package com.ibm.ws.security.jaas.config.internal;

import com.ibm.ejs.j2c.ConnectionFactoryRefBuilder;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.JaasLoginConfigConstants;
import com.ibm.ws.security.jaas.common.JAASConfigurationFactory;
import com.ibm.ws.security.jaas.common.JAASLoginModuleConfig;
import com.ibm.ws.security.jaas.common.internal.JAASLoginModuleConfigImpl;
import com.ibm.ws.security.jaas.config.JAASLoginConfig;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.library.Library;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {JAASLoginConfig.class}, name = JAASConfigurationFactory.KEY_JAAS_LOGIN_CONFIG, configurationPid = {"com.ibm.ws.security.jaas.config.JAASLoginConfig"}, immediate = true, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaas.common_1.0.14.jar:com/ibm/ws/security/jaas/config/internal/JAASLoginConfigImpl.class */
public class JAASLoginConfigImpl extends Parser implements JAASLoginConfig {
    private static final String AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private String fileName;
    private ClassLoadingService classLoadingService;
    static final long serialVersionUID = 8590702513374981072L;
    private static TraceComponent tc = Tr.register(JAASLoginConfigImpl.class);
    public static final List<String> defaultJaasLoginContextEntries = Collections.unmodifiableList(Arrays.asList(JaasLoginConfigConstants.SYSTEM_UNAUTHENTICATED, JaasLoginConfigConstants.SYSTEM_WEB_INBOUND, "system.DEFAULT", JaasLoginConfigConstants.SYSTEM_DESERIALIZE_CONTEXT, JaasLoginConfigConstants.SYSTEM_RMI_INBOUND, ConnectionFactoryRefBuilder.DEFAULT_MAPPING_MODULE_mappingConfigAlias, JaasLoginConfigConstants.APPLICATION_WSLOGIN, JaasLoginConfigConstants.CLIENT_CONTAINER));
    private final String KEY_LOCATION_ADMIN = "locationAdmin";
    private final AtomicServiceReference<WsLocationAdmin> locationAdminRef = new AtomicServiceReference<>("locationAdmin");
    private volatile Library sharedLibrary = null;
    private ConfigFile configFile = null;

    @Reference(service = WsLocationAdmin.class, name = "locationAdmin")
    protected void setLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.setReference(serviceReference);
    }

    protected void unsetLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.unsetReference(serviceReference);
    }

    @Reference
    protected void setClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.classLoadingService = classLoadingService;
    }

    @Reference(service = Library.class, name = "sharedLibrary", target = "(id=jaasDefaultSharedLib)", cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setSharedLib(Library library) {
        this.sharedLibrary = library;
    }

    protected void unsetSharedLib(Library library) {
        this.sharedLibrary = library;
    }

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.locationAdminRef.activate(componentContext);
        modified(map);
    }

    @Modified
    protected void modified(Map<String, Object> map) {
        String systemProperty = getSystemProperty(AUTH_LOGIN_CONFIG);
        if (systemProperty != null) {
            this.fileName = resolveVariblePath(systemProperty);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, this.fileName == null ? "There is no JAAS login configuration file" : "JAAS login configuration file: " + this.fileName, new Object[0]);
        }
        if (this.fileName != null) {
            this.configFile = new ConfigFile(this.fileName);
        }
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.locationAdminRef.deactivate(componentContext);
    }

    public String getSystemProperty(final String str) {
        return (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.jaas.config.internal.JAASLoginConfigImpl.1
            static final long serialVersionUID = 3658551511379460254L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.security.PrivilegedAction
            public Object run() {
                return System.getProperty(str);
            }
        });
    }

    private String resolveVariblePath(String str) {
        WsLocationAdmin service = this.locationAdminRef.getService();
        if (service != null) {
            return service.resolveString(str);
        }
        Tr.error(tc, "OSGI_SERVICE_ERROR", "WsLocationAdmin");
        return str;
    }

    @Override // com.ibm.ws.security.jaas.config.JAASLoginConfig
    public Map<String, List<AppConfigurationEntry>> getEntries() {
        if (this.configFile != null) {
            return updateDelegateOptions(this.configFile.getFileMap());
        }
        return null;
    }

    private Map<String, List<AppConfigurationEntry>> updateDelegateOptions(Map<String, List<AppConfigurationEntry>> map) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, List<AppConfigurationEntry>> entry : map.entrySet()) {
            String key = entry.getKey();
            if (defaultJaasLoginContextEntries.contains(key)) {
                arrayList.add(key);
            } else {
                hashMap.put(key, updateAppConfiguration(entry));
            }
        }
        if (!arrayList.isEmpty()) {
            Tr.warning(tc, "DEFAULT_JAAS_LOGIN_CONTEXT_ENTRY_SKIP", arrayList.toString(), this.fileName);
        }
        return hashMap;
    }

    private List<AppConfigurationEntry> updateAppConfiguration(Map.Entry<String, List<AppConfigurationEntry>> entry) {
        ArrayList arrayList = new ArrayList();
        for (AppConfigurationEntry appConfigurationEntry : entry.getValue()) {
            Map<String, Object> processDelegateOptions = JAASLoginModuleConfigImpl.processDelegateOptions(appConfigurationEntry.getOptions(), appConfigurationEntry.getLoginModuleName(), this.classLoadingService, this.sharedLibrary, true);
            AppConfigurationEntry.LoginModuleControlFlag controlFlag = appConfigurationEntry.getControlFlag();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "loginModuleClassName: com.ibm.ws.kernel.boot.security.LoginModuleProxy options: " + processDelegateOptions.toString() + " controlFlag: " + controlFlag.toString(), new Object[0]);
            }
            arrayList.add(new AppConfigurationEntry(JAASLoginModuleConfig.LOGIN_MODULE_PROXY, controlFlag, processDelegateOptions));
        }
        return arrayList;
    }
}
