package com.ibm.ws.security.jca.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jca.AuthDataConfig;
import com.ibm.ws.security.jca.AuthDataService;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Pattern;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.jca_1.0.11.jar:com/ibm/ws/security/jca/internal/AuthDataServiceImpl.class */
public class AuthDataServiceImpl implements AuthDataService {
    protected static final String CFG_KEY_ID = "id";
    protected static final String CFG_KEY_DISPLAY_ID = "config.displayId";
    protected static final String CFG_KEY_USER = "user";
    protected static final String CFG_KEY_PASSWORD = "password";
    private static final String KEY_AUTH_DATA_ALIAS = "com.ibm.mapping.authDataAlias";
    private final ConcurrentServiceReferenceMap<String, AuthDataConfig> authDataConfigs = new ConcurrentServiceReferenceMap<>("authDataConfig");
    private final ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
    private final ReentrantReadWriteLock.WriteLock writeLock = this.reentrantReadWriteLock.writeLock();
    private final ReentrantReadWriteLock.ReadLock readLock = this.reentrantReadWriteLock.readLock();
    static final long serialVersionUID = 6597006064028726550L;
    private static final TraceComponent tc = Tr.register((Class<?>) AuthDataServiceImpl.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private static final Pattern DEFAULT_NESTED_PATTERN = Pattern.compile(".*(\\[default-\\d*\\])$");
    private static final Pattern DEFAULT_PATTERN = Pattern.compile("(default-\\d*)$");

    protected void setAuthDataConfig(ServiceReference<AuthDataConfig> serviceReference) {
        this.writeLock.lock();
        try {
            this.authDataConfigs.putReference(getKey(serviceReference), serviceReference);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void unsetAuthDataConfig(ServiceReference<AuthDataConfig> serviceReference) {
        this.writeLock.lock();
        try {
            this.authDataConfigs.removeReference(getKey(serviceReference), serviceReference);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private String getKey(ServiceReference<AuthDataConfig> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        if (DEFAULT_PATTERN.matcher(str).matches() || DEFAULT_NESTED_PATTERN.matcher(str).matches()) {
            str = (String) serviceReference.getProperty("config.displayId");
        }
        return str;
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.writeLock.lock();
        try {
            this.authDataConfigs.activate(componentContext);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void deactivate(ComponentContext componentContext) {
        this.writeLock.lock();
        try {
            this.authDataConfigs.deactivate(componentContext);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.jca.AuthDataService
    public Subject getSubject(ManagedConnectionFactory managedConnectionFactory, String str, Map<String, Object> map) throws LoginException {
        String authDataAlias = getAuthDataAlias(map);
        this.readLock.lock();
        try {
            Subject obtainSubject = obtainSubject(managedConnectionFactory, authDataAlias, getAuthDataConfig(authDataAlias));
            this.readLock.unlock();
            return obtainSubject;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private String getAuthDataAlias(Map<String, Object> map) {
        if (map != null) {
            return (String) map.get("com.ibm.mapping.authDataAlias");
        }
        return null;
    }

    protected AuthDataConfig getAuthDataConfig(String str) throws LoginException {
        this.readLock.lock();
        try {
            AuthDataConfig service = this.authDataConfigs.getService(str);
            validateAuthDataConfig(str, service);
            this.readLock.unlock();
            return service;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private void validateAuthDataConfig(String str, AuthDataConfig authDataConfig) throws LoginException {
        validateAuthDataExists(str, authDataConfig);
        validateAuthDataAttribute("user", authDataConfig.getUserName());
        validateAuthDataAttribute("password", authDataConfig.getPassword());
    }

    private void validateAuthDataExists(String str, AuthDataConfig authDataConfig) throws LoginException {
        if (authDataConfig == null) {
            Object[] objArr = {str};
            Tr.error(tc, "AUTH_DATA_CONFIG_ERROR_NO_SUCH_ALIAS", objArr);
            throw new LoginException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "AUTH_DATA_CONFIG_ERROR_NO_SUCH_ALIAS", objArr, "CWWKS1300E: A configuration error has occurred. The requested auth data {0} could not be found."));
        }
    }

    private void validateAuthDataAttribute(String str, @Sensitive Object obj) throws LoginException {
        String valueOf = obj instanceof char[] ? String.valueOf((char[]) obj) : (String) obj;
        if (valueOf == null || valueOf.trim().length() == 0) {
            Object[] objArr = {str};
            Tr.error(tc, "AUTH_DATA_CONFIG_ERROR_INCOMPLETE", objArr);
            throw new LoginException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "AUTH_DATA_CONFIG_ERROR_INCOMPLETE", objArr, "CWWKS1301E: A configuration error has occurred. The attribute {0} must be defined."));
        }
    }

    private Subject obtainSubject(ManagedConnectionFactory managedConnectionFactory, String str, AuthDataConfig authDataConfig) {
        Subject createSubject = createSubject(managedConnectionFactory, authDataConfig);
        optimize(str, createSubject);
        return createSubject;
    }

    private void optimize(String str, Subject subject) {
        subject.setReadOnly();
    }

    private Subject createSubject(ManagedConnectionFactory managedConnectionFactory, AuthDataConfig authDataConfig) {
        Subject subject = new Subject();
        if (authDataConfig != null) {
            PasswordCredential passwordCredential = new PasswordCredential(authDataConfig.getUserName(), authDataConfig.getPassword());
            passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
            subject.getPrivateCredentials().add(passwordCredential);
        }
        return subject;
    }
}
