION", str, basicGroup.getName());
                }
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private BasicRegistry getDelegate() {
        if (this.delegate == null) {
            String str = (String) this.properties.get("realm");
            ConfigurationAdmin configAdmin = this.caSource.getConfigAdmin();
            synchronized (this.pids) {
                Set<BasicUser> createBasicUserSet = createBasicUserSet(configAdmin, this.properties);
                Set<BasicGroup> createBasicGroupSet = createBasicGroupSet(configAdmin, this.properties);
                validateGroupMembersExist(createBasicGroupSet, createBasicUserSet);
                Boolean bool = (Boolean) this.properties.get(CFG_IGNORE_CASE_FOR_AUTHENTICATION);
                if (bool == null || !bool.booleanValue()) {
                    this.delegate = new BasicRegistry(str, Boolean.FALSE, createBasicUserSet, createBasicGroupSet);
                } else {
                    this.delegate = new BasicRegistry(str, Boolean.TRUE, createBasicUserSet, createBasicGroupSet);
                }
            }
        }
        return this.delegate;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getRealm() {
        return getDelegate().getRealm();
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String checkPassword(String str, @Sensitive String str2) throws RegistryException {
        return getDelegate().checkPassword(str, str2);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String mapCertificate(X509Certificate x509Certificate) throws CertificateMapNotSupportedException, CertificateMapFailedException, RegistryException {
        return getDelegate().mapCertificate(x509Certificate);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidUser(String str) throws RegistryException {
        return getDelegate().isValidUser(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getUsers(String str, int i) throws RegistryException {
        return getDelegate().getUsers(str, i);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserDisplayName(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getUserDisplayName(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueUserId(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getUniqueUserId(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserSecurityName(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getUserSecurityName(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidGroup(String str) throws RegistryException {
        return getDelegate().isValidGroup(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getGroups(String str, int i) throws RegistryException {
        return getDelegate().getGroups(str, i);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupDisplayName(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getGroupDisplayName(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueGroupId(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getUniqueGroupId(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupSecurityName(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getGroupSecurityName(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getUniqueGroupIdsForUser(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getUniqueGroupIdsForUser(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getGroupsForUser(String str) throws EntryNotFoundException, RegistryException {
        return getDelegate().getGroupsForUser(str);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void dispose() {
        this.clReg.unregister();
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getUsersForGroup(String str, int i) throws NotImplementedException, EntryNotFoundException, CustomRegistryException, RemoteException, RegistryException {
        return getDelegate().getUsersForGroup(str, i);
    }
}
