package com.bea.common.security.internal.service;

import com.bea.common.engine.ServiceConfigurationException;
import com.bea.common.engine.ServiceInitializationException;
import com.bea.common.engine.ServiceLifecycleSpi;
import com.bea.common.engine.Services;
import com.bea.common.logger.service.LoggerService;
import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.internal.utils.CallbackUtils;
import com.bea.common.security.internal.utils.Delegator;
import com.bea.common.security.internal.utils.collections.SecondChanceCacheMap;
import com.bea.common.security.service.Identity;
import com.bea.common.security.service.IdentityCacheService;
import com.bea.common.security.servicecfg.IdentityCacheServiceConfig;
import java.security.InvalidParameterException;
import javax.security.auth.callback.CallbackHandler;
import weblogic.security.auth.callback.IdentityDomainNames;
import weblogic.security.service.ContextHandler;

/* loaded from: input_file:com/bea/common/security/internal/service/IdentityCacheServiceImpl.class */
public class IdentityCacheServiceImpl implements ServiceLifecycleSpi, IdentityCacheService {
    private static final String OPSS_KEY_ATTR_NAME = "oracle.security.opss.auth.userTenantName";
    private static final String DEFAULT_IDM = "_def_Idm";
    private LoggerSpi logger;
    private IdentityCache theCache = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bea/common/security/internal/service/IdentityCacheServiceImpl$IdentityCache.class */
    public static final class IdentityCache {
        private SecondChanceCacheMap cache;
        private long cacheEOL;
        private long cacheTTL;

        private IdentityCache(int i, long j) {
            this.cache = null;
            this.cacheEOL = 0L;
            this.cacheTTL = 0L;
            this.cache = new SecondChanceCacheMap(i);
            this.cacheTTL = j;
            if (this.cacheTTL != 0) {
                this.cacheEOL = System.currentTimeMillis() + this.cacheTTL;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Identity getCachedIdentity(IdentityDomainNames identityDomainNames) {
            if (this.cacheTTL < 0) {
                return null;
            }
            checkTTL();
            return (Identity) this.cache.get(identityDomainNames);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void putCachedIdentity(IdentityDomainNames identityDomainNames, Identity identity) {
            if (this.cacheTTL < 0) {
                return;
            }
            checkTTL();
            if (this.cache.containsKey(identityDomainNames)) {
                return;
            }
            this.cache.put(identityDomainNames, identity);
        }

        private void checkTTL() {
            if (this.cacheTTL == 0) {
                return;
            }
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis > this.cacheEOL) {
                synchronized (this.cache) {
                    if (currentTimeMillis > this.cacheEOL) {
                        this.cacheEOL = currentTimeMillis + this.cacheTTL;
                        this.cache.clear();
                    }
                }
            }
        }
    }

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public Object init(Object obj, Services services) throws ServiceInitializationException {
        this.logger = ((LoggerService) services.getService(LoggerService.SERVICE_NAME)).getLogger("com.bea.common.security.service.IdentityCacheService");
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = getClass().getName() + ".init";
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        if (obj == null || !(obj instanceof IdentityCacheServiceConfig)) {
            throw new ServiceConfigurationException(ServiceLogger.getExpectedConfigurationNotSupplied(str, "IdentityCacheServiceConfig"));
        }
        IdentityCacheServiceConfig identityCacheServiceConfig = (IdentityCacheServiceConfig) obj;
        if (identityCacheServiceConfig.isIdentityCacheEnabled()) {
            if (identityCacheServiceConfig.getMaxIdentitiesInCache() < 1) {
                throw new ServiceConfigurationException(ServiceLogger.getIdentityServiceMaxIdentitiesInCacheInvalid(identityCacheServiceConfig.getMaxIdentitiesInCache()));
            }
            this.theCache = new IdentityCache(identityCacheServiceConfig.getMaxIdentitiesInCache(), identityCacheServiceConfig.getIdentityCacheTTL());
            if (isDebugEnabled) {
                this.logger.debug(str + " IdentityCache enabled, max size = " + identityCacheServiceConfig.getMaxIdentitiesInCache() + ", TTL = " + identityCacheServiceConfig.getIdentityCacheTTL());
            }
        } else if (isDebugEnabled) {
            this.logger.debug(str + " IdentityCache is not enabled");
        }
        return Delegator.getProxy(IdentityCacheService.class, this);
    }

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public void shutdown() {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".shutdown" : null;
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public Identity getCachedIdentity(String str) {
        return getCachedIdentity(new IdentityDomainNames(str, null));
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public Identity getCachedIdentity(IdentityDomainNames identityDomainNames) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".getCachedIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + identityDomainNames + ")");
        }
        if (this.theCache == null) {
            if (!isDebugEnabled) {
                return null;
            }
            this.logger.debug(str + " noop, cache is not enabled");
            return null;
        }
        Identity cachedIdentity = this.theCache.getCachedIdentity(identityDomainNames);
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + identityDomainNames + ") returning " + cachedIdentity);
        }
        return cachedIdentity;
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public Identity getCachedIdentity(IdentityDomainNames identityDomainNames, ContextHandler contextHandler) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".getCachedIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + identityDomainNames + " , " + contextHandler + ")");
        }
        if (this.theCache != null) {
            if (identityDomainNames == null) {
                return null;
            }
            return identityDomainNames.getIdentityDomain() == null ? getCachedIdentity(identityDomainNames.getName(), contextHandler) : getCachedIdentity(identityDomainNames);
        }
        if (!isDebugEnabled) {
            return null;
        }
        this.logger.debug(str + " noop, cache is not enabled");
        return null;
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public Identity getCachedIdentity(CallbackHandler callbackHandler, ContextHandler contextHandler) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".getCachedIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + callbackHandler + " , " + contextHandler + ")");
        }
        if (this.theCache == null) {
            if (!isDebugEnabled) {
                return null;
            }
            this.logger.debug(str + " noop, cache is not enabled");
            return null;
        }
        IdentityDomainNames user = CallbackUtils.getUser(callbackHandler, this.logger);
        if (user == null) {
            return null;
        }
        return getCachedIdentity(user, contextHandler);
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public Identity getCachedIdentity(String str, ContextHandler contextHandler) {
        return getCachedIdentity(getCacheKey(str, contextHandler));
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public void cacheIdentity(Identity identity) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".cachedIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + identity + ")");
        }
        if (this.theCache != null) {
            this.theCache.putCachedIdentity(identity.getUser(), identity);
        } else if (isDebugEnabled) {
            this.logger.debug(str + " noop, cache is not enabled");
        }
    }

    @Override // com.bea.common.security.service.IdentityCacheService
    public void cacheIdentity(Identity identity, ContextHandler contextHandler) {
        IdentityDomainNames user = identity.getUser();
        if (user.getIdentityDomain() == null) {
            user = getCacheKey(identity.getUsername(), contextHandler);
        }
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".cachedIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str + "(" + identity + "),cacheKey= " + user);
        }
        if (this.theCache != null) {
            this.theCache.putCachedIdentity(user, identity);
        } else if (isDebugEnabled) {
            this.logger.debug(str + " noop, cache is not enabled");
        }
    }

    private static String getIdentityDomainName(ContextHandler contextHandler) {
        Object value;
        if (contextHandler == null || contextHandler.size() < 1 || (value = contextHandler.getValue(OPSS_KEY_ATTR_NAME)) == null) {
            return null;
        }
        if (!(value instanceof String)) {
            throw new InvalidParameterException("The identity-domain/tenant name should be string, but it is " + value.getClass().getName());
        }
        String str = (String) value;
        if (str == null || str.isEmpty()) {
            throw new InvalidParameterException("The identity-domain/tenant name should not be empty string");
        }
        return str;
    }

    private static IdentityDomainNames getCacheKey(String str, ContextHandler contextHandler) {
        return new IdentityDomainNames(str, getIdentityDomainName(contextHandler));
    }
}
