package com.ibm.ws.security.credentials.ssotoken.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationConstants;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.credentials.CredentialProvider;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.util.HashMap;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.credentials.ssotoken_1.0.14.jar:com/ibm/ws/security/credentials/ssotoken/internal/SSOTokenCredentialProvider.class */
public class SSOTokenCredentialProvider implements CredentialProvider {
    static final String KEY_TOKEN_MANAGER = "tokenManager";
    public static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    private final AtomicServiceReference<TokenManager> tokenManagerRef = new AtomicServiceReference<>("tokenManager");
    private final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>("credentialsService");
    static final long serialVersionUID = -3704187528335789662L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(SSOTokenCredentialProvider.class);

    protected void setTokenManager(ServiceReference<TokenManager> serviceReference) {
        this.tokenManagerRef.setReference(serviceReference);
    }

    protected void unsetTokenManager(ServiceReference<TokenManager> serviceReference) {
        this.tokenManagerRef.unsetReference(serviceReference);
    }

    public void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    public void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext) {
        this.tokenManagerRef.activate(componentContext);
        this.credentialsServiceRef.activate(componentContext);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.tokenManagerRef.deactivate(componentContext);
        this.credentialsServiceRef.deactivate(componentContext);
    }

    @Override // com.ibm.ws.security.credentials.CredentialProvider
    public void setCredential(Subject subject) throws CredentialException {
        Set principals = subject.getPrincipals(WSPrincipal.class);
        if (principals.isEmpty()) {
            return;
        }
        if (principals.size() != 1) {
            throw new CredentialException("Too many WSPrincipals in the subject");
        }
        WSPrincipal wSPrincipal = (WSPrincipal) principals.iterator().next();
        String unauthenticatedUserid = this.credentialsServiceRef.getService().getUnauthenticatedUserid();
        if (wSPrincipal.getName() == null || unauthenticatedUserid == null || !wSPrincipal.getName().equals(unauthenticatedUserid)) {
            setSsoTokenCredential(subject, wSPrincipal.getAccessId());
        }
    }

    private void setSsoTokenCredential(Subject subject, String str) throws CredentialException {
        SingleSignonToken createSSOToken;
        try {
            TokenManager service = this.tokenManagerRef.getService();
            Set privateCredentials = subject.getPrivateCredentials(Token.class);
            if (privateCredentials.isEmpty()) {
                HashMap hashMap = new HashMap();
                hashMap.put(AuthenticationConstants.UNIQUE_ID, str);
                createSSOToken = service.createSSOToken(hashMap);
            } else {
                Token token = (Token) privateCredentials.iterator().next();
                subject.getPrivateCredentials().remove(token);
                createSSOToken = service.createSSOToken(token);
            }
            subject.getPrivateCredentials().add(createSSOToken);
        } catch (TokenCreationFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.credentials.ssotoken.internal.SSOTokenCredentialProvider", "113", this, new Object[]{subject, str});
            throw new CredentialException(e.getLocalizedMessage());
        }
    }

    @Override // com.ibm.ws.security.credentials.CredentialProvider
    public boolean isSubjectValid(Subject subject) {
        return true;
    }
}
