package com.ibm.ws.security.token.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.ws.security.token.TokenService;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.util.Iterator;
import java.util.Map;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.token_1.0.16.jar:com/ibm/ws/security/token/internal/TokenManagerImpl.class */
public class TokenManagerImpl implements TokenManager {
    private static final TraceComponent tc = Tr.register((Class<?>) TokenManagerImpl.class, "Token", TraceConstants.MESSAGE_BUNDLE);
    static final String CFG_KEY_SSO_TOKEN_TYPE = "ssoTokenType";
    static final String KEY_TOKEN_SERVICE = "tokenService";
    static final String KEY_TOKEN_TYPE = "tokenType";
    private final ConcurrentServiceReferenceMap<String, TokenService> services = new ConcurrentServiceReferenceMap<>(KEY_TOKEN_SERVICE);
    private volatile String ssoTokenType;
    static final long serialVersionUID = -7512923820412908739L;

    protected void setTokenService(ServiceReference<TokenService> serviceReference) {
        this.services.putReference((String) serviceReference.getProperty(KEY_TOKEN_TYPE), serviceReference);
    }

    protected void unsetTokenService(ServiceReference<TokenService> serviceReference) {
        this.services.removeReference((String) serviceReference.getProperty(KEY_TOKEN_TYPE), serviceReference);
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.services.activate(componentContext);
        this.ssoTokenType = (String) map.get(CFG_KEY_SSO_TOKEN_TYPE);
    }

    protected void modified(Map<String, Object> map) {
        this.ssoTokenType = (String) map.get(CFG_KEY_SSO_TOKEN_TYPE);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.services.deactivate(componentContext);
    }

    @Override // com.ibm.ws.security.token.TokenManager
    public Token createToken(String str, Map<String, Object> map) throws TokenCreationFailedException {
        try {
            return getTokenServiceForType(str).createToken(map);
        } catch (IllegalArgumentException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.internal.TokenManagerImpl", "73", this, new Object[]{str, map});
            throw new TokenCreationFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.token.TokenManager
    public SingleSignonToken createSSOToken(Map<String, Object> map) throws TokenCreationFailedException {
        try {
            TokenService tokenServiceForType = getTokenServiceForType(this.ssoTokenType);
            SingleSignonTokenImpl singleSignonTokenImpl = new SingleSignonTokenImpl(tokenServiceForType);
            singleSignonTokenImpl.initializeToken(tokenServiceForType.createToken(map));
            return singleSignonTokenImpl;
        } catch (IllegalArgumentException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.internal.TokenManagerImpl", "86", this, new Object[]{map});
            throw new TokenCreationFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.token.TokenManager
    public SingleSignonToken createSSOToken(Token token) throws TokenCreationFailedException {
        try {
            SingleSignonTokenImpl singleSignonTokenImpl = new SingleSignonTokenImpl(getTokenServiceForType(this.ssoTokenType));
            singleSignonTokenImpl.initializeToken(token);
            return singleSignonTokenImpl;
        } catch (IllegalArgumentException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.internal.TokenManagerImpl", "98", this, new Object[]{token});
            throw new TokenCreationFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.token.TokenManager
    @FFDCIgnore({InvalidTokenException.class})
    public Token recreateTokenFromBytes(byte[] bArr) throws InvalidTokenException, TokenExpiredException {
        Token token = null;
        Iterator<TokenService> services = this.services.getServices();
        while (services.hasNext()) {
            TokenService next = services.next();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Trying to recreate token using token service " + next + ". This will fail if the token was not created by this service and may fail if the configuration of the service which created the token has changed.", new Object[0]);
            }
            try {
                token = next.recreateTokenFromBytes(bArr);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Successfully recreated token using token service " + next + ".", new Object[0]);
                }
                break;
            } catch (InvalidTokenException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "The token service " + next + " failed to recreate the token.", e);
                }
            }
        }
        if (token != null) {
            return token;
        }
        Tr.info(tc, "TOKEN_SERVICE_INVALID_TOKEN_INFO", new Object[0]);
        throw new InvalidTokenException(TraceNLS.getStringFromBundle(getClass(), TraceConstants.MESSAGE_BUNDLE, "TOKEN_SERVICE_INVALID_TOKEN_INFO", "CWWKS4001I: The security token cannot be validated."));
    }

    @Override // com.ibm.ws.security.token.TokenManager
    public Token recreateTokenFromBytes(String str, byte[] bArr) throws InvalidTokenException, TokenExpiredException {
        try {
            return getTokenServiceForType(str).recreateTokenFromBytes(bArr);
        } catch (IllegalArgumentException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.internal.TokenManagerImpl", "148", this, new Object[]{str, bArr});
            Tr.info(tc, "TOKEN_SERVICE_INVALID_TOKEN_INFO", new Object[0]);
            throw new InvalidTokenException(TraceNLS.getStringFromBundle(getClass(), TraceConstants.MESSAGE_BUNDLE, "TOKEN_SERVICE_INVALID_TOKEN_INFO", "CWWKS4001I: The security token cannot be validated."), e);
        }
    }

    private TokenService getTokenServiceForType(String str) {
        TokenService service = this.services.getService(str);
        if (service != null) {
            return service;
        }
        Tr.error(tc, "TOKEN_SERVICE_CONFIG_ERROR_NO_SUCH_SERVICE_TYPE", str);
        throw new IllegalArgumentException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "TOKEN_SERVICE_CONFIG_ERROR_NO_SUCH_SERVICE_TYPE", new Object[]{str}, "CWWKS4000E: A configuration error has occurred. The requested TokenService instance of type {0} could not be found."));
    }
}
