package com.ibm.ws.security.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.jaas.Parser;
import com.ibm.ws.security.config.jaas.ParserException;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.AuthData;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.login.AppConfigurationEntry;

/* loaded from: input_file:com/ibm/ws/security/config/JAASLoginConfigImpl.class */
public class JAASLoginConfigImpl extends Parser implements JAASLoginConfig {
    private static TraceComponent tc = Tr.register(JAASLoginConfigImpl.class, "SecurityConfig", AdminConstants.MSG_BUNDLE_NAME);
    private SecurityConfigObject parent_sco;
    private String cacheKey;
    private Map<String, List<AppConfigurationEntry>> sysMap;
    private Map<String, List<AppConfigurationEntry>> appMap;
    private Object authDataSyncObject;
    private Map<String, AuthData> authDataMap;

    public JAASLoginConfigImpl(SecurityConfigObject securityConfigObject, String str) {
        this.parent_sco = null;
        this.cacheKey = null;
        this.sysMap = null;
        this.appMap = null;
        this.authDataSyncObject = new Object();
        this.authDataMap = null;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "ctor " + str, securityConfigObject);
        }
        this.cacheKey = str;
        this.parent_sco = securityConfigObject;
        this.sysMap = new HashMap();
        this.appMap = new HashMap();
        initialize(this.parent_sco);
        refreshAuthDataEntries(null);
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "ctor " + this.cacheKey);
        }
    }

    public JAASLoginConfigImpl() {
        this.parent_sco = null;
        this.cacheKey = null;
        this.sysMap = null;
        this.appMap = null;
        this.authDataSyncObject = new Object();
        this.authDataMap = null;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public List<AppConfigurationEntry> get(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "get() alias=" + str + " " + this.cacheKey);
        }
        List<AppConfigurationEntry> list = this.appMap.get(str);
        if (list == null) {
            list = this.sysMap.get(str);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "get " + this.cacheKey, list);
        }
        return list;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public Map<String, List<AppConfigurationEntry>> getMap() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.sysMap);
        hashMap.putAll(this.appMap);
        return hashMap;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public Map<String, List<AppConfigurationEntry>> getSysMap() {
        return this.sysMap;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public Map<String, List<AppConfigurationEntry>> getAppMap() {
        return this.appMap;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public synchronized void updateSysMap(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "update() cfgString=" + str + " " + this.cacheKey);
        }
        if (str == null || str.length() == 0) {
            Tr.warning(tc, "security.jaas.update");
        } else {
            BufferedReader bufferedReader = null;
            try {
                try {
                    try {
                        bufferedReader = new BufferedReader(new StringReader(str));
                        this.sysMap = parse(bufferedReader);
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            Tr.warning(tc, "security.jaas.close.stream");
                        }
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e2) {
                            Tr.warning(tc, "security.jaas.close.stream");
                        }
                        throw th;
                    }
                } catch (ParserException e3) {
                    Tr.error(tc, "security.jaas.parser.stringreader");
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        Tr.warning(tc, "security.jaas.close.stream");
                    }
                }
            } catch (IOException e5) {
                Tr.error(tc, "security.jaas.open.stringreader");
                try {
                    bufferedReader.close();
                } catch (IOException e6) {
                    Tr.warning(tc, "security.jaas.close.stream");
                }
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "update() " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public synchronized void updateAppMap(String str) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "updateAppMap " + this.cacheKey, str);
        }
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new StringReader(str));
                this.appMap = parse(bufferedReader);
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    Tr.warning(tc, "security.core.close.stream");
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (IOException e2) {
                    Tr.warning(tc, "security.core.close.stream");
                }
                throw th;
            }
        } catch (ParserException e3) {
            Tr.error(tc, "security.core.parser.stringreader");
            try {
                bufferedReader.close();
            } catch (IOException e4) {
                Tr.warning(tc, "security.core.close.stream");
            }
        } catch (IOException e5) {
            Tr.error(tc, "security.core.open.stringreader");
            try {
                bufferedReader.close();
            } catch (IOException e6) {
                Tr.warning(tc, "security.core.close.stream");
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "Updated JAAS Login Configuration: " + this.appMap.toString());
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "updateAppMap " + this.cacheKey);
        }
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public String toString2() {
        StringBuffer stringBuffer = new StringBuffer(1024);
        stringBuffer.append("JAAS WCCM configuration data:\n");
        Map<String, List<AppConfigurationEntry>> map = getMap();
        if (map == null || map.size() <= 0) {
            stringBuffer.append("None.\n");
        } else {
            stringBuffer.append(convertMapToString(map)).append("\n");
        }
        return stringBuffer.toString();
    }

    private synchronized void initialize(SecurityConfigObject securityConfigObject) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        this.sysMap = convertToConfiguration(securityConfigObject.getObject("systemLoginConfig"), true);
        this.appMap = convertToConfiguration(securityConfigObject.getObject("applicationLoginConfig"), false);
        Tr.info(tc, "security.init.wccmjaas.init");
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "The dynamic JAAS login configuration is:", convertMapToString(getMap()));
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    private static String convertMapToString(Map<String, List<AppConfigurationEntry>> map) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "convertMapToString, in Map= " + map);
        }
        StringBuffer stringBuffer = new StringBuffer(1024);
        if (map != null) {
            for (Map.Entry<String, List<AppConfigurationEntry>> entry : map.entrySet()) {
                if (entry.getKey() == null) {
                    Tr.error(tc, "security.jaasconfig.helper.baddata", new Object[]{"convertMapToString", CommandConstants.ALIAS, null});
                } else {
                    stringBuffer.append(entry.getKey()).append(" ").append('{').append('\n');
                    List<AppConfigurationEntry> value = entry.getValue();
                    int size = value.size();
                    for (int i = 0; i < size; i++) {
                        printACE(stringBuffer, value.get(i));
                    }
                    stringBuffer.append("};\n");
                }
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
            Tr.debug(tc, "The internal JAAS config map has been converted to:\n" + stringBuffer2);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "convertMapToString");
        }
        return stringBuffer2;
    }

    private static void printACE(StringBuffer stringBuffer, AppConfigurationEntry appConfigurationEntry) {
        if (stringBuffer == null || appConfigurationEntry == null) {
            return;
        }
        String loginModuleControlFlag = appConfigurationEntry.getControlFlag().toString();
        stringBuffer.append("    ").append(appConfigurationEntry.getLoginModuleName()).append(" ").append(loginModuleControlFlag.substring(loginModuleControlFlag.indexOf(58) + 1));
        Map options = appConfigurationEntry.getOptions();
        if (options != null && options.size() > 0) {
            for (Map.Entry entry : options.entrySet()) {
                String str = (String) entry.getKey();
                stringBuffer.append("\n       ").append(str).append('=').append('\"').append((String) entry.getValue()).append('\"');
            }
        }
        stringBuffer.append("   ").append(";\n");
    }

    private static Map<String, List<AppConfigurationEntry>> convertToConfiguration(SecurityConfigObject securityConfigObject, boolean z) {
        JAASLoginConfig jAASLoginConfig;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "convertToConfiguration " + securityConfigObject);
        }
        HashMap hashMap = new HashMap();
        if (securityConfigObject == null) {
            return null;
        }
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        if (!SecurityObjectLocator.getSecurityConfigManager().isAdminAgent() && securityConfigObject.isDomainConfig() && securityConfig.getPropertyBool(SecurityConfig.INHERIT_JAAS) && (jAASLoginConfig = SecurityObjectLocator.getSecurityConfig("security").getJAASLoginConfig()) != null) {
            Map<String, List<AppConfigurationEntry>> sysMap = z ? jAASLoginConfig.getSysMap() : jAASLoginConfig.getAppMap();
            if (sysMap != null) {
                hashMap.putAll(sysMap);
            }
        }
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("entries");
        for (int i = 0; i < objectList.size(); i++) {
            SecurityConfigObject securityConfigObject2 = objectList.get(i);
            String string = securityConfigObject2.getString(CommandConstants.ALIAS);
            if (string.length() != 0) {
                if (z) {
                    string = "system." + string;
                }
                if (hashMap.containsKey(string) && !securityConfig.getPropertyBool(SecurityConfig.NO_DUPENTRY)) {
                    Tr.warning(tc, "security.init.wccmjaas.dupentry", new Object[]{string});
                }
                hashMap.put(string, convertToAppEntry(securityConfigObject2));
            } else {
                Tr.warning(tc, "security.wccmjaas.no.alias", new Object[]{securityConfigObject});
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "convertToConfiguration ");
        }
        return hashMap;
    }

    private static Vector<AppConfigurationEntry> convertToAppEntry(SecurityConfigObject securityConfigObject) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "convertToAppEntry " + securityConfigObject);
        }
        Vector<AppConfigurationEntry> vector = new Vector<>();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("loginModules");
        for (int i = 0; i < objectList.size(); i++) {
            vector.add(convertWCCMtoJaasConfig(objectList.get(i)));
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "convertToAppEntry ");
        }
        return vector;
    }

    private static AppConfigurationEntry convertWCCMtoJaasConfig(SecurityConfigObject securityConfigObject) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "convertWCCMtoJaasConfig " + securityConfigObject);
        }
        AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(securityConfigObject.getString("moduleClassName"), buildFlag(securityConfigObject), buildOptions(securityConfigObject));
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "convertWCCMtoJaasConfig ");
        }
        return appConfigurationEntry;
    }

    protected static AppConfigurationEntry.LoginModuleControlFlag buildFlag(SecurityConfigObject securityConfigObject) {
        AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "buildModuleControlFlag " + securityConfigObject);
        }
        String string = securityConfigObject.getString("authenticationStrategy", "REQUIRED");
        if (string.equals("REQUIRED")) {
            loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
        } else if (string.equals("REQUISITE")) {
            loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
        } else if (string.equals("SUFFICIENT")) {
            loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
        } else if (string.equals("OPTIONAL")) {
            loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
        } else {
            Tr.error(tc, "Error, invalid JAAS authentication strategy: " + string + ". Using REQUIRED");
            loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "buildModuleControlFlag " + loginModuleControlFlag);
        }
        return loginModuleControlFlag;
    }

    private static Map<String, String> buildOptions(SecurityConfigObject securityConfigObject) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "buildOptions " + securityConfigObject);
        }
        HashMap hashMap = new HashMap();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("options", false);
        for (int i = 0; i < objectList.size(); i++) {
            SecurityConfigObject securityConfigObject2 = objectList.get(i);
            hashMap.put(securityConfigObject2.getString("name"), securityConfigObject2.getString("value"));
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "buildOptions " + hashMap);
        }
        return hashMap;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public AuthData getAuthData(String str) {
        AuthData authData;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthData: uidpswEntry=" + str + " " + this.cacheKey);
        }
        synchronized (this.authDataSyncObject) {
            authData = this.authDataMap.get(str);
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthData " + this.cacheKey, authData);
        }
        return authData;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public void refreshAuthDataEntries(Map map) {
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshAuthDataEntries " + this.cacheKey, map);
        }
        Map refreshAuthDataEntries = map == null ? refreshAuthDataEntries() : map;
        if (refreshAuthDataEntries != null) {
            synchronized (this.authDataSyncObject) {
                this.authDataMap = refreshAuthDataEntries;
            }
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshAuthDataEntries " + this.cacheKey, this.authDataMap);
        }
    }

    private Map<String, AuthData> refreshAuthDataEntries() {
        JAASLoginConfig jAASLoginConfig;
        Map authDataMap;
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshAuthDataEntries " + this.cacheKey);
        }
        HashMap hashMap = null;
        try {
            SecurityConfigObjectList refreshAuthData = SecurityObjectLocator.getSecurityConfigManager().refreshAuthData(this.parent_sco.isDomainConfig() ? "AppSecurity" : "Security");
            hashMap = new HashMap();
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            if (this.parent_sco.isDomainConfig() && securityConfig.getPropertyBool(SecurityConfig.INHERIT_J2C) && (jAASLoginConfig = SecurityObjectLocator.getSecurityConfig("security").getJAASLoginConfig()) != null && (authDataMap = jAASLoginConfig.getAuthDataMap()) != null) {
                hashMap.putAll(authDataMap);
            }
            for (int i = 0; i < refreshAuthData.size(); i++) {
                SecurityConfigObject securityConfigObject = refreshAuthData.get(i);
                if (securityConfigObject != null) {
                    hashMap.put(securityConfigObject.getString(CommandConstants.ALIAS), new AuthData(securityConfigObject.getString(CommandConstants.CACLIENT_USERID), securityConfigObject.getDecodedString("password")));
                    if (SecurityConfigGlobals.enableVerbose && tc.isDebugEnabled()) {
                        Tr.debug(tc, "AuthData - add " + securityConfigObject.getString(CommandConstants.ALIAS, null));
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ServerSecurityComponentImpl.refreshAuthDataEntries", "806", this);
            Tr.error(tc, "security.servcomp.init");
        }
        if (SecurityConfigGlobals.enableVerbose && tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshAuthDataEntries " + this.cacheKey);
        }
        return hashMap;
    }

    @Override // com.ibm.ws.security.config.JAASLoginConfig
    public Map<String, AuthData> getAuthDataMap() {
        Map<String, AuthData> map;
        synchronized (this.authDataSyncObject) {
            map = this.authDataMap;
        }
        return map;
    }
}
