package com.ibm.ws.security.quickstart.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.management.security.ManagementRole;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.registry.UserRegistryConfiguration;
import com.ibm.ws.security.registry.UserRegistryFactory;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceSet;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.quickstart_1.0.10.jar:com/ibm/ws/security/quickstart/internal/QuickStartSecurity.class */
public class QuickStartSecurity {
    private static final TraceComponent tc = Tr.register(QuickStartSecurity.class);
    static final String KEY_USER_REGISTRY_CONFIGURATION = "userRegistryConfiguration";
    static final String KEY_MANAGEMENT_ROLE = "managementRole";
    static final String QUICK_START_SECURITY_REGISTRY_ID = "com.ibm.ws.management.security.QuickStartSecurity";
    static final String QUICK_START_SECURITY_REGISTRY_TYPE = "QuickStartSecurityRegistry";
    static final String QUICK_START_ADMINISTRATOR_ROLE_NAME = "QuickStartSecurityAdministratorRole";
    static final String CFG_KEY_USER = "userName";
    static final String CFG_KEY_PASSWORD = "userPassword";
    static final long serialVersionUID = -3226053065826274121L;
    private final ConcurrentServiceReferenceSet<UserRegistryConfiguration> urConfigs = new ConcurrentServiceReferenceSet<>(KEY_USER_REGISTRY_CONFIGURATION);
    private final ConcurrentServiceReferenceSet<ManagementRole> managementRoles = new ConcurrentServiceReferenceSet<>(KEY_MANAGEMENT_ROLE);
    private BundleContext bc = null;
    private ServiceRegistration<UserRegistryFactory> urFactoryReg = null;
    private UserRegistryFactory urFactory = null;
    private ServiceRegistration<UserRegistryConfiguration> urConfigReg = null;
    private UserRegistryConfiguration urConfig = null;
    private ServiceRegistration<ManagementRole> managementRoleReg = null;
    private ManagementRole managementRole = null;
    private String user = null;
    private ProtectedString password = null;

    protected synchronized void setUserRegistryConfiguration(ServiceReference<UserRegistryConfiguration> serviceReference) {
        this.urConfigs.addReference(serviceReference);
        errorOnAnotherRegistry();
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    protected synchronized void unsetUserRegistryConfiguration(ServiceReference<UserRegistryConfiguration> serviceReference) {
        this.urConfigs.removeReference(serviceReference);
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    protected synchronized void setManagementRole(ServiceReference<ManagementRole> serviceReference) {
        this.managementRoles.addReference(serviceReference);
        errorOnAnotherManagementRole();
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    protected synchronized void unsetManagementRole(ServiceReference<ManagementRole> serviceReference) {
        this.managementRoles.removeReference(serviceReference);
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    protected synchronized void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.bc = componentContext.getBundleContext();
        this.urConfigs.activate(componentContext);
        this.managementRoles.activate(componentContext);
        registerQuickStartSecurityRegistryFactory();
        this.user = (String) map.get(CFG_KEY_USER);
        this.password = getPasswordValue(map);
        validateConfigurationProperties();
        registerQuickStartSecurityRegistryConfiguration();
        registerQuickStartSecurityAdministratorRole();
    }

    protected synchronized void modify(Map<String, Object> map) {
        this.user = (String) map.get(CFG_KEY_USER);
        this.password = getPasswordValue(map);
        validateConfigurationProperties();
        if (this.urConfigReg == null) {
            registerQuickStartSecurityRegistryConfiguration();
        } else {
            updateQuickStartSecurityRegistryConfiguration();
        }
        unregisterQuickStartSecurityAdministratorRole();
        registerQuickStartSecurityAdministratorRole();
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        this.bc = null;
        this.urConfigs.deactivate(componentContext);
        this.managementRoles.deactivate(componentContext);
        unregisterQuickStartSecurityRegistryFactory();
        unregisterQuickStartSecurityRegistryConfiguration();
        unregisterQuickStartSecurityAdministratorRole();
    }

    @Trivial
    private boolean isStringValueUndefined(Object obj) {
        if (!(obj instanceof ProtectedString)) {
            return obj == null || ((String) obj).trim().isEmpty();
        }
        for (char c : ((ProtectedString) obj).getChars()) {
            if (c > ' ') {
                return false;
            }
        }
        return true;
    }

    private void validateConfigurationProperties() {
        if (isStringValueUndefined(this.user) && this.password != null) {
            Tr.error(tc, "QUICK_START_SECURITY_MISSING_ATTIRBUTES", CFG_KEY_USER);
        }
        if (this.user != null && isStringValueUndefined(this.password)) {
            Tr.error(tc, "QUICK_START_SECURITY_MISSING_ATTIRBUTES", "userPassword");
        }
        errorOnAnotherRegistry();
        errorOnAnotherManagementRole();
    }

    private void errorOnAnotherRegistry() {
        if ((this.user == null && this.password == null) || this.urConfigs.isEmpty()) {
            return;
        }
        Tr.error(tc, "QUICK_START_SECURITY_WITH_ANOTHER_REGISTRY", new Object[0]);
    }

    private void errorOnAnotherManagementRole() {
        if ((this.user == null && this.password == null) || this.managementRoles.isEmpty()) {
            return;
        }
        Tr.error(tc, "QUICK_START_SECURITY_WITH_OTHER_MANAGEMENT_AUTHORIZATION", new Object[0]);
    }

    private void registerQuickStartSecurityRegistryFactory() {
        if (this.urFactoryReg != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityRegistryFactory is already registered.", new Object[0]);
            }
            throw new IllegalStateException("QuickStartSecurityRegistryFactory is already registered.");
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put(UserRegistryService.REGISTRY_TYPE, QUICK_START_SECURITY_REGISTRY_TYPE);
        hashtable.put(Constants.SERVICE_VENDOR, "IBM");
        this.urFactory = new QuickStartSecurityRegistryFactory();
        this.urFactoryReg = this.bc.registerService((Class<Class>) UserRegistryFactory.class, (Class) this.urFactory, (Dictionary<String, ?>) hashtable);
    }

    private void unregisterQuickStartSecurityRegistryFactory() {
        if (this.urFactoryReg != null) {
            this.urFactoryReg.unregister();
            this.urFactoryReg = null;
            this.urFactory = null;
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "QuickStartSecurityRegistryFactory is not registered.", new Object[0]);
        }
    }

    private Map<String, Object> buildUserRegistryConfigProps() {
        HashMap hashMap = new HashMap();
        hashMap.put("config.id", QUICK_START_SECURITY_REGISTRY_ID);
        hashMap.put("id", QUICK_START_SECURITY_REGISTRY_ID);
        hashMap.put(UserRegistryService.REGISTRY_TYPE, QUICK_START_SECURITY_REGISTRY_TYPE);
        hashMap.put(CFG_KEY_USER, this.user);
        hashMap.put("userPassword", this.password);
        hashMap.put(Constants.SERVICE_VENDOR, "IBM");
        return hashMap;
    }

    private void registerQuickStartSecurityRegistryConfiguration() {
        if (this.bc == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "BundleContext is null, we must be deactivated.", new Object[0]);
                return;
            }
            return;
        }
        if (this.urConfigReg != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityRegistry configuration is already registered.", new Object[0]);
            }
            throw new IllegalStateException("QuickStartSecurityRegistry configuration is already registered.");
        }
        if (isStringValueUndefined(this.user) || isStringValueUndefined(this.password)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Incomplete configuration. This should already have been reported. Will not register QuickStartSecurityRegistry configuration.", new Object[0]);
                return;
            }
            return;
        }
        if (!this.urConfigs.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Other UserRegistryConfiguration are present, will not register the QuickStartSecurityRegistry configuration.", new Object[0]);
                return;
            }
            return;
        }
        if (!this.managementRoles.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Other ManagementRole are present, will not register the QuickStartSecurityRegistry configuration.", new Object[0]);
                return;
            }
            return;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.putAll(buildUserRegistryConfigProps());
        this.urConfig = new UserRegistryConfiguration();
        this.urConfig.activate(hashtable);
        this.urConfigReg = this.bc.registerService((Class<Class>) UserRegistryConfiguration.class, (Class) this.urConfig, (Dictionary<String, ?>) hashtable);
    }

    private void updateQuickStartSecurityRegistryConfiguration() {
        if (this.user == null || this.password == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Lost required configuration information, removing the configuration (if its registered).", new Object[0]);
            }
            unregisterQuickStartSecurityRegistryConfiguration();
            return;
        }
        Map<String, Object> buildUserRegistryConfigProps = buildUserRegistryConfigProps();
        this.urConfig.modify(buildUserRegistryConfigProps());
        Hashtable hashtable = new Hashtable();
        hashtable.putAll(buildUserRegistryConfigProps);
        this.urConfigReg.setProperties(hashtable);
    }

    private void unregisterQuickStartSecurityRegistryConfiguration() {
        if (this.urConfigReg != null) {
            this.urConfigReg.unregister();
            this.urConfigReg = null;
            this.urConfig = null;
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "QuickStartSecurityRegistry configuration is not registered.", new Object[0]);
        }
    }

    private void registerQuickStartSecurityAdministratorRole() {
        if (this.bc == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "BundleContext is null, we must be deactivated.", new Object[0]);
                return;
            }
            return;
        }
        if (this.managementRoleReg != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityAdministratorRole is already registered.", new Object[0]);
            }
            throw new IllegalStateException("QuickStartSecurityAdministratorRole is already registered.");
        }
        if (this.urConfigReg == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "QuickStartSecurityRegistry configuration is not registered, will not register QuickStartSecurityAdministratorRole.", new Object[0]);
                return;
            }
            return;
        }
        if (isStringValueUndefined(this.user)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "User is not set, can not register the QuickStartSecurityAdministratorRole", new Object[0]);
                return;
            }
            return;
        }
        if (!this.managementRoles.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Other managment roles are present, will not register the QuickStartSecurityAdministratorRole", new Object[0]);
                return;
            }
            return;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put(ManagementRole.MANAGEMENT_ROLE_NAME, QUICK_START_ADMINISTRATOR_ROLE_NAME);
        hashtable.put(Constants.SERVICE_VENDOR, "IBM");
        this.managementRole = new QuickStartSecurityAdministratorRole(this.user);
        this.managementRoleReg = this.bc.registerService((Class<Class>) ManagementRole.class, (Class) this.managementRole, (Dictionary<String, ?>) hashtable);
    }

    private void unregisterQuickStartSecurityAdministratorRole() {
        if (this.managementRoleReg != null) {
            this.managementRoleReg.unregister();
            this.managementRoleReg = null;
            this.managementRole = null;
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "QuickStartSecurityAdministratorRole is not registered.", new Object[0]);
        }
    }

    private ProtectedString getPasswordValue(Map<String, Object> map) {
        ProtectedString protectedString;
        String str = null;
        Object obj = map.get("userPassword");
        if (obj != null) {
            str = obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : new String(((ProtectedString) obj).getChars());
        }
        if (str != null) {
            String passwordDecode = PasswordUtil.passwordDecode(str.trim());
            char[] cArr = new char[passwordDecode.length()];
            passwordDecode.getChars(0, passwordDecode.length(), cArr, 0);
            protectedString = new ProtectedString(cArr);
        } else {
            protectedString = null;
        }
        return protectedString;
    }
}
