package com.ibm.ws.ssl.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.crypto.certificateutil.DefaultSSLCertificateCreator;
import com.ibm.ws.crypto.certificateutil.DefaultSSLCertificateFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.filemonitor.FileBasedActionable;
import com.ibm.ws.security.filemonitor.SecurityFileMonitor;
import com.ibm.ws.ssl.KeyringMonitor;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.provider.AbstractJSSEProvider;
import com.ibm.wsspi.kernel.filemonitor.FileMonitor;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.FrameworkState;
import java.io.File;
import java.util.Arrays;
import java.util.Collection;
import java.util.Dictionary;
import java.util.concurrent.ConcurrentHashMap;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(service = {ManagedServiceFactory.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM", "service.pid=com.ibm.ws.ssl.keystore"})
/* loaded from: input_file:com/ibm/ws/ssl/internal/KeystoreConfigurationFactory.class */
public class KeystoreConfigurationFactory implements ManagedServiceFactory, FileBasedActionable, KeyringBasedActionable {
    private static final TraceComponent tc = Tr.register(KeystoreConfigurationFactory.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private ServiceRegistration<FileMonitor> keyStoreFileMonitorRegistration;
    private ServiceRegistration<KeyringMonitor> keyringMonitorRegistration;
    private SecurityFileMonitor keyStoreFileMonitor;
    private KeyringMonitorImpl KeyringMonitor;
    private final AtomicServiceReference<WsLocationAdmin> locSvc = new AtomicServiceReference<>("LocMgr");
    private final ConcurrentHashMap<String, KeystoreConfig> keyConfigs = new ConcurrentHashMap<>();
    private BundleContext bContext = null;
    private volatile ComponentContext cc = null;

    @FFDCIgnore({IllegalArgumentException.class})
    public void updated(String str, Dictionary dictionary) throws ConfigurationException {
        if (FrameworkState.isStopping()) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "updated keystore " + str, new Object[]{dictionary});
        }
        String str2 = (String) dictionary.get(LibertyConstants.KEY_ID);
        KeystoreConfig keystoreConfig = null;
        KeystoreConfig keystoreConfig2 = this.keyConfigs.get(str);
        if (keystoreConfig2 == null) {
            keystoreConfig = new KeystoreConfig(str, str2, this.locSvc);
            keystoreConfig2 = this.keyConfigs.putIfAbsent(str, keystoreConfig);
        }
        if (keystoreConfig2 != null) {
            keystoreConfig = keystoreConfig2;
        }
        try {
            if (keystoreConfig.updateKeystoreConfig(dictionary)) {
                keystoreConfig.updateRegistration(this.bContext);
                String trigger = keystoreConfig.getKeyStore().getTrigger();
                Boolean fileBased = keystoreConfig.getKeyStore().getFileBased();
                if (!trigger.equalsIgnoreCase("disabled")) {
                    if (fileBased.booleanValue()) {
                        createFileMonitor(keystoreConfig.getKeyStore().getName(), keystoreConfig.getKeyStore().getLocation(), trigger, keystoreConfig.getKeyStore().getPollingRate());
                    } else {
                        String location = keystoreConfig.getKeyStore().getLocation();
                        KeyringMonitorImpl keyringMonitorImpl = this.KeyringMonitor;
                        if (location.contains("safkeyring://")) {
                            createKeyringMonitor(keystoreConfig.getKeyStore().getName(), trigger, keystoreConfig.getKeyStore().getLocation());
                        }
                    }
                }
            } else {
                keystoreConfig.unregister();
            }
        } catch (IllegalStateException e) {
        }
    }

    public void deleted(String str) {
        KeystoreConfig keystoreConfig = this.keyConfigs.get(str);
        if (keystoreConfig != null) {
            KeyStoreManager.getInstance().clearKeyStoreFromMap(str);
            KeyStoreManager.getInstance().clearKeyStoreFromMap(this.keyConfigs.get(str).getId());
            keystoreConfig.unregister();
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(this, tc, "deleted keystore " + str, new Object[0]);
            }
        }
    }

    public String getName() {
        return "Keystore configuration";
    }

    protected void activate(ComponentContext componentContext) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "activate", new Object[]{componentContext.getProperties()});
        }
        this.cc = componentContext;
        this.locSvc.activate(componentContext);
        this.bContext = componentContext.getBundleContext();
    }

    protected void deactivate(ComponentContext componentContext, int i) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "deactivate, reason=" + i, new Object[0]);
        }
        this.locSvc.deactivate(componentContext);
        unsetFileMonitorRegistration();
        unsetKeyringMonitorRegistration();
    }

    @Reference(service = WsLocationAdmin.class, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setLocMgr(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locSvc.setReference(serviceReference);
    }

    protected void unsetLocMgr(ServiceReference<WsLocationAdmin> serviceReference) {
    }

    public void performFileBasedAction(Collection<File> collection) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "performFileBasedAction", new Object[]{collection});
        }
        try {
            KeyStoreManager.getInstance().clearJavaKeyStoresFromKeyStoreMap(collection);
            AbstractJSSEProvider.clearSSLContextCache(collection);
            SSLConfigManager.getInstance().resetDefaultSSLContextIfNeeded(collection);
            Tr.audit(tc, "ssl.keystore.modified.CWPKI0811I", collection.toArray());
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while trying to reload keystore file, exception is: " + e.getMessage(), new Object[0]);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "performFileBasedAction");
        }
    }

    @Override // com.ibm.ws.ssl.internal.KeyringBasedActionable
    public void performKeyStoreAction(Collection<String> collection) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "performSAFKeyRingAction", new Object[]{collection});
        }
        for (String str : collection) {
            try {
                KeyStoreManager.getInstance().findKeyStoreInMapAndClear(str);
                AbstractJSSEProvider.removeEntryFromSSLContextMap(str);
                SSLConfigManager.getInstance().resetDefaultSSLContextIfNeeded(str);
                Tr.audit(tc, "ssl.keystore.modified.CWPKI0811I", collection.toArray());
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception while trying to reload keystore file, exception is: " + e.getMessage(), new Object[0]);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "performSAFKeyRingAction");
        }
    }

    @Override // com.ibm.ws.ssl.internal.KeyringBasedActionable
    public BundleContext getBundleContext() {
        if (this.cc != null) {
            return this.cc.getBundleContext();
        }
        return null;
    }

    protected void unsetFileMonitorRegistration() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "unsetFileMonitorRegistration", new Object[0]);
        }
        if (this.keyStoreFileMonitorRegistration != null) {
            this.keyStoreFileMonitorRegistration.unregister();
            this.keyStoreFileMonitorRegistration = null;
        }
    }

    protected void setFileMonitorRegistration(ServiceRegistration<FileMonitor> serviceRegistration) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "setFileMonitorRegistration", new Object[0]);
        }
        this.keyStoreFileMonitorRegistration = serviceRegistration;
    }

    private void createFileMonitor(String str, String str2, String str3, long j) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "createFileMonitor", new Object[]{str, str2, str3, Long.valueOf(j)});
        }
        try {
            this.keyStoreFileMonitor = new SecurityFileMonitor(this);
            setFileMonitorRegistration(this.keyStoreFileMonitor.monitorFiles(str, Arrays.asList(str2), j, str3));
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating the keystore file monitor.", new Object[]{e});
            }
            FFDCFilter.processException(e, getClass().getName(), "createFileMonitor", this, new Object[]{str, str2, Long.valueOf(j)});
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "createFileMonitor");
        }
    }

    protected void unsetKeyringMonitorRegistration() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "unsetKeyringMonitorRegistration", new Object[0]);
        }
        if (this.keyringMonitorRegistration != null) {
            this.keyringMonitorRegistration.unregister();
            this.keyringMonitorRegistration = null;
        }
    }

    protected void setKeyringMonitorRegistration(ServiceRegistration<KeyringMonitor> serviceRegistration) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "setKeyringMonitorRegistration", new Object[0]);
        }
        this.keyringMonitorRegistration = serviceRegistration;
    }

    private void createKeyringMonitor(String str, String str2, String str3) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyringMonitor", new Object[]{str, str2});
        }
        try {
            this.KeyringMonitor = new KeyringMonitorImpl(this);
            setKeyringMonitorRegistration(this.KeyringMonitor.monitorKeyRings(str, str2, str3));
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating the keyring monitor.", new Object[]{e});
            }
            FFDCFilter.processException(e, getClass().getName(), "createKeyringMonitor", this, new Object[]{str, str3});
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyringMonitor");
        }
    }

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    public void setCertificateCreator(DefaultSSLCertificateCreator defaultSSLCertificateCreator) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "setCertificateCreator(DefaultSSLCertificateCreator)", new Object[]{defaultSSLCertificateCreator});
        }
        DefaultSSLCertificateFactory.setDefaultSSLCertificateCreator(defaultSSLCertificateCreator);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "setCertificateCreator(DefaultSSLCertificateCreator)");
        }
    }

    public void unsetCertificateCreator(DefaultSSLCertificateCreator defaultSSLCertificateCreator) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "unsetCertificateCreator(DefaultSSLCertificateCreator)", new Object[]{defaultSSLCertificateCreator});
        }
        DefaultSSLCertificateFactory.setDefaultSSLCertificateCreator((DefaultSSLCertificateCreator) null);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "unsetCertificateCreator(DefaultSSLCertificateCreator)");
        }
    }
}
