package com.ibm.ws.security.oauth20.internal;

import com.ibm.oauth.core.api.OAuthResult;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.audit.OAuthAuditHandler;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.config.OAuthComponentConfigurationConstants;
import com.ibm.oauth.core.api.error.OAuthConfigurationException;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.OidcServerException;
import com.ibm.oauth.core.api.oauth20.OAuth20Component;
import com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator;
import com.ibm.oauth.core.internal.oauth20.OAuth20ComponentImpl;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandlerFactory;
import com.ibm.oauth.core.internal.oauth20.mediator.impl.OAuth20MediatorDefaultImpl;
import com.ibm.oauth.core.internal.oauth20.responsetype.OAuth20ResponseTypeHandlerFactory;
import com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OAuth20ProviderConfiguration;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.exception.OAuthProviderException;
import com.ibm.ws.security.oauth20.filter.OAuthResourceProtectionFilter;
import com.ibm.ws.security.oauth20.impl.OAuth20ComponentConfigurationImpl;
import com.ibm.ws.security.oauth20.plugins.BaseCache;
import com.ibm.ws.security.oauth20.plugins.BaseTokenHandler;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientProvider;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientValidator;
import com.ibm.ws.security.oauth20.plugins.db.CachedDBOidcClientProvider;
import com.ibm.ws.security.oauth20.plugins.db.CachedDBOidcTokenStore;
import com.ibm.ws.security.oauth20.plugins.db.DBConsentCache;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.security.oauth20.util.OAuth20Parameter;
import com.ibm.ws.security.oauth20.util.OAuth20ProviderUtils;
import com.ibm.ws.security.oauth20.util.OIDCConstants;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServer;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import com.ibm.wsspi.library.Library;
import com.ibm.wsspi.resource.ResourceConfig;
import com.ibm.wsspi.resource.ResourceConfigFactory;
import com.ibm.wsspi.resource.ResourceFactory;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.apache.aries.blueprint.parser.Parser;
import org.apache.http.HttpHost;
import org.apache.openjpa.lib.identifier.IdentifierUtil;
import org.apache.openjpa.persistence.query.AbstractVisitable;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(configurationPid = {"com.ibm.ws.security.oauth20.provider"}, configurationPolicy = ConfigurationPolicy.REQUIRE, service = {OAuth20Provider.class, ConfigurationListener.class}, immediate = false, property = {"service.vendor=IBM", "dataSourceFactory.target=(id=unbound)"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.1.13.jar:com/ibm/ws/security/oauth20/internal/LibertyOAuth20Provider.class */
public class LibertyOAuth20Provider implements OAuth20Provider, ConfigurationListener {
    private static final String KEY_CONFIGURATION_ADMIN = "configurationAdmin";
    private static final String KEY_CLASSLOADING_SVC = "classLoadingSvc";
    private static final String KEY_OIDC_IDTOKEN_HANDLER = "IDTokenHandler";
    private static final String KEY_OIDC_GRANT_TYPE_HANDLER_FACTORY = "OAuth20GrantTypeHandlerFactory";
    private static final String KEY_OIDC_RESPONSE_TYPE_HANDLER_FACTORY = "OAuth20ResponseTypeHandlerFactory";
    private static final String KEY_OAUTH_SHARED_LIB = "sharedLib";
    private static final String KEY_OIDC_SERVER = "oidcServer";
    private static final String KEY_DATA_SOURCE_FACTORY = "dataSourceFactory";
    private static final String KEY_RESOURCE_CONFIG_FACTORY = "resourceConfigFactory";
    private static final String KEY_JDBC_DATASOURCEREF = "dataSourceRef";
    protected static final String KEY_PROVIDER_ID = "id";
    protected static final String KEY_MAX_AUTHGRANT_LT_SECS = "authorizationGrantLifetime";
    protected static final String KEY_CODE_LT_SECS = "authorizationCodeLifetime";
    protected static final String KEY_CODE_LEN = "authorizationCodeLength";
    protected static final String KEY_TOK_LT_SECS = "accessTokenLifetime";
    protected static final String KEY_ACCESS_TOK_LEN = "accessTokenLength";
    protected static final String KEY_ISSUE_REFRESH_TOK = "issueRefreshToken";
    protected static final String KEY_REFRESH_TOK_LEN = "refreshTokenLength";
    protected static final String KEY_MED_CLASS_NAMES = "mediatorClassname";
    protected static final String KEY_ALLOW_PUBLIC_CLIENTS = "allowPublicClients";
    protected static final String KEY_GRANT_TYPE = "grantType";
    protected static final String KEY_AUTHZ_FORM_TEMP = "authorizationFormTemplate";
    protected static final String KEY_AUTHZ_ERR_TEMP = "authorizationErrorTemplate";
    protected static final String KEY_AUTHZ_LOGIN_URL = "customLoginURL";
    protected static final String KEY_AUTO_AUTHZ_PARAM = "autoAuthorizeParam";
    protected static final String KEY_AUTO_AUTHORIZE = "autoAuthorize";
    protected static final String KEY_AUTO_AUTHZ_CLIENT = "autoAuthorizeClient";
    protected static final String KEY_CL_URI_SUBS = "clientURISubstitutions";
    protected static final String KEY_TOK_USER_CLIENT_LIMIT = "userClientTokenLimit";
    protected static final String KEY_FILTER = "filter";
    protected static final String KEY_CHARACTER_ENCODING = "characterEncoding";
    protected static final String KEY_OUATH_ONLY = "oauthOnly";
    protected static final String KEY_INCLUDE_TOKEN = "includeTokenInSubject";
    protected static final String KEY_CONSENT_CACHE_ENTRY_LIFETIME = "consentCacheEntryLifetime";
    protected static final String KEY_CONSENT_CACHE_SIZE = "consentCacheSize";
    protected static final String KEY_HTTPS_REQUIRED = "httpsRequired";
    protected static final String KEY_CERT_AUTHENTICATION = "certAuthentication";
    protected static final String KEY_CLIENT_ADMIN = "clientAdmin";
    protected static final String KEY_JWT_MAX_JTI_CACHE_SIZE = "maxJtiCacheSize";
    protected static final String KEY_JWT_SKEW = "clockSkew";
    protected static final String KEY_JWT_TOKEN_MAX_LIFETIME = "tokenMaxLifetime";
    protected static final String KEY_JWT_IAT_REQUIRED = "iatRequired";
    protected static final String KEY_SKIP_USER_VALIDATION = "skipResourceOwnerValidation";
    protected static final String KEY_COVERAGE_MAP_SESSION_MAX_AGE = "coverageMapSessionMaxAge";
    static final String KEY_JDBC_TOK_TABLE = "tokenTable";
    static final String KEY_JDBC_CLEANUP_INT = "cleanupExpiredTokenInterval";
    static final String KEY_JDBC_LIM_REF_TOK = "limitRefreshToken";
    static final String KEY_JDBC_PASSWORD = "password";
    static final String KEY_JDBC_USER = "user";
    static final String KEY_JDBC_SCHEMA = "schema";
    static final String KEY_TOK_STORE_SIZE = "tokenStoreSize";
    static final String KEY_CLIENT_ID = "name";
    static final String KEY_CLIENT_COMPONENT = "component";
    static final String KEY_CLIENT_SECRET = "secret";
    static final String KEY_CLIENT_DISPLAYNAME = "displayname";
    static final String KEY_CLIENT_REDIRECT = "redirect";
    static final String KEY_CLIENT_ENABLED = "enabled";
    static final String KEY_CLIENT_TOKEN_EP_AUTH_METHOD = "tokenEndpointAuthMethod";
    static final String KEY_CLIENT_SCOPE = "scope";
    static final String KEY_CLIENT_GRANT_TYPES = "grantTypes";
    static final String KEY_CLIENT_RESPONSE_TYPES = "responseTypes";
    static final String KEY_CLIENT_APP_TYPE = "applicationType";
    static final String KEY_CLIENT_SUBJECT_TYPE = "subjectType";
    static final String KEY_CLIENT_POST_LOGOUT_REDIRECT_URIS = "postLogoutRedirectUris";
    static final String KEY_CLIENT_PREAUTHORIZED_SCOPE = "preAuthorizedScope";
    static final String KEY_CLIENT_INTROSPECT_TOKENS = "introspectTokens";
    static final String KEY_CLIENT_TRUSTED_URI_PREFIXES = "trustedUriPrefixes";
    static final String KEY_CLIENT_FUNCTIONAL_USER_ID = "functionalUserId";
    static final String KEY_CLIENT_FUNCTIONAL_USER_GROUPIDS = "functionalUserGroupIds";
    private volatile SecurityService securityService;
    private static final String VALUE_DB_CLIENT_TABLE = ".OAUTH20CLIENTCONFIG";
    private static final String VALUE_DB_TOKEN_TABLE = ".OAUTH20CACHE";
    private static final String CONSENT_CACHE_DB_TABLE = ".OAUTH20CONSENTCACHE";
    private Map<String, Object> properties;
    private OAuthResourceProtectionFilter resourceProtectionFilter;
    private ClassLoader pluginClassLoader;
    private OAuth20Component component;
    private OAuth20ProviderConfiguration providerConfig;
    private OidcOAuth20ClientProvider clientProvider;
    private OAuth20EnhancedTokenCache tokenCache;
    private String providerId;
    private long authorizationGrantLifetime;
    private long authorizationCodeLifetime;
    private int authorizationCodeLength;
    private long accessTokenLifetime;
    private int accessTokenLength;
    private boolean issueRefreshToken;
    private int refreshTokenLength;
    private String mediatorClassname;
    private boolean allowPublicClients;
    private String[] grantTypesAllowed;
    private String authorizationFormTemplate;
    private String authorizationErrorTemplate;
    private String customLoginURL;
    private String autoAuthorizeParam;
    private boolean autoAuthorize;
    private String[] autoAuthorizeClients;
    private String clientURISubstitutions;
    private long clientTokenCacheSize;
    private String filter;
    private String characterEncoding;
    private boolean oauthOnly;
    private boolean includeTokenInSubject;
    private long consentCacheEntryLifetime;
    private long consentCacheSize;
    private boolean httpsRequired;
    private boolean certAuthentication;
    private String clientAdmin;
    private long jwtMaxJtiCacheSize;
    private long jwtSkew;
    private long jwtTokenMaxLifetime;
    private boolean jwtIatRequired;
    private long coverageMapSessionMaxAge;
    private boolean skipUserValidation;
    private String schemaName;
    private boolean isLocalStore;
    private boolean isDatabaseStore;
    private boolean checkForSharedLib;
    private boolean checkForDataSource;
    private Long cleanupInterval;
    private Boolean limitRefreshToken;
    private String[] providerRewrites;
    private Object[] credentials;
    private Long tokenStoreSize;
    private Set<String> finalGrantTypesAllowedSet;
    private OAuth20TokenTypeHandler tokenTypeHandler;
    private String idTokenTypeHandlerClassname;
    private OAuth20TokenTypeHandler idTokenTypeHandler;
    private String grantTypeHandlerFactoryClassname;
    private OAuth20GrantTypeHandlerFactory grantTypeHandlerFactory;
    private String responseTypeHandlerFactoryClassname;
    private OAuth20ResponseTypeHandlerFactory responseTypeHandlerFactory;
    private OAuthAuditHandler auditHandler;
    private OAuth20Mediator mediator;
    private DBConsentCache consentCache;
    static final String OIDC_CTX = "/oidc/";
    static final String OAUTH2_CTX = "/oauth2/";
    static final long serialVersionUID = 7429088537242336187L;
    private static final TraceComponent tc = Tr.register((Class<?>) LibertyOAuth20Provider.class, "OAUTH", "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages");
    private static volatile OAuth20TokenTypeHandler oidcIDTokenHandler = null;
    private static volatile OAuth20GrantTypeHandlerFactory oidcGrantTypeHandlerFactory = null;
    private static volatile OAuth20ResponseTypeHandlerFactory oidcResponseTypeHandlerFactory = null;
    private volatile ConfigurationAdmin configAdmin = null;
    private volatile ClassLoadingService classLoadingSvc = null;
    private volatile Library sharedLib = null;
    private ResourceFactory dataSourceFactory = null;
    private ResourceConfigFactory resourceConfigFactory = null;
    private boolean needToCreateCoreClasses = true;
    private final ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
    private final ReentrantReadWriteLock.WriteLock writeLock = this.reentrantReadWriteLock.writeLock();
    private final ReentrantReadWriteLock.ReadLock readLock = this.reentrantReadWriteLock.readLock();
    private final Set<String> pids = new HashSet();
    private boolean isValid = false;
    private List<OidcBaseClient> clientsList = null;
    private ArrayList<OAuth20Parameter> parameters = null;
    Pattern patternOauthOidc = null;
    int iSubOidcOauth = 0;
    String[] subOidcOauth = new String[4];
    int iHttps = 0;
    String[] https = new String[3];
    int iIndepends = 0;
    String[] independs = new String[3];

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.writeLock.lock();
        try {
            this.properties = map;
            setupFields();
            processProviderConfig();
            validateConfig();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "activated provider: " + this.providerId, new Object[0]);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private void setupFields() {
        this.providerId = (String) this.properties.get("id");
        this.authorizationGrantLifetime = ((Long) this.properties.get(KEY_MAX_AUTHGRANT_LT_SECS)).longValue();
        this.authorizationCodeLifetime = ((Long) this.properties.get(KEY_CODE_LT_SECS)).longValue();
        this.authorizationCodeLength = getProperty(KEY_CODE_LEN, 30, 2048);
        this.accessTokenLifetime = ((Long) this.properties.get(KEY_TOK_LT_SECS)).longValue();
        this.accessTokenLength = getProperty(KEY_ACCESS_TOK_LEN, 40, 2048);
        this.issueRefreshToken = ((Boolean) this.properties.get(KEY_ISSUE_REFRESH_TOK)).booleanValue();
        this.refreshTokenLength = getProperty(KEY_REFRESH_TOK_LEN, 50, 2048);
        this.allowPublicClients = ((Boolean) this.properties.get(KEY_ALLOW_PUBLIC_CLIENTS)).booleanValue();
        this.grantTypesAllowed = (String[]) this.properties.get("grantType");
        this.authorizationFormTemplate = (String) this.properties.get(KEY_AUTHZ_FORM_TEMP);
        if (this.authorizationFormTemplate == null || this.authorizationFormTemplate.trim().isEmpty()) {
            this.authorizationFormTemplate = OIDCConstants.DEFAULT_TEMPLATE_HTML;
        }
        this.authorizationErrorTemplate = (String) this.properties.get(KEY_AUTHZ_ERR_TEMP);
        this.customLoginURL = (String) this.properties.get(KEY_AUTHZ_LOGIN_URL);
        if (this.customLoginURL == null || "".equals(this.customLoginURL.trim())) {
            this.customLoginURL = OAuth20Constants.DEFAULT_AUTHZ_LOGIN_URL;
        }
        handlePatterns();
        this.autoAuthorizeParam = (String) this.properties.get(KEY_AUTO_AUTHZ_PARAM);
        this.autoAuthorize = ((Boolean) this.properties.get(KEY_AUTO_AUTHORIZE)).booleanValue();
        this.autoAuthorizeClients = (String[]) this.properties.get(KEY_AUTO_AUTHZ_CLIENT);
        this.clientURISubstitutions = (String) this.properties.get(KEY_CL_URI_SUBS);
        this.clientTokenCacheSize = 0L;
        if (this.properties.containsKey(KEY_TOK_USER_CLIENT_LIMIT)) {
            this.clientTokenCacheSize = ((Long) this.properties.get(KEY_TOK_USER_CLIENT_LIMIT)).longValue();
        }
        this.filter = (String) this.properties.get("filter");
        setResourceProtectionFilter(this.filter);
        this.characterEncoding = (String) this.properties.get("characterEncoding");
        this.oauthOnly = ((Boolean) this.properties.get("oauthOnly")).booleanValue();
        this.includeTokenInSubject = ((Boolean) this.properties.get(KEY_INCLUDE_TOKEN)).booleanValue();
        this.consentCacheEntryLifetime = ((Long) this.properties.get(KEY_CONSENT_CACHE_ENTRY_LIFETIME)).longValue();
        this.consentCacheSize = ((Long) this.properties.get(KEY_CONSENT_CACHE_SIZE)).longValue();
        this.httpsRequired = ((Boolean) this.properties.get(KEY_HTTPS_REQUIRED)).booleanValue();
        this.certAuthentication = ((Boolean) this.properties.get(KEY_CERT_AUTHENTICATION)).booleanValue();
        this.clientAdmin = (String) this.properties.get(KEY_CLIENT_ADMIN);
        this.coverageMapSessionMaxAge = ((Long) this.properties.get("coverageMapSessionMaxAge")).longValue();
        this.skipUserValidation = ((Boolean) this.properties.get(KEY_SKIP_USER_VALIDATION)).booleanValue();
        this.schemaName = (String) this.properties.get("schema");
    }

    void handlePatterns() {
        String str;
        this.iHttps = 0;
        this.iSubOidcOauth = 0;
        this.iIndepends = 0;
        handlePattern(this.authorizationFormTemplate);
        handlePattern(this.authorizationErrorTemplate);
        handlePattern(this.customLoginURL);
        String[] strArr = this.subOidcOauth;
        int i = this.iSubOidcOauth;
        this.iSubOidcOauth = i + 1;
        strArr[i] = "scripts/oauthForm.js";
        StringBuffer stringBuffer = new StringBuffer("(oidc|oauth2)/(");
        for (int i2 = 0; i2 < this.iSubOidcOauth; i2++) {
            if (i2 > 0) {
                stringBuffer.append(IdentifierUtil.BAR);
            }
            stringBuffer.append(this.subOidcOauth[i2]);
        }
        stringBuffer.append(AbstractVisitable.CLOSE_BRACE);
        if (this.iIndepends > 0) {
            StringBuffer stringBuffer2 = new StringBuffer("");
            for (int i3 = 0; i3 < this.iIndepends; i3++) {
                if (i3 > 0) {
                    stringBuffer2.append(IdentifierUtil.BAR);
                }
                stringBuffer2.append(this.independs[i3]);
            }
            str = "(/" + stringBuffer.toString() + ")|(" + stringBuffer2.toString() + AbstractVisitable.CLOSE_BRACE;
        } else {
            str = "/" + stringBuffer.toString();
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Misc URI patterns: '" + str + "'", new Object[0]);
        }
        this.patternOauthOidc = Pattern.compile(str);
    }

    void handlePattern(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        if (str.startsWith(HttpHost.DEFAULT_SCHEME_NAME)) {
            String[] strArr = this.https;
            int i = this.iHttps;
            this.iHttps = i + 1;
            strArr[i] = str;
            return;
        }
        if (str.startsWith("/")) {
            String[] strArr2 = this.independs;
            int i2 = this.iIndepends;
            this.iIndepends = i2 + 1;
            strArr2[i2] = str;
            return;
        }
        String[] strArr3 = this.subOidcOauth;
        int i3 = this.iSubOidcOauth;
        this.iSubOidcOauth = i3 + 1;
        strArr3[i3] = str;
    }

    protected int getProperty(String str, int i, int i2) {
        long longValue = ((Long) this.properties.get(str)).longValue();
        if (longValue < i) {
            Tr.info(tc, "OAUTH_LENGTH_TOO_SMALL_AND_CHANGED", Long.valueOf(longValue), Integer.valueOf(i));
            longValue = i;
        }
        if (longValue > i2) {
            Tr.info(tc, "OAUTH_LENGTH_TOO_LARGE_AND_CHANGED", Long.valueOf(longValue), Integer.valueOf(i2));
            longValue = i2;
        }
        return (int) longValue;
    }

    @Modified
    protected void modify(ComponentContext componentContext, Map<String, Object> map) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "modifying provider: " + this.providerId, new Object[0]);
            }
            removeClients();
            invalidateProvider();
            this.properties = map;
            setupFields();
            processProviderConfig();
            validateConfig();
            resetCoreClassesObjects();
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private void resetCoreClassesObjects() {
        this.needToCreateCoreClasses = true;
        createCoreClasses();
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext, Map<String, Object> map) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "deactivating provider: " + this.providerId, new Object[0]);
            }
            removeClients();
            invalidateProvider();
            this.providerId = null;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Reference(name = "configurationAdmin", service = ConfigurationAdmin.class, policy = ReferencePolicy.DYNAMIC)
    protected void setConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.writeLock.lock();
        try {
            this.configAdmin = configurationAdmin;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void unsetConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.writeLock.lock();
        try {
            this.configAdmin = null;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Reference(name = "classLoadingSvc", service = ClassLoadingService.class)
    protected void setClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.writeLock.lock();
        try {
            this.classLoadingSvc = classLoadingService;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void unsetClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.writeLock.lock();
        try {
            this.classLoadingSvc = null;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Reference(name = KEY_OAUTH_SHARED_LIB, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    protected void setSharedLib(Library library) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setSharedLib for provider: " + this.providerId, new Object[0]);
            }
            this.sharedLib = library;
            if (this.providerId != null) {
                invalidateProvider();
                this.checkForSharedLib = true;
                validateConfig();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    protected void unsetSharedLib(Library library) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetSharedLib for provider: " + this.providerId, new Object[0]);
            }
            this.sharedLib = null;
            if (this.providerId != null) {
                invalidateProvider();
                this.checkForSharedLib = true;
                validateConfig();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Reference(name = KEY_DATA_SOURCE_FACTORY, service = ResourceFactory.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setDataSourceFactory(ResourceFactory resourceFactory) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setDataSource for provider: " + this.providerId, new Object[0]);
            }
            this.dataSourceFactory = resourceFactory;
            if (this.providerId != null) {
                removeClients();
                invalidateProvider();
                this.checkForSharedLib = true;
                this.checkForDataSource = true;
                validateConfig();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    protected void unsetDataSourceFactory(ResourceFactory resourceFactory) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetDataSource for provider: " + this.providerId, new Object[0]);
            }
            if (resourceFactory == this.dataSourceFactory) {
                this.dataSourceFactory = null;
                if (this.providerId != null) {
                    removeClients();
                    invalidateProvider();
                    this.checkForDataSource = true;
                    validateConfig();
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetDataSource - wrong ResourceFactory for provider: " + this.providerId, new Object[0]);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Reference(name = KEY_RESOURCE_CONFIG_FACTORY, service = ResourceConfigFactory.class)
    protected void setResourceConfigFactory(ResourceConfigFactory resourceConfigFactory) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setResourceConfigFactory for provider: " + this.providerId, new Object[0]);
            }
            this.resourceConfigFactory = resourceConfigFactory;
            if (this.providerId != null) {
                removeClients();
                invalidateProvider();
                this.checkForDataSource = true;
                validateConfig();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    protected void unsetResourceConfigFactory(ResourceConfigFactory resourceConfigFactory) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetResourceConfigFactory for provider: " + this.providerId, new Object[0]);
            }
            if (resourceConfigFactory == this.resourceConfigFactory) {
                this.resourceConfigFactory = null;
                if (this.providerId != null) {
                    removeClients();
                    invalidateProvider();
                    this.checkForDataSource = true;
                    validateConfig();
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetResourceConfigFactory - wrong ResourceConfigFactory for provider: " + this.providerId, new Object[0]);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Reference(name = KEY_OIDC_SERVER, service = OidcServer.class, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    protected void setOidcServer(ServiceReference<OidcServer> serviceReference) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setOidcServer for provider: " + this.providerId, new Object[0]);
            }
            this.grantTypeHandlerFactoryClassname = "com.ibm.ws.security.openidconnect.server.plugins.OIDCGrantTypeHandlerFactoryImpl";
            this.responseTypeHandlerFactoryClassname = "com.ibm.ws.security.openidconnect.server.plugins.OIDCResponseTypeHandlerFactoryImpl";
            this.idTokenTypeHandlerClassname = "com.ibm.ws.security.openidconnect.server.plugins.IDTokenHandler";
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void unsetOidcServer(ServiceReference<OidcServer> serviceReference) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unsetOidcServer for provider: " + this.providerId, new Object[0]);
            }
            this.grantTypeHandlerFactoryClassname = null;
            this.responseTypeHandlerFactoryClassname = null;
            this.idTokenTypeHandlerClassname = null;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Reference(policy = ReferencePolicy.DYNAMIC)
    protected void setSecurityService(SecurityService securityService) {
        this.writeLock.lock();
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "setSecurityService: " + this.providerId + ":" + securityService, new Object[0]);
            }
            if (this.providerId != null) {
                ConfigUtils.addSecurityService(this.providerId, securityService);
            }
            this.securityService = securityService;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    protected void unsetSecurityService(SecurityService securityService) {
        this.writeLock.lock();
        try {
            if (this.securityService == securityService) {
                this.securityService = null;
                ConfigUtils.removeSecurityService(this.providerId);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public SecurityService getSecurityService() {
        return this.securityService;
    }

    @Override // org.osgi.service.cm.ConfigurationListener
    public void configurationEvent(ConfigurationEvent configurationEvent) {
        this.writeLock.lock();
        try {
            if (configurationEvent.getType() == 1 && this.pids.contains(configurationEvent.getPid())) {
                processProviderConfig();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private void processProviderConfig() {
        this.writeLock.lock();
        try {
            this.clientsList = ConfigUtils.getClients();
            this.pids.clear();
            this.parameters = new ArrayList<>();
            Object obj = this.properties.get(KEY_MED_CLASS_NAMES);
            if (obj != null) {
                String[] strArr = (String[]) obj;
                this.mediatorClassname = strArr[0];
                if (strArr.length > 1 || !this.mediatorClassname.equals(ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS)) {
                    this.checkForSharedLib = true;
                }
            } else {
                this.mediatorClassname = null;
            }
            loadProviderParams();
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private void validateConfig() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "validateConfig entry \n  checkForDataSource: " + this.checkForDataSource + "\n  checkForSharedLib: " + this.checkForSharedLib + "\n  dataSourceFactory: " + this.dataSourceFactory + "\n  resourceConfigFactory: " + this.resourceConfigFactory + "\n  mediatorClassname: " + this.mediatorClassname + "\n  sharedLib: " + this.sharedLib + "\n  isValid: " + this.isValid, new Object[0]);
        }
        if (this.checkForDataSource) {
            if (!this.isDatabaseStore) {
                this.checkForDataSource = false;
            } else if (this.dataSourceFactory != null && this.resourceConfigFactory != null) {
                this.checkForDataSource = false;
            }
        }
        if (this.checkForSharedLib) {
            if (this.mediatorClassname == null) {
                this.checkForSharedLib = false;
                setSharedLibClassLoader();
            } else if (this.sharedLib != null) {
                this.checkForSharedLib = false;
                setSharedLibClassLoader();
            }
        }
        if (this.checkForDataSource || this.checkForSharedLib) {
            if (this.isValid) {
                Tr.info(tc, "OAUTH_PROVIDER_CONFIG_INVALID", this.providerId);
            }
            this.isValid = false;
        } else {
            if (!this.isValid) {
                Tr.info(tc, "OAUTH_PROVIDER_CONFIG_PROCESSED", this.providerId);
            }
            this.isValid = true;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "validateConfig exit \n  checkForDataSource: " + this.checkForDataSource + "\n  checkForSharedLib: " + this.checkForSharedLib + "\n  dataSourceFactory: " + this.dataSourceFactory + "\n  resourceConfigFactory: " + this.resourceConfigFactory + "\n  mediatorClassname: " + this.mediatorClassname + "\n  sharedLib: " + this.sharedLib + "\n  isValid: " + this.isValid, new Object[0]);
        }
    }

    private void processJwtGrantTypeConfig() {
        String[] strArr = (String[]) this.properties.get("jwtGrantType");
        Configuration configuration = null;
        if (strArr != null && strArr.length > 0) {
            String str = strArr[0];
            try {
                configuration = this.configAdmin.getConfiguration(str);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "852", this, new Object[0]);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid Jwt Grant Type:", str);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Config of jwtGrantType", configuration);
        }
        if (configuration == null) {
            resetJwtProps();
            return;
        }
        Dictionary<String, Object> properties = configuration.getProperties();
        if (properties == null) {
            resetJwtProps();
            return;
        }
        this.jwtMaxJtiCacheSize = ((Long) properties.get(KEY_JWT_MAX_JTI_CACHE_SIZE)).longValue();
        this.jwtSkew = ((Long) properties.get(KEY_JWT_SKEW)).longValue();
        this.jwtTokenMaxLifetime = ((Long) properties.get(KEY_JWT_TOKEN_MAX_LIFETIME)).longValue();
        this.jwtIatRequired = ((Boolean) properties.get(KEY_JWT_IAT_REQUIRED)).booleanValue();
    }

    private void resetJwtProps() {
        this.jwtMaxJtiCacheSize = 10000L;
        this.jwtSkew = 300L;
        this.jwtTokenMaxLifetime = 7200L;
        this.jwtIatRequired = false;
    }

    private void processClientConfig() {
        String[] strArr = (String[]) this.properties.get("localStore");
        this.isLocalStore = strArr != null && strArr.length > 0;
        if (this.isLocalStore) {
            processLocalStoreConfig(strArr[0]);
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No localStore in provider " + this.providerId, new Object[0]);
        }
        List<Map<String, Object>> nest = Nester.nest("databaseStore", this.properties);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "listOfPropMaps: " + nest, new Object[0]);
        }
        if (!nest.isEmpty()) {
            this.isDatabaseStore = true;
            this.checkForDataSource = true;
            processDatabaseStoreConfig(nest);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No databaseStore in the provider " + this.providerId, new Object[0]);
        }
    }

    private void processLocalStoreConfig(String str) {
        this.pids.add(str);
        try {
            Dictionary<String, Object> properties = this.configAdmin.getConfiguration(str).getProperties();
            this.tokenStoreSize = (Long) properties.get("tokenStoreSize");
            if (this.tokenStoreSize == null) {
                this.tokenStoreSize = new Long(2000L);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "tokenStoreSize " + this.tokenStoreSize, new Object[0]);
            }
            this.providerRewrites = this.clientURISubstitutions != null ? new String[]{this.clientURISubstitutions} : null;
            String[] strArr = (String[]) properties.get("client");
            if (strArr == null || strArr.length == 0) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No oauth clients were defined in the provider. ", new Object[0]);
                    return;
                }
                return;
            }
            for (String str2 : strArr) {
                this.pids.add(str2);
                try {
                    Configuration configuration = this.configAdmin.getConfiguration(str2);
                    if (configuration != null && configuration.getProperties() != null) {
                        OidcBaseClient clientFromLocalStore = getClientFromLocalStore(configuration.getProperties());
                        clientFromLocalStore.setClientSecret(PasswordUtil.passwordDecode(clientFromLocalStore.getClientSecret()));
                        OidcBaseClient oidcBaseClient = clientFromLocalStore;
                        try {
                            oidcBaseClient = OidcBaseClientValidator.getInstance(oidcBaseClient).validateCreateUpdate();
                        } catch (OidcServerException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "992", this, new Object[]{str});
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, ("ClientId: " + (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getClientId()) ? "Unknown" : oidcBaseClient.getClientId()) + ", Provider: " + this.providerId + ", ") + e.getErrorDescription(), str2);
                            }
                        }
                        oidcBaseClient.setEnabled(clientFromLocalStore.isEnabled());
                        oidcBaseClient.setComponentId(this.providerId);
                        this.clientsList.add(oidcBaseClient);
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added client: " + oidcBaseClient.getClientId() + " for provider: " + this.providerId, new Object[0]);
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "NULL oauth client configuration", str2);
                    }
                } catch (IOException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "969", this, new Object[]{str});
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Invalid oauth client configuration", str2);
                    }
                }
            }
        } catch (IOException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "939", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid oauth localStore configuration", str);
            }
        }
    }

    private OidcBaseClient getClientFromLocalStore(Dictionary<String, Object> dictionary) {
        Object obj = dictionary.get("secret");
        OidcBaseClient oidcBaseClient = new OidcBaseClient((String) dictionary.get("name"), obj != null ? obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : (String) obj : null, OidcOAuth20Util.initJsonArray((String[]) dictionary.get("redirect")), (String) dictionary.get("displayname"), this.providerId, ((Boolean) dictionary.get("enabled")).booleanValue());
        oidcBaseClient.setTokenEndpointAuthMethod((String) dictionary.get(KEY_CLIENT_TOKEN_EP_AUTH_METHOD));
        oidcBaseClient.setScope((String) dictionary.get("scope"));
        oidcBaseClient.setGrantTypes(OidcOAuth20Util.initJsonArray((String[]) dictionary.get(KEY_CLIENT_GRANT_TYPES)));
        oidcBaseClient.setResponseTypes(OidcOAuth20Util.initJsonArray((String[]) dictionary.get(KEY_CLIENT_RESPONSE_TYPES)));
        oidcBaseClient.setApplicationType((String) dictionary.get(KEY_CLIENT_APP_TYPE));
        oidcBaseClient.setSubjectType((String) dictionary.get(KEY_CLIENT_SUBJECT_TYPE));
        oidcBaseClient.setPostLogoutRedirectUris(OidcOAuth20Util.initJsonArray((String[]) dictionary.get(KEY_CLIENT_POST_LOGOUT_REDIRECT_URIS)));
        oidcBaseClient.setPreAuthorizedScope((String) dictionary.get(KEY_CLIENT_PREAUTHORIZED_SCOPE));
        oidcBaseClient.setIntrospectTokens(((Boolean) dictionary.get(KEY_CLIENT_INTROSPECT_TOKENS)).booleanValue());
        oidcBaseClient.setTrustedUriPrefixes(OidcOAuth20Util.initJsonArray((String[]) dictionary.get(KEY_CLIENT_TRUSTED_URI_PREFIXES)));
        oidcBaseClient.setFunctionalUserId((String) dictionary.get(KEY_CLIENT_FUNCTIONAL_USER_ID));
        oidcBaseClient.setFunctionalUserGroupIds(OidcOAuth20Util.initJsonArray((String[]) dictionary.get(KEY_CLIENT_FUNCTIONAL_USER_GROUPIDS)));
        return oidcBaseClient;
    }

    private void processDatabaseStoreConfig(List<Map<String, Object>> list) {
        Map<String, Object> map = list.get(0);
        if (map != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "databaseStore elementProps for " + this.providerId + ": " + map, new Object[0]);
            }
            this.cleanupInterval = (Long) map.get(KEY_JDBC_CLEANUP_INT);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "cleanupInterval", this.cleanupInterval);
            }
            if (this.cleanupInterval != null && (this.cleanupInterval.longValue() < 0 || this.cleanupInterval.longValue() > 2147483647L)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "The cleanupInterval spedified by the databaseStore in the " + this.providerId + " is invalid. The acceptable value is 0 to 2,147,483,647.", new Object[0]);
                }
                Tr.error(tc, "OAUTH_PROVIDER_DATABASESTORE_INVALID_ATTRIBUTE", this.providerId, KEY_JDBC_CLEANUP_INT);
            }
            if (this.cleanupInterval == null) {
                this.cleanupInterval = new Long(3600L);
            }
            this.limitRefreshToken = (Boolean) map.get(KEY_JDBC_LIM_REF_TOK);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, KEY_JDBC_LIM_REF_TOK, this.limitRefreshToken);
            }
            if (this.limitRefreshToken == null) {
                this.limitRefreshToken = true;
            }
            SerializableProtectedString serializableProtectedString = null;
            Object obj = map.get("password");
            if (obj != null) {
                serializableProtectedString = obj instanceof SerializableProtectedString ? (SerializableProtectedString) obj : new SerializableProtectedString(((String) obj).toCharArray());
            }
            String str = (String) map.get("user");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "user password", str, serializableProtectedString);
            }
            if (str != null || serializableProtectedString != null) {
                this.credentials = new Object[]{str, serializableProtectedString};
            }
            this.schemaName = (String) map.get("schema");
            this.providerRewrites = this.clientURISubstitutions != null ? new String[]{this.clientURISubstitutions} : null;
            String[] strArr = (String[]) map.get(KEY_JDBC_DATASOURCEREF);
            if (strArr == null || strArr.length == 0) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "dataSourceRef in " + this.providerId + " is null.", new Object[0]);
                }
                Tr.error(tc, "OAUTH_PROVIDER_DATABASESTORE_INVALID_DATASOURCEREF", this.providerId);
            }
        }
    }

    private void loadProviderParams() {
        processJwtGrantTypeConfig();
        processClientConfig();
    }

    private void setSharedLibClassLoader() {
        if (this.sharedLib == null) {
            this.pluginClassLoader = null;
            if (this.mediatorClassname != null) {
                Tr.info(tc, "OAUTH_PROVIDER_CONFIG_NO_LIBRARYREF", this.providerId);
                return;
            }
            return;
        }
        this.pluginClassLoader = this.classLoadingSvc.getSharedLibraryClassLoader(this.sharedLib);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "cl: " + this.pluginClassLoader, new Object[0]);
        }
        if (this.mediatorClassname != null) {
            Tr.info(tc, "OAUTH_PROVIDER_CONFIG_MEDIATOR_LIBRARYREF_ACTIVE", this.providerId, this.mediatorClassname);
        }
    }

    private void removeClients() {
        if (this.isLocalStore) {
            OidcBaseClientProvider oidcBaseClientProvider = (OidcBaseClientProvider) getClientProvider();
            if (oidcBaseClientProvider != null) {
                Collection<OidcBaseClient> collection = null;
                try {
                    collection = oidcBaseClientProvider.getAll();
                } catch (OidcServerException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "1224", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception getting all clients from localstore while trying to removing clients:" + e, new Object[0]);
                    }
                }
                try {
                    Iterator<OidcBaseClient> it = collection.iterator();
                    while (it.hasNext()) {
                        oidcBaseClientProvider.deleteOverride(it.next().getClientId());
                    }
                } catch (OidcServerException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "1235", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, e2.getErrorDescription(), new Object[0]);
                    }
                }
            }
            ConfigUtils.deleteClients(this.providerId);
        }
    }

    private void invalidateProvider() {
        if (this.providerId != null) {
            this.pluginClassLoader = null;
            this.isValid = false;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public OAuth20Component getComponent() {
        this.readLock.lock();
        try {
            OAuth20Component oAuth20Component = this.component;
            this.readLock.unlock();
            return oAuth20Component;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getID() {
        this.readLock.lock();
        try {
            String str = this.providerId;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider, com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OidcOAuth20ClientProvider getClientProvider() {
        this.readLock.lock();
        try {
            OidcOAuth20ClientProvider oidcOAuth20ClientProvider = this.clientProvider;
            this.readLock.unlock();
            return oidcOAuth20ClientProvider;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20EnhancedTokenCache getTokenCache() {
        this.readLock.lock();
        try {
            OAuth20EnhancedTokenCache oAuth20EnhancedTokenCache = this.tokenCache;
            this.readLock.unlock();
            return oAuth20EnhancedTokenCache;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public DBConsentCache getConsentCache() {
        this.readLock.lock();
        try {
            DBConsentCache dBConsentCache = this.consentCache;
            this.readLock.unlock();
            return dBConsentCache;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public void createCoreClasses() {
        this.writeLock.lock();
        try {
            try {
                if (this.isValid && this.needToCreateCoreClasses) {
                    createComponentConfiguration();
                    createInitializedStores(this.providerConfig);
                    createCommonComponentRuntime(this.providerConfig);
                    this.needToCreateCoreClasses = false;
                }
                this.writeLock.unlock();
            } catch (OAuthProviderException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "1321", this, new Object[0]);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception creating the OAuth20 common component configuration: " + e, new Object[0]);
                }
                this.writeLock.unlock();
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private void createComponentConfiguration() {
        this.providerConfig = new OAuth20ComponentConfigurationImpl(this.providerId, this.parameters, this.pluginClassLoader);
    }

    private void createCommonComponentRuntime(OAuthComponentConfiguration oAuthComponentConfiguration) throws OAuthProviderException {
        try {
            createTokenTypeHandler();
            createIDTokenTypeHandler();
            createGrantTypeHandlerFactory();
            createResponseTypeHandlerFactory();
            createMediators();
            processGrantTypes();
            this.component = new OAuth20ComponentImpl(this, oAuthComponentConfiguration, this);
        } catch (OAuthException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "1344", this, new Object[]{oAuthComponentConfiguration});
            throw new OAuthProviderException(e);
        }
    }

    private void createInitializedStores(OAuthComponentConfiguration oAuthComponentConfiguration) throws OAuthProviderException {
        if (this.isLocalStore) {
            this.clientProvider = new OidcBaseClientProvider(this.providerId, this.providerRewrites);
            this.tokenCache = new BaseCache(null, null, this.tokenStoreSize.intValue());
        } else {
            try {
                ResourceConfig createResourceConfig = this.resourceConfigFactory.createResourceConfig(DataSource.class.getName());
                createResourceConfig.setResAuthType(0);
                if (this.dataSourceFactory == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "dataSourceFactory in " + this.providerId + " is null.", new Object[0]);
                    }
                    Tr.error(tc, "OAUTH_PROVIDER_DATABASESTORE_INVALID_DATASOURCEFACTORY", this.providerId);
                    throw new OAuthProviderException("OAUTH_PROVIDER_DATABASESTORE_INVALID_DATASOURCEFACTORY");
                }
                DataSource dataSource = (DataSource) this.dataSourceFactory.createResource(createResourceConfig);
                this.clientProvider = new CachedDBOidcClientProvider(this.providerId, dataSource, getSchemaName() + VALUE_DB_CLIENT_TABLE, this.credentials, null, this.providerRewrites);
                this.tokenCache = new CachedDBOidcTokenStore(this.providerId, dataSource, getSchemaName() + VALUE_DB_TOKEN_TABLE, this.credentials, null, this.cleanupInterval.intValue(), 250, this.limitRefreshToken.booleanValue());
                this.consentCache = new DBConsentCache(this.providerId, dataSource, getSchemaName() + CONSENT_CACHE_DB_TABLE, this.credentials, null, this.cleanupInterval.intValue(), 250);
                this.consentCache.initialize();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider", "1370", this, new Object[]{oAuthComponentConfiguration});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Internal error accessing database store", e);
                }
            }
        }
        this.clientProvider.initialize();
        this.tokenCache.initialize();
    }

    private void setResourceProtectionFilter(String str) {
        if (str != null) {
            this.resourceProtectionFilter = new OAuthResourceProtectionFilter(str, false);
        } else {
            this.resourceProtectionFilter = new OAuthResourceProtectionFilter(false);
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isRequestAccepted(HttpServletRequest httpServletRequest) {
        this.readLock.lock();
        try {
            boolean isAccepted = getResourceProtectionFilter().isAccepted(httpServletRequest);
            this.readLock.unlock();
            return isAccepted;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private OAuthResourceProtectionFilter getResourceProtectionFilter() {
        return this.resourceProtectionFilter;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public OAuthResult processResourceRequest(HttpServletRequest httpServletRequest) {
        this.readLock.lock();
        try {
            OAuthResult processResourceRequest = this.component.processResourceRequest(httpServletRequest);
            this.readLock.unlock();
            return processResourceRequest;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public OAuthResult processAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AttributeList attributeList) {
        this.readLock.lock();
        try {
            OAuthResult processAuthorization = this.component.processAuthorization(httpServletRequest, httpServletResponse, attributeList);
            this.readLock.unlock();
            return processAuthorization;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public OAuthResult processTokenRequest(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.readLock.lock();
        try {
            OAuthResult processTokenRequest = this.component.processTokenRequest(str, httpServletRequest, httpServletResponse);
            this.readLock.unlock();
            return processTokenRequest;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getAuthorizationGrantLifetime() {
        this.readLock.lock();
        try {
            long j = this.authorizationGrantLifetime;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getAuthorizationCodeLifetime() {
        this.readLock.lock();
        try {
            long j = this.authorizationCodeLifetime;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public int getAuthorizationCodeLength() {
        this.readLock.lock();
        try {
            int i = this.authorizationCodeLength;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getAccessTokenLifetime() {
        this.readLock.lock();
        try {
            long j = this.accessTokenLifetime;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider, com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getAccessTokenLength() {
        this.readLock.lock();
        try {
            int i = this.accessTokenLength;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider, com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public boolean isIssueRefreshToken() {
        this.readLock.lock();
        try {
            boolean z = this.issueRefreshToken;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider, com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getRefreshTokenLength() {
        this.readLock.lock();
        try {
            int i = this.refreshTokenLength;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getMediatorClassname() {
        this.readLock.lock();
        try {
            String str = this.mediatorClassname;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider, com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public boolean isAllowPublicClients() {
        this.readLock.lock();
        try {
            boolean z = this.allowPublicClients;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String[] getGrantTypesAllowed() {
        this.readLock.lock();
        try {
            if (this.grantTypesAllowed == null) {
                return null;
            }
            String[] strArr = (String[]) this.grantTypesAllowed.clone();
            this.readLock.unlock();
            return strArr;
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getAuthorizationFormTemplate() {
        this.readLock.lock();
        try {
            String str = this.authorizationFormTemplate;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getAuthorizationErrorTemplate() {
        this.readLock.lock();
        try {
            String str = this.authorizationErrorTemplate;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    public String getSchemaName() {
        this.readLock.lock();
        try {
            String str = this.schemaName;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getCustomLoginURL() {
        this.readLock.lock();
        try {
            String str = this.customLoginURL;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getAutoAuthorizeParam() {
        this.readLock.lock();
        try {
            String str = this.autoAuthorizeParam;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isAutoAuthorize() {
        this.readLock.lock();
        try {
            boolean z = this.autoAuthorize;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String[] getAutoAuthorizeClients() {
        this.readLock.lock();
        try {
            if (this.autoAuthorizeClients == null) {
                return null;
            }
            String[] strArr = (String[]) this.autoAuthorizeClients.clone();
            this.readLock.unlock();
            return strArr;
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getClientURISubstitutions() {
        this.readLock.lock();
        try {
            String str = this.clientURISubstitutions;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getClientTokenCacheSize() {
        this.readLock.lock();
        try {
            long j = this.clientTokenCacheSize;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getFilter() {
        this.readLock.lock();
        try {
            String str = this.filter;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getCharacterEncoding() {
        this.readLock.lock();
        try {
            String str = this.characterEncoding;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isOauthOnly() {
        this.readLock.lock();
        try {
            boolean z = this.oauthOnly;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isIncludeTokenInSubject() {
        this.readLock.lock();
        try {
            boolean z = this.includeTokenInSubject;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getConsentCacheEntryLifetime() {
        this.readLock.lock();
        try {
            long j = this.consentCacheEntryLifetime;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getConsentCacheSize() {
        this.readLock.lock();
        try {
            long j = this.consentCacheSize;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isHttpsRequired() {
        this.readLock.lock();
        try {
            boolean z = this.httpsRequired;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isCertAuthentication() {
        this.readLock.lock();
        try {
            boolean z = this.certAuthentication;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isSkipUserValidation() {
        this.readLock.lock();
        try {
            boolean z = this.skipUserValidation;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public String getClientAdmin() {
        this.readLock.lock();
        try {
            String str = this.clientAdmin;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getJwtMaxJtiCacheSize() {
        this.readLock.lock();
        try {
            long j = this.jwtMaxJtiCacheSize;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getJwtClockSkew() {
        this.readLock.lock();
        try {
            long j = this.jwtSkew;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getJwtTokenMaxLifetime() {
        this.readLock.lock();
        try {
            long j = this.jwtTokenMaxLifetime;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean getJwtIatRequired() {
        this.readLock.lock();
        try {
            boolean z = this.jwtIatRequired;
            this.readLock.unlock();
            return z;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public long getCoverageMapSessionMaxAge() {
        this.readLock.lock();
        try {
            long j = this.coverageMapSessionMaxAge;
            this.readLock.unlock();
            return j;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getMaxAuthGrantLifetimeSeconds() {
        this.readLock.lock();
        try {
            int i = (int) this.authorizationGrantLifetime;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getCodeLifetimeSeconds() {
        this.readLock.lock();
        try {
            int i = (int) this.authorizationCodeLifetime;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getCodeLength() {
        this.readLock.lock();
        try {
            int i = this.authorizationCodeLength;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public int getTokenLifetimeSeconds() {
        this.readLock.lock();
        try {
            int i = (int) this.accessTokenLifetime;
            this.readLock.unlock();
            return i;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20TokenTypeHandler getTokenTypeHandler() {
        this.readLock.lock();
        try {
            OAuth20TokenTypeHandler oAuth20TokenTypeHandler = this.tokenTypeHandler;
            this.readLock.unlock();
            return oAuth20TokenTypeHandler;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20TokenTypeHandler getIDTokenTypeHandler() {
        this.readLock.lock();
        try {
            OAuth20TokenTypeHandler oAuth20TokenTypeHandler = this.idTokenTypeHandler;
            this.readLock.unlock();
            return oAuth20TokenTypeHandler;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20GrantTypeHandlerFactory getGrantTypeHandlerFactory() {
        this.readLock.lock();
        try {
            OAuth20GrantTypeHandlerFactory oAuth20GrantTypeHandlerFactory = this.grantTypeHandlerFactory;
            this.readLock.unlock();
            return oAuth20GrantTypeHandlerFactory;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20ResponseTypeHandlerFactory getResponseTypeHandlerFactory() {
        this.readLock.lock();
        try {
            OAuth20ResponseTypeHandlerFactory oAuth20ResponseTypeHandlerFactory = this.responseTypeHandlerFactory;
            this.readLock.unlock();
            return oAuth20ResponseTypeHandlerFactory;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuth20Mediator getMediators() {
        this.readLock.lock();
        try {
            OAuth20Mediator oAuth20Mediator = this.mediator;
            this.readLock.unlock();
            return oAuth20Mediator;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public boolean isGrantTypeAllowed(String str) {
        this.readLock.lock();
        try {
            boolean contains = this.finalGrantTypesAllowedSet.contains(str);
            this.readLock.unlock();
            return contains;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private void createTokenTypeHandler() {
        this.tokenTypeHandler = new BaseTokenHandler();
    }

    private void createIDTokenTypeHandler() throws OAuthException {
        if (this.idTokenTypeHandlerClassname != null) {
            if (!"com.ibm.ws.security.openidconnect.server.plugins.IDTokenHandler".equals(this.idTokenTypeHandlerClassname) || oidcIDTokenHandler == null) {
                this.idTokenTypeHandler = (OAuth20TokenTypeHandler) createInstance(this.idTokenTypeHandlerClassname, "oauth20.id.tokentypehandler.classname", OAuth20TokenTypeHandler.class);
            } else {
                this.idTokenTypeHandler = oidcIDTokenHandler;
            }
        }
    }

    private void createGrantTypeHandlerFactory() throws OAuthException {
        if (this.grantTypeHandlerFactoryClassname != null) {
            if (!"com.ibm.ws.security.openidconnect.server.plugins.OIDCGrantTypeHandlerFactoryImpl".equals(this.grantTypeHandlerFactoryClassname) || oidcGrantTypeHandlerFactory == null) {
                this.grantTypeHandlerFactory = (OAuth20GrantTypeHandlerFactory) createInstance(this.grantTypeHandlerFactoryClassname, "oauth20.grant.type.handler.factory.classname", OAuth20GrantTypeHandlerFactory.class);
            } else {
                this.grantTypeHandlerFactory = oidcGrantTypeHandlerFactory;
            }
        }
    }

    private void createResponseTypeHandlerFactory() throws OAuthException {
        if (this.responseTypeHandlerFactoryClassname != null) {
            if (!"com.ibm.ws.security.openidconnect.server.plugins.OIDCResponseTypeHandlerFactoryImpl".equals(this.responseTypeHandlerFactoryClassname) || oidcResponseTypeHandlerFactory == null) {
                this.responseTypeHandlerFactory = (OAuth20ResponseTypeHandlerFactory) createInstance(this.responseTypeHandlerFactoryClassname, "oauth20.response.type.handler.factory.classname", OAuth20ResponseTypeHandlerFactory.class);
            } else {
                this.responseTypeHandlerFactory = oidcResponseTypeHandlerFactory;
            }
        }
    }

    private void createMediators() throws OAuthException {
        if (this.mediatorClassname == null) {
            this.mediator = new OAuth20MediatorDefaultImpl();
        } else {
            this.mediator = (OAuth20Mediator) createInstance(this.mediatorClassname, OAuthComponentConfigurationConstants.OAUTH20_MEDIATOR_CLASSNAMES, OAuth20Mediator.class);
        }
    }

    private Object createInstance(String str, String str2, Class cls) throws OAuthException {
        return OAuth20ProviderUtils.processClass(str, str2, cls, !ConfigUtils.isBuiltinClass(str) ? this.pluginClassLoader : OAuth20ProviderUtils.class.getClassLoader());
    }

    protected void processGrantTypes() throws OAuthException {
        if (this.grantTypesAllowed == null || this.grantTypesAllowed.length == 0) {
            throw new OAuthConfigurationException("security.oauth.error.config.notspecified.exception", OAuthComponentConfigurationConstants.OAUTH20_GRANT_TYPES_ALLOWED, Parser.NULL_ELEMENT, null);
        }
        this.finalGrantTypesAllowedSet = new HashSet();
        for (String str : this.grantTypesAllowed) {
            for (String str2 : str.split(",")) {
                if (!OAuth20Constants.ALL_GRANT_TYPES_SET.contains(str2)) {
                    throw new OAuthConfigurationException("security.oauth.error.invalidconfig.exception", OAuthComponentConfigurationConstants.OAUTH20_GRANT_TYPES_ALLOWED, str, null);
                }
                this.finalGrantTypesAllowedSet.add(str2);
            }
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider
    public OAuthAuditHandler getAuditHandler() {
        this.readLock.lock();
        try {
            OAuthAuditHandler oAuthAuditHandler = this.auditHandler;
            this.readLock.unlock();
            return oAuthAuditHandler;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.api.OAuthComponentInstance
    public String getInstanceId() {
        this.readLock.lock();
        try {
            String str = this.providerId;
            this.readLock.unlock();
            return str;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.api.OAuthComponentInstance
    public OAuth20Component getOAuth20Component() {
        this.readLock.lock();
        try {
            OAuth20Component oAuth20Component = this.component;
            this.readLock.unlock();
            return oAuth20Component;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isValid() {
        return this.isValid;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isLocalStoreUsed() {
        return this.isLocalStore;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20Provider
    public boolean isMiscUri(HttpServletRequest httpServletRequest) {
        Matcher matcher;
        String requestURI = httpServletRequest.getRequestURI();
        synchronized (this.patternOauthOidc) {
            matcher = this.patternOauthOidc.matcher(requestURI);
        }
        if (matcher.matches()) {
            return true;
        }
        if (this.iHttps <= 0) {
            return false;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        for (int i = 0; i < this.iHttps; i++) {
            if (stringBuffer.equals(this.https[i])) {
                return true;
            }
        }
        return false;
    }

    public static void setOidcIDTokenTypeHandler(OAuth20TokenTypeHandler oAuth20TokenTypeHandler) {
        oidcIDTokenHandler = oAuth20TokenTypeHandler;
    }

    public static void setOidcGrantTypeHandlerFactory(OAuth20GrantTypeHandlerFactory oAuth20GrantTypeHandlerFactory) {
        oidcGrantTypeHandlerFactory = oAuth20GrantTypeHandlerFactory;
    }

    public static void setOidcResponseTypeHandlerFactory(OAuth20ResponseTypeHandlerFactory oAuth20ResponseTypeHandlerFactory) {
        oidcResponseTypeHandlerFactory = oAuth20ResponseTypeHandlerFactory;
    }
}
