package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.MBeanFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.collaborator.DefaultRuntimeCollaborator;
import com.ibm.ws.security.config.SecurityConfigRefreshHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.ssl.core.SSLAdmin;
import com.ibm.ws.ssl.utils.CertificateExpirationMonitor;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/core/SecurityAdminAgentHandler.class */
public class SecurityAdminAgentHandler extends AdminSubsystemExtensionHandler {
    private static final TraceComponent tc = Tr.register((Class<?>) SecurityAdminAgentHandler.class, "Security", AdminConstants.MSG_BUNDLE_NAME);

    @Override // com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler
    public void changeState(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "changeState: " + str);
        }
        if (AdminSubsystemExtensionHandler.INITIALIZE.equals(str)) {
            activateMBeans();
        } else if ("start".equals(str)) {
            try {
                ContextManagerFactory.getInstance().initialize(null);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred initializing ContextManager for profile during registration.", new Object[]{e});
                }
            }
            try {
                activateMBeans();
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error activating SecurityAdmin and SSLAdmin MBeans on subsystem start");
                }
            }
            try {
                startCertificateExpirationMonitor();
            } catch (Exception e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred: ", new Object[]{e3});
                }
            }
        } else if ("stop".equals(str)) {
            deactivateMBeans();
            stopCertificateExpirationMonitor();
            try {
                SecurityConfigRefreshHelper.clearCachesOnAdminAgentSubsystemStop();
            } catch (Exception e4) {
                Tr.error(tc, "Error during release of config data");
            }
        } else if ("destroy".equals(str)) {
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "changeState");
        }
    }

    private void activateMBeans() {
        String peek = AdminContext.peek();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "activateMBeans: " + peek);
        }
        try {
            SSLAdmin sSLAdmin = new SSLAdmin();
            MBeanFactory mBeanFactory = AdminServiceFactory.getMBeanFactory();
            mBeanFactory.activateMBean("SSLAdmin", new DefaultRuntimeCollaborator(sSLAdmin, "SSLAdmin"), mBeanFactory.getConfigId("SSLAdmin"), "com/ibm/ws/management/descriptor/xml/SSLAdmin.xml");
        } catch (Exception e) {
            if (!e.getCause().toString().contains("javax.management.InstanceAlreadyExistsException")) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdminAgentHandler.activateMBeans", "112", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error activating MBeans.", e);
                }
                Tr.error(tc, "ssl.init.mbeanerror.CWPKI0006E", new Object[]{"SSLAdmin", e});
            }
        }
        try {
            SecurityAdmin securityAdmin = new SecurityAdmin();
            MBeanFactory mBeanFactory2 = AdminServiceFactory.getMBeanFactory();
            mBeanFactory2.activateMBean("SecurityAdmin", new DefaultRuntimeCollaborator(securityAdmin, "SecurityAdmin"), mBeanFactory2.getConfigId("SecurityAdmin"), "com/ibm/ws/management/descriptor/xml/SecurityAdmin.xml");
        } catch (Exception e2) {
            if (!e2.getCause().toString().contains("javax.management.InstanceAlreadyExistsException")) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.core.SecurityAdminAgentHandler.activateMBeans", "133", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error activating MBeans.", e2);
                }
                Tr.error(tc, "security.init.mbeanerror", new Object[]{"SecurityAdmin", e2});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "activateMBeans");
        }
    }

    private void deactivateMBeans() {
        String peek = AdminContext.peek();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deactivateMBeans: " + peek);
        }
        try {
            MBeanFactory mBeanFactory = AdminServiceFactory.getMBeanFactory();
            mBeanFactory.deactivateMBean("SecurityAdmin");
            mBeanFactory.deactivateMBean("SSLAdmin");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdminAgentHandler.deactivateMBeans", "154", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error deactivating MBeans.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deactivateMBeans");
        }
    }

    private void startCertificateExpirationMonitor() {
        String peek = AdminContext.peek();
        if (peek == null) {
            peek = "admin";
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "startCertificateExpirationMonitor: " + peek);
        }
        try {
            CertificateExpirationMonitor.getInstance(SecurityObjectLocator.getSecurityConfig().getSCO().getObject("wsCertificateExpirationMonitor"));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdminAgentHandler.startCertificateExpirationMonitor", "178", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error starting the certificate expiration monitor.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "startCertificateExpirationMonitor");
        }
    }

    private void stopCertificateExpirationMonitor() {
        String peek = AdminContext.peek();
        if (peek == null) {
            peek = "admin";
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "startCertificateExpirationMonitor: " + peek);
        }
        try {
            CertificateExpirationMonitor.getInstance(SecurityObjectLocator.getSecurityConfig().getSCO().getObject("wsCertificateExpirationMonitor")).getScheduler().cancelAlarm("CertExpMonitor_" + peek);
            CertificateExpirationMonitor.releaseInstance();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityAdminAgentHandler.stopCertificateExpirationMonitor", "204", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error stopping the certificate expiration monitor.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stopCertificateExpirationMonitor");
        }
    }
}
