package com.ibm.ws.security.jaspi;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.config.AuthProviderConfig;
import com.ibm.ws.security.config.JaspiConfiguration;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.util.ImplFactory;
import java.io.File;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecurityPermission;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/jaspi/ProviderRegistry.class */
public class ProviderRegistry extends AuthConfigFactory {
    private Map<RegistrationID, CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>>> cache;
    private Lock lock;
    private PersistenceManager persistentMgr;
    private static final TraceComponent tc = Tr.register((Class<?>) ProviderRegistry.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static String registerDefaultProviderForAllContexts = "com.ibm.websphere.jaspi.registerDefaultProviderForAllContexts";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/jaspi/ProviderRegistry$CacheEntry.class */
    public static class CacheEntry<P, C, L> {
        P provider;
        C context;
        L listeners;

        CacheEntry(P p, C c, L l) {
            this.provider = p;
            this.context = c;
            this.listeners = l;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("CacheEntry[");
            sb.append(this.context + ",provider=" + this.provider + ",listeners=" + this.listeners);
            return sb.append("]").toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/jaspi/ProviderRegistry$Context.class */
    public class Context implements AuthConfigFactory.RegistrationContext {
        public String layer;
        public String appContext;
        public String description;
        public boolean isPersistent;

        public Context(boolean z, String str, String str2, String str3) {
            this.isPersistent = z;
            this.layer = str;
            this.appContext = str2;
            this.description = str3;
        }

        public String getAppContext() {
            return this.appContext;
        }

        public String getDescription() {
            return this.description;
        }

        public String getMessageLayer() {
            return this.layer;
        }

        public boolean isPersistent() {
            return this.isPersistent;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("RegistrationContext[");
            sb.append("layer=" + this.layer + ",appContext=" + this.appContext + ",isPersistent=" + this.isPersistent + ",description=" + this.description);
            return sb.append("]").toString();
        }
    }

    public ProviderRegistry() {
        this(SecurityObjectLocator.getSecurityConfig());
    }

    protected ProviderRegistry(SecurityConfig securityConfig) {
        this(securityConfig, (PersistenceManager) ImplFactory.loadImplFromKey(PersistenceManager.class));
    }

    protected ProviderRegistry(SecurityConfig securityConfig, PersistenceManager persistenceManager) {
        String property;
        this.cache = new HashMap();
        this.lock = new ReentrantLock();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ProviderRegistry", new Object[]{securityConfig, persistenceManager});
        }
        if (securityConfig != null) {
            if (securityConfig.getPropertyBool(registerDefaultProviderForAllContexts, false)) {
                registerMessageLayerProviders(this, securityConfig.getJaspiConfiguration());
            }
            property = securityConfig.getProperty(PersistenceManager.JASPI_CONFIG);
        } else {
            property = System.getProperty(PersistenceManager.JASPI_CONFIG, "./jaspiConfiguration.xml");
        }
        this.persistentMgr = persistenceManager;
        if (persistenceManager != null) {
            persistenceManager.setAuthConfigFactory(this);
            persistenceManager.setFile(property != null ? new File(property) : null);
            persistenceManager.load();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ProviderRegistry");
        }
    }

    public PersistenceManager getPersistenceManager() {
        return this.persistentMgr;
    }

    protected boolean registerMessageLayerProviders(AuthConfigFactory authConfigFactory, JaspiConfiguration jaspiConfiguration) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerMessageLayerProviders", new Object[]{authConfigFactory, jaspiConfiguration});
        }
        boolean z = false;
        if (authConfigFactory != null && jaspiConfiguration != null) {
            String string = jaspiConfiguration.getString("defaultProviderName");
            if (string != null && !string.isEmpty()) {
                AuthProviderConfig authConfigProvider = jaspiConfiguration.getAuthConfigProvider(string);
                if (authConfigProvider != null) {
                    String string2 = authConfigProvider.getString("className");
                    String string3 = authConfigProvider.getString("msgLayer");
                    String string4 = authConfigProvider.getString("description");
                    Map<String, String> properties = authConfigProvider.getProperties();
                    String registerConfigProvider = authConfigFactory.registerConfigProvider(string2, properties, string3, (String) null, string4);
                    z = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Jaspi provider has been registered in AuthConfigFactory.", new Object[]{"providerName: " + string, "registrationID: " + registerConfigProvider, string4, properties});
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Default provider " + string + " was not found in JaspiConfiguration.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "defaultProviderName attribute in JaspiConfiguration is null or empty.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "AuthConfigFactory is null or JaspiConfiguration is not available.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerMessageLayerProviders", "anyProviderRegistered: " + z);
        }
        return z;
    }

    public String[] detachListener(RegistrationListener registrationListener, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "detachListener");
        }
        checkPermission("setProperty.authconfigfactory.provider");
        HashSet hashSet = new HashSet();
        for (RegistrationID registrationID : this.cache.keySet()) {
            CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = this.cache.get(registrationID);
            if (cacheEntry != null && matchesRegistrationContext(str, str2, cacheEntry.context)) {
                hashSet.add(registrationID.toString());
                if (cacheEntry.listeners.isEmpty()) {
                    continue;
                } else {
                    this.lock.lock();
                    try {
                        cacheEntry.listeners.remove(registrationListener);
                        this.lock.unlock();
                    } catch (Throwable th) {
                        this.lock.unlock();
                        throw th;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "detachListener", hashSet);
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public AuthConfigProvider getConfigProvider(String str, String str2, RegistrationListener registrationListener) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConfigProvider", new Object[]{str, str2, registrationListener});
        }
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = null;
        this.lock.lock();
        if (str != null && str2 != null) {
            try {
                cacheEntry = this.cache.get(new RegistrationID(str, str2));
            } finally {
                this.lock.unlock();
            }
        }
        if (cacheEntry == null) {
            if (str2 != null) {
                cacheEntry = this.cache.get(new RegistrationID(null, str2));
            }
            if (cacheEntry == null) {
                if (str != null) {
                    cacheEntry = this.cache.get(new RegistrationID(str, null));
                }
                if (cacheEntry == null) {
                    cacheEntry = this.cache.get(new RegistrationID(null, null));
                }
            }
        }
        if (registrationListener != null && cacheEntry != null) {
            cacheEntry.listeners.add(registrationListener);
        }
        AuthConfigProvider authConfigProvider = cacheEntry == null ? null : cacheEntry.provider;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConfigProvider", cacheEntry);
        }
        return authConfigProvider;
    }

    public AuthConfigFactory.RegistrationContext getRegistrationContext(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRegistrationContext");
        }
        AuthConfigFactory.RegistrationContext registrationContext = null;
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = this.cache.get(new RegistrationID(str));
        if (cacheEntry != null) {
            registrationContext = cacheEntry.context;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRegistrationContext", registrationContext);
        }
        return registrationContext;
    }

    public String[] getRegistrationIDs(AuthConfigProvider authConfigProvider) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRegistrationIDs");
        }
        HashSet hashSet = new HashSet();
        if (authConfigProvider == null) {
            Iterator<RegistrationID> it = this.cache.keySet().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRegistrationIDs", hashSet);
            }
            return (String[]) hashSet.toArray(new String[0]);
        }
        for (Map.Entry<RegistrationID, CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>>> entry : this.cache.entrySet()) {
            if (authConfigProvider.equals(entry.getValue().provider)) {
                hashSet.add(entry.getKey().toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRegistrationIDs", hashSet);
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public void refresh() {
        checkPermission("setProperty.authconfigfactory.provider");
    }

    public String registerConfigProvider(AuthConfigProvider authConfigProvider, String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerConfigProvider", new Object[]{authConfigProvider, str, str2, str3});
        }
        checkPermission("setProperty.authconfigfactory.provider");
        String registerProvider = registerProvider(false, authConfigProvider, str, str2, str3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerConfigProvider", "A transient Jaspi registrationID created: " + registerProvider);
        }
        return registerProvider;
    }

    public String registerConfigProvider(String str, Map map, String str2, String str3, String str4) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerConfigProvider()", new Object[]{str, str2, str3, map, str4});
        }
        checkPermission("setProperty.authconfigfactory.provider");
        String registerProvider = registerProvider(true, newInstance((AuthConfigFactory) null, str, true, doPrivGetContextClassLoader(), map), str2, str3, str4);
        if (this.persistentMgr != null) {
            this.persistentMgr.registerProvider(str, map, str2, str3, str4);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerConfigProvider", "A persistent Jaspi registrationID created: " + registerProvider);
        }
        return registerProvider;
    }

    /* JADX WARN: Type inference failed for: r1v10, types: [java.util.HashSet, L] */
    /* JADX WARN: Type inference failed for: r1v5, types: [L] */
    protected String registerProvider(boolean z, AuthConfigProvider authConfigProvider, String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerProvider");
        }
        RegistrationID registrationID = new RegistrationID(str, str2);
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = new CacheEntry<>(authConfigProvider, new Context(z, str, str2, str3), null);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "registerProvider", cacheEntry);
        }
        this.lock.lock();
        try {
            CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> put = this.cache.put(registrationID, cacheEntry);
            if (put == null) {
                cacheEntry.listeners = new HashSet();
            } else {
                cacheEntry.listeners = put.listeners;
            }
            notifyListener(cacheEntry.listeners, str, str2);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "registerProvider");
            }
            return registrationID.toString();
        } finally {
            this.lock.unlock();
        }
    }

    protected void notifyListener(Collection<RegistrationListener> collection, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "notifyListener");
        }
        if ((collection == null || collection.isEmpty()) ? false : true) {
            for (RegistrationListener registrationListener : collection) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "notifyListener", registrationListener);
                }
                registrationListener.notify(str, str2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "notifyListener");
        }
    }

    public boolean removeRegistration(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeRegistration");
        }
        checkPermission("setProperty.authconfigfactory.provider");
        boolean z = false;
        if (str != null) {
            RegistrationID registrationID = new RegistrationID(str);
            this.lock.lock();
            try {
                CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> remove = this.cache.remove(registrationID);
                z = remove != null;
                if (remove != null) {
                    String messageLayer = remove.context.getMessageLayer();
                    String appContext = remove.context.getAppContext();
                    notifyListener(remove.listeners, messageLayer, appContext);
                    if (this.persistentMgr != null) {
                        this.persistentMgr.removeProvider(messageLayer, appContext);
                    }
                }
            } finally {
                this.lock.unlock();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeRegistration", Boolean.valueOf(z));
        }
        return z;
    }

    protected void checkPermission(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkPermission", str);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SecurityPermission(str));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkPermission");
        }
    }

    protected AuthConfigProvider newInstance(AuthConfigFactory authConfigFactory, String str, boolean z, ClassLoader classLoader, Map<?, ?> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "newInstance", new Object[]{str, Boolean.valueOf(z), classLoader, map});
        }
        if (str != null) {
            if (map != null) {
                try {
                    for (Map.Entry<?, ?> entry : map.entrySet()) {
                        if (!((entry.getKey() instanceof String) && (entry.getValue() instanceof String))) {
                            throw new IllegalArgumentException("All keys and values in properties parameter must be of type String.");
                        }
                    }
                } catch (Throwable th) {
                    throw new IllegalArgumentException("Unable to create a provider, class name: " + str, th);
                }
            }
            Object newInstance = Class.forName(str, z, classLoader == null ? doPrivGetContextClassLoader() : classLoader).getConstructor(Map.class, AuthConfigFactory.class).newInstance(map, authConfigFactory);
            r13 = newInstance instanceof AuthConfigProvider ? (AuthConfigProvider) newInstance : null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "newInstance", r13);
        }
        return r13;
    }

    protected boolean matchesRegistrationContext(String str, String str2, AuthConfigFactory.RegistrationContext registrationContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "matchesRegistrationContext", new Object[]{str, str2, registrationContext});
        }
        boolean z = false;
        if (registrationContext != null) {
            String messageLayer = registrationContext.getMessageLayer();
            String appContext = registrationContext.getAppContext();
            if (messageLayer != null && appContext != null) {
                z = messageLayer.equals(str) && appContext.equals(str2);
            } else if (messageLayer == null && appContext == null) {
                z = true;
            } else if (messageLayer == null && appContext != null) {
                z = appContext.equals(str2);
            } else if (messageLayer != null && appContext == null) {
                z = messageLayer.equals(str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "matchesRegistrationContext", Boolean.valueOf(z));
        }
        return z;
    }

    protected ClassLoader doPrivGetContextClassLoader() {
        return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: com.ibm.ws.security.jaspi.ProviderRegistry.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }
}
