package com.ibm.ws.security.jaspi;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.security.jaspi.ProviderService;
import java.io.File;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecurityPermission;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;
import org.eclipse.persistence.internal.oxm.Constants;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaspic.1.1_1.0.15.jar:com/ibm/ws/security/jaspi/ProviderRegistry.class */
public class ProviderRegistry extends AuthConfigFactory {
    private PersistenceManager persistenceMgr;
    static final long serialVersionUID = -9215112002961434951L;
    private static final TraceComponent tc = Tr.register((Class<?>) ProviderRegistry.class, "Security", (String) null);
    private static String registerDefaultProviderForAllContexts = "com.ibm.websphere.jaspi.registerDefaultProviderForAllContexts";
    private final Map<RegistrationID, CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>>> cache = new HashMap();
    private final Lock lock = new ReentrantLock();
    RegistrationID defaultRegistrationID = new RegistrationID(null, null);

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaspic.1.1_1.0.15.jar:com/ibm/ws/security/jaspi/ProviderRegistry$CacheEntry.class */
    public static class CacheEntry<P, C, L> {
        P provider;
        C context;
        L listeners;
        static final long serialVersionUID = -6041717773443698490L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(CacheEntry.class);

        CacheEntry(P p, C c, L l) {
            this.provider = p;
            this.context = c;
            this.listeners = l;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("CacheEntry[");
            sb.append(this.context + ",provider=" + this.provider + ",listeners=" + this.listeners);
            return sb.append(Constants.XPATH_INDEX_CLOSED).toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaspic.1.1_1.0.15.jar:com/ibm/ws/security/jaspi/ProviderRegistry$Context.class */
    public class Context implements AuthConfigFactory.RegistrationContext {
        public String layer;
        public String appContext;
        public String description;
        public boolean isPersistent;
        static final long serialVersionUID = 5737137219562953507L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(Context.class);

        public Context(boolean z, String str, String str2, String str3) {
            this.isPersistent = z;
            this.layer = str;
            this.appContext = str2;
            this.description = str3;
        }

        @Override // javax.security.auth.message.config.AuthConfigFactory.RegistrationContext
        public String getAppContext() {
            return this.appContext;
        }

        @Override // javax.security.auth.message.config.AuthConfigFactory.RegistrationContext
        public String getDescription() {
            return this.description;
        }

        @Override // javax.security.auth.message.config.AuthConfigFactory.RegistrationContext
        public String getMessageLayer() {
            return this.layer;
        }

        @Override // javax.security.auth.message.config.AuthConfigFactory.RegistrationContext
        public boolean isPersistent() {
            return this.isPersistent;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("RegistrationContext[");
            sb.append("layer=" + this.layer + ",appContext=" + this.appContext + ",isPersistent=" + this.isPersistent + ",description=" + this.description);
            return sb.append(Constants.XPATH_INDEX_CLOSED).toString();
        }
    }

    public ProviderRegistry() {
        this.persistenceMgr = null;
        String property = System.getProperty(PersistenceManager.JASPI_CONFIG);
        if (property == null || property.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "System property com.ibm.websphere.jaspi.configuration not set, persistent config will not be used", new Object[0]);
            }
        } else {
            String serverResourceAbsolutePath = JaspiServiceImpl.getServerResourceAbsolutePath(property);
            File file = new File(serverResourceAbsolutePath != null ? serverResourceAbsolutePath : property);
            this.persistenceMgr = new XMLJaspiConfiguration();
            this.persistenceMgr.setAuthConfigFactory(this);
            this.persistenceMgr.setFile(file);
            this.persistenceMgr.load();
        }
    }

    public PersistenceManager getPersistenceManager() {
        return this.persistenceMgr;
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public String[] detachListener(RegistrationListener registrationListener, String str, String str2) {
        checkPermission(AuthConfigFactory.PROVIDER_REGISTRATION_PERMISSION_NAME);
        HashSet hashSet = new HashSet();
        for (RegistrationID registrationID : this.cache.keySet()) {
            CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = this.cache.get(registrationID);
            if (cacheEntry != null && matchesRegistrationContext(str, str2, cacheEntry.context)) {
                hashSet.add(registrationID.toString());
                if (cacheEntry.listeners.isEmpty()) {
                    continue;
                } else {
                    this.lock.lock();
                    try {
                        cacheEntry.listeners.remove(registrationListener);
                        this.lock.unlock();
                    } catch (Throwable th) {
                        this.lock.unlock();
                        throw th;
                    }
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "detachListener registrationIDs", hashSet);
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public AuthConfigProvider getConfigProvider(String str, String str2, RegistrationListener registrationListener) {
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = null;
        this.lock.lock();
        if (str != null && str2 != null) {
            try {
                cacheEntry = this.cache.get(new RegistrationID(str, str2));
            } finally {
                this.lock.unlock();
            }
        }
        if (cacheEntry == null) {
            if (str2 != null) {
                cacheEntry = this.cache.get(new RegistrationID(null, str2));
            }
            if (cacheEntry == null) {
                if (str != null) {
                    cacheEntry = this.cache.get(new RegistrationID(str, null));
                }
                if (cacheEntry == null) {
                    cacheEntry = this.cache.get(new RegistrationID(null, null));
                }
            }
        }
        if (registrationListener != null && cacheEntry != null) {
            cacheEntry.listeners.add(registrationListener);
        }
        AuthConfigProvider authConfigProvider = cacheEntry == null ? null : cacheEntry.provider;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getConfigProvider entry", cacheEntry);
        }
        return authConfigProvider;
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public AuthConfigFactory.RegistrationContext getRegistrationContext(String str) {
        AuthConfigFactory.RegistrationContext registrationContext = null;
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = this.cache.get(new RegistrationID(str));
        if (cacheEntry != null) {
            registrationContext = cacheEntry.context;
        }
        return registrationContext;
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    @ManualTrace
    public String[] getRegistrationIDs(AuthConfigProvider authConfigProvider) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRegistrationIDs", new Object[0]);
        }
        HashSet hashSet = new HashSet();
        if (authConfigProvider == null) {
            Iterator<RegistrationID> it = this.cache.keySet().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRegistrationIDs", hashSet);
            }
            return (String[]) hashSet.toArray(new String[0]);
        }
        for (Map.Entry<RegistrationID, CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>>> entry : this.cache.entrySet()) {
            if (authConfigProvider.equals(entry.getValue().provider)) {
                hashSet.add(entry.getKey().toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRegistrationIDs", hashSet);
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public void refresh() {
        checkPermission(AuthConfigFactory.PROVIDER_REGISTRATION_PERMISSION_NAME);
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public String registerConfigProvider(AuthConfigProvider authConfigProvider, String str, String str2, String str3) {
        checkPermission(AuthConfigFactory.PROVIDER_REGISTRATION_PERMISSION_NAME);
        return registerProvider(false, authConfigProvider, str, str2, str3);
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public String registerConfigProvider(String str, Map map, String str2, String str3, String str4) {
        checkPermission(AuthConfigFactory.PROVIDER_REGISTRATION_PERMISSION_NAME);
        String registerProvider = registerProvider(true, newInstance((AuthConfigFactory) null, str, true, doPrivGetContextClassLoader(), map), str2, str3, str4);
        if (this.persistenceMgr != null) {
            this.persistenceMgr.registerProvider(str, map, str2, str3, str4);
        }
        return registerProvider;
    }

    /* JADX WARN: Type inference failed for: r1v5, types: [L] */
    /* JADX WARN: Type inference failed for: r1v9, types: [java.util.HashSet, L] */
    protected String registerProvider(boolean z, AuthConfigProvider authConfigProvider, String str, String str2, String str3) {
        RegistrationID registrationID = new RegistrationID(str, str2);
        CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> cacheEntry = new CacheEntry<>(authConfigProvider, new Context(z, str, str2, str3), null);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "adding new entry to provider cache", cacheEntry);
        }
        this.lock.lock();
        try {
            CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> put = this.cache.put(registrationID, cacheEntry);
            if (put == null) {
                cacheEntry.listeners = new HashSet();
            } else {
                cacheEntry.listeners = put.listeners;
            }
            notifyListener(cacheEntry.listeners, str, str2);
            return registrationID.toString();
        } finally {
            this.lock.unlock();
        }
    }

    protected void notifyListener(Collection<RegistrationListener> collection, String str, String str2) {
        if ((collection == null || collection.isEmpty()) ? false : true) {
            for (RegistrationListener registrationListener : collection) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "notifyListener", registrationListener);
                }
                registrationListener.notify(str, str2);
            }
        }
    }

    @Override // javax.security.auth.message.config.AuthConfigFactory
    public boolean removeRegistration(String str) {
        checkPermission(AuthConfigFactory.PROVIDER_REGISTRATION_PERMISSION_NAME);
        boolean z = false;
        if (str != null) {
            RegistrationID registrationID = new RegistrationID(str);
            this.lock.lock();
            try {
                CacheEntry<AuthConfigProvider, AuthConfigFactory.RegistrationContext, Collection<RegistrationListener>> remove = this.cache.remove(registrationID);
                z = remove != null;
                if (remove != null) {
                    String messageLayer = remove.context.getMessageLayer();
                    String appContext = remove.context.getAppContext();
                    notifyListener(remove.listeners, messageLayer, appContext);
                    if (this.persistenceMgr != null) {
                        this.persistenceMgr.removeProvider(messageLayer, appContext);
                    }
                }
            } finally {
                this.lock.unlock();
            }
        }
        return z;
    }

    protected void checkPermission(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SecurityPermission(str));
        }
    }

    protected AuthConfigProvider newInstance(AuthConfigFactory authConfigFactory, String str, boolean z, ClassLoader classLoader, Map<?, ?> map) {
        if (str != null) {
            if (map != null) {
                try {
                    for (Map.Entry<?, ?> entry : map.entrySet()) {
                        if (!((entry.getKey() instanceof String) && (entry.getValue() instanceof String))) {
                            throw new IllegalArgumentException("All keys and values in properties parameter must be of type String.");
                        }
                    }
                } catch (Throwable th) {
                    FFDCFilter.processException(th, "com.ibm.ws.security.jaspi.ProviderRegistry", "360", this, new Object[]{authConfigFactory, str, Boolean.valueOf(z), classLoader, map});
                    throw new SecurityException("Unable to create a provider, class name: " + str, th);
                }
            }
            Object newInstance = Class.forName(str, z, classLoader == null ? doPrivGetContextClassLoader() : classLoader).getConstructor(Map.class, AuthConfigFactory.class).newInstance(map, authConfigFactory);
            r15 = newInstance instanceof AuthConfigProvider ? (AuthConfigProvider) newInstance : null;
        }
        return r15;
    }

    protected boolean matchesRegistrationContext(String str, String str2, AuthConfigFactory.RegistrationContext registrationContext) {
        boolean z = false;
        if (registrationContext != null) {
            String messageLayer = registrationContext.getMessageLayer();
            String appContext = registrationContext.getAppContext();
            if (messageLayer != null && appContext != null) {
                z = messageLayer.equals(str) && appContext.equals(str2);
            } else if (messageLayer == null && appContext == null) {
                z = true;
            } else if (messageLayer == null && appContext != null) {
                z = appContext.equals(str2);
            } else if (messageLayer != null && appContext == null) {
                z = messageLayer.equals(str);
            }
        }
        return z;
    }

    protected ClassLoader doPrivGetContextClassLoader() {
        return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: com.ibm.ws.security.jaspi.ProviderRegistry.1
            static final long serialVersionUID = 5562188946416561976L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }

    public AuthConfigProvider setProvider(ProviderService providerService) {
        AuthConfigProvider authConfigProvider = null;
        if (providerService != null) {
            authConfigProvider = providerService.getAuthConfigProvider(this);
            registerConfigProvider(authConfigProvider, null, null, null);
        } else {
            removeRegistration(this.defaultRegistrationID.toString());
        }
        return authConfigProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAnyProviderRegistered() {
        return !this.cache.isEmpty();
    }
}
