package com.ibm.ws.security.authentication.internal.cache.keyproviders;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.authentication.cache.AuthCacheConfig;
import com.ibm.ws.security.authentication.cache.CacheContext;
import com.ibm.ws.security.authentication.cache.CacheKeyProvider;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

@TraceOptions(traceGroups = {}, traceGroup = "", messageBundle = "", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.6.jar:com/ibm/ws/security/authentication/internal/cache/keyproviders/BasicAuthCacheKeyProvider.class */
public class BasicAuthCacheKeyProvider implements CacheKeyProvider {
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA";
    private static final String KEY_SEPARATOR = ":";
    static final long serialVersionUID = 4962200211190021421L;
    private static final TraceComponent tc = Tr.register(BasicAuthCacheKeyProvider.class);
    private static MessageDigest CLONEABLE_MESSAGE_DIGEST = null;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public BasicAuthCacheKeyProvider() {
    }

    @Override // com.ibm.ws.security.authentication.cache.CacheKeyProvider
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Object provideKey(CacheContext cacheContext) {
        Set<Object> emptySet;
        if (isPossibleToCreateAnyKey(cacheContext)) {
            emptySet = new HashSet();
            String createHashedPassword = createHashedPassword(cacheContext);
            addKeysFromContext(emptySet, cacheContext, createHashedPassword);
            addKeysFromWSCredential(emptySet, cacheContext, createHashedPassword);
        } else {
            emptySet = Collections.emptySet();
        }
        return emptySet;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean isPossibleToCreateAnyKey(CacheContext cacheContext) {
        return (cacheContext.getUserid() == null && new SubjectHelper().getWSCredential(cacheContext.getSubject()) == null) ? false : true;
    }

    @FFDCIgnore({NoSuchAlgorithmException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String createHashedPassword(CacheContext cacheContext) {
        String str = null;
        try {
            AuthCacheConfig authCacheConfig = cacheContext.getAuthCacheConfig();
            String password = cacheContext.getPassword();
            if (authCacheConfig.isBasicAuthLookupAllowed() && password != null) {
                str = getHashedPassword(password);
            }
        } catch (NoSuchAlgorithmException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was a problem creating the hashed password.", e);
            }
        }
        return str;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addKeysFromContext(Set<Object> set, CacheContext cacheContext, @Sensitive String str) {
        try {
            addKeys(set, new SubjectHelper().getRealm(cacheContext.getSubject()), cacheContext.getUserid(), str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.cache.keyproviders.BasicAuthCacheKeyProvider", "84", this, new Object[]{set, cacheContext, "<sensitive java.lang.String>"});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was a problem creating the cache key.", this);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addKeysFromWSCredential(Set<Object> set, CacheContext cacheContext, @Sensitive String str) {
        WSCredential wSCredential = new SubjectHelper().getWSCredential(cacheContext.getSubject());
        BasicAuthCacheKeyProvider basicAuthCacheKeyProvider = wSCredential;
        if (basicAuthCacheKeyProvider != null) {
            try {
                String realmName = wSCredential.getRealmName();
                String securityName = wSCredential.getSecurityName();
                String uniqueSecurityName = wSCredential.getUniqueSecurityName();
                addKeys(set, realmName, securityName, str);
                basicAuthCacheKeyProvider = this;
                basicAuthCacheKeyProvider.addKeys(set, realmName, uniqueSecurityName, str);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.cache.keyproviders.BasicAuthCacheKeyProvider", "101", this, new Object[]{set, cacheContext, "<sensitive java.lang.String>"});
                BasicAuthCacheKeyProvider basicAuthCacheKeyProvider2 = basicAuthCacheKeyProvider;
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "There was a problem creating the password based cache keys from the WSCredential.", basicAuthCacheKeyProvider2);
                }
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addKeys(Set<Object> set, String str, String str2, @Sensitive String str3) {
        String createLookupKey = createLookupKey(str, str2);
        addKey(set, createLookupKey);
        if (createLookupKey == null || str3 == null) {
            return;
        }
        addKey(set, createLookupKey + ":" + str3);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addKey(Set<Object> set, String str) {
        if (str != null) {
            set.add(str);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static String createLookupKey(String str, String str2) {
        String str3 = null;
        if (str != null && str2 != null) {
            str3 = str + ":" + str2;
        }
        return str3;
    }

    @FFDCIgnore({NoSuchAlgorithmException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static String createLookupKey(String str, String str2, @Sensitive String str3) {
        String str4 = null;
        if (str != null && str2 != null && str3 != null) {
            try {
                str4 = str + ":" + str2 + ":" + getHashedPassword(str3);
            } catch (NoSuchAlgorithmException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "There was a problem creating the lookup key.", e);
                }
            }
        }
        return str4;
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static MessageDigest getMessageDigest() throws NoSuchAlgorithmException {
        MessageDigest messageDigest = CLONEABLE_MESSAGE_DIGEST;
        if (messageDigest == null) {
            messageDigest = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM);
            CLONEABLE_MESSAGE_DIGEST = messageDigest;
        }
        try {
            messageDigest = (MessageDigest) CLONEABLE_MESSAGE_DIGEST.clone();
            return messageDigest;
        } catch (CloneNotSupportedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.cache.keyproviders.BasicAuthCacheKeyProvider", "190", null, new Object[0]);
            MessageDigest messageDigest2 = messageDigest;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CloneNotSupportedException caught while trying to clone MessageDigest with algorithm SHA. This is pretty unlikely, and we need to get details about the JDK which is in use.", messageDigest2);
            }
            return MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private static String getHashedPassword(@Sensitive String str) throws NoSuchAlgorithmException {
        String str2 = null;
        if (str != null) {
            str2 = new String(getMessageDigest().digest(str.getBytes()));
        }
        return str2;
    }
}
