package com.ibm.ws.security.openidconnect.client.internal;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.client.OidcClientConfig;
import com.ibm.ws.security.openidconnect.jwk.JWKSet;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.io.IOException;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyStoreException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.Dictionary;
import java.util.Map;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Reference;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.11.cl50820160718-1423.jar:com/ibm/ws/security/openidconnect/client/internal/OidcClientConfigImpl.class */
public class OidcClientConfigImpl implements OidcClientConfig {
    private static final TraceComponent tc = Tr.register(OidcClientConfigImpl.class);
    public static final String CFG_KEY_ID = "id";
    public static final String CFG_KEY_GRANT_TYPE = "grantType";
    public static final String CFG_KEY_SCOPE = "scope";
    public static final String CFG_KEY_CLIENT_ID = "clientId";
    public static final String CFG_KEY_CLIENT_SECRET = "clientSecret";
    public static final String CFG_KEY_REDIRECT_TO_RP_HOST_AND_PORT = "redirectToRPHostAndPort";
    public static final String CFG_KEY_GROUP_IDENTIFIER = "groupIdentifier";
    public static final String CFG_KEY_REALM_IDENTIFIER = "realmIdentifier";
    public static final String CFG_KEY_UNIQUE_USER_IDENTIFIER = "uniqueUserIdentifier";
    public static final String CFG_KEY_TOKEN_ENDPOINT_AUTH_METHOD = "tokenEndpointAuthMethod";
    public static final String CFG_KEY_USER_IDENTITY_TO_CREATE_SUBJECT = "userIdentityToCreateSubject";
    public static final String CFG_KEY_MAP_IDENTITY_TO_REGISTRY_USER = "mapIdentityToRegistryUser";
    public static final String CFG_KEY_VALIDATE_ACCESS_TOKEN_LOCALLY = "validateAccessTokenLocally";
    public static final String CFG_KEY_SHARED_KEY = "sharedKey";
    public static final String CFG_KEY_TRUST_ALIAS_NAME = "trustAliasName";
    public static final String CFG_KEY_HTTPS_REQUIRED = "httpsRequired";
    public static final String CFG_KEY_CLIENTSIDE_REDIRECT = "isClientSideRedirectSupported";
    public static final String CFG_KEY_NONCE_ENABLED = "nonceEnabled";
    public static final String CFG_KEY_SSL_REF = "sslRef";
    public static final String CFG_KEY_SIGNATURE_ALGORITHM = "signatureAlgorithm";
    public static final String CFG_KEY_CLOCK_SKEW = "clockSkew";
    public static final String CFG_KEY_AUTHORIZATION_ENDPOINT_URL = "authorizationEndpointUrl";
    public static final String CFG_KEY_TOKEN_ENDPOINT_URL = "tokenEndpointUrl";
    public static final String CFG_KEY_ACCESS_TOKEN_VALIDATION_ENDPOINT_URL = "AccessTokenValidationEndpointUrl";
    public static final String CFG_KEY_USER_INFO_ENDPOINT_URL = "userInfoEndpointUrl";
    public static final String CFG_KEY_INITIAL_STATE_CACHE_CAPACITY = "initialStateCacheCapacity";
    public static final String CFG_KEY_AUTO_AUTHORIZE_PARAM = "autoAuthorizeParam";
    public static final String CFG_KEY_ISSUER_IDENTIFIER = "issuerIdentifier";
    public static final String CFG_KEY_TRUSTSTORE_REF = "trustStoreRef";
    public static final String CFG_KEY_HOST_NAME_VERIFICATION_ENABLED = "hostNameVerificationEnabled";
    public static final String CFG_KEY_INCLUDE_ID_TOKEN_IN_SUBJECT = "includeIdTokenInSubject";
    public static final String CFG_KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT = "includeCustomCacheKeyInSubject";
    public static final String CFG_KEY_AUTH_CONTEXT_CLASS_REFERENCE = "authContextClassReference";
    public static final String CFG_KEY_AUTH_FILTER_REF = "authFilterRef";
    public static final String CFG_KEY_JSON_WEB_KEY = "jsonWebKey";
    public static final String CFG_KEY_JWK_ENDPOINT_URL = "jwkEndpointUrl";
    public static final String CFG_KEY_PROMPT = "prompt";
    public static final String CFG_KEY_CREATE_SESSION = "createSession";
    static final String COMMA = ",";
    static final String BLANK = "";
    public static final String KEY_CONFIGURATION_ADMIN = "configurationAdmin";
    public static final String KEY_KEYSTORE_SERVICE = "keyStoreService";
    private String id;
    private String grantType;
    private String scope;
    private String clientId;
    private String clientSecret;
    private String redirectToRPHostAndPort;
    private String groupIdentifier;
    private String realmIdentifier;
    private String uniqueUserIdentifier;
    private String tokenEndpointAuthMethod;
    private String userIdentityToCreateSubject;
    private boolean mapIdentityToRegistryUser;
    private boolean validateAccessTokenLocally;
    private String sharedKey;
    private String trustAliasName;
    private boolean httpsRequired;
    private boolean clientSideRedirect;
    private boolean nonceEnabled;
    private String sslRef;
    private String sslConfigurationName;
    private String signatureAlgorithm;
    private long clockSkewInSeconds;
    private String authorizationEndpointUrl;
    private String tokenEndpointUrl;
    private String accessTokenValidationEndpointUrl;
    private String userInfoEndpointUrl;
    private int initialStateCacheCapacity;
    private String issuerIdentifier;
    private String trustStoreRef;
    private boolean hostNameVerificationEnabled;
    private boolean includeIdTokenInSubject;
    private boolean includeCustomCacheKeyInSubject;
    private String authenticationContextClassReferenceValue;
    private String authFilterRef;
    private String authFilterId;
    private String jsonWebKey;
    private String jwkEndpointUrl;
    private JWKSet jwkset;
    private String prompt;
    private boolean createSession;
    static final long serialVersionUID = 1910539529433087645L;
    private final AtomicServiceReference<ConfigurationAdmin> configAdminRef = new AtomicServiceReference<>(KEY_CONFIGURATION_ADMIN);
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE);

    @Reference(name = KEY_CONFIGURATION_ADMIN, service = ConfigurationAdmin.class)
    protected void setConfigurationAdmin(ServiceReference<ConfigurationAdmin> serviceReference) {
        this.configAdminRef.setReference(serviceReference);
    }

    protected void unsetConfigurationAdmin(ServiceReference<ConfigurationAdmin> serviceReference) {
        this.configAdminRef.unsetReference(serviceReference);
    }

    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.configAdminRef.activate(componentContext);
        this.keyStoreServiceRef.activate(componentContext);
        processConfigProps(map);
        Tr.info(tc, "OIDC_CLIENT_CONFIG_PROCESSED", getId());
    }

    protected synchronized void modify(Map<String, Object> map) {
        processConfigProps(map);
        Tr.info(tc, "OIDC_CLIENT_CONFIG_MODIFIED", getId());
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        this.configAdminRef.deactivate(componentContext);
        this.keyStoreServiceRef.deactivate(componentContext);
    }

    private void processConfigProps(Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        this.id = (String) map.get("id");
        this.grantType = (String) map.get("grantType");
        this.scope = (String) map.get("scope");
        this.clientId = (String) map.get(CFG_KEY_CLIENT_ID);
        this.clientSecret = processProtectedString(map, CFG_KEY_CLIENT_SECRET);
        this.redirectToRPHostAndPort = (String) map.get(CFG_KEY_REDIRECT_TO_RP_HOST_AND_PORT);
        this.groupIdentifier = (String) map.get(CFG_KEY_GROUP_IDENTIFIER);
        this.realmIdentifier = (String) map.get(CFG_KEY_REALM_IDENTIFIER);
        this.uniqueUserIdentifier = (String) map.get(CFG_KEY_UNIQUE_USER_IDENTIFIER);
        this.tokenEndpointAuthMethod = (String) map.get(CFG_KEY_TOKEN_ENDPOINT_AUTH_METHOD);
        this.userIdentityToCreateSubject = (String) map.get(CFG_KEY_USER_IDENTITY_TO_CREATE_SUBJECT);
        this.mapIdentityToRegistryUser = ((Boolean) map.get(CFG_KEY_MAP_IDENTITY_TO_REGISTRY_USER)).booleanValue();
        this.validateAccessTokenLocally = ((Boolean) map.get(CFG_KEY_VALIDATE_ACCESS_TOKEN_LOCALLY)).booleanValue();
        this.sharedKey = processProtectedString(map, CFG_KEY_SHARED_KEY);
        this.trustAliasName = (String) map.get(CFG_KEY_TRUST_ALIAS_NAME);
        this.httpsRequired = ((Boolean) map.get(CFG_KEY_HTTPS_REQUIRED)).booleanValue();
        this.clientSideRedirect = ((Boolean) map.get(CFG_KEY_CLIENTSIDE_REDIRECT)).booleanValue();
        this.nonceEnabled = ((Boolean) map.get(CFG_KEY_NONCE_ENABLED)).booleanValue();
        this.sslRef = (String) map.get(CFG_KEY_SSL_REF);
        this.sslConfigurationName = this.sslRef;
        this.signatureAlgorithm = (String) map.get("signatureAlgorithm");
        this.clockSkewInSeconds = ((Long) map.get(CFG_KEY_CLOCK_SKEW)).longValue() / 1000;
        this.authorizationEndpointUrl = (String) map.get(CFG_KEY_AUTHORIZATION_ENDPOINT_URL);
        this.tokenEndpointUrl = (String) map.get(CFG_KEY_TOKEN_ENDPOINT_URL);
        this.accessTokenValidationEndpointUrl = (String) map.get(CFG_KEY_ACCESS_TOKEN_VALIDATION_ENDPOINT_URL);
        this.userInfoEndpointUrl = (String) map.get(CFG_KEY_USER_INFO_ENDPOINT_URL);
        this.initialStateCacheCapacity = ((Integer) map.get(CFG_KEY_INITIAL_STATE_CACHE_CAPACITY)).intValue();
        this.issuerIdentifier = (String) map.get("issuerIdentifier");
        this.trustStoreRef = (String) map.get(CFG_KEY_TRUSTSTORE_REF);
        this.hostNameVerificationEnabled = ((Boolean) map.get(CFG_KEY_HOST_NAME_VERIFICATION_ENABLED)).booleanValue();
        this.includeIdTokenInSubject = ((Boolean) map.get(CFG_KEY_INCLUDE_ID_TOKEN_IN_SUBJECT)).booleanValue();
        this.includeCustomCacheKeyInSubject = ((Boolean) map.get(CFG_KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT)).booleanValue();
        this.authenticationContextClassReferenceValue = (String) map.get(CFG_KEY_AUTH_CONTEXT_CLASS_REFERENCE);
        if (this.authenticationContextClassReferenceValue == null) {
            this.authenticationContextClassReferenceValue = "";
        }
        this.authFilterRef = (String) map.get(CFG_KEY_AUTH_FILTER_REF);
        this.authFilterId = getAuthFilterId(this.authFilterRef);
        this.jsonWebKey = (String) map.get(CFG_KEY_JSON_WEB_KEY);
        this.jwkEndpointUrl = (String) map.get(CFG_KEY_JWK_ENDPOINT_URL);
        this.jwkset = new JWKSet();
        this.prompt = (String) map.get("prompt");
        this.createSession = ((Boolean) map.get(CFG_KEY_CREATE_SESSION)).booleanValue();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "id: " + this.id, new Object[0]);
            Tr.debug(tc, "grantType: " + this.grantType, new Object[0]);
            Tr.debug(tc, "scope: " + this.scope, new Object[0]);
            Tr.debug(tc, "clientId: " + this.clientId, new Object[0]);
            Tr.debug(tc, "redirectToRPHostAndPort: " + this.redirectToRPHostAndPort, new Object[0]);
            Tr.debug(tc, "groupIdentifier: " + this.groupIdentifier, new Object[0]);
            Tr.debug(tc, "realmIdentifier: " + this.realmIdentifier, new Object[0]);
            Tr.debug(tc, "uniqueUserIdentifier: " + this.uniqueUserIdentifier, new Object[0]);
            Tr.debug(tc, "tokenEndpointAuthMethod: " + this.tokenEndpointAuthMethod, new Object[0]);
            Tr.debug(tc, "userIdentityToCreateSubject: " + this.userIdentityToCreateSubject, new Object[0]);
            Tr.debug(tc, "mapIdentityToRegistryUser: " + this.mapIdentityToRegistryUser, new Object[0]);
            Tr.debug(tc, "validateAccessTokenLocally: " + this.validateAccessTokenLocally, new Object[0]);
            Tr.debug(tc, "trustAliasName: " + this.trustAliasName, new Object[0]);
            Tr.debug(tc, "httpsRequired: " + this.httpsRequired, new Object[0]);
            Tr.debug(tc, "isClientSideRedirectSupported: " + this.clientSideRedirect, new Object[0]);
            Tr.debug(tc, "nonceEnabled: " + this.nonceEnabled, new Object[0]);
            Tr.debug(tc, "sslRef: " + this.sslRef, new Object[0]);
            Tr.debug(tc, "signatureAlgorithm: " + this.signatureAlgorithm, new Object[0]);
            Tr.debug(tc, "clockSkew: " + this.clockSkewInSeconds, new Object[0]);
            Tr.debug(tc, "authorizationEndpointUrl: " + this.authorizationEndpointUrl, new Object[0]);
            Tr.debug(tc, "tokenEndpointUrl: " + this.tokenEndpointUrl, new Object[0]);
            Tr.debug(tc, "accessTokenValidationEndpointUrl: " + this.accessTokenValidationEndpointUrl, new Object[0]);
            Tr.debug(tc, "userInfoEndpointUrl: " + this.userInfoEndpointUrl, new Object[0]);
            Tr.debug(tc, "initialStateCacheCapacity: " + this.initialStateCacheCapacity, new Object[0]);
            Tr.debug(tc, "issuerIdentifier: " + this.issuerIdentifier, new Object[0]);
            Tr.debug(tc, "trustStoreRef: " + this.trustStoreRef, new Object[0]);
            Tr.debug(tc, "hostNameVerificationEnabled: " + this.hostNameVerificationEnabled, new Object[0]);
            Tr.debug(tc, "includeIdTokenInSubject: " + this.includeIdTokenInSubject, new Object[0]);
            Tr.debug(tc, "includeCustomCacheKeyInSubject: " + this.includeCustomCacheKeyInSubject, new Object[0]);
            Tr.debug(tc, "authContextClassReference: " + this.authenticationContextClassReferenceValue, new Object[0]);
            Tr.debug(tc, "authFilterRef: " + this.authFilterRef, new Object[0]);
            Tr.debug(tc, "authFilterId: " + this.authFilterId, new Object[0]);
            Tr.debug(tc, "jsonWebKey: " + this.jsonWebKey, new Object[0]);
            Tr.debug(tc, "jwkEndpointUrl: " + this.jwkEndpointUrl, new Object[0]);
            Tr.debug(tc, "prompt: " + this.prompt, new Object[0]);
            Tr.debug(tc, "createSession: " + this.createSession, new Object[0]);
        }
    }

    @Sensitive
    private String processProtectedString(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        return PasswordUtil.passwordDecode(obj != null ? obj instanceof SerializableProtectedString ? new String(((SerializableProtectedString) obj).getChars()) : (String) obj : null);
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public synchronized String getId() {
        return this.id;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getGrantType() {
        return this.grantType;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getScope() {
        return this.scope;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getClientId() {
        return this.clientId;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    @Sensitive
    public String getClientSecret() {
        return this.clientSecret;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getRedirectUrlFromServerToClient() {
        String str = null;
        if (this.redirectToRPHostAndPort != null && this.redirectToRPHostAndPort.length() > 0) {
            try {
                final String str2 = this.redirectToRPHostAndPort;
                URL url = (URL) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.openidconnect.client.internal.OidcClientConfigImpl.1
                    static final long serialVersionUID = 7217998353980941470L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new URL(str2);
                    }
                });
                int port = url.getPort();
                String path = url.getPath();
                if (path == null) {
                    path = "";
                }
                String str3 = path + (path.endsWith(WsLocationConstants.LOC_VIRTUAL_ROOT) ? "" : WsLocationConstants.LOC_VIRTUAL_ROOT) + "oidcclient/redirect/" + getId();
                str = (url.getProtocol() + "://" + url.getHost() + (port > 0 ? ":" + port : "")) + (str3.startsWith(WsLocationConstants.LOC_VIRTUAL_ROOT) ? "" : WsLocationConstants.LOC_VIRTUAL_ROOT) + str3;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.internal.OidcClientConfigImpl", "357", this, new Object[0]);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "the value of redirectToRPHostAndPort might not valid. Please verify that the format is <protocol>://<host>:<port> " + this.redirectToRPHostAndPort + "\n" + e.getMessage(), new Object[0]);
                }
            }
        }
        return str;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getGroupIdentifier() {
        return this.groupIdentifier;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getRealmIdentifier() {
        return this.realmIdentifier;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getUniqueUserIdentifier() {
        return this.uniqueUserIdentifier;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getTokenEndpointAuthMethod() {
        return this.tokenEndpointAuthMethod;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getUserIdentityToCreateSubject() {
        return this.userIdentityToCreateSubject;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isMapIdentityToRegistryUser() {
        return this.mapIdentityToRegistryUser;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isValidateAccessTokenLocally() {
        return this.validateAccessTokenLocally;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    @Sensitive
    public String getSharedKey() {
        return this.sharedKey != null ? this.sharedKey : this.clientSecret;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getTrustAliasName() {
        return this.trustAliasName;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isHttpsRequired() {
        return this.httpsRequired;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isClientSideRedirect() {
        return this.clientSideRedirect;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isNonceEnabled() {
        return this.nonceEnabled;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getSslRef() {
        return this.sslRef;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getSSLConfigurationName() {
        return this.sslConfigurationName;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public long getClockSkewInSeconds() {
        return this.clockSkewInSeconds;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getAuthorizationEndpointUrl() {
        return this.authorizationEndpointUrl;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getTokenEndpointUrl() {
        return this.tokenEndpointUrl;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getAccessTokenValidationEndpointUrl() {
        return this.accessTokenValidationEndpointUrl;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getUserInfoEndpointUrl() {
        return this.userInfoEndpointUrl;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public int getInitialStateCacheCapacity() {
        return this.initialStateCacheCapacity;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getIssuerIdentifier() {
        return this.issuerIdentifier;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getTrustStoreRef() {
        return this.trustStoreRef;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public PublicKey getPublicKey() throws KeyStoreException, CertificateException {
        return this.keyStoreServiceRef.getService().getCertificateFromKeyStore(this.trustStoreRef, this.trustAliasName).getPublicKey();
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isHostNameVerificationEnabled() {
        return this.hostNameVerificationEnabled;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isIncludeIdTokenInSubject() {
        return this.includeIdTokenInSubject;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean isIncludeCustomCacheKeyInSubject() {
        return this.includeCustomCacheKeyInSubject;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getAuthContextClassReference() {
        return this.authenticationContextClassReferenceValue;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getAuthFilterId() {
        return this.authFilterId;
    }

    private String getAuthFilterId(String str) {
        Dictionary<String, Object> properties;
        if (str == null || str.isEmpty()) {
            return null;
        }
        Configuration configuration = null;
        ConfigurationAdmin service = this.configAdminRef.getService();
        if (service != null) {
            try {
                configuration = service.getConfiguration(str);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.internal.OidcClientConfigImpl", "566", this, new Object[]{str});
                if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Invalid authFilterRef configuration", e.getMessage());
                return null;
            }
        }
        if (configuration == null || (properties = configuration.getProperties()) == null) {
            return null;
        }
        return (String) properties.get("id");
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getJwkEndpointUrl() {
        return this.jwkEndpointUrl;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public JWKSet getJwkSet() {
        return this.jwkset;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getJsonWebKey() {
        return this.jsonWebKey;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public String getPrompt() {
        return this.prompt;
    }

    @Override // com.ibm.ws.security.openidconnect.client.OidcClientConfig
    public boolean createSession() {
        return this.createSession;
    }
}
