package com.ibm.ws.security.authentication.internal.cache;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.wim.ConfigConstants;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.authentication.cache.AuthCacheConfig;
import com.ibm.ws.security.authentication.cache.AuthCacheService;
import com.ibm.ws.security.authentication.cache.CacheContext;
import com.ibm.ws.security.authentication.cache.CacheEvictionListener;
import com.ibm.ws.security.authentication.cache.CacheKeyProvider;
import com.ibm.ws.security.authentication.cache.CacheObject;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.notifications.SecurityChangeListener;
import com.ibm.ws.security.registry.UserRegistryChangeListener;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@TraceOptions(traceGroups = {}, traceGroup = "", messageBundle = "", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.6.jar:com/ibm/ws/security/authentication/internal/cache/AuthCacheServiceImpl.class */
public class AuthCacheServiceImpl implements AuthCacheService, UserRegistryChangeListener, SecurityChangeListener {
    protected static final String KEY_CREDENTIAL_SERVICE = "credentialService";
    private static final TraceComponent tc = Tr.register(AuthCacheServiceImpl.class);
    private Cache cache;
    private AuthCacheConfig authCacheConfig;
    static final long serialVersionUID = 1708246879974030376L;
    private final Set<CacheKeyProvider> cacheKeyProviders = new HashSet();
    private boolean allowBasicAuthLookup = true;
    private int initialSize = 50;
    private int maxSize = 25000;
    private long timeoutInMilliSeconds = 600000;
    private final Set<CacheEvictionListener> cacheEvictionListenerSet = new HashSet();
    private final AtomicServiceReference<CredentialsService> credServiceRef = new AtomicServiceReference<>(KEY_CREDENTIAL_SERVICE);

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AuthCacheServiceImpl() {
    }

    @Override // com.ibm.ws.security.authentication.cache.AuthCacheService
    @FFDCIgnore({Exception.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void insert(Subject subject, String str, @Sensitive String str2) {
        try {
            CacheObject cacheObject = new CacheObject(subject);
            commonInsert(new CacheContext(this.authCacheConfig, cacheObject, str, str2), cacheObject);
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was a problem caching the subject.", e);
            }
        }
    }

    @Override // com.ibm.ws.security.authentication.cache.AuthCacheService
    @FFDCIgnore({Exception.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void insert(Subject subject) {
        try {
            CacheObject cacheObject = new CacheObject(subject);
            commonInsert(new CacheContext(this.authCacheConfig, cacheObject), cacheObject);
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was a problem caching the subject.", e);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void commonInsert(CacheContext cacheContext, CacheObject cacheObject) throws Exception {
        Iterator<CacheKeyProvider> it = this.cacheKeyProviders.iterator();
        while (it.hasNext()) {
            Object provideKey = it.next().provideKey(cacheContext);
            if (provideKey instanceof Set) {
                Iterator it2 = ((Set) provideKey).iterator();
                while (it2.hasNext()) {
                    addCacheObject(it2.next(), cacheObject);
                }
            } else if (provideKey != null) {
                addCacheObject(provideKey, cacheObject);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addCacheObject(Object obj, CacheObject cacheObject) {
        cacheObject.addLookupKey(obj);
        this.cache.insert(obj, cacheObject);
    }

    @Override // com.ibm.ws.security.authentication.cache.AuthCacheService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Subject getSubject(Object obj) {
        Subject subject = null;
        if (obj != null) {
            CacheObject cachedObject = getCachedObject(obj);
            subject = optionallyRemoveEntryForInvalidSubject(cachedObject, cachedObject != null ? cachedObject.getSubject() : null);
        }
        return subject;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private Subject optionallyRemoveEntryForInvalidSubject(CacheObject cacheObject, Subject subject) {
        CredentialsService service;
        if (subject != null && (service = this.credServiceRef.getService()) != null && !service.isSubjectValid(subject)) {
            removeCachedObject(cacheObject);
            subject = null;
        }
        return subject;
    }

    @Override // com.ibm.ws.security.authentication.cache.AuthCacheService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void remove(Object obj) {
        CacheObject cachedObject;
        if (obj == null || (cachedObject = getCachedObject(obj)) == null) {
            return;
        }
        removeCachedObject(cachedObject);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void removeCachedObject(CacheObject cacheObject) {
        Iterator<Object> it = cacheObject.getLookupKeys().iterator();
        while (it.hasNext()) {
            this.cache.remove(it.next());
        }
    }

    @Override // com.ibm.ws.security.authentication.cache.AuthCacheService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void removeAllEntries() {
        this.cache.clearAllEntries();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected CacheObject getCachedObject(Object obj) {
        if (obj instanceof byte[]) {
            obj = new ByteArray((byte[]) obj);
        }
        return (CacheObject) this.cache.get(obj);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.credServiceRef.activate(componentContext);
        modified(map);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void modified(Map<String, Object> map) {
        this.initialSize = ((Integer) map.get(ConfigConstants.CONFIG_PROP_INIT_POOL_SIZE)).intValue();
        this.maxSize = ((Integer) map.get(ConfigConstants.CONFIG_PROP_MAX_POOL_SIZE)).intValue();
        this.timeoutInMilliSeconds = ((Long) map.get("timeout")).longValue();
        this.allowBasicAuthLookup = ((Boolean) map.get("allowBasicAuthLookup")).booleanValue();
        if (this.initialSize > this.maxSize) {
            this.initialSize = this.maxSize;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The initial size of cache is greater than the maximum size, so resetting the initial size to maximum size " + this.initialSize, new Object[0]);
            }
        }
        this.authCacheConfig = new AuthCacheConfigImpl(this.initialSize, this.maxSize, this.timeoutInMilliSeconds, this.allowBasicAuthLookup);
        stopCacheEvictionTask();
        this.cache = new Cache(this.initialSize, this.maxSize, this.timeoutInMilliSeconds, this.cacheEvictionListenerSet);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext) {
        stopCacheEvictionTask();
        this.credServiceRef.deactivate(componentContext);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void stopCacheEvictionTask() {
        if (this.cache != null) {
            this.cache.stopEvictionTask();
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCacheKeyProvider(CacheKeyProvider cacheKeyProvider) {
        this.cacheKeyProviders.add(cacheKeyProvider);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCacheKeyProvider(CacheKeyProvider cacheKeyProvider) {
        this.cacheKeyProviders.remove(cacheKeyProvider);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCacheEvictionListener(CacheEvictionListener cacheEvictionListener) {
        this.cacheEvictionListenerSet.add(cacheEvictionListener);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCacheEvictionListener(CacheEvictionListener cacheEvictionListener) {
        this.cacheEvictionListenerSet.remove(cacheEvictionListener);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCredentialService(ServiceReference<CredentialsService> serviceReference) {
        this.credServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCredentialService(ServiceReference<CredentialsService> serviceReference) {
        this.credServiceRef.unsetReference(serviceReference);
    }

    @Override // com.ibm.ws.security.registry.UserRegistryChangeListener
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void notifyOfUserRegistryChange() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Clearing auth cache as UserRegistry configuration has changed.", new Object[0]);
        }
        stopCacheEvictionTask();
        removeAllEntries();
    }

    @Override // com.ibm.ws.security.notifications.SecurityChangeListener
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void notifyChange() {
        removeAllEntries();
    }
}
