package com.ibm.ws.security.authentication.internal.jaas;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;

@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions(traceGroups = {"Authentication"}, traceGroup = "", messageBundle = "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", traceExceptionThrow = false, traceExceptionHandling = false)
/* loaded from: input_file:lib/com.ibm.ws.security.authentication.builtin_1.0.2.20130531-1507.jar:com/ibm/ws/security/authentication/internal/jaas/JAASConfigurationImpl.class */
public class JAASConfigurationImpl {
    static final TraceComponent tc = Tr.register(JAASConfigurationImpl.class);
    private static final String SYSTEM_WEB_INBOUND = "system.WEB_INBOUND";
    private static final String SYSTEM_DEFAULT = "system.DEFAULT";
    private static final String SYSTEM_UNAUTHENTICATED = "system.UNAUTHENTICATED";
    private static final String APPLICATION_WSLOGIN = "WSLogin";
    private static final String HASHTABLE = "hashtable";
    private static final String USERNAME_AND_PASSWORD = "userNameAndPassword";
    private static final String CERTIFICATE = "certificate";
    private static final String TOKEN = "token";
    private static final String PROXY = "proxy";
    private static final String IDENTITY_ASSERTION = "identityAssertion";
    private static final String WSLOGIN_MODULE_IMPL_CLASS = "com.ibm.ws.security.authentication.internal.jaas.modules.WSLoginModuleImpl";
    private static final String WSLOGIN_MODULE_PROXY_CLASS = "com.ibm.ws.security.authentication.internal.jaas.modules.WSLoginModuleProxy";
    static final Map<String, String> defaultSystemLoginModules;
    static final Map<String, String> defaultSystemUnauthModules;
    static final Map<String, String> defaultAppLoginModules;
    static final Map<String, String> otherAvailableLoginModules;
    static final List<String> defaultEntryIds;
    private final ConcurrentServiceReferenceMap<String, JAASLoginContextEntry> jaasLoginContextEntries;
    private final ConcurrentServiceReferenceMap<String, JAASLoginModuleConfig> jaasLoginModuleConfigs;
    private final Map<String, Map<String, String>> defaultEntries = new HashMap();
    static final long serialVersionUID = -3995155130943670610L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public JAASConfigurationImpl(ConcurrentServiceReferenceMap<String, JAASLoginContextEntry> concurrentServiceReferenceMap, ConcurrentServiceReferenceMap<String, JAASLoginModuleConfig> concurrentServiceReferenceMap2) {
        this.jaasLoginContextEntries = concurrentServiceReferenceMap;
        this.jaasLoginModuleConfigs = concurrentServiceReferenceMap2;
        initialize();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void initialize() {
        this.defaultEntries.put(SYSTEM_WEB_INBOUND, defaultSystemLoginModules);
        this.defaultEntries.put(SYSTEM_DEFAULT, defaultSystemLoginModules);
        this.defaultEntries.put(SYSTEM_UNAUTHENTICATED, defaultSystemUnauthModules);
        this.defaultEntries.put(APPLICATION_WSLOGIN, defaultAppLoginModules);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Map<String, List<AppConfigurationEntry>> getEntries() {
        Map<String, List<AppConfigurationEntry>> hashMap = new HashMap<>();
        Iterator services = this.jaasLoginContextEntries.getServices();
        while (services.hasNext()) {
            JAASLoginContextEntry jAASLoginContextEntry = (JAASLoginContextEntry) services.next();
            String entryName = jAASLoginContextEntry.getEntryName();
            List<String> loginModulePids = jAASLoginContextEntry.getLoginModulePids();
            if (SYSTEM_DEFAULT.equalsIgnoreCase(entryName)) {
                ensureProxyIsNotSpecifyInSystemDefaultEntry(entryName, loginModulePids);
            }
            List<AppConfigurationEntry> loginModules = getLoginModules(loginModulePids);
            if (loginModules != null && !loginModules.isEmpty()) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "configure jaasContextLoginEntry id: " + jAASLoginContextEntry.getId(), new Object[0]);
                    Tr.debug(tc, "configure jaasContextLoginEntry: " + entryName + " has " + loginModules.size() + " loginModule(s)", new Object[0]);
                    Tr.debug(tc, "appConfEntry: " + loginModules, new Object[0]);
                }
                hashMap.put(entryName, loginModules);
            }
        }
        createDefaultEntriesNotDefinedInFile(hashMap);
        return hashMap;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void ensureProxyIsNotSpecifyInSystemDefaultEntry(String str, Collection<String> collection) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (((JAASLoginModuleConfig) this.jaasLoginModuleConfigs.getService(it.next())).getId().equalsIgnoreCase(PROXY)) {
                Tr.warning(tc, "JAAS_PROXY_IS_NOT_SUPPORT_IN_SYSTEM_DEFAULT", new Object[0]);
                collection.remove(PROXY);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<AppConfigurationEntry> getLoginModules(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            JAASLoginModuleConfig jAASLoginModuleConfig = (JAASLoginModuleConfig) this.jaasLoginModuleConfigs.getService(it.next());
            if (jAASLoginModuleConfig != null) {
                arrayList.add(createAppConfigurationEntry(jAASLoginModuleConfig));
            }
        }
        return arrayList;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void createDefaultEntriesNotDefinedInFile(Map<String, List<AppConfigurationEntry>> map) {
        for (String str : defaultEntryIds) {
            if (!map.containsKey(str)) {
                List<AppConfigurationEntry> createDefaultLoginModules = createDefaultLoginModules(str);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Create default jaasContextLoginEntry: " + str + " has " + createDefaultLoginModules.size() + " loginModule(s)", new Object[0]);
                    Tr.debug(tc, "appConfEntry: " + createDefaultLoginModules, new Object[0]);
                }
                map.put(str, createDefaultLoginModules);
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private AppConfigurationEntry createProxyLoginModule() {
        HashMap hashMap = new HashMap();
        hashMap.put("delegate", WSLOGIN_MODULE_IMPL_CLASS);
        return new AppConfigurationEntry(WSLOGIN_MODULE_PROXY_CLASS, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    List<AppConfigurationEntry> createDefaultLoginModules(String str) {
        ArrayList arrayList = new ArrayList();
        if (APPLICATION_WSLOGIN.equalsIgnoreCase(str)) {
            arrayList.add(createProxyLoginModule());
        } else {
            HashMap hashMap = new HashMap();
            Iterator<String> it = defaultSystemLoginModules.values().iterator();
            while (it.hasNext()) {
                arrayList.add(new AppConfigurationEntry(it.next(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap));
            }
        }
        return arrayList;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Map<String, List<AppConfigurationEntry>> createDefaultEntries() {
        HashMap hashMap = new HashMap();
        for (String str : defaultEntryIds) {
            hashMap.put(str, createDefaultLoginModules(str));
        }
        return hashMap;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AppConfigurationEntry createAppConfigurationEntry(JAASLoginModuleConfig jAASLoginModuleConfig) throws IllegalArgumentException {
        return new AppConfigurationEntry(jAASLoginModuleConfig.getClassName(), jAASLoginModuleConfig.getControlFlag(), jAASLoginModuleConfig.getOptions());
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, "<clinit>", new Object[0]);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(HASHTABLE, "com.ibm.ws.security.authentication.internal.jaas.modules.HashtableLoginModule");
        linkedHashMap.put(USERNAME_AND_PASSWORD, "com.ibm.ws.security.authentication.internal.jaas.modules.UsernameAndPasswordLoginModule");
        linkedHashMap.put(CERTIFICATE, "com.ibm.ws.security.authentication.internal.jaas.modules.CertificateLoginModule");
        linkedHashMap.put(TOKEN, "com.ibm.ws.security.authentication.internal.jaas.modules.TokenLoginModule");
        defaultSystemLoginModules = Collections.unmodifiableMap(linkedHashMap);
        HashMap hashMap = new HashMap();
        hashMap.put(HASHTABLE, "com.ibm.ws.security.authentication.internal.jaas.modules.HashtableLoginModule");
        defaultSystemUnauthModules = Collections.unmodifiableMap(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(PROXY, WSLOGIN_MODULE_PROXY_CLASS);
        defaultAppLoginModules = Collections.unmodifiableMap(hashMap2);
        HashMap hashMap3 = new HashMap();
        hashMap3.put(IDENTITY_ASSERTION, "com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule");
        otherAvailableLoginModules = Collections.unmodifiableMap(hashMap3);
        defaultEntryIds = Collections.unmodifiableList(Arrays.asList(SYSTEM_UNAUTHENTICATED, SYSTEM_WEB_INBOUND, SYSTEM_DEFAULT, APPLICATION_WSLOGIN));
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, "<clinit>");
        }
    }
}
