package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.jwt.JwtToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.OAuthClientUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/AuthorizationCodeAuthenticator.class */
public class AuthorizationCodeAuthenticator {
    public static final TraceComponent tc = Tr.register(AuthorizationCodeAuthenticator.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    HttpServletRequest request;
    HttpServletResponse response;
    String authzCode;
    SocialLoginConfig socialConfig;
    SSLSocketFactory sslSocketFactory;
    private Map<String, Object> tokens;

    @Sensitive
    private String accessToken;
    private String userApiResponse;
    private JwtToken jwt;
    private JwtToken issuedJwt;
    OAuthClientUtil clientUtil;
    TAIWebUtils taiWebUtils;
    TAIJwtUtils taiJwtUtils;
    TAIUserApiUtils userApiUtils;
    static final long serialVersionUID = 7771773945096654491L;

    public AuthorizationCodeAuthenticator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SocialLoginConfig socialLoginConfig) {
        this.request = null;
        this.response = null;
        this.authzCode = null;
        this.socialConfig = null;
        this.sslSocketFactory = null;
        this.tokens = new HashMap();
        this.accessToken = null;
        this.userApiResponse = null;
        this.jwt = null;
        this.issuedJwt = null;
        this.clientUtil = new OAuthClientUtil();
        this.taiWebUtils = new TAIWebUtils();
        this.taiJwtUtils = new TAIJwtUtils();
        this.userApiUtils = new TAIUserApiUtils();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.authzCode = str;
        this.socialConfig = socialLoginConfig;
    }

    public AuthorizationCodeAuthenticator(SocialLoginConfig socialLoginConfig, Map<String, Object> map) {
        this.request = null;
        this.response = null;
        this.authzCode = null;
        this.socialConfig = null;
        this.sslSocketFactory = null;
        this.tokens = new HashMap();
        this.accessToken = null;
        this.userApiResponse = null;
        this.jwt = null;
        this.issuedJwt = null;
        this.clientUtil = new OAuthClientUtil();
        this.taiWebUtils = new TAIWebUtils();
        this.taiJwtUtils = new TAIJwtUtils();
        this.userApiUtils = new TAIUserApiUtils();
        this.socialConfig = socialLoginConfig;
        this.tokens = map;
        this.accessToken = getAccessTokenFromTokens();
    }

    public AuthorizationCodeAuthenticator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig, @Sensitive String str, boolean z) {
        this.request = null;
        this.response = null;
        this.authzCode = null;
        this.socialConfig = null;
        this.sslSocketFactory = null;
        this.tokens = new HashMap();
        this.accessToken = null;
        this.userApiResponse = null;
        this.jwt = null;
        this.issuedJwt = null;
        this.clientUtil = new OAuthClientUtil();
        this.taiWebUtils = new TAIWebUtils();
        this.taiJwtUtils = new TAIJwtUtils();
        this.userApiUtils = new TAIUserApiUtils();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.socialConfig = socialLoginConfig;
        this.tokens.put("access_token", str);
    }

    @Sensitive
    public Map<String, Object> getTokens() {
        return this.tokens;
    }

    public String getUserApiResponse() {
        return this.userApiResponse;
    }

    @Sensitive
    public String getAccessToken() {
        return this.accessToken;
    }

    public JwtToken getJwt() {
        return this.jwt;
    }

    public JwtToken getIssuedJwt() {
        return this.issuedJwt;
    }

    public void generateJwtAndTokenInformation() throws SocialLoginException {
        createSslSocketFactory();
        getTokensFromTokenEndpoint();
        createJwtUserApiResponseAndIssuedJwtWithAppropriateToken();
    }

    public void generateJwtAndTokensFromAccessOrServiceAccountToken() throws SocialLoginException {
        createSslSocketFactory();
        createJwtUserApiResponseAndIssuedJwtWithAppropriateToken();
    }

    @FFDCIgnore({Exception.class})
    void createSslSocketFactory() throws SocialLoginException {
        try {
            this.sslSocketFactory = this.socialConfig.getSSLSocketFactory();
        } catch (Exception e) {
            throw createExceptionAndLogMessage(e, "AUTH_CODE_ERROR_SSL_CONTEXT", new Object[]{this.socialConfig.getUniqueId(), e.getLocalizedMessage()});
        }
    }

    void getTokensFromTokenEndpoint() throws SocialLoginException {
        try {
            this.tokens = getTokensUsingAuthzCode();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.AuthorizationCodeAuthenticator", "125", this, new Object[0]);
            throw createExceptionAndLogMessage(e, "AUTH_CODE_ERROR_GETTING_TOKENS", new Object[]{this.socialConfig.getUniqueId(), e.getLocalizedMessage()});
        }
    }

    Map<String, Object> getTokensUsingAuthzCode() throws SocialLoginException {
        return this.clientUtil.getTokensFromAuthzCode(this.socialConfig.getTokenEndpoint(), this.socialConfig.getClientId(), this.socialConfig.getClientSecret(), this.taiWebUtils.getRedirectUrl(this.request, this.socialConfig), this.authzCode, ClientConstants.AUTHORIZATION_CODE, this.sslSocketFactory, false, this.socialConfig.getTokenEndpointAuthMethod(), this.socialConfig.getResource(), this.socialConfig.getUseSystemPropertiesForHttpClientConnections());
    }

    public void createJwtUserApiResponseAndIssuedJwtWithAppropriateToken() throws SocialLoginException {
        String idTokenFromTokens = getIdTokenFromTokens();
        this.accessToken = getAccessTokenFromTokens();
        if (idTokenFromTokens == null) {
            createJwtUserApiResponseAndIssuedJwtFromUserApi();
        } else {
            createJwtUserApiResponseAndIssuedJwtFromIdToken(idTokenFromTokens);
        }
    }

    String getIdTokenFromTokens() {
        return (String) this.tokens.get(ClientConstants.ID_TOKEN);
    }

    @Sensitive
    String getAccessTokenFromTokens() {
        return (String) this.tokens.get("access_token");
    }

    void createJwtUserApiResponseAndIssuedJwtFromUserApi() throws SocialLoginException {
        createUserApiResponseFromAccessToken();
        createIssuedJwtFromUserApiResponse();
    }

    void createUserApiResponseFromAccessToken() throws SocialLoginException {
        this.userApiResponse = this.userApiUtils.getUserApiResponse(this.clientUtil, this.socialConfig, this.accessToken, this.sslSocketFactory);
        if (this.userApiResponse == null || this.userApiResponse.isEmpty()) {
            throw createExceptionAndLogMessage(null, "USER_API_RESPONSE_NULL_OR_EMPTY", new Object[]{this.socialConfig.getUniqueId()});
        }
    }

    void createIssuedJwtFromUserApiResponse() throws SocialLoginException {
        try {
            if (this.socialConfig.getJwtRef() != null) {
                this.issuedJwt = this.taiJwtUtils.createJwtTokenFromJson(this.userApiResponse, this.socialConfig, false);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.AuthorizationCodeAuthenticator", "184", this, new Object[0]);
            throw createExceptionAndLogMessage(e, "AUTH_CODE_FAILED_TO_CREATE_JWT", new Object[]{this.socialConfig.getUniqueId(), e.getLocalizedMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createJwtUserApiResponseAndIssuedJwtFromIdToken(String str) throws SocialLoginException {
        createJwtAndIssuedJwtFromIdToken(str);
        createUserApiResponseFromIdToken(str);
    }

    void createJwtAndIssuedJwtFromIdToken(String str) throws SocialLoginException {
        try {
            createJwtFromIdToken(str);
            createIssuedJwtFromIdToken(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.AuthorizationCodeAuthenticator", "198", this, new Object[]{str});
            throw createExceptionAndLogMessage(e, "AUTH_CODE_FAILED_TO_CREATE_JWT", new Object[]{this.socialConfig.getUniqueId(), e.getLocalizedMessage()});
        }
    }

    void createJwtFromIdToken(String str) throws SocialLoginException {
        this.jwt = this.taiJwtUtils.createJwtTokenFromIdToken(str, this.socialConfig.getUniqueId());
    }

    void createIssuedJwtFromIdToken(String str) throws Exception {
        if (this.socialConfig.getJwtRef() != null) {
            this.issuedJwt = this.taiJwtUtils.createJwtTokenFromJson(str, this.socialConfig, true);
        }
    }

    void createUserApiResponseFromIdToken(String str) {
        this.userApiResponse = JsonUtils.decodeFromBase64String(JsonUtils.getPayload(str));
    }

    SocialLoginException createExceptionAndLogMessage(Exception exc, String str, Object[] objArr) {
        SocialLoginException socialLoginException = new SocialLoginException(str, exc, objArr);
        socialLoginException.logErrorMessage();
        return socialLoginException;
    }
}
