package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.jwt.JwtToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.twitter.TwitterConstants;
import com.ibm.ws.security.social.twitter.TwitterTokenServices;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.wsspi.security.tai.TAIResult;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Map;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TwitterLoginFlow.class */
public class TwitterLoginFlow {
    public static final TraceComponent tc = Tr.register(TwitterLoginFlow.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    TAIWebUtils taiWebUtils = new TAIWebUtils();
    TwitterTokenServices twitterTokenServices = new TwitterTokenServices();
    SocialWebUtils webUtils = new SocialWebUtils();
    TAIJwtUtils taiJwtUtils = new TAIJwtUtils();
    static final long serialVersionUID = 7921360858788122634L;

    public TAIResult handleTwitterRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        String andClearCookie = this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, TwitterConstants.COOKIE_NAME_ACCESS_TOKEN);
        String andClearCookie2 = this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, TwitterConstants.COOKIE_NAME_ACCESS_TOKEN_SECRET);
        if (andClearCookie == null || andClearCookie2 == null) {
            getTwitterRequestToken(httpServletRequest, httpServletResponse, socialLoginConfig);
            return TAIResult.create(403);
        }
        this.taiWebUtils.restorePostParameters(httpServletRequest);
        return createSubjectFromTwitterCredentials(httpServletResponse, socialLoginConfig, andClearCookie, andClearCookie2);
    }

    protected void getTwitterRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) {
        this.taiWebUtils.savePostParameters(httpServletRequest);
        String createStateCookie = this.taiWebUtils.createStateCookie(httpServletRequest, httpServletResponse);
        this.twitterTokenServices.getRequestToken(httpServletRequest, httpServletResponse, this.taiWebUtils.getRedirectUrl(httpServletRequest, socialLoginConfig), createStateCookie, socialLoginConfig);
    }

    protected TAIResult createSubjectFromTwitterCredentials(HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig, String str, @Sensitive String str2) throws WebTrustAssociationFailedException {
        Map<String, Object> verifyCredentials = this.twitterTokenServices.verifyCredentials(httpServletResponse, str, str2, socialLoginConfig);
        if (verifyCredentials == null) {
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
        }
        String json = JsonUtils.toJson(verifyCredentials);
        if (json != null && !json.isEmpty()) {
            return createResultFromUserApiResponse(httpServletResponse, socialLoginConfig, verifyCredentials, json);
        }
        Tr.error(tc, "USER_API_RESPONSE_NULL_OR_EMPTY", new Object[]{socialLoginConfig.getUniqueId()});
        return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
    }

    @FFDCIgnore({SocialLoginException.class})
    TAIResult createResultFromUserApiResponse(HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig, Map<String, Object> map, String str) throws WebTrustAssociationFailedException {
        String str2 = (String) map.get("access_token");
        JwtToken jwtToken = null;
        try {
            if (socialLoginConfig.getJwtRef() != null) {
                jwtToken = this.taiJwtUtils.createJwtTokenFromJson(str, socialLoginConfig, false);
            }
            try {
                return getTAISubjectUtils(str2, null, jwtToken, map, str).createResult(httpServletResponse, socialLoginConfig);
            } catch (SocialLoginException e) {
                Tr.error(tc, "TWITTER_ERROR_CREATING_RESULT", new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
                return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TwitterLoginFlow", "109", this, new Object[]{httpServletResponse, socialLoginConfig, map, str});
                Tr.error(tc, "TWITTER_ERROR_CREATING_RESULT", new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
                return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.social.tai.TwitterLoginFlow", "98", this, new Object[]{httpServletResponse, socialLoginConfig, map, str});
            Tr.error(tc, "AUTH_CODE_FAILED_TO_CREATE_JWT", new Object[]{socialLoginConfig.getUniqueId(), e3.getLocalizedMessage()});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
        }
    }

    TAISubjectUtils getTAISubjectUtils(@Sensitive String str, JwtToken jwtToken, JwtToken jwtToken2, @Sensitive Map<String, Object> map, String str2) {
        return new TAISubjectUtils(str, jwtToken, jwtToken2, map, str2);
    }
}
