package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.credentials.AccessIdUtil;
import com.ibm.ws.security.credentials.CredentialProvider;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistryChangeListener;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.util.Hashtable;
import javax.security.auth.Subject;
import org.apache.bcel.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.app_1.0.1.jar:com/ibm/ws/webcontainer/security/UnauthenticatedSubjectService.class
 */
@TraceOptions(traceGroups = {}, traceGroup = "", messageBundle = "", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security.admin_1.0.1.jar:com/ibm/ws/webcontainer/security/UnauthenticatedSubjectService.class */
public class UnauthenticatedSubjectService implements UserRegistryChangeListener {
    private static final TraceComponent tc = Tr.register(UnauthenticatedSubjectService.class);
    static final String KEY_SECURITY_SERVICE = "securityService";
    static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    protected final AtomicServiceReference<SecurityService> securityServiceRef = new AtomicServiceReference<>(KEY_SECURITY_SERVICE);
    protected final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>("credentialsService");
    private Subject unauthenticatedSubject = null;
    static final long serialVersionUID = 7840215915609227410L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public UnauthenticatedSubjectService() {
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected synchronized void setCredentialProvider(ServiceReference<CredentialProvider> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as new CredentialProvider has been set", new Object[0]);
        }
        this.unauthenticatedSubject = null;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected synchronized void unsetCredentialProvider(ServiceReference<CredentialProvider> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as CredentialProvider has been unset", new Object[0]);
        }
        this.unauthenticatedSubject = null;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext) {
        this.securityServiceRef.activate(componentContext);
        this.credentialsServiceRef.activate(componentContext);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext) {
        this.securityServiceRef.deactivate(componentContext);
        this.credentialsServiceRef.deactivate(componentContext);
    }

    @Override // com.ibm.ws.security.registry.UserRegistryChangeListener
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public synchronized void notifyOfUserRegistryChange() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Resetting unauthenticatedSubject as UserRegistry configuration has changed", new Object[0]);
        }
        this.unauthenticatedSubject = null;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getUserRegistryRealm() {
        String str = "DefaultRealm";
        String str2 = "DefaultRealm";
        try {
            UserRegistryService userRegistryService = this.securityServiceRef.getService().getUserRegistryService();
            if (userRegistryService.isUserRegistryConfigured()) {
                str = userRegistryService.getUserRegistry().getRealm();
                str2 = str;
            }
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.UnauthenticatedSubjectService", "125", this, new Object[0]);
            String str3 = str;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "RegistryException while trying to get the realm", str3);
            }
        }
        return str2;
    }

    @FFDCIgnore({Exception.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public synchronized Subject getUnauthenticatedSubject() {
        if (this.unauthenticatedSubject == null) {
            String unauthenticatedUserid = this.credentialsServiceRef.getService().getUnauthenticatedUserid();
            try {
                Subject subject = new Subject();
                Hashtable hashtable = new Hashtable();
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, unauthenticatedUserid);
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, AccessIdUtil.createAccessId("user", getUserRegistryRealm(), unauthenticatedUserid));
                subject.getPublicCredentials().add(hashtable);
                this.unauthenticatedSubject = this.securityServiceRef.getService().getAuthenticationService().authenticate("system.UNAUTHENTICATED", subject);
                this.unauthenticatedSubject.setReadOnly();
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Internal error creating UNAUTHENTICATED subject.", e);
                }
            }
        }
        return this.unauthenticatedSubject;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
