package com.ibm.ws.security.authentication.internal.jaas;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.callback.AuthenticationDataCallbackHandler;
import com.ibm.ws.security.authentication.collective.CollectiveAuthenticationPlugin;
import com.ibm.ws.security.authentication.internal.JAASService;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.UserRegistryConfiguration;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.library.Library;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@TraceOptions(traceGroups = {"Authentication"}, traceGroup = "", messageBundle = "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {JAASService.class}, name = "com.ibm.ws.security.authentication.jaas", immediate = true, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.6.jar:com/ibm/ws/security/authentication/internal/jaas/JAASServiceImpl.class */
public class JAASServiceImpl implements JAASService {
    public static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    public static final String KEY_JAAS_LOGIN_CONTEXT_ENTRY = "jaasLoginContextEntry";
    public static final String KEY_JAAS_LOGIN_MODULE_CONFIG = "jaasLoginModuleConfig";
    static final String KEY_CLASSLOADING_SVC = "classLoadingSvc";
    static final String KEY_CHANGE_SERVICE = "jaasChangeNotifier";
    static final String KEY_ID = "id";
    static final String KEY_SERVICE_PID = "service.pid";
    protected final ConcurrentServiceReferenceMap<String, JAASLoginContextEntry> jaasLoginContextEntries = new ConcurrentServiceReferenceMap<>(KEY_JAAS_LOGIN_CONTEXT_ENTRY);
    protected final HashSet<ServiceReference<JAASLoginContextEntry>> pendingContextEntryRefs = new HashSet<>();
    protected final HashSet<String> reportedFailures = new HashSet<>();
    protected final ConcurrentServiceReferenceMap<String, JAASLoginModuleConfig> jaasLoginModuleConfigs = new ConcurrentServiceReferenceMap<>(KEY_JAAS_LOGIN_MODULE_CONFIG);
    private final AtomicServiceReference<ClassLoadingService> classLoadingSvc = new AtomicServiceReference<>(KEY_CLASSLOADING_SVC);
    private final AtomicServiceReference<JAASChangeNotifier> jaasChangeNotifierService = new AtomicServiceReference<>(KEY_CHANGE_SERVICE);
    protected ComponentContext cc;
    protected Map<String, Object> properties;
    private JAASConfigurationFactory jaasConfigurationFactory;
    private static AuthenticationService authenticationService;
    static final long serialVersionUID = -180157079205605081L;
    static final TraceComponent tc = Tr.register(JAASServiceImpl.class);
    public static final String KEY_TOKEN_MANAGER = "tokenManager";
    private static final AtomicServiceReference<TokenManager> tokenManager = new AtomicServiceReference<>(KEY_TOKEN_MANAGER);
    private static final AtomicServiceReference<CredentialsService> credentialService = new AtomicServiceReference<>("credentialsService");
    public static final String KEY_USER_REGISTRY_SERVICE = "userRegistryService";
    private static final AtomicServiceReference<UserRegistryService> userRegistryService = new AtomicServiceReference<>(KEY_USER_REGISTRY_SERVICE);
    static final String KEY_USER_REGISTRY_CONFIGURATION = "userRegistryConfiguration";
    private static final AtomicServiceReference<UserRegistryConfiguration> userRegistryConfiguration = new AtomicServiceReference<>(KEY_USER_REGISTRY_CONFIGURATION);
    public static final String KEY_COLLECTIVE_AUTHENTICATON_PLUGIN = "collectiveAuthenticationPlugin";
    private static final AtomicServiceReference<CollectiveAuthenticationPlugin> collectiveAuthenticationPlugin = new AtomicServiceReference<>(KEY_COLLECTIVE_AUTHENTICATON_PLUGIN);

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public JAASServiceImpl() {
    }

    @Reference(service = CollectiveAuthenticationPlugin.class, name = KEY_COLLECTIVE_AUTHENTICATON_PLUGIN, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setCollectiveAuthenticationPlugin(ServiceReference<CollectiveAuthenticationPlugin> serviceReference) {
        collectiveAuthenticationPlugin.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unsetCollectiveAuthenticationPlugin(ServiceReference<CollectiveAuthenticationPlugin> serviceReference) {
        collectiveAuthenticationPlugin.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static CollectiveAuthenticationPlugin getCollectiveAuthenticationPlugin() {
        return collectiveAuthenticationPlugin.getService();
    }

    @Reference(service = UserRegistryService.class, name = KEY_USER_REGISTRY_SERVICE)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        userRegistryService.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unsetUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        userRegistryService.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static UserRegistry getUserRegistry() throws RegistryException {
        return userRegistryService.getService().getUserRegistry();
    }

    @Reference(service = UserRegistryConfiguration.class, name = KEY_USER_REGISTRY_CONFIGURATION, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setUserRegistryConfiguration(ServiceReference<UserRegistryConfiguration> serviceReference) {
        userRegistryConfiguration.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static AtomicServiceReference<UserRegistryConfiguration> getUserRegistryConfiguration() {
        return userRegistryConfiguration;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetUserRegistryConfiguration(ServiceReference<UserRegistryConfiguration> serviceReference) {
        userRegistryConfiguration.unsetReference(serviceReference);
    }

    @Reference(service = TokenManager.class, name = KEY_TOKEN_MANAGER)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static TokenManager getTokenManager() {
        return tokenManager.getService();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unsetTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManager.unsetReference(serviceReference);
    }

    @Reference(service = CredentialsService.class, name = "credentialsService")
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        credentialService.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        credentialService.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static CredentialsService getCredentialsService() {
        return credentialService.getService();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static void setAuthenticationService(AuthenticationService authenticationService2) {
        authenticationService = authenticationService2;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static AuthenticationService getAuthenticationService() {
        return authenticationService;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static void unsetAuthenticationService(AuthenticationService authenticationService2) {
        if (authenticationService == authenticationService2) {
            authenticationService = null;
        }
    }

    @Reference(service = JAASLoginContextEntry.class, target = "(id=*)", name = KEY_JAAS_LOGIN_CONTEXT_ENTRY, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        processContextEntry(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void updatedJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        processContextEntry(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetJaasLoginContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        synchronized (this.pendingContextEntryRefs) {
            this.jaasLoginContextEntries.removeReference((String) serviceReference.getProperty("id"), serviceReference);
            this.pendingContextEntryRefs.remove(serviceReference);
        }
        modified(this.properties);
    }

    @Reference(service = JAASLoginModuleConfig.class, target = "(id=*)", name = KEY_JAAS_LOGIN_MODULE_CONFIG, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setJaasLoginModuleConfig(ServiceReference<JAASLoginModuleConfig> serviceReference) {
        this.jaasLoginModuleConfigs.putReference((String) serviceReference.getProperty("service.pid"), serviceReference);
        addedLoginModule();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean isDefaultLoginModule(String str) {
        JAASLoginModuleConfig service = this.jaasLoginModuleConfigs.getService(str);
        if (service != null) {
            return service.isDefaultLoginModule();
        }
        return false;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void updatedJaasLoginModuleConfig(ServiceReference<JAASLoginModuleConfig> serviceReference) {
        modified(this.properties);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetJaasLoginModuleConfig(ServiceReference<JAASLoginModuleConfig> serviceReference) {
        this.jaasLoginModuleConfigs.removeReference((String) serviceReference.getProperty("service.pid"), serviceReference);
        removedLoginModule();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void processContextEntry(ServiceReference<JAASLoginContextEntry> serviceReference) {
        boolean removeReference;
        String str = (String) serviceReference.getProperty("id");
        String[] strArr = (String[]) serviceReference.getProperty("loginModuleRef");
        if (strArr == null || strArr.length == 0) {
            if (JAASConfigurationImpl.defaultEntryIds.contains(str)) {
                this.jaasLoginContextEntries.putReference(str, serviceReference);
                removeReference = true;
            } else {
                Tr.error(tc, "JAAS_LOGIN_CONTEXT_ENTRY_HAS_NO_LOGIN_MODULE", str);
                removeReference = false | this.jaasLoginContextEntries.removeReference(str, serviceReference);
            }
        } else if (haveAllModules(strArr)) {
            this.jaasLoginContextEntries.putReference(str, serviceReference);
            removeReference = true;
        } else {
            removeReference = false | this.jaasLoginContextEntries.removeReference(str, serviceReference);
            synchronized (this.pendingContextEntryRefs) {
                this.pendingContextEntryRefs.add(serviceReference);
            }
        }
        if (removeReference) {
            modified(this.properties);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void addedLoginModule() {
        boolean z = false;
        synchronized (this.pendingContextEntryRefs) {
            Iterator<ServiceReference<JAASLoginContextEntry>> it = this.pendingContextEntryRefs.iterator();
            while (it.hasNext()) {
                ServiceReference<JAASLoginContextEntry> next = it.next();
                if (haveAllModules((String[]) next.getProperty("loginModuleRef"))) {
                    it.remove();
                    this.jaasLoginContextEntries.putReference((String) next.getProperty("id"), next);
                    z = true;
                }
            }
        }
        if (z) {
            modified(this.properties);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void removedLoginModule() {
        boolean z = false;
        Iterator<ServiceReference<JAASLoginContextEntry>> it = this.jaasLoginContextEntries.references().iterator();
        while (it.hasNext()) {
            ServiceReference<JAASLoginContextEntry> next = it.next();
            if (!haveAllModules((String[]) next.getProperty("loginModuleRef"))) {
                it.remove();
                this.pendingContextEntryRefs.add(next);
                z = true;
            }
        }
        if (z) {
            modified(this.properties);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean haveAllModules(String[] strArr) {
        boolean z = true;
        if (strArr != null) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (this.jaasLoginModuleConfigs.getReference(strArr[i]) == null) {
                    z = false;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    @Reference(service = ClassLoadingService.class, name = KEY_CLASSLOADING_SVC)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setClassLoadingSvc(ServiceReference<ClassLoadingService> serviceReference) {
        this.classLoadingSvc.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetClassLoadingSvc(ServiceReference<ClassLoadingService> serviceReference) {
        this.classLoadingSvc.unsetReference(serviceReference);
    }

    @Reference(service = JAASChangeNotifier.class, name = KEY_CHANGE_SERVICE)
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setJaasChangeNotifier(ServiceReference<JAASChangeNotifier> serviceReference) {
        this.jaasChangeNotifierService.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetJaasChangeNotifier(ServiceReference<JAASChangeNotifier> serviceReference) {
        this.jaasChangeNotifierService.unsetReference(serviceReference);
    }

    @Activate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.jaasLoginModuleConfigs.activate(componentContext);
        this.jaasLoginContextEntries.activate(componentContext);
        tokenManager.activate(componentContext);
        credentialService.activate(componentContext);
        userRegistryService.activate(componentContext);
        userRegistryConfiguration.activate(componentContext);
        this.classLoadingSvc.activate(componentContext);
        this.jaasChangeNotifierService.activate(componentContext);
        collectiveAuthenticationPlugin.activate(componentContext);
        this.jaasConfigurationFactory = new JAASConfigurationFactory();
        modified(map);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    @Modified
    protected void modified(Map<String, Object> map) {
        this.properties = map;
        if (this.jaasConfigurationFactory != null) {
            this.jaasConfigurationFactory.installJAASConfiguration(this.jaasLoginContextEntries, this.jaasLoginModuleConfigs);
            Configuration.getConfiguration();
            synchronized (this.pendingContextEntryRefs) {
                if (this.pendingContextEntryRefs.isEmpty()) {
                    configReady();
                } else {
                    HashSet hashSet = new HashSet();
                    Iterator<ServiceReference<JAASLoginContextEntry>> it = this.pendingContextEntryRefs.iterator();
                    while (it.hasNext()) {
                        for (String str : (String[]) it.next().getProperty("loginModuleRef")) {
                            if (!isDefaultLoginModule(str) && this.jaasLoginModuleConfigs.getReference(str) == null) {
                                hashSet.add(str);
                            }
                        }
                    }
                    this.reportedFailures.retainAll(hashSet);
                    Iterator it2 = hashSet.iterator();
                    while (it2.hasNext()) {
                        String str2 = (String) it2.next();
                        if (!this.reportedFailures.contains(str2)) {
                            if (!this.jaasLoginModuleConfigs.isEmpty()) {
                                Tr.warning(tc, "JAAS_LOGIN_MODULE_NOT_FOUND_FOR_LOGIN_MODULE_REF", str2);
                            }
                            this.reportedFailures.add(str2);
                        }
                    }
                }
            }
        }
    }

    @Deactivate
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void deactivate(ComponentContext componentContext) {
        tokenManager.deactivate(componentContext);
        credentialService.deactivate(componentContext);
        userRegistryService.deactivate(componentContext);
        this.jaasLoginContextEntries.deactivate(componentContext);
        this.jaasLoginModuleConfigs.deactivate(componentContext);
        userRegistryConfiguration.deactivate(componentContext);
        this.classLoadingSvc.deactivate(componentContext);
        this.jaasChangeNotifierService.deactivate(componentContext);
        collectiveAuthenticationPlugin.deactivate(componentContext);
        this.jaasConfigurationFactory = null;
        Configuration.setConfiguration((Configuration) null);
    }

    @Override // com.ibm.ws.security.authentication.internal.JAASService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Subject performLogin(String str, AuthenticationData authenticationData, Subject subject) throws LoginException {
        return performLogin(str, createCallbackHandlerForAuthenticationData(authenticationData), subject);
    }

    @Override // com.ibm.ws.security.authentication.internal.JAASService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Subject performLogin(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        LoginContext doLoginContext = doLoginContext(str, callbackHandler, subject);
        if (doLoginContext == null) {
            return null;
        }
        return doLoginContext.getSubject();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private LoginContext doLoginContext(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        LoginContext createLoginContext = createLoginContext(str, callbackHandler, subject);
        createLoginContext.login();
        return createLoginContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public CallbackHandler createCallbackHandlerForAuthenticationData(AuthenticationData authenticationData) {
        return new AuthenticationDataCallbackHandler(authenticationData);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected LoginContext createLoginContext(String str, CallbackHandler callbackHandler, Subject subject) throws LoginException {
        return subject != null ? new LoginContext(str, subject, callbackHandler) : new LoginContext(str, callbackHandler);
    }

    @Override // com.ibm.ws.security.authentication.internal.JAASService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public ClassLoader getSharedLibraryClassLoader(Library library) {
        if (library != null) {
            return this.classLoadingSvc.getServiceWithException().getSharedLibraryClassLoader(library);
        }
        return null;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void configReady() {
        JAASChangeNotifier service;
        if (authenticationService == null || (service = this.jaasChangeNotifierService.getService()) == null) {
            return;
        }
        service.notifyListeners();
    }
}
