package com.ibm.ws.security.oauth20.internal;

import com.ibm.oauth.core.api.audit.XMLFileOAuthAuditHandler;
import com.ibm.oauth.core.api.config.OAuthComponentConfigurationConstants;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.oauth20.api.Constants;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OAuth20ProviderFactory;
import com.ibm.ws.security.oauth20.plugins.BaseClient;
import com.ibm.ws.security.oauth20.plugins.BaseClientProvider;
import com.ibm.ws.security.oauth20.plugins.db.OAuthJDBCImpl;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.security.oauth20.util.OAuth20Parameter;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import com.ibm.wsspi.library.Library;
import com.ibm.wsspi.resource.ResourceFactory;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;

@TraceOptions(traceGroups = {"OAUTH"}, traceGroup = "", messageBundle = "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(configurationPid = "com.ibm.ws.security.oauth20.provider", configurationPolicy = ConfigurationPolicy.REQUIRE, service = {OAuth20ProviderConfigService.class, ConfigurationListener.class}, immediate = true, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.0.4.jar:com/ibm/ws/security/oauth20/internal/OAuth20ProviderConfigService.class */
public class OAuth20ProviderConfigService implements ConfigurationListener {
    private static final TraceComponent tc = Tr.register(OAuth20ProviderConfigService.class);
    private static final String KEY_CONFIGURATION_ADMIN = "configurationAdmin";
    private static final String KEY_CLASSLOADING_SVC = "classLoadingSvc";
    private static final String KEY_OAUTH_SHARED_LIB = "sharedLib";
    private static final String KEY_DATA_SOURCE = "dataSource";
    private static final String VALUE_DB_PROVIDER_CLASS = "com.ibm.ws.security.oauth20.plugins.db.CachedDBClientProvider";
    private static final String VALUE_DB_TOKEN_STORE_CLASS = "com.ibm.ws.security.oauth20.plugins.db.CachedDBTokenStore";
    private static final String VALUE_DB_CLIENT_TABLE = "OAuthDBSchema.OAUTH20CLIENTCONFIG";
    private static final String VALUE_DB_TOKEN_TABLE = "OAuthDBSchema.OAUTH20CACHE";
    private static final String VALUE_BASE_PROVIDER_CLASS = "com.ibm.ws.security.oauth20.plugins.BaseClientProvider";
    private static final String VALUE_BASE_TOKEN_STORE_CLASS = "com.ibm.ws.security.oauth20.plugins.BaseCache";
    private static final String VALUE_ACCESS_TOKEN_HANDLER_CLASS = "com.ibm.ws.security.oauth20.plugins.BaseTokenHandler";
    private boolean isLocalStore;
    private boolean isDatabaseStore;
    private boolean checkForSharedLib;
    private boolean checkForDataSource;
    private Map<String, Object> properties;
    static final String KEY_PROVIDER_ID = "id";
    static final String KEY_CLIENT_PROVIDER_CLASS = "clientProviderClassname";
    static final String KEY_GRANT = "grantType";
    static final String KEY_TOKEN_CACHE_CLASS = "tokenCacheClassname";
    static final String KEY_TOKEN_CACHE_TOKS = "tokenCache";
    static final String KEY_TOKEN_CACHE_USERS = "userCache";
    static final String KEY_DATASOURCE_REF = "dataSourceRef";
    static final String KEY_JDBC_CLIENT_TABLE = "clientTable";
    static final String KEY_JDBC_TOK_TABLE = "tokenTable";
    static final String KEY_JDBC_CLEANUP_INT = "cleanupExpiredTokenInterval";
    static final String KEY_JDBC_LIM_REF_TOK = "limitRefreshToken";
    static final String KEY_JDBC_PASSWORD = "password";
    static final String KEY_JDBC_USER = "user";
    static final String KEY_DB_TOKEN_CACHE_TOKS = "tokenDBCache";
    static final String KEY_DB_TOKEN_CACHE_CLIENTS = "clientDBCache";
    static final String KEY_MAX_AUTHGRANT_LT_SECS = "authorizationGrantLifetime";
    static final String KEY_CODE_LT_SECS = "authorizationCodeLifetime";
    static final String KEY_CODE_LEN = "authorizationCodeLength";
    static final String KEY_TOK_LT_SECS = "accessTokenLifetime";
    static final String KEY_ACCESS_TOK_LEN = "accessTokenLength";
    static final String KEY_ISSUE_REFRESH_TOK = "issueRefreshToken";
    static final String KEY_REFRESH_TOK_LEN = "refreshTokenLength";
    static final String KEY_ACCESS_TOKTYPE_HANDLER = "accessTokenHandlerClassname";
    static final String KEY_MED_CLASS_NAMES = "mediatorClassname";
    static final String KEY_ALLOW_PUBLIC_CLIENTS = "allowPublicClients";
    static final String KEY_AUTHZ_FORM_TEMP = "authorizationFormTemplate";
    static final String KEY_AUTHZ_ERR_TEMP = "authorizationErrorTemplate";
    static final String KEY_AUTHZ_LOGIN_URL = "customLoginURL";
    static final String KEY_AUDIT_HANDLER = "audithandlerClassname";
    static final String KEY_AUDIT_FILE = "xmlFileAuditHandlerFilename";
    static final String KEY_FILTER = "filter";
    static final String KEY_OUATH_ONLY = "oauthOnly";
    static final String KEY_INCLUDE_TOKEN = "includeTokenInSubject";
    static final String KEY_CHARACTER_ENCODING = "characterEncoding";
    static final String KEY_AUTO_AUTHZ_PARAM = "autoAuthorizeParam";
    static final String KEY_AUTO_AUTHZ_CLIENT = "autoAuthorizeClient";
    static final String KEY_CL_URI_SUBS = "clientURISubstitutions";
    static final String KEY_TOK_USER_CLIENT_LIMIT = "clientTokenCacheSize";
    static final String KEY_TOK_STORE_SIZE = "tokenStoreSize";
    static final String KEY_CLIENT_ID = "name";
    static final String KEY_CLIENT_COMPONENT = "component";
    static final String KEY_CLIENT_SECRET = "secret";
    static final String KEY_CLIENT_DISPLAYNAME = "displayname";
    static final String KEY_CLIENT_REDIRECT = "redirect";
    static final String KEY_CLIENT_ENABLED = "enabled";
    private static final Map<String, String[]> attributesMap;
    static final long serialVersionUID = -4974522961220858397L;
    private volatile ConfigurationAdmin configAdmin = null;
    private volatile ClassLoadingService classLoadingSvc = null;
    private volatile Library sharedLib = null;
    private volatile String dataSourceJndiName = null;
    private Map<String, List<OAuth20Parameter>> providerConfigMap = null;
    private List<BaseClient> clientsList = null;
    private ArrayList<OAuth20Parameter> parameters = null;
    private String providerId = null;
    private String mediatorClassname = null;
    private final Set<String> pids = new HashSet();

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public OAuth20ProviderConfigService() {
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void updateIfCompleted() {
        if (this.checkForDataSource) {
            if (!this.isDatabaseStore) {
                this.checkForDataSource = false;
                removeParam(KEY_DATASOURCE_REF);
            } else if (this.dataSourceJndiName != null) {
                this.checkForDataSource = false;
                addParam(KEY_DATASOURCE_REF, this.dataSourceJndiName);
            }
        }
        if (this.checkForSharedLib) {
            if (this.mediatorClassname == null) {
                this.checkForSharedLib = false;
                setSharedLibClassLoader();
            } else if (this.sharedLib != null) {
                this.checkForSharedLib = false;
                setSharedLibClassLoader();
            }
        }
        if (this.checkForDataSource || this.checkForSharedLib) {
            return;
        }
        this.providerConfigMap.put(this.providerId, this.parameters);
        Tr.info(tc, "OAUTH_PROVIDER_CONFIG_PROCESSED", this.providerId);
    }

    @Activate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        synchronized (this) {
            this.properties = map;
            processProviderConfig();
            updateIfCompleted();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "activated provider: " + this.providerId, new Object[0]);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    @Modified
    protected void modify(ComponentContext componentContext, Map<String, Object> map) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "modifying provider: " + this.providerId, new Object[0]);
            }
            removeClients();
            removeProvider();
            this.properties = map;
            processProviderConfig();
            updateIfCompleted();
        }
    }

    @Deactivate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext, Map<String, Object> map) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "deactivating provider: " + this.providerId, new Object[0]);
            }
            removeClients();
            removeProvider();
            this.providerId = null;
        }
    }

    @Reference(name = KEY_CONFIGURATION_ADMIN, service = ConfigurationAdmin.class, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = configurationAdmin;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = null;
    }

    @Reference(name = KEY_CLASSLOADING_SVC, service = ClassLoadingService.class)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.classLoadingSvc = classLoadingService;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.classLoadingSvc = null;
    }

    @Reference(name = KEY_OAUTH_SHARED_LIB, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSharedLib(Library library) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setSharedLib for provider: " + this.providerId, new Object[0]);
            }
            this.sharedLib = library;
            if (this.providerId != null) {
                removeClients();
                removeProvider();
                this.checkForSharedLib = true;
                updateIfCompleted();
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetSharedLib(Library library) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetSharedLib for provider: " + this.providerId, new Object[0]);
            }
            this.sharedLib = null;
            if (this.providerId != null) {
                removeClients();
                removeProvider();
                this.checkForSharedLib = true;
                updateIfCompleted();
            }
        }
    }

    @Reference(name = "dataSource", service = ResourceFactory.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setDataSource(ServiceReference<ResourceFactory> serviceReference) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setDataSource for provider: " + this.providerId, new Object[0]);
            }
            this.dataSourceJndiName = (String) serviceReference.getProperty("jndiName");
            if (this.providerId != null) {
                removeClients();
                removeProvider();
                this.checkForDataSource = true;
                updateIfCompleted();
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetDataSource(ServiceReference<ResourceFactory> serviceReference) {
        synchronized (this) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetDataSource for provider: " + this.providerId, new Object[0]);
            }
            this.dataSourceJndiName = null;
            if (this.providerId != null) {
                removeClients();
                removeProvider();
                this.checkForDataSource = true;
                updateIfCompleted();
            }
        }
    }

    @Override // org.osgi.service.cm.ConfigurationListener
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public synchronized void configurationEvent(ConfigurationEvent configurationEvent) {
        if (configurationEvent.getType() == 1 && this.pids.contains(configurationEvent.getPid())) {
            processProviderConfig();
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void processProviderConfig() {
        this.providerConfigMap = ConfigUtils.getProviderConfigMap();
        this.clientsList = ConfigUtils.getClients();
        this.pids.clear();
        this.parameters = new ArrayList<>();
        Object obj = this.properties.get(KEY_MED_CLASS_NAMES);
        if (obj != null) {
            String[] strArr = (String[]) obj;
            this.mediatorClassname = strArr[0];
            if (strArr.length > 1 || !this.mediatorClassname.equals(ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS)) {
                this.checkForSharedLib = true;
            }
        } else {
            this.mediatorClassname = null;
        }
        loadProviderParams();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void processClientConfig() {
        String[] strArr = (String[]) this.properties.get("localStore");
        this.isLocalStore = strArr != null && strArr.length > 0;
        if (this.isLocalStore) {
            processLocalStoreConfig(strArr[0]);
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No localStore in provider " + this.providerId, new Object[0]);
        }
        String[] strArr2 = (String[]) this.properties.get("databaseStore");
        this.isDatabaseStore = strArr2 != null && strArr2.length > 0;
        if (this.isDatabaseStore) {
            this.checkForDataSource = true;
            processDatabaseStoreConfig(strArr2[0]);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No databaseStore in the provider " + this.providerId, new Object[0]);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void processLocalStoreConfig(String str) {
        this.pids.add(str);
        Configuration configuration = null;
        try {
            configuration = this.configAdmin.getConfiguration(str);
            addParam(KEY_CLIENT_PROVIDER_CLASS, "com.ibm.ws.security.oauth20.plugins.BaseClientProvider");
            addParam(KEY_TOKEN_CACHE_CLASS, "com.ibm.ws.security.oauth20.plugins.BaseCache");
            Dictionary<String, Object> properties = configuration.getProperties();
            Long l = (Long) properties.get("tokenStoreSize");
            if (l == null) {
                l = new Long(2000L);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "tokenStoreSize " + l, new Object[0]);
            }
            addParam("tokenStoreSize", l.toString());
            String[] strArr = (String[]) properties.get("client");
            if (strArr == null || strArr.length == 0) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No oauth clients were defined in the provider. ", new Object[0]);
                    return;
                }
                return;
            }
            for (String str2 : strArr) {
                this.pids.add(str2);
                Configuration configuration2 = null;
                try {
                    configuration2 = this.configAdmin.getConfiguration(str2);
                    if (configuration2 != null && configuration2.getProperties() != null) {
                        Dictionary<String, Object> properties2 = configuration2.getProperties();
                        String str3 = (String) properties2.get("name");
                        Object obj = properties2.get("secret");
                        this.clientsList.add(new BaseClient(this.providerId, str3, PasswordUtil.passwordDecode(obj != null ? obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : (String) obj : null), (String) properties2.get("displayname"), (String) properties2.get("redirect"), ((Boolean) properties2.get("enabled")).booleanValue()));
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added client: " + str3 + " for provider: " + this.providerId, new Object[0]);
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "NULL oauth client configuration", str2);
                    }
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.OAuth20ProviderConfigService", "390", this, new Object[]{str});
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid oauth client configuration", str2);
                    }
                }
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.internal.OAuth20ProviderConfigService", "361", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid oauth localStore configuration", str);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void processDatabaseStoreConfig(String str) {
        this.pids.add(str);
        Configuration configuration = null;
        try {
            configuration = this.configAdmin.getConfiguration(str);
            Dictionary<String, Object> properties = configuration.getProperties();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "databaseStoreProps", properties);
            }
            addParam(KEY_CLIENT_PROVIDER_CLASS, "com.ibm.ws.security.oauth20.plugins.db.CachedDBClientProvider");
            addParam(KEY_TOKEN_CACHE_CLASS, "com.ibm.ws.security.oauth20.plugins.db.CachedDBTokenStore");
            addParam(KEY_JDBC_CLIENT_TABLE, VALUE_DB_CLIENT_TABLE);
            addParam(KEY_JDBC_TOK_TABLE, VALUE_DB_TOKEN_TABLE);
            Long l = (Long) properties.get(KEY_JDBC_CLEANUP_INT);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "cleanupInterval", l);
            }
            if (l == null) {
                l = new Long(3600L);
            }
            addParam(KEY_JDBC_CLEANUP_INT, l.toString());
            Boolean bool = (Boolean) properties.get(KEY_JDBC_LIM_REF_TOK);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, KEY_JDBC_LIM_REF_TOK, bool);
            }
            if (bool == null) {
                bool = true;
            }
            addParam(KEY_JDBC_LIM_REF_TOK, bool.toString());
            SerializableProtectedString serializableProtectedString = null;
            Object obj = properties.get("password");
            if (obj != null) {
                serializableProtectedString = obj instanceof SerializableProtectedString ? (SerializableProtectedString) obj : new SerializableProtectedString(((String) obj).toCharArray());
            }
            String str2 = (String) properties.get("user");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "user password", str2, serializableProtectedString);
            }
            if (str2 == null && serializableProtectedString == null) {
                return;
            }
            ConfigUtils.getProviderJdbcCredentialsMap().put(this.providerId, new Object[]{str2, serializableProtectedString});
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.OAuth20ProviderConfigService", "441", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid oauth databaseStore configuration", str);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void processCustomStoreConfig(String str) {
        this.pids.add(str);
        Configuration configuration = null;
        try {
            configuration = this.configAdmin.getConfiguration(str);
            String[] strArr = (String[]) configuration.getProperties().get("client");
            if (strArr == null || strArr.length == 0) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No oauth clients were defined in the provider. ", new Object[0]);
                    return;
                }
                return;
            }
            for (String str2 : strArr) {
                this.pids.add(str2);
                Configuration configuration2 = null;
                try {
                    configuration2 = this.configAdmin.getConfiguration(str2);
                    if (configuration2 != null && configuration2.getProperties() != null) {
                        Dictionary<String, Object> properties = configuration2.getProperties();
                        String str3 = (String) properties.get("name");
                        Object obj = properties.get("secret");
                        this.clientsList.add(new BaseClient(this.providerId, str3, PasswordUtil.passwordDecode(obj != null ? obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : (String) obj : null), (String) properties.get("displayname"), (String) properties.get("redirect"), ((Boolean) properties.get("enabled")).booleanValue()));
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "NULL oauth client configuration", str2);
                    }
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.OAuth20ProviderConfigService", "520", this, new Object[]{str});
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid oauth client configuration", str2);
                    }
                }
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.internal.OAuth20ProviderConfigService", "501", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid oauth customClientStore configuration", str);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void loadProviderParams() {
        this.providerId = (String) this.properties.get("id");
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Name and value attributes for provider: " + this.providerId, new Object[0]);
        }
        for (Map.Entry<String, String[]> entry : attributesMap.entrySet()) {
            String key = entry.getKey();
            Object obj = this.properties.get(key);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, key + " = " + obj, new Object[0]);
            }
            if (obj != null) {
                String[] value = entry.getValue();
                if (obj instanceof String) {
                    OAuth20Parameter oAuth20Parameter = new OAuth20Parameter(value[0], value[1], value[2]);
                    oAuth20Parameter.addValue((String) obj);
                    this.parameters.add(oAuth20Parameter);
                } else if (obj instanceof String[]) {
                    OAuth20Parameter oAuth20Parameter2 = new OAuth20Parameter(value[0], value[1], value[2]);
                    for (int i = 0; i < ((String[]) obj).length; i++) {
                        oAuth20Parameter2.addValue(((String[]) obj)[i]);
                    }
                    this.parameters.add(oAuth20Parameter2);
                } else if (obj instanceof Boolean) {
                    OAuth20Parameter oAuth20Parameter3 = new OAuth20Parameter(value[0], value[1], value[2]);
                    oAuth20Parameter3.addValue(((Boolean) obj).toString());
                    this.parameters.add(oAuth20Parameter3);
                } else if (obj instanceof Long) {
                    OAuth20Parameter oAuth20Parameter4 = new OAuth20Parameter(value[0], value[1], value[2]);
                    oAuth20Parameter4.addValue(((Long) obj).toString());
                    this.parameters.add(oAuth20Parameter4);
                }
            }
        }
        addParam(KEY_ACCESS_TOKTYPE_HANDLER, "com.ibm.ws.security.oauth20.plugins.BaseTokenHandler");
        processClientConfig();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void setSharedLibClassLoader() {
        if (this.sharedLib == null) {
            ConfigUtils.getProviderPluginClassLoaderMap().remove(this.providerId);
            removeParam(KEY_MED_CLASS_NAMES);
            if (this.mediatorClassname != null) {
                Tr.info(tc, "OAUTH_PROVIDER_CONFIG_NO_LIBRARYREF", this.providerId);
                return;
            }
            return;
        }
        ClassLoader sharedLibraryClassLoader = this.classLoadingSvc.getSharedLibraryClassLoader(this.sharedLib);
        ConfigUtils.getProviderPluginClassLoaderMap().put(this.providerId, sharedLibraryClassLoader);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "cl: " + sharedLibraryClassLoader, new Object[0]);
        }
        if (this.mediatorClassname != null) {
            addParam(KEY_MED_CLASS_NAMES, this.mediatorClassname);
            Tr.info(tc, "OAUTH_PROVIDER_CONFIG_MEDIATOR_LIBRARYREF_ACTIVE", this.providerId, this.mediatorClassname);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addParam(String str, String str2) {
        String[] strArr = attributesMap.get(str);
        OAuth20Parameter oAuth20Parameter = new OAuth20Parameter(strArr[0], strArr[1], strArr[2]);
        oAuth20Parameter.addValue(str2);
        this.parameters.add(oAuth20Parameter);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeParam(String str) {
        int i = 0;
        while (i < this.parameters.size()) {
            if (this.parameters.get(i).getName().equals(str)) {
                int i2 = i;
                i--;
                this.parameters.remove(i2);
            }
            i++;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeClients() {
        OAuth20Provider oAuth20Provider;
        if (!this.isLocalStore || (oAuth20Provider = OAuth20ProviderFactory.getOAuth20Provider(this.providerId, false)) == null) {
            return;
        }
        BaseClientProvider baseClientProvider = (BaseClientProvider) oAuth20Provider.getClientProvider();
        if (baseClientProvider != null) {
            Iterator<BaseClient> it = baseClientProvider.getAll().iterator();
            while (it.hasNext()) {
                baseClientProvider.delete(it.next().getClientId());
            }
        }
        ConfigUtils.deleteClients(this.providerId);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeProvider() {
        if (this.providerId != null) {
            Map<String, OAuth20Provider> allOAuth20Providers = OAuth20ProviderFactory.getAllOAuth20Providers(false);
            if (allOAuth20Providers != null) {
                allOAuth20Providers.remove(this.providerId);
            }
            ConfigUtils.getProviderPluginClassLoaderMap().remove(this.providerId);
            ConfigUtils.getProviderJdbcCredentialsMap().remove(this.providerId);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(KEY_CLIENT_PROVIDER_CLASS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_CLIENT_PROVIDER_CLASSNAME, Constants.XML_PARAM_TYPE_COMPONENT, "false"});
        hashMap.put("id", new String[]{OAuthJDBCImpl.CONFIG_PROVIDER_NAME, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_TOKEN_CACHE_CLASS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_TOKEN_CACHE_CLASSNAME, Constants.XML_PARAM_TYPE_COMPONENT, "false"});
        hashMap.put(KEY_TOKEN_CACHE_TOKS, new String[]{Constants.DYNACACHE_CONFIG_MEM_TOKENS, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_TOKEN_CACHE_USERS, new String[]{Constants.DYNACACHE_CONFIG_MEM_TOKENOWNERS, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_DATASOURCE_REF, new String[]{OAuthJDBCImpl.CONFIG_JDBC_PROVIDER, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_JDBC_CLIENT_TABLE, new String[]{OAuthJDBCImpl.CONFIG_CLIENT_TABLE, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_JDBC_TOK_TABLE, new String[]{OAuthJDBCImpl.CONFIG_TOKEN_TABLE, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_JDBC_CLEANUP_INT, new String[]{"oauthjdbc.CleanupInterval", Constants.XML_PARAM_TYPE_WAS, "true"});
        hashMap.put(KEY_JDBC_LIM_REF_TOK, new String[]{"oauthjdbc.LimitRefreshToken", Constants.XML_PARAM_TYPE_WAS, "true"});
        hashMap.put(KEY_DB_TOKEN_CACHE_TOKS, new String[]{Constants.DYNACACHE_CONFIG_DB_TOKENS, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_DB_TOKEN_CACHE_CLIENTS, new String[]{Constants.DYNACACHE_CONFIG_DB_CLIENTS, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_MAX_AUTHGRANT_LT_SECS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_MAX_AUTHORIZATION_GRANT_LIFETIME_SECONDS, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_CODE_LT_SECS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_CODE_LIFETIME_SECONDS, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_CODE_LEN, new String[]{OAuthComponentConfigurationConstants.OAUTH20_CODE_LENGTH, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_TOK_LT_SECS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_TOKEN_LIFETIME_SECONDS, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_ACCESS_TOK_LEN, new String[]{OAuthComponentConfigurationConstants.OAUTH20_ACCESS_TOKEN_LENGTH, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_ISSUE_REFRESH_TOK, new String[]{OAuthComponentConfigurationConstants.OAUTH20_ISSUE_REFRESH_TOKEN, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_ACCESS_TOKTYPE_HANDLER, new String[]{OAuthComponentConfigurationConstants.OAUTH20_ACCESS_TOKENTYPEHANDLER_CLASSNAME, Constants.XML_PARAM_TYPE_COMPONENT, "false"});
        hashMap.put(KEY_MED_CLASS_NAMES, new String[]{OAuthComponentConfigurationConstants.OAUTH20_MEDIATOR_CLASSNAMES, Constants.XML_PARAM_TYPE_COMPONENT, "false"});
        hashMap.put(KEY_ALLOW_PUBLIC_CLIENTS, new String[]{OAuthComponentConfigurationConstants.OAUTH20_ALLOW_PUBLIC_CLIENTS, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_GRANT, new String[]{OAuthComponentConfigurationConstants.OAUTH20_GRANT_TYPES_ALLOWED, Constants.XML_PARAM_TYPE_COMPONENT, "false"});
        hashMap.put(KEY_AUTHZ_FORM_TEMP, new String[]{"oauth20.authorization.form.template", Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_AUTHZ_ERR_TEMP, new String[]{"oauth20.authorization.error.template", Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_AUTHZ_LOGIN_URL, new String[]{"oauth20.authorization.loginURL", Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_AUDIT_HANDLER, new String[]{OAuthComponentConfigurationConstants.OAUTH20_AUDITHANDLER_CLASSNAME, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put(KEY_AUDIT_FILE, new String[]{XMLFileOAuthAuditHandler.FILENAME, Constants.XML_PARAM_TYPE_COMPONENT, "true"});
        hashMap.put("filter", new String[]{"filter", Constants.XML_PARAM_TYPE_TAI, "true"});
        hashMap.put("oauthOnly", new String[]{"oauthOnly", Constants.XML_PARAM_TYPE_TAI, "true"});
        hashMap.put(KEY_INCLUDE_TOKEN, new String[]{com.ibm.ws.security.oauth20.util.Constants.INCLUDE_TOKEN, Constants.XML_PARAM_TYPE_TAI, "true"});
        hashMap.put("characterEncoding", new String[]{"characterEncoding", Constants.XML_PARAM_TYPE_TAI, "true"});
        hashMap.put(KEY_AUTO_AUTHZ_PARAM, new String[]{Constants.AUTO_AUTHORIZE_PARAM, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_AUTO_AUTHZ_CLIENT, new String[]{Constants.AUTO_AUTHORIZE_CLIENTS, Constants.XML_PARAM_TYPE_WAS, "true"});
        hashMap.put(KEY_CL_URI_SUBS, new String[]{Constants.CLIENT_URI_SUBSTITUTIONS, Constants.XML_PARAM_TYPE_WAS, "false"});
        hashMap.put(KEY_TOK_USER_CLIENT_LIMIT, new String[]{Constants.USER_CLIENT_TOKEN_LIMIT, Constants.XML_PARAM_TYPE_WAS, "true"});
        hashMap.put("tokenStoreSize", new String[]{"tokenStoreSize", Constants.XML_PARAM_TYPE_WAS, "true"});
        attributesMap = Collections.unmodifiableMap(hashMap);
    }
}
