package com.ibm.ws.security.social.internal;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.config.DiscoveryConfigUtils;
import com.ibm.ws.security.common.http.HttpUtils;
import com.ibm.ws.security.common.http.SocialLoginWrapperException;
import com.ibm.ws.security.common.jwk.impl.JWKSet;
import com.ibm.ws.security.jwt.config.ConsumerUtils;
import com.ibm.ws.security.jwt.config.JwtConsumerConfig;
import com.ibm.ws.security.jwt.utils.JwtUtils;
import com.ibm.ws.security.openidconnect.clients.common.ConvergedClientConfig;
import com.ibm.ws.security.openidconnect.clients.common.InMemoryOidcSessionCache;
import com.ibm.ws.security.openidconnect.clients.common.OidcClientConfig;
import com.ibm.ws.security.openidconnect.clients.common.OidcSessionCache;
import com.ibm.ws.security.openidconnect.common.ConfigUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.SocialLoginService;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(name = "com.ibm.ws.security.social.oidclogin", configurationPolicy = ConfigurationPolicy.REQUIRE, service = {SocialLoginConfig.class, JwtConsumerConfig.class}, property = {"service.vendor=IBM", "type=oidcLogin"})
/* loaded from: input_file:com/ibm/ws/security/social/internal/OidcLoginConfigImpl.class */
public class OidcLoginConfigImpl extends Oauth2LoginConfigImpl implements ConvergedClientConfig {
    public static final TraceComponent tc = Tr.register(OidcLoginConfigImpl.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    public static final String KEY_ISSUER = "issuer";
    public static final String KEY_SIGNATURE_ALGORITHM = "signatureAlgorithm";
    public static final String KEY_CLOCKSKEW = "clockSkew";
    public static final String CFG_KEY_HOST_NAME_VERIFICATION_ENABLED = "hostNameVerificationEnabled";
    public static final String KEY_TRUSTED_ALIAS = "trustAliasName";
    public static final String KEY_USERINFO_ENDPOINT = "userInfoEndpoint";
    public static final String KEY_USERINFO_ENDPOINT_ENABLED = "userInfoEndpointEnabled";
    public static final String KEY_DISCOVERY_ENDPOINT = "discoveryEndpoint";
    public static final String KEY_DISCOVERY_POLLING_RATE = "discoveryPollingRate";
    private long nextDiscoveryTime;
    public static final String OPDISCOVERY_AUTHZ_EP_URL = "authorization_endpoint";
    public static final String OPDISCOVERY_TOKEN_EP_URL = "token_endpoint";
    public static final String OPDISCOVERY_INTROSPECTION_EP_URL = "introspection_endpoint";
    public static final String OPDISCOVERY_JWKS_EP_URL = "jwks_uri";
    public static final String OPDISCOVERY_USERINFO_EP_URL = "userinfo_endpoint";
    public static final String OPDISCOVERY_ISSUER = "issuer";
    public static final String OPDISCOVERY_TOKEN_EP_AUTH = "token_endpoint_auth_methods_supported";
    public static final String OPDISCOVERY_SCOPES = "scopes_supported";
    public static final String OPDISCOVERY_IDTOKEN_SIGN_ALG = "id_token_signing_alg_values_supported";
    public static final String KEY_JWK_CLIENT_ID = "jwkClientId";
    public static final String KEY_JWK_CLIENT_SECRET = "jwkClientSecret";
    public static final String KEY_RESPONSE_MODE = "responseMode";
    public static final String KEY_NONCE_ENABLED = "nonceEnabled";
    public static final String KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT = "includeCustomCacheKeyInSubject";
    public static final String KEY_CREATE_SESSION = "createSession";
    public static final String KEY_AUTHZ_PARAM = "authzParameter";
    public static final String KEY_TOKEN_PARAM = "tokenParameter";
    public static final String KEY_USERINFO_PARAM = "userinfoParameter";
    public static final String KEY_JWK_PARAM = "jwkParameter";
    public static final String KEY_PARAM_NAME = "name";
    public static final String KEY_PARAM_VALUE = "value";
    private HashMap<String, String> authzRequestParamMap;
    private HashMap<String, String> tokenRequestParamMap;
    private HashMap<String, String> userinfoRequestParamMap;
    private HashMap<String, String> jwkRequestParamMap;
    public static final String CFG_KEY_FORWARD_LOGIN_PARAMETER = "forwardLoginParameter";
    public static final String CFG_KEY_KEY_MANAGEMENT_KEY_ALIAS = "keyManagementKeyAlias";
    public static final String CFG_KEY_PKCE_CODE_CHALLENGE_METHOD = "pkceCodeChallengeMethod";
    static final long serialVersionUID = -8251947703713318090L;
    ConsumerUtils consumerUtils = null;
    JWKSet jwkSet = null;
    String issuer = null;
    String signatureAlgorithm = null;
    int clockSkewMsec = 0;
    private boolean hostNameVerificationEnabled = true;
    private String trustAliasName = null;
    private String userInfoEndpoint = null;
    private boolean userInfoEndpointEnabled = false;
    private String discoveryEndpointUrl = null;
    private JSONObject discoveryjson = null;
    private boolean discovery = false;
    private long discoveryPollingRate = 300000;
    private String discoveryDocumentHash = null;
    private String jwkClientId = null;
    private String jwkClientSecret = null;
    private String responseMode = null;
    private boolean includeCustomCacheKeyInSubject = true;
    private boolean createSession = false;
    private List<String> forwardLoginParameter = null;
    private String keyManagementKeyAlias = null;
    private String pkceCodeChallengeMethod = null;
    HttpUtils httputils = new HttpUtils();
    ConfigUtils oidcConfigUtils = new ConfigUtils((AtomicServiceReference) null);
    DiscoveryConfigUtils discoveryUtil = new DiscoveryConfigUtils();
    private final OidcSessionCache oidcSessionCache = new InMemoryOidcSessionCache();

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    protected void checkForRequiredConfigAttributes(Map<String, Object> map) {
        getRequiredConfigAttribute(map, Oauth2LoginConfigImpl.KEY_clientId);
        getRequiredSerializableProtectedStringConfigAttribute(map, Oauth2LoginConfigImpl.KEY_clientSecret);
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    protected void setAllConfigAttributes(Map<String, Object> map) throws SocialLoginException {
        this.clientId = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_clientId);
        this.clientSecret = this.configUtils.processProtectedString(map, Oauth2LoginConfigImpl.KEY_clientSecret);
        this.useSystemPropertiesForHttpClientConnections = this.configUtils.getBooleanConfigAttribute(map, Oauth2LoginConfigImpl.KEY_USE_SYSPROPS_FOR_HTTPCLIENT_CONNECTONS, false);
        this.sslRef = this.configUtils.getConfigAttribute(map, "sslRef");
        this.discoveryEndpointUrl = this.configUtils.getConfigAttribute(map, KEY_DISCOVERY_ENDPOINT);
        this.discoveryPollingRate = this.configUtils.getLongConfigAttribute(map, KEY_DISCOVERY_POLLING_RATE, this.discoveryPollingRate);
        this.jwkClientId = this.configUtils.getConfigAttribute(map, KEY_JWK_CLIENT_ID);
        this.jwkClientSecret = this.configUtils.processProtectedString(map, KEY_JWK_CLIENT_SECRET);
        this.hostNameVerificationEnabled = this.configUtils.getBooleanConfigAttribute(map, CFG_KEY_HOST_NAME_VERIFICATION_ENABLED, this.hostNameVerificationEnabled);
        this.userInfoEndpointEnabled = this.configUtils.getBooleanConfigAttribute(map, KEY_USERINFO_ENDPOINT_ENABLED, this.userInfoEndpointEnabled);
        this.signatureAlgorithm = this.configUtils.getConfigAttribute(map, KEY_SIGNATURE_ALGORITHM);
        this.tokenEndpointAuthMethod = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_tokenEndpointAuthMethod);
        this.scope = this.configUtils.getConfigAttribute(map, "scope");
        this.discovery = false;
        this.discoveryjson = null;
        if (this.discoveryEndpointUrl != null) {
            this.discovery = handleDiscoveryEndpoint(this.discoveryEndpointUrl);
            if (this.discovery) {
                this.discoveryUtil.logDiscoveryWarning(map);
            } else {
                reConfigEndpointsAfterDiscoveryFailure();
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "discoveryEndpointUrl is null", new Object[0]);
            }
            this.discoveryDocumentHash = null;
            this.userInfoEndpoint = this.configUtils.getConfigAttribute(map, KEY_USERINFO_ENDPOINT);
            this.authorizationEndpoint = getRequiredConfigAttribute(map, Oauth2LoginConfigImpl.KEY_authorizationEndpoint);
            this.tokenEndpoint = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_tokenEndpoint);
            this.jwksUri = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_jwksUri);
            this.issuer = this.configUtils.getConfigAttribute(map, "issuer");
        }
        this.userNameAttribute = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_userNameAttribute);
        this.mapToUserRegistry = this.configUtils.getBooleanConfigAttribute(map, Oauth2LoginConfigImpl.KEY_mapToUserRegistry, this.mapToUserRegistry);
        this.authFilterRef = this.configUtils.getConfigAttribute(map, "authFilterRef");
        this.trustAliasName = this.configUtils.getConfigAttribute(map, KEY_TRUSTED_ALIAS);
        this.isClientSideRedirectSupported = this.configUtils.getBooleanConfigAttribute(map, Oauth2LoginConfigImpl.KEY_isClientSideRedirectSupported, this.isClientSideRedirectSupported);
        this.displayName = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_displayName);
        this.website = this.configUtils.getConfigAttribute(map, "website");
        this.realmNameAttribute = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_realmNameAttribute);
        this.groupNameAttribute = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_groupNameAttribute);
        this.userUniqueIdAttribute = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_userUniqueIdAttribute);
        this.clockSkewMsec = this.configUtils.getIntegerConfigAttribute(map, KEY_CLOCKSKEW, this.clockSkewMsec);
        this.redirectToRPHostAndPort = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_redirectToRPHostAndPort);
        this.responseType = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_responseType);
        this.responseMode = this.configUtils.getConfigAttribute(map, KEY_RESPONSE_MODE);
        this.nonce = this.configUtils.getBooleanConfigAttribute(map, KEY_NONCE_ENABLED, this.nonce);
        this.realmName = this.configUtils.getConfigAttribute(map, "realmName");
        this.includeCustomCacheKeyInSubject = this.configUtils.getBooleanConfigAttribute(map, KEY_INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT, this.includeCustomCacheKeyInSubject);
        this.resource = this.configUtils.getConfigAttribute(map, Oauth2LoginConfigImpl.KEY_resource);
        this.createSession = this.configUtils.getBooleanConfigAttribute(map, KEY_CREATE_SESSION, this.createSession);
        this.authzRequestParamMap = populateCustomRequestParameterMap(map, KEY_AUTHZ_PARAM);
        this.tokenRequestParamMap = populateCustomRequestParameterMap(map, KEY_TOKEN_PARAM);
        this.userinfoRequestParamMap = populateCustomRequestParameterMap(map, KEY_USERINFO_PARAM);
        this.jwkRequestParamMap = populateCustomRequestParameterMap(map, KEY_JWK_PARAM);
        this.forwardLoginParameter = this.oidcConfigUtils.readAndSanitizeForwardLoginParameter(map, this.uniqueId, CFG_KEY_FORWARD_LOGIN_PARAMETER);
        this.keyManagementKeyAlias = this.configUtils.getConfigAttribute(map, CFG_KEY_KEY_MANAGEMENT_KEY_ALIAS);
        this.pkceCodeChallengeMethod = this.configUtils.getConfigAttribute(map, CFG_KEY_PKCE_CODE_CHALLENGE_METHOD);
        if (this.discovery) {
            this.discoveryUtil.logDiscoveryMessage("OIDC_CLIENT_DISCOVERY_COMPLETE", (String) null, "CWWKS6110I: The client [{" + getId() + "}] configuration has been established with the information from the discovery endpoint URL [{" + this.discoveryEndpointUrl + "}]. This information enables the client to interact with the OpenID Connect provider to process the requests such as authorization and token.");
        }
    }

    private HashMap<String, String> populateCustomRequestParameterMap(Map<String, Object> map, String str) {
        HashMap<String, String> hashMap = new HashMap<>();
        String[] stringArrayConfigAttribute = this.configUtils.getStringArrayConfigAttribute(map, str);
        if (stringArrayConfigAttribute != null && stringArrayConfigAttribute.length > 0) {
            populateCustomRequestParameterMap(hashMap, stringArrayConfigAttribute);
        }
        return hashMap;
    }

    private void reConfigEndpointsAfterDiscoveryFailure() {
        this.authorizationEndpoint = null;
        this.tokenEndpoint = null;
        this.userInfoEndpoint = null;
        this.jwksUri = null;
        this.issuer = null;
        this.discoveryDocumentHash = null;
        this.discoveryUtil = this.discoveryUtil.initialConfig(getId(), this.discoveryEndpointUrl, this.discoveryPollingRate).discoveryDocumentResult((JSONObject) null).discoveryDocumentHash(this.discoveryDocumentHash).discoveredConfig(this.signatureAlgorithm, this.tokenEndpointAuthMethod, this.scope);
    }

    @FFDCIgnore({Exception.class, SocialLoginWrapperException.class})
    public boolean handleDiscoveryEndpoint(String str) {
        boolean z = false;
        try {
            setNextDiscoveryTime();
        } catch (SocialLoginWrapperException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to get successful discovery response : ", new Object[]{e.getCause()});
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to get successful discovery response : ", new Object[]{e2.getCause()});
            }
        }
        if (!isValidDiscoveryUrl(str)) {
            Tr.error(tc, "OIDC_CLIENT_DISCOVERY_SSL_ERROR", new Object[]{getId(), str});
            return false;
        }
        String fetchDiscoveryData = fetchDiscoveryData(str, getSSLSocketFactory());
        if (fetchDiscoveryData != null) {
            parseJsonResponse(fetchDiscoveryData);
            if (this.discoveryjson != null) {
                z = discoverEndpointUrls(this.discoveryjson);
            }
        }
        if (!z) {
            Tr.error(tc, "OIDC_CLIENT_DISCOVERY_SSL_ERROR", new Object[]{getId(), str});
        }
        return z;
    }

    @FFDCIgnore({SocialLoginWrapperException.class})
    String fetchDiscoveryData(String str, SSLSocketFactory sSLSocketFactory) throws Exception {
        try {
            return this.httputils.getHttpJsonRequest(sSLSocketFactory, str, this.hostNameVerificationEnabled, this.useSystemPropertiesForHttpClientConnections);
        } catch (SocialLoginWrapperException e) {
            Tr.error(tc, e.getNlsMessage(), new Object[0]);
            throw e;
        }
    }

    boolean discoverEndpointUrls(JSONObject jSONObject) {
        this.discoveryUtil = this.discoveryUtil.initialConfig(getId(), this.discoveryEndpointUrl, this.discoveryPollingRate).discoveryDocumentResult(jSONObject).discoveryDocumentHash(this.discoveryDocumentHash).discoveredConfig(this.signatureAlgorithm, this.tokenEndpointAuthMethod, this.scope);
        if (!this.discoveryUtil.calculateDiscoveryDocumentHash(jSONObject)) {
            return true;
        }
        this.authorizationEndpoint = this.discoveryUtil.discoverOPConfigSingleValue(jSONObject.get(OPDISCOVERY_AUTHZ_EP_URL));
        this.tokenEndpoint = this.discoveryUtil.discoverOPConfigSingleValue(jSONObject.get(OPDISCOVERY_TOKEN_EP_URL));
        this.jwksUri = this.discoveryUtil.discoverOPConfigSingleValue(jSONObject.get(OPDISCOVERY_JWKS_EP_URL));
        this.userInfoEndpoint = this.discoveryUtil.discoverOPConfigSingleValue(jSONObject.get(OPDISCOVERY_USERINFO_EP_URL));
        this.issuer = this.discoveryUtil.discoverOPConfigSingleValue(jSONObject.get("issuer"));
        if (invalidEndpoints() || invalidIssuer()) {
            return false;
        }
        this.tokenEndpointAuthMethod = this.discoveryUtil.adjustTokenEndpointAuthMethod();
        this.scope = this.discoveryUtil.adjustScopes();
        this.discoveryDocumentHash = this.discoveryUtil.getDiscoveryDocumentHash();
        return true;
    }

    public void setNextDiscoveryTime() {
        this.nextDiscoveryTime = System.currentTimeMillis() + this.discoveryPollingRate;
    }

    public long getNextDiscoveryTime() {
        return this.nextDiscoveryTime;
    }

    private boolean invalidIssuer() {
        return this.issuer == null;
    }

    private boolean invalidEndpoints() {
        return this.authorizationEndpoint == null && this.tokenEndpoint == null;
    }

    protected void parseJsonResponse(String str) {
        try {
            this.discoveryjson = JSONObject.parse(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.OidcLoginConfigImpl", "360", this, new Object[]{str});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing JSON string [" + str + "]: " + e, new Object[0]);
            }
        }
    }

    public boolean isDiscoveryInUse() {
        return isValidDiscoveryUrl(this.discoveryEndpointUrl);
    }

    private boolean isValidDiscoveryUrl(String str) {
        return str != null && str.startsWith("https");
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    protected void initializeMembersAfterConfigAttributesPopulated(Map<String, Object> map) throws SocialLoginException {
        initializeJwt(map);
        resetLazyInitializedMembers();
        setGrantType();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    public void resetLazyInitializedMembers() {
        super.resetLazyInitializedMembers();
        this.jwkSet = null;
        this.consumerUtils = null;
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    protected void debug() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "" + this, new Object[0]);
            Tr.debug(tc, "clientId = " + this.clientId, new Object[0]);
            Tr.debug(tc, "clientSecret is null = " + (this.clientSecret == null), new Object[0]);
            Tr.debug(tc, "authorizationEndpoint = " + this.authorizationEndpoint, new Object[0]);
            Tr.debug(tc, "tokenEndpoint = " + this.tokenEndpoint, new Object[0]);
            Tr.debug(tc, "userInfoEndpoint = " + this.userInfoEndpoint, new Object[0]);
            Tr.debug(tc, "userInfoEndpointEnabled = " + this.userInfoEndpointEnabled, new Object[0]);
            Tr.debug(tc, "jwksUri = " + this.jwksUri, new Object[0]);
            Tr.debug(tc, "scope = " + this.scope, new Object[0]);
            Tr.debug(tc, "userNameAttribute = " + this.userNameAttribute, new Object[0]);
            Tr.debug(tc, "mapToUserRegistry = " + this.mapToUserRegistry, new Object[0]);
            Tr.debug(tc, "sslRef = " + this.sslRef, new Object[0]);
            Tr.debug(tc, "authFilterRef = " + this.authFilterRef, new Object[0]);
            Tr.debug(tc, "trustAliasName = " + this.trustAliasName, new Object[0]);
            Tr.debug(tc, "builder = " + this.jwtRef, new Object[0]);
            Tr.debug(tc, "claims = " + (this.jwtClaims == null ? null : Arrays.toString(this.jwtClaims)), new Object[0]);
            Tr.debug(tc, "isClientSideRedirectSupported = " + this.isClientSideRedirectSupported, new Object[0]);
            Tr.debug(tc, "displayName = " + this.displayName, new Object[0]);
            Tr.debug(tc, "website = " + this.website, new Object[0]);
            Tr.debug(tc, "issuer = " + this.issuer, new Object[0]);
            Tr.debug(tc, "realmNameAttribute = " + this.realmNameAttribute, new Object[0]);
            Tr.debug(tc, "groupNameAttribute = " + this.groupNameAttribute, new Object[0]);
            Tr.debug(tc, "userUniqueIdAttribute = " + this.userUniqueIdAttribute, new Object[0]);
            Tr.debug(tc, "clockSkew = " + this.clockSkewMsec, new Object[0]);
            Tr.debug(tc, "signatureAlgorithm = " + this.signatureAlgorithm, new Object[0]);
            Tr.debug(tc, "tokenEndpointAuthMethod = " + this.tokenEndpointAuthMethod, new Object[0]);
            Tr.debug(tc, "redirectToRPHostAndPort = " + this.redirectToRPHostAndPort, new Object[0]);
            Tr.debug(tc, "hostNameVerificationEnabled = " + this.hostNameVerificationEnabled, new Object[0]);
            Tr.debug(tc, "nonce = " + this.nonce, new Object[0]);
            Tr.debug(tc, "responseType = " + this.responseType, new Object[0]);
            Tr.debug(tc, "responseMode = " + this.responseMode, new Object[0]);
            Tr.debug(tc, "realmName = " + this.realmName, new Object[0]);
            Tr.debug(tc, "includeCustomCacheKeyInSubject = " + this.includeCustomCacheKeyInSubject, new Object[0]);
            Tr.debug(tc, "resource = " + this.resource, new Object[0]);
            Tr.debug(tc, "forwardLoginParameter = " + this.forwardLoginParameter, new Object[0]);
            Tr.debug(tc, "keyManagementKeyAlias = " + this.keyManagementKeyAlias, new Object[0]);
        }
    }

    public boolean isUserInfoEnabled() {
        return this.userInfoEndpointEnabled;
    }

    public String getUserInfoEndpointUrl() {
        return this.userInfoEndpoint;
    }

    public boolean isHostNameVerificationEnabled() {
        return this.hostNameVerificationEnabled;
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl, com.ibm.ws.security.social.SocialLoginConfig
    public String getRealmNameAttribute() {
        return this.realmNameAttribute;
    }

    public String getId() {
        return getUniqueId();
    }

    public String getIssuer() {
        if ((this.issuer != null && this.issuer.length() != 0) || this.tokenEndpoint == null || this.tokenEndpoint.length() <= "http://".length()) {
            return this.issuer;
        }
        if (!this.tokenEndpoint.toLowerCase().startsWith("http")) {
            return this.issuer;
        }
        int lastIndexOf = this.tokenEndpoint.lastIndexOf("/");
        return lastIndexOf > "http://".length() ? this.tokenEndpoint.substring(0, lastIndexOf) : this.tokenEndpoint;
    }

    @Sensitive
    public String getSharedKey() {
        return this.clientSecret;
    }

    public List<String> getAudiences() {
        ArrayList arrayList = new ArrayList();
        String clientId = getClientId();
        if (clientId != null) {
            arrayList.add(clientId);
        }
        return arrayList;
    }

    public boolean ignoreAudClaimIfNotConfigured() {
        return false;
    }

    public boolean isValidationRequired() {
        return false;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @FFDCIgnore({SocialLoginException.class})
    public String getTrustStoreRef() {
        if (this.sslRefInfo == null) {
            this.sslRefInfo = initializeSslRefInfo();
            if (this.sslRefInfo == null) {
                return null;
            }
        }
        try {
            return this.sslRefInfo.getTrustStoreName();
        } catch (SocialLoginException e) {
            e.logErrorMessage();
            return null;
        }
    }

    @FFDCIgnore({SocialLoginException.class})
    public String getKeyStoreRef() {
        if (this.sslRefInfo == null) {
            this.sslRefInfo = initializeSslRefInfo();
            if (this.sslRefInfo == null) {
                return null;
            }
        }
        try {
            return this.sslRefInfo.getKeyStoreName();
        } catch (SocialLoginException e) {
            return null;
        }
    }

    SslRefInfoImpl initializeSslRefInfo() {
        SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
        if (socialLoginService != null) {
            return createSslRefInfoImpl(socialLoginService);
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Social login service is not available", new Object[0]);
        return null;
    }

    public String getTrustedAlias() {
        return this.trustAliasName;
    }

    public long getClockSkew() {
        return this.clockSkewMsec;
    }

    public boolean getJwkEnabled() {
        return this.jwksUri != null;
    }

    public String getJwkEndpointUrl() {
        return this.jwksUri;
    }

    public ConsumerUtils getConsumerUtils() {
        if (this.consumerUtils == null) {
            SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
            if (socialLoginService != null) {
                this.consumerUtils = new ConsumerUtils(socialLoginService.getKeyStoreServiceRef());
            } else {
                Tr.warning(tc, "SERVICE_NOT_FOUND_JWT_CONSUMER_NOT_AVAILABLE", new Object[]{this.uniqueId});
            }
        }
        return this.consumerUtils;
    }

    public JWKSet getJwkSet() {
        if (this.jwkSet == null) {
            this.jwkSet = new JWKSet();
        }
        return this.jwkSet;
    }

    public boolean getTokenReuse() {
        return false;
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl, com.ibm.ws.security.social.SocialLoginConfig
    public String getResponseMode() {
        return this.responseMode;
    }

    public boolean includeCustomCacheKeyInSubject() {
        return this.includeCustomCacheKeyInSubject;
    }

    @Override // com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl
    protected SslRefInfoImpl createSslRefInfoImpl(SocialLoginService socialLoginService) {
        return new SslRefInfoImpl(socialLoginService.getSslSupport(), socialLoginService.getKeyStoreServiceRef(), this.sslRef, this.trustAliasName);
    }

    public boolean isSocial() {
        return true;
    }

    public OidcClientConfig getOidcClientConfig() {
        return null;
    }

    public String getInboundPropagation() {
        return "none";
    }

    public boolean getAccessTokenInLtpaCookie() {
        return false;
    }

    public boolean isAuthnSessionDisabled_propagation() {
        return false;
    }

    public long getClockSkewInSeconds() {
        return getClockSkew() / 1000;
    }

    public String getAuthorizationEndpointUrl() {
        return getAuthorizationEndpoint();
    }

    public boolean createSession() {
        return this.createSession;
    }

    public long getAuthenticationTimeLimitInSeconds() {
        return 420L;
    }

    public boolean isHttpsRequired() {
        return true;
    }

    public boolean isClientSideRedirect() {
        return isClientSideRedirectSupported();
    }

    public String getContextPath() {
        return getContextRoot();
    }

    public String getTokenEndpointUrl() {
        return getTokenEndpoint();
    }

    public String getSSLConfigurationName() {
        return getSslRef();
    }

    public String getRedirectUrlFromServerToClient() {
        return getRedirectToRPHostAndPort();
    }

    public String getRedirectUrlWithJunctionPath(String str) {
        return str;
    }

    public String getAuthContextClassReference() {
        return null;
    }

    public boolean isNonceEnabled() {
        return createNonce();
    }

    public String getPrompt() {
        return null;
    }

    public String[] getResources() {
        String resource = getResource();
        if (resource == null) {
            return null;
        }
        return resource.split(" ");
    }

    public String getOidcClientCookieName() {
        return null;
    }

    public String getIssuerIdentifier() {
        return getIssuer();
    }

    public boolean getUseAccessTokenAsIdToken() {
        return false;
    }

    public boolean isMapIdentityToRegistryUser() {
        return getMapToUserRegistry();
    }

    public boolean isIncludeCustomCacheKeyInSubject() {
        return false;
    }

    public boolean isIncludeIdTokenInSubject() {
        return true;
    }

    public boolean isDisableLtpaCookie() {
        return false;
    }

    public String getGroupIdentifier() {
        return getGroupNameAttribute();
    }

    public String getUserIdentifier() {
        return getUserNameAttribute();
    }

    public String getUserIdentityToCreateSubject() {
        return getUserNameAttribute();
    }

    public String getRealmIdentifier() {
        return getRealmNameAttribute();
    }

    public String getUniqueUserIdentifier() {
        return getUserUniqueIdAttribute();
    }

    public String getJsonWebKey() {
        return null;
    }

    public boolean allowedAllAudiences() {
        return false;
    }

    public boolean disableIssChecking() {
        return false;
    }

    public String getJwkClientId() {
        return null;
    }

    public String getJwkClientSecret() {
        return null;
    }

    public List<String> getForwardLoginParameter() {
        return this.forwardLoginParameter;
    }

    public String getDiscoveryEndpointUrl() {
        return this.discoveryEndpointUrl;
    }

    public HashMap<String, String> getAuthzRequestParams() {
        return this.authzRequestParamMap;
    }

    public HashMap<String, String> getTokenRequestParams() {
        return this.tokenRequestParamMap;
    }

    public HashMap<String, String> getUserinfoRequestParams() {
        return this.userinfoRequestParamMap;
    }

    public HashMap<String, String> getJwkRequestParams() {
        return this.jwkRequestParamMap;
    }

    private void populateCustomRequestParameterMap(HashMap<String, String> hashMap, String[] strArr) {
        SocialLoginService socialLoginService = (SocialLoginService) this.socialLoginServiceRef.getService();
        if (socialLoginService == null) {
            return;
        }
        this.oidcConfigUtils.populateCustomRequestParameterMap(socialLoginService.getConfigAdmin(), hashMap, strArr, KEY_PARAM_NAME, KEY_PARAM_VALUE);
    }

    public List<String> getAMRClaim() {
        return null;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{");
        stringBuffer.append("Id: " + this.uniqueId);
        stringBuffer.append(" clientId: " + this.clientId);
        stringBuffer.append(" grantType: " + this.grantType);
        stringBuffer.append(" responseType: " + this.responseType);
        stringBuffer.append(" scope: " + this.scope);
        stringBuffer.append(" redirectToRPHostAndPort: " + this.redirectToRPHostAndPort);
        stringBuffer.append(" issuerIdentifier: " + getIssuerIdentifier());
        stringBuffer.append(" tokenEndpointUrl: " + this.tokenEndpoint);
        stringBuffer.append(" userInfoEndpointUrl: " + this.userInfoEndpoint);
        stringBuffer.append("}");
        return stringBuffer.toString();
    }

    public String getKeyManagementKeyAlias() {
        return this.keyManagementKeyAlias;
    }

    @Sensitive
    public Key getJweDecryptionKey() throws GeneralSecurityException {
        String keyManagementKeyAlias = getKeyManagementKeyAlias();
        if (keyManagementKeyAlias != null) {
            return JwtUtils.getPrivateKey(keyManagementKeyAlias, getKeyStoreRef());
        }
        return null;
    }

    public OidcSessionCache getOidcSessionCache() {
        return this.oidcSessionCache;
    }

    public String getPkceCodeChallengeMethod() {
        return this.pkceCodeChallengeMethod;
    }

    public /* bridge */ /* synthetic */ Key getPublicKey() throws Exception {
        return super.getPublicKey();
    }
}
