package com.ibm.ws.security.jaas.common.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.config.xml.internal.XMLConfigConstants;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.boot.security.LoginModuleProxy;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jaas.common.JAASLoginModuleConfig;
import com.ibm.ws.security.jaas.common.modules.WSLoginModuleProxy;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.library.Library;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(configurationPid = {"com.ibm.ws.security.authentication.internal.jaas.jaasLoginModuleConfig"}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaas.common_1.0.16.jar:com/ibm/ws/security/jaas/common/internal/JAASLoginModuleConfigImpl.class */
public class JAASLoginModuleConfigImpl implements JAASLoginModuleConfig {
    public static final String CERTIFICATE = "certificate";
    public static final String HASHTABLE = "hashtable";
    public static final String TOKEN = "token";
    public static final String DELEGATE = "delegate";
    static final String CFG_KEY_ID = "id";
    static final String CFG_KEY_CLASSNAME = "className";
    static final String CFG_KEY_CONTROL_FLAG = "controlFlag";
    static final String CFG_KEY_OPTION_PID = "optionsRef";
    public static final String WAS_LM_SHARED_LIB = "WAS_LM_SHAREDLIB";
    private ModuleConfig moduleConfig;
    private AppConfigurationEntry.LoginModuleControlFlag controlFlag = null;
    private Map<String, Object> options = Collections.emptyMap();
    private Library sharedLibrary;
    private ClassLoadingService classLoadingService;
    static final long serialVersionUID = 8863186601840053785L;
    private static final TraceComponent tc = Tr.register(JAASLoginModuleConfigImpl.class);
    public static final Class<WSLoginModuleProxy> WSLOGIN_MODULE_PROXY_CLASS = WSLoginModuleProxy.class;
    public static final String WSLOGIN_MODULE_PROXY = WSLOGIN_MODULE_PROXY_CLASS.getName();
    public static final String USERNAME_AND_PASSWORD = "userNameAndPassword";
    public static final String IDENTITY_ASSERTION = "identityAssertion";
    public static final List<String> defaultLoginModuleIds = Collections.unmodifiableList(Arrays.asList("hashtable", USERNAME_AND_PASSWORD, "certificate", "token", "hashtable", JAASLoginModuleConfig.PROXY, IDENTITY_ASSERTION));

    @Activate
    protected void activate(ModuleConfig moduleConfig, Map<String, Object> map) {
        this.moduleConfig = moduleConfig;
        processConfigProps(map);
    }

    private void processConfigProps(Map<String, Object> map) {
        this.controlFlag = setControlFlag(this.moduleConfig.controlFlag());
        Map<String, Object> extractOptions = extractOptions(map);
        String className = this.moduleConfig.className();
        if (isDefaultLoginModule()) {
            extractOptions.put(LoginModuleProxy.KERNEL_DELEGATE, getTargetClassForName(getTargetClassName(className, extractOptions)));
        } else {
            extractOptions = processDelegateOptions(extractOptions, className, this.classLoadingService, this.sharedLibrary, false);
        }
        this.options = extractOptions;
    }

    @FFDCIgnore({ClassNotFoundException.class})
    public static Map<String, Object> processDelegateOptions(Map<String, Object> map, String str, ClassLoadingService classLoadingService, Library library, boolean z) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        String targetClassName = getTargetClassName(str, hashMap);
        hashMap.put(LoginModuleProxy.KERNEL_DELEGATE, WSLOGIN_MODULE_PROXY_CLASS);
        if (targetClassName != null) {
            ClassLoader sharedLibraryClassLoader = classLoadingService == null ? null : classLoadingService.getSharedLibraryClassLoader(library);
            Class<?> cls = null;
            try {
                if (isIBMJDK() || !"com.ibm.security.auth.module.Krb5LoginModule".equalsIgnoreCase(targetClassName)) {
                    cls = Class.forName(targetClassName, false, sharedLibraryClassLoader);
                }
            } catch (ClassNotFoundException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception performing class for name.", e);
                }
                if (z) {
                    Tr.error(tc, "JAAS_CUSTOM_LOGIN_MODULE_CLASS_NOT_FOUND", str, e);
                }
            }
            hashMap.put(DELEGATE, cls);
        }
        return hashMap;
    }

    private static String getTargetClassName(String str, Map<String, Object> map) {
        String str2;
        if (WSLOGIN_MODULE_PROXY.equals(str)) {
            str2 = (String) map.get(DELEGATE);
            if (str2 == null || str2.length() == 0) {
                Tr.error(tc, "JAAS_WSLOGIN_MODULE_PROXY_DELEGATE_NOT_SET", new Object[0]);
            }
        } else {
            str2 = str;
        }
        return str2;
    }

    @FFDCIgnore({ClassNotFoundException.class})
    private Class<?> getTargetClassForName(String str) {
        Class<?> cls = null;
        ClassLoader classLoader = null;
        try {
            try {
                classLoader = this.classLoadingService.createThreadContextClassLoader(JAASLoginModuleConfigImpl.class.getClassLoader());
                cls = Class.forName(str, true, classLoader);
                this.classLoadingService.destroyThreadContextClassLoader(classLoader);
            } catch (ClassNotFoundException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception performing class for name.", e);
                }
                this.classLoadingService.destroyThreadContextClassLoader(classLoader);
            }
            return cls;
        } catch (Throwable th) {
            this.classLoadingService.destroyThreadContextClassLoader(classLoader);
            throw th;
        }
    }

    private Map<String, Object> extractOptions(Map<String, Object> map) {
        List<Map<String, Object>> nest = Nester.nest("options", map);
        if (nest.isEmpty()) {
            return new HashMap(2);
        }
        HashMap hashMap = new HashMap(nest.get(0).size());
        for (Map.Entry<String, Object> entry : nest.get(0).entrySet()) {
            String key = entry.getKey();
            if (!key.startsWith(".") && !key.startsWith("config.") && !key.startsWith(XMLConfigConstants.CFG_SERVICE_PREFIX) && !key.equals("id")) {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    @Override // com.ibm.ws.security.jaas.common.JAASLoginModuleConfig
    public String getId() {
        return this.moduleConfig.id();
    }

    @Override // com.ibm.ws.security.jaas.common.JAASLoginModuleConfig
    public String getClassName() {
        return JAASLoginModuleConfig.LOGIN_MODULE_PROXY;
    }

    static AppConfigurationEntry.LoginModuleControlFlag setControlFlag(String str) {
        return "REQUISITE".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.REQUISITE : "SUFFICIENT".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT : "OPTIONAL".equalsIgnoreCase(str) ? AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL : AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
    }

    @Override // com.ibm.ws.security.jaas.common.JAASLoginModuleConfig
    public AppConfigurationEntry.LoginModuleControlFlag getControlFlag() {
        return this.controlFlag;
    }

    @Override // com.ibm.ws.security.jaas.common.JAASLoginModuleConfig
    public Map<String, ?> getOptions() {
        return this.options;
    }

    @Reference
    protected void setSharedLib(Library library) {
        this.sharedLibrary = library;
    }

    @Override // com.ibm.ws.security.jaas.common.JAASLoginModuleConfig
    public boolean isDefaultLoginModule() {
        return defaultLoginModuleIds.contains(this.moduleConfig.id());
    }

    @Reference
    protected void setClassLoadingSvc(ClassLoadingService classLoadingService) {
        this.classLoadingService = classLoadingService;
    }

    private static boolean isIBMJDK() {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.jaas.common.internal.JAASLoginModuleConfigImpl.1
            static final long serialVersionUID = 3270245280819069737L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.security.PrivilegedAction
            public Object run() {
                return System.getProperty("java.vendor");
            }
        });
        return str != null && str.toLowerCase().contains("ibm");
    }
}
