package com.ibm.ws.security.web;

import com.ibm.ejs.models.base.bindings.applicationbnd.ApplicationBinding;
import com.ibm.ejs.models.base.bindings.commonbnd.JaspiRefBinding;
import com.ibm.ejs.models.base.bindings.webappbnd.WebAppBinding;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.config.AuthProviderConfig;
import com.ibm.ws.security.config.JaspiConfiguration;
import com.ibm.ws.security.jaspi.RegistrationID;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/security/web/JaspiBinder.class */
public class JaspiBinder {
    private static final TraceComponent tc = Tr.register((Class<?>) JaspiBinder.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static ResourceBundle msgBundle = ResourceBundle.getBundle(AdminConstants.MSG_BUNDLE_NAME, Locale.getDefault());
    private AuthConfigFactory registry;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/security/web/JaspiBinder$UseJaspi.class */
    public enum UseJaspi {
        INHERIT,
        YES,
        NO
    }

    public JaspiBinder(AuthConfigFactory authConfigFactory) {
        this.registry = authConfigFactory;
    }

    public boolean removeJaspiBinding(String str, String str2, JaspiConfiguration jaspiConfiguration) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeJaspiBinding", "layer: " + str + ", appContext: " + str2);
        }
        boolean z = false;
        if (jaspiConfiguration == null || !jaspiConfiguration.getBoolean("enabled")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Jaspi is not enabled, no need to remove registration.");
            }
        } else if (this.registry != null) {
            if (this.registry.getConfigProvider(str, str2, null) != null) {
                RegistrationID registrationID = new RegistrationID(str, str2);
                z = this.registry.removeRegistration(registrationID.toString());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Jaspi registrationID removed: " + registrationID);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Jaspi registration exists in AuthConfigFactory.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "AuthConfigFactory is null, no Jaspi registration removed.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeJaspiBinding", "removed=" + z);
        }
        return z;
    }

    public AuthConfigProvider registerJaspiBinding(String str, boolean z, String str2, String str3, ApplicationBinding applicationBinding, WebAppBinding webAppBinding, JaspiConfiguration jaspiConfiguration) throws WebSecurityConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerJaspiBinding", "layer: " + str2 + ", appContext: " + str3);
        }
        AuthConfigProvider authConfigProvider = null;
        if (jaspiConfiguration != null && jaspiConfiguration.getBoolean("enabled") && !z) {
            switch (moduleRequiresJaspi(webAppBinding)) {
                case NO:
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "module useJaspi=NO, provider will not be registered.");
                        break;
                    }
                    break;
                case YES:
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "module useJaspi=YES");
                    }
                    authConfigProvider = registerProvider(webAppBinding.getJaspiRefBinding().getProviderName(), str2, str3, jaspiConfiguration);
                    break;
                case INHERIT:
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "module useJaspi=INHERIT, check binding for app.");
                    }
                    switch (appRequiresJaspi(applicationBinding)) {
                        case NO:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "app useJaspi=NO, provider will not be registered.");
                                break;
                            }
                            break;
                        case YES:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "app useJaspi=YES");
                            }
                            authConfigProvider = registerProvider(applicationBinding.getJaspiRefBinding().getProviderName(), str2, str3, jaspiConfiguration);
                            break;
                        case INHERIT:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "app useJaspi=INHERIT, check if default provider is defined.");
                            }
                            String string = jaspiConfiguration.getString("defaultProviderName");
                            if (string == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "A default provider is not defined, binding will not be registered.");
                                    break;
                                }
                            } else {
                                String string2 = jaspiConfiguration.getAuthConfigProvider(string).getString("msgLayer");
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "defaultProviderName=" + string + ", layer=" + string2);
                                }
                                if (!string2.equals(str2)) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "message layer does not match, binding will not be registered.");
                                        break;
                                    }
                                } else {
                                    authConfigProvider = registerProvider(string, str2, str3, jaspiConfiguration);
                                    break;
                                }
                            }
                            break;
                    }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Jaspi is disabled or appContext " + str3 + " is for an admin application.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerJaspiBinding", authConfigProvider);
        }
        return authConfigProvider;
    }

    private AuthConfigProvider registerProvider(String str, String str2, String str3, JaspiConfiguration jaspiConfiguration) throws WebSecurityConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerProvider", new Object[]{str, str2, str3});
        }
        if (this.registry == null) {
            throw new WebSecurityConfigException(MessageFormatHelper.getFormattedMessage(msgBundle, AdminConstants.MSG_FACTORY_INVALID, new Object[]{null}), null);
        }
        if (str == null || str.isEmpty()) {
            throw new WebSecurityConfigException(MessageFormatHelper.getFormattedMessage(msgBundle, AdminConstants.MSG_PROVIDER_NAME_EMPTY, new Object[]{null}), null);
        }
        AuthProviderConfig authConfigProvider = jaspiConfiguration.getAuthConfigProvider(str);
        if (authConfigProvider == null) {
            throw new WebSecurityConfigException(MessageFormatHelper.getFormattedMessage(msgBundle, AdminConstants.MSG_PROVIDER_UNDEFINED, new Object[]{str}), null);
        }
        String string = authConfigProvider.getString("className");
        Map<String, String> properties = authConfigProvider.getProperties();
        String string2 = authConfigProvider.getString("description");
        AuthConfigProvider newInstance = newInstance(null, string, true, doPrivGetContextClassLoader(), properties);
        this.registry.registerConfigProvider(newInstance, str2, str3, string2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerProvider", "AuthConfigProvider=" + newInstance);
        }
        return newInstance;
    }

    private UseJaspi getUseJaspi(JaspiRefBinding jaspiRefBinding) {
        return jaspiRefBinding == null ? UseJaspi.INHERIT : UseJaspi.valueOf(jaspiRefBinding.getUseJaspi().toUpperCase());
    }

    private UseJaspi moduleRequiresJaspi(WebAppBinding webAppBinding) {
        return webAppBinding == null ? UseJaspi.INHERIT : getUseJaspi(webAppBinding.getJaspiRefBinding());
    }

    private UseJaspi appRequiresJaspi(ApplicationBinding applicationBinding) {
        return applicationBinding == null ? UseJaspi.INHERIT : getUseJaspi(applicationBinding.getJaspiRefBinding());
    }

    protected AuthConfigProvider newInstance(AuthConfigFactory authConfigFactory, String str, boolean z, ClassLoader classLoader, Map<?, ?> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newInstance", new Object[]{str, Boolean.valueOf(z), classLoader, map});
        }
        AuthConfigProvider authConfigProvider = null;
        if (str != null) {
            if (map != null) {
                try {
                    for (Map.Entry<?, ?> entry : map.entrySet()) {
                        if (!((entry.getKey() instanceof String) && (entry.getValue() instanceof String))) {
                            throw new IllegalArgumentException("All keys and values in properties Map parameter must be of type String.");
                        }
                    }
                } catch (Throwable th) {
                    throw new IllegalArgumentException("Unable to create a provider, class name: " + str, th);
                }
            }
            authConfigProvider = (AuthConfigProvider) Class.forName(str, z, classLoader == null ? doPrivGetContextClassLoader() : classLoader).getConstructor(Map.class, AuthConfigFactory.class).newInstance(map, authConfigFactory);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newInstance", authConfigProvider);
        }
        return authConfigProvider;
    }

    protected ClassLoader doPrivGetContextClassLoader() {
        return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: com.ibm.ws.security.web.JaspiBinder.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }
}
