package com.ibm.ws.security.openid20.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openid20.OpenidClientConfig;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.FilterUtils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.List;
import java.util.Map;
import org.openid4java.message.AuthRequest;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Reference;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.openid20_1.0.14.jar:com/ibm/ws/security/openid20/internal/OpenidClientConfigImpl.class */
public class OpenidClientConfigImpl implements OpenidClientConfig {
    public static final String CFG_KEY_ALLOW_STATELESS = "allowStateless";
    public static final String CFG_KEY_MAP_IDENTITY_TO_REGISTRY_USER = "mapIdentityToRegistryUser";
    public static final String CFG_KEY_USE_CLIENT_IDENTITY = "useClientIdentity";
    public static final String CFG_KEY_AUTHENTICATION_MODE = "authenticationMode";
    public static final String CFG_KEY_MAX_ASSOCIATION_ATTEMPS = "maxAssociationAttempts";
    public static final String CFG_KEY_NONCE_VALID_TIME = "nonceValidTime";
    public static final String CFG_KEY_SHARED_KEY_ENCRYPTION_ENABLED = "sharedKeyEncryptionEnabled";
    public static final String CFG_KEY_HASH_ALGORITHM = "hashAlgorithm";
    public static final String CFG_KEY_SSL_REF = "sslRef";
    public static final String CFG_KEY_USER_INFO_REF = "userInfoRef";
    public static final String CFG_KEY_HTTPS_REQUIRED = "httpsRequired";
    public static final String CFG_KEY_SEARCH_NUMBER_OF_USER_INFO_TO_MAP = "searchNumberOfUserInfoToMap";
    public static final String CFG_KEY_FAILED_ASSOC_EXPIRE = "failedAssocExpire";
    public static final String CFG_KEY_CONNECT_TIMEOUT = "connectTimeout";
    public static final String CFG_KEY_SOCKET_TIMEOUT = "socketTimeout";
    public static final String CFG_KEY_HOST_NAME_VERIFICATION_ENABLED = "hostNameVerificationEnabled";
    public static final String CFG_KEY_MAX_DISCOVERY_CACHE_SIZE = "maxDiscoveryCacheSize";
    public static final String CFG_KEY_MAX_DISCOVER_RETRY = "maxDiscoverRetry";
    public static final String CFG_KEY_GROUP_IDENTIFIER = "groupIdentifier";
    public static final String CFG_KEY_REALM_IDENTIFIER = "realmIdentifier";
    public static final String CFG_KEY_CHARACTER_ENCODING = "characterEncoding";
    public static final String CFG_KEY_INCLUDE_USER_INFO_IN_SUBJECT = "includeUserInfoInSubject";
    public static final String CFG_KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT = "includeCustomCacheKeyInSubject";
    public static final String CFG_KEY_PROVIDER_IDENTIFIER = "providerIdentifier";
    public static final String CFG_KEY_AUTH_FILTER_REF = "authFilterRef";
    public static final String CFG_KEY_ALLOW_BASIC_AUTHENTICATION = "allowBasicAuthentication";
    public static final String CFG_KEY_TRY_OPENID_IF_BASIC_AUTH_FAILS = "tryOpenIDIfBasicAuthFails";
    public static final String CFG_KEY_ALIAS = "alias";
    public static final String CFG_KEY_URI_TYPE = "uriType";
    public static final String CFG_KEY_COUNT = "count";
    public static final String CFG_KEY_REQUIRED = "required";
    public static final String ENCRYPTION_NO = "no-encryption";
    public static final String ENCRYPTION_DH_SHA1 = "DH-SHA1";
    public static final String ENCRYPTION_DH_SHA256 = "DH-SHA256";
    public static final String SIGNATURE_HMAC_SHA1 = "HMAC-SHA1";
    public static final String SIGNATURE_HMAC_SHA256 = "HMAC-SHA256";
    public static final String HASH_ALG_SHA1 = "SHA1";
    public static final String HASH_ALG_SHA256 = "SHA256";
    public static final String KEY_CONFIGURATION_ADMIN = "configurationAdmin";
    boolean allowStateless;
    private int maxAssociationAttempts;
    private long nonceValidTime;
    private boolean httpsRequired;
    private boolean mapIdentityToRegistryUser;
    private boolean useClientIdentity;
    private String sessionEncryptionType;
    private String signatureAlgorithm;
    private String sslRef;
    private long failedAssocExpire;
    private long connectTimeout;
    private long socketTimeout;
    public boolean hostNameVerificationEnabled;
    private int searchNumberOfUserInfoToMap;
    private int maxDiscoveryCacheSize;
    private int maxDiscoverRetry;
    private boolean checkImmediate;
    private String groupIdentifier;
    private String realmIdentifier;
    private String characterEncoding;
    private boolean includeUserInfoInSubject;
    private boolean includeCustomCacheKeyInSubject;
    private String providerIdentifier;
    private String authFilterRef;
    private String authFilterId;
    private boolean allowBasicAuthentication;
    private boolean tryOpenIDIfBasicAuthFails;
    static final long serialVersionUID = -1929433074498554428L;
    private static final TraceComponent tc = Tr.register(OpenidClientConfigImpl.class);
    private static final Object KEY_ID = "id";
    private final AtomicServiceReference<ConfigurationAdmin> configAdminRef = new AtomicServiceReference<>("configurationAdmin");
    private List<UserInfo> userInfo = new ArrayList();

    @Reference(name = "configurationAdmin", service = ConfigurationAdmin.class)
    protected void setConfigurationAdmin(ServiceReference<ConfigurationAdmin> serviceReference) {
        this.configAdminRef.setReference(serviceReference);
    }

    protected void unsetConfigurationAdmin(ServiceReference<ConfigurationAdmin> serviceReference) {
        this.configAdminRef.unsetReference(serviceReference);
    }

    protected synchronized void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.configAdminRef.activate(componentContext);
        processConfigProps(map);
        Tr.info(tc, "OPENID_RP_CONFIG_PROCESSED", new Object[0]);
    }

    protected synchronized void modify(Map<String, Object> map) {
        processConfigProps(map);
        Tr.info(tc, "OPENID_RP_CONFIG_MODIFIED", new Object[0]);
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        this.configAdminRef.deactivate(componentContext);
    }

    private void processConfigProps(Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        this.mapIdentityToRegistryUser = ((Boolean) map.get("mapIdentityToRegistryUser")).booleanValue();
        this.useClientIdentity = ((Boolean) map.get(CFG_KEY_USE_CLIENT_IDENTITY)).booleanValue();
        this.connectTimeout = ((Long) map.get("connectTimeout")).longValue();
        this.allowStateless = ((Boolean) map.get(CFG_KEY_ALLOW_STATELESS)).booleanValue();
        this.failedAssocExpire = ((Long) map.get(CFG_KEY_FAILED_ASSOC_EXPIRE)).longValue();
        this.nonceValidTime = ((Long) map.get(CFG_KEY_NONCE_VALID_TIME)).longValue();
        this.maxDiscoveryCacheSize = ((Integer) map.get(CFG_KEY_MAX_DISCOVERY_CACHE_SIZE)).intValue();
        this.maxDiscoverRetry = ((Integer) map.get(CFG_KEY_MAX_DISCOVER_RETRY)).intValue();
        this.searchNumberOfUserInfoToMap = ((Integer) map.get(CFG_KEY_SEARCH_NUMBER_OF_USER_INFO_TO_MAP)).intValue();
        this.maxAssociationAttempts = ((Integer) map.get(CFG_KEY_MAX_ASSOCIATION_ATTEMPS)).intValue();
        this.socketTimeout = ((Long) map.get(CFG_KEY_SOCKET_TIMEOUT)).longValue();
        this.sslRef = (String) map.get("sslRef");
        this.hostNameVerificationEnabled = ((Boolean) map.get("hostNameVerificationEnabled")).booleanValue();
        this.userInfo = processUserInfo(map, CFG_KEY_USER_INFO_REF);
        this.httpsRequired = ((Boolean) map.get("httpsRequired")).booleanValue();
        String str = (String) map.get(CFG_KEY_AUTHENTICATION_MODE);
        if (str == null || !AuthRequest.MODE_IMMEDIATE.equalsIgnoreCase(str)) {
            this.checkImmediate = false;
        } else {
            this.checkImmediate = true;
        }
        boolean booleanValue = ((Boolean) map.get(CFG_KEY_SHARED_KEY_ENCRYPTION_ENABLED)).booleanValue();
        String str2 = (String) map.get(CFG_KEY_HASH_ALGORITHM);
        setSessionEncryptionType(Boolean.valueOf(booleanValue), str2);
        setSignatureAlgorithm(str2);
        this.groupIdentifier = (String) map.get("groupIdentifier");
        this.realmIdentifier = (String) map.get("realmIdentifier");
        this.characterEncoding = (String) map.get("characterEncoding");
        this.includeUserInfoInSubject = ((Boolean) map.get(CFG_KEY_INCLUDE_USER_INFO_IN_SUBJECT)).booleanValue();
        this.includeCustomCacheKeyInSubject = ((Boolean) map.get("includeCustomCacheKeyInSubject")).booleanValue();
        this.providerIdentifier = (String) map.get(CFG_KEY_PROVIDER_IDENTIFIER);
        this.authFilterRef = (String) map.get("authFilterRef");
        this.authFilterId = getAuthFilterId(this.authFilterRef);
        this.allowBasicAuthentication = ((Boolean) map.get(CFG_KEY_ALLOW_BASIC_AUTHENTICATION)).booleanValue();
        this.tryOpenIDIfBasicAuthFails = ((Boolean) map.get(CFG_KEY_TRY_OPENID_IF_BASIC_AUTH_FAILS)).booleanValue();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "mapIdentityToRegistryUser: " + this.mapIdentityToRegistryUser, new Object[0]);
            Tr.debug(tc, "useClientIdentity: " + this.useClientIdentity, new Object[0]);
            Tr.debug(tc, "connectTimeout: " + this.connectTimeout, new Object[0]);
            Tr.debug(tc, "allowStateless: " + this.allowStateless, new Object[0]);
            Tr.debug(tc, "failedAssocExpire: " + this.failedAssocExpire, new Object[0]);
            Tr.debug(tc, "nonceValidTime: " + this.nonceValidTime, new Object[0]);
            Tr.debug(tc, "maxDiscoveryCacheSize: " + this.maxDiscoveryCacheSize, new Object[0]);
            Tr.debug(tc, "maxDiscoverRetry: " + this.maxDiscoverRetry, new Object[0]);
            Tr.debug(tc, "searchNumberOfUserInfoToMap: " + this.searchNumberOfUserInfoToMap, new Object[0]);
            Tr.debug(tc, "maxAssociationAttempts: " + this.maxAssociationAttempts, new Object[0]);
            Tr.debug(tc, "socketTimeout: " + this.socketTimeout, new Object[0]);
            Tr.debug(tc, "sslRef: " + this.sslRef, new Object[0]);
            Tr.debug(tc, "hostNameVerificationEnabled: " + this.hostNameVerificationEnabled, new Object[0]);
            Tr.debug(tc, "userInfo: " + this.userInfo, new Object[0]);
            Tr.debug(tc, "httpsRequired: " + this.httpsRequired, new Object[0]);
            Tr.debug(tc, "authenticationMode: " + str, new Object[0]);
            Tr.debug(tc, "checkImmediate: " + this.checkImmediate, new Object[0]);
            Tr.debug(tc, "sharedKeyEncryptionEnabled: " + booleanValue, new Object[0]);
            Tr.debug(tc, "hashAlgorithm: " + str2, new Object[0]);
            Tr.debug(tc, "sessionEncryptionType: " + this.sessionEncryptionType, new Object[0]);
            Tr.debug(tc, "signatureAlgorithm: " + this.signatureAlgorithm, new Object[0]);
            Tr.debug(tc, "groupIdentifier: " + this.groupIdentifier, new Object[0]);
            Tr.debug(tc, "realmIdentifier: " + this.realmIdentifier, new Object[0]);
            Tr.debug(tc, "encoding: " + this.characterEncoding, new Object[0]);
            Tr.debug(tc, "includeUserInfoInSubject: " + this.includeUserInfoInSubject, new Object[0]);
            Tr.debug(tc, "includeCustomCacheKeyInSubject: " + this.includeCustomCacheKeyInSubject, new Object[0]);
            Tr.debug(tc, "providerIdentifier: " + this.providerIdentifier, new Object[0]);
            Tr.debug(tc, "authFilterRef: " + this.authFilterRef, new Object[0]);
            Tr.debug(tc, "authFilterId: " + this.authFilterId, new Object[0]);
            Tr.debug(tc, "allowBasicAuthentication: " + this.allowBasicAuthentication, new Object[0]);
            Tr.debug(tc, "tryOpenIDIfBasicAuthFails: " + this.tryOpenIDIfBasicAuthFails, new Object[0]);
        }
        validateConfig();
    }

    private void setSessionEncryptionType(Boolean bool, String str) {
        if (!bool.booleanValue()) {
            this.sessionEncryptionType = ENCRYPTION_NO;
        } else if ("SHA1".equalsIgnoreCase(str)) {
            this.sessionEncryptionType = ENCRYPTION_DH_SHA1;
        } else {
            this.sessionEncryptionType = ENCRYPTION_DH_SHA256;
        }
    }

    private void setSignatureAlgorithm(String str) {
        if ("SHA1".equalsIgnoreCase(str)) {
            this.signatureAlgorithm = "HMAC-SHA1";
        } else {
            this.signatureAlgorithm = "HMAC-SHA256";
        }
    }

    private void validateConfig() {
        if (this.allowStateless || this.maxAssociationAttempts != 0) {
            return;
        }
        this.maxAssociationAttempts = 4;
        Tr.warning(tc, "OPENID_RP_CONFIG_DISABLED_ASSOCIATION_AND_NOT_ALLOW_STATELESS_INVALID", new Object[0]);
    }

    private List<UserInfo> processUserInfo(Map<String, Object> map, String str) {
        String[] strArr = (String[]) map.get(str);
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        Collections.emptyList();
        return getUserInfoAttrs(Arrays.asList(strArr));
    }

    private List<UserInfo> getUserInfoAttrs(List<String> list) {
        ArrayList<UserInfo> arrayList = new ArrayList();
        ConfigurationAdmin serviceWithException = this.configAdminRef.getServiceWithException();
        Configuration configuration = null;
        for (String str : list) {
            try {
                Configuration[] listConfigurations = serviceWithException.listConfigurations(FilterUtils.createPropertyFilter("service.pid", str));
                if (listConfigurations != null && listConfigurations.length > 0) {
                    configuration = serviceWithException.getConfiguration(str);
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openid20.internal.OpenidClientConfigImpl", "294", this, new Object[]{list});
            } catch (InvalidSyntaxException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.openid20.internal.OpenidClientConfigImpl", "293", this, new Object[]{list});
            }
            if (configuration != null) {
                Dictionary<String, Object> properties = configuration.getProperties();
                arrayList.add(new UserInfo((String) properties.get("alias"), (String) properties.get(CFG_KEY_URI_TYPE), ((Integer) properties.get("count")).intValue(), ((Boolean) properties.get("required")).booleanValue()));
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            if (arrayList.isEmpty()) {
                Tr.debug(tc, "there is no userInfo.", new Object[0]);
            } else {
                for (UserInfo userInfo : arrayList) {
                    Tr.debug(tc, "alias=" + userInfo.getAlias() + " type=" + userInfo.getType() + " count=" + userInfo.getCount() + " required=" + userInfo.getRequired(), new Object[0]);
                }
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean getAllowStateless() {
        return this.allowStateless;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public long getNonceValidTime() {
        return this.nonceValidTime;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public int getMaxDiscoveryCacheSize() {
        return this.maxDiscoveryCacheSize;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public int getMaxAssociationAttemps() {
        return this.maxAssociationAttempts;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getSessionEncryptionType() {
        return this.sessionEncryptionType;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getSslRef() {
        return this.sslRef;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public List<UserInfo> getUserInfo() {
        return this.userInfo;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public long getFailedAssocExpire() {
        return this.failedAssocExpire;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public long getConnectTimeout() {
        return this.connectTimeout;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public long getSocketTimeout() {
        return this.socketTimeout;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isHostNameVerificationEnabled() {
        return this.hostNameVerificationEnabled;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean ishttpsRequired() {
        return this.httpsRequired;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isCheckImmediate() {
        return this.checkImmediate;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isMapIdentityToRegistryUser() {
        return this.mapIdentityToRegistryUser;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isUseClientIdentity() {
        return this.useClientIdentity;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public int getSearchNumberOfUserInfoToMap() {
        return this.searchNumberOfUserInfoToMap;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public int getMaxDiscoverRetry() {
        return this.maxDiscoverRetry;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getGroupIdentifier() {
        return this.groupIdentifier;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getRealmIdentifier() {
        return this.realmIdentifier;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getCharacterEncoding() {
        return this.characterEncoding;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isIncludeUserInfoInSubject() {
        return this.includeUserInfoInSubject;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isIncludeCustomCacheKeyInSubject() {
        return this.includeCustomCacheKeyInSubject;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getProviderIdentifier() {
        return this.providerIdentifier;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public String getAuthFilterId() {
        return this.authFilterId;
    }

    private String getAuthFilterId(String str) {
        Dictionary<String, Object> properties;
        if (str == null || str.isEmpty()) {
            return null;
        }
        Configuration configuration = null;
        ConfigurationAdmin service = this.configAdminRef.getService();
        if (service != null) {
            try {
                configuration = service.getConfiguration(str);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openid20.internal.OpenidClientConfigImpl", "481", this, new Object[]{str});
                if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Invalid authFilterRef configuration", e.getMessage());
                return null;
            }
        }
        if (configuration == null || (properties = configuration.getProperties()) == null) {
            return null;
        }
        return (String) properties.get(KEY_ID);
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean allowBasicAuthentication() {
        return this.allowBasicAuthentication;
    }

    @Override // com.ibm.ws.security.openid20.OpenidClientConfig
    public boolean isTryOpenIDIfBasicAuthFails() {
        return this.tryOpenIDIfBasicAuthFails;
    }
}
