package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.productinfo.ProductInfo;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.cache.AuthCacheService;
import com.ibm.ws.security.authentication.filter.AuthenticationFilter;
import com.ibm.ws.security.openidconnect.clients.common.ConvergedClientConfig;
import com.ibm.ws.security.openidconnect.clients.common.OIDCClientAuthenticatorUtil;
import com.ibm.ws.security.openidconnect.clients.common.OidcClientRequest;
import com.ibm.ws.security.openidconnect.clients.common.OidcSessionUtils;
import com.ibm.ws.security.social.Constants;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.SocialLoginWebappConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl;
import com.ibm.ws.security.social.internal.OidcLoginConfigImpl;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.RequestUtil;
import com.ibm.ws.security.social.internal.utils.SocialTaiRequest;
import com.ibm.ws.security.social.twitter.TwitterConstants;
import com.ibm.ws.security.social.web.EndpointServices;
import com.ibm.ws.security.social.web.SelectionPageGenerator;
import com.ibm.ws.security.social.web.utils.ObscuredConfigIdManager;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.AuthResult;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.UnprotectedResourceService;
import com.ibm.ws.webcontainer.security.WebProviderAuthenticatorHelper;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
import com.ibm.wsspi.ssl.SSLSupport;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/SocialLoginTAI.class */
public class SocialLoginTAI implements TrustAssociationInterceptor, UnprotectedResourceService {
    protected static final String KEY_SERVICE_PID = "service.pid";
    protected static final String KEY_PROVIDER_ID = "id";
    protected static final String KEY_ID = "id";
    public static final String KEY_SOCIAL_LOGIN_CONFIG = "socialLoginConfig";
    public static final String KEY_SSL_SUPPORT = "sslSupport";
    static WebProviderAuthenticatorHelper authHelper;
    static final long serialVersionUID = -349073858207970054L;
    public static final TraceComponent tc = Tr.register(SocialLoginTAI.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    static final String KEY_LOCATION_ADMIN = "locationAdmin";
    static final AtomicServiceReference<WsLocationAdmin> locationAdminRef = new AtomicServiceReference<>(KEY_LOCATION_ADMIN);
    static final String KEY_AUTH_CACHE_SERVICE = "authCacheService";
    static final AtomicServiceReference<AuthCacheService> authCacheServiceRef = new AtomicServiceReference<>(KEY_AUTH_CACHE_SERVICE);
    static final String KEY_SECURITY_SERVICE = "securityService";
    static final AtomicServiceReference<SecurityService> securityServiceRef = new AtomicServiceReference<>(KEY_SECURITY_SERVICE);
    public static final String KEY_FILTER = "authFilter";
    protected static final ConcurrentServiceReferenceMap<String, AuthenticationFilter> authFilterServiceRef = new ConcurrentServiceReferenceMap<>(KEY_FILTER);
    protected static final ConcurrentServiceReferenceMap<String, SocialLoginConfig> socialLoginConfigRef = new ConcurrentServiceReferenceMap<>("socialLoginConfig");
    static final String KEY_SOCIAL_WEB_APP_SERVICE = "socialLoginWebappConfig";
    static final AtomicServiceReference<SocialLoginWebappConfig> socialWebappConfigRef = new AtomicServiceReference<>(KEY_SOCIAL_WEB_APP_SERVICE);
    static ObscuredConfigIdManager configIdManager = new ObscuredConfigIdManager();
    private static boolean issuedBetaMessage = false;
    protected AtomicServiceReference<SSLSupport> sslSupportRef = new AtomicServiceReference<>("sslSupport");
    TAIWebUtils taiWebUtils = new TAIWebUtils();
    TAIRequestHelper taiRequestHelper = new TAIRequestHelper();
    SocialWebUtils webUtils = new SocialWebUtils();

    protected void setSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setSslSupport service.pid:" + serviceReference.getProperty(KEY_SERVICE_PID), new Object[0]);
        }
    }

    protected void updatedSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "updatedtSslSupport service.pid:" + serviceReference.getProperty(KEY_SERVICE_PID), new Object[0]);
        }
    }

    protected void unsetSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.unsetReference(serviceReference);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unsetSslSupport service.pid:" + serviceReference.getProperty(KEY_SERVICE_PID), new Object[0]);
        }
    }

    public void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        securityServiceRef.setReference(serviceReference);
    }

    public void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        securityServiceRef.unsetReference(serviceReference);
    }

    protected void setAuthFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        String str = (String) serviceReference.getProperty(KEY_SERVICE_PID);
        synchronized (authFilterServiceRef) {
            authFilterServiceRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " setFilter pid:" + str, new Object[0]);
        }
    }

    protected void updatedAuthFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        String str = (String) serviceReference.getProperty(KEY_SERVICE_PID);
        synchronized (authFilterServiceRef) {
            authFilterServiceRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " setFilter pid:" + str, new Object[0]);
        }
    }

    protected void unsetAuthFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        String str = (String) serviceReference.getProperty(KEY_SERVICE_PID);
        synchronized (authFilterServiceRef) {
            authFilterServiceRef.removeReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " unsetFilter pid:" + str, new Object[0]);
        }
    }

    public static AuthenticationFilter getAuthFilter(String str) {
        return (AuthenticationFilter) authFilterServiceRef.getService(str);
    }

    protected void setSocialLoginConfig(ServiceReference<SocialLoginConfig> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (socialLoginConfigRef) {
            socialLoginConfigRef.putReference(str, serviceReference);
        }
        trackSocialLoginId(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " setSocialLoginConfig id:" + str + " Number of references is now: " + socialLoginConfigRef.size(), new Object[0]);
        }
    }

    protected void updatedSocialLoginConfig(ServiceReference<SocialLoginConfig> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (socialLoginConfigRef) {
            socialLoginConfigRef.putReference(str, serviceReference);
        }
        trackSocialLoginId(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " updateSocialLoginConfig id:" + str, new Object[0]);
        }
    }

    protected void unsetSocialLoginConfig(ServiceReference<SocialLoginConfig> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (socialLoginConfigRef) {
            socialLoginConfigRef.removeReference(str, serviceReference);
        }
        untrackSocialLoginId(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " unsetSocialLoginConfig id:" + str, new Object[0]);
        }
    }

    void trackSocialLoginId(String str) {
        configIdManager.addId(str);
    }

    void untrackSocialLoginId(String str) {
        configIdManager.removeId(str);
    }

    public static String getObscuredIdFromConfigId(String str) {
        return configIdManager.getObscuredIdFromConfigId(str);
    }

    public static String getConfigIdFromObscuredId(String str) {
        return configIdManager.getConfigIdFromObscuredId(str);
    }

    public static SocialLoginConfig getSocialLoginConfig(String str) {
        return (SocialLoginConfig) socialLoginConfigRef.getService(str);
    }

    protected void setLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        locationAdminRef.setReference(serviceReference);
    }

    protected void unsetLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        locationAdminRef.unsetReference(serviceReference);
    }

    protected void setAuthCacheService(ServiceReference<AuthCacheService> serviceReference) {
        authCacheServiceRef.setReference(serviceReference);
    }

    protected void unsetAuthCacheService(ServiceReference<AuthCacheService> serviceReference) {
        authCacheServiceRef.unsetReference(serviceReference);
    }

    public void setSocialLoginWebappConfig(ServiceReference<SocialLoginWebappConfig> serviceReference) {
        socialWebappConfigRef.setReference(serviceReference);
    }

    public void unsetSocialLoginWebappConfig(ServiceReference<SocialLoginWebappConfig> serviceReference) {
        socialWebappConfigRef.unsetReference(serviceReference);
    }

    public static SocialLoginWebappConfig getSocialLoginWebappConfig() {
        return (SocialLoginWebappConfig) socialWebappConfigRef.getService();
    }

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        synchronized (authFilterServiceRef) {
            this.sslSupportRef.activate(componentContext);
            authFilterServiceRef.activate(componentContext);
        }
        synchronized (socialLoginConfigRef) {
            socialLoginConfigRef.activate(componentContext);
        }
        locationAdminRef.activate(componentContext);
        authCacheServiceRef.activate(componentContext);
        securityServiceRef.activate(componentContext);
        socialWebappConfigRef.activate(componentContext);
        authHelper = new WebProviderAuthenticatorHelper(securityServiceRef);
        EndpointServices.setActivatedSocialLoginConfigRef(socialLoginConfigRef);
        EndpointServices.setActivatedSecurityServiceRef(securityServiceRef);
        RequestUtil.setSocialLoginConfigRef(socialLoginConfigRef);
    }

    @Modified
    protected void modified(ComponentContext componentContext, Map<String, Object> map) {
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        synchronized (authFilterServiceRef) {
            this.sslSupportRef.deactivate(componentContext);
            authFilterServiceRef.deactivate(componentContext);
        }
        synchronized (socialLoginConfigRef) {
            for (String str : socialLoginConfigRef.keySet()) {
                socialLoginConfigRef.removeReference(str, socialLoginConfigRef.getReference(str));
            }
            socialLoginConfigRef.deactivate(componentContext);
        }
        locationAdminRef.deactivate(componentContext);
        authCacheServiceRef.deactivate(componentContext);
        securityServiceRef.deactivate(componentContext);
        socialWebappConfigRef.deactivate(componentContext);
    }

    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        return this.taiRequestHelper.requestShouldBeHandledByTAI(httpServletRequest, this.taiRequestHelper.createSocialTaiRequestAndSetRequestAttribute(httpServletRequest));
    }

    public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WebTrustAssociationFailedException {
        TAIResult create = TAIResult.create(403);
        SocialTaiRequest socialTaiRequest = (SocialTaiRequest) httpServletRequest.getAttribute(Constants.ATTRIBUTE_TAI_REQUEST);
        if (socialTaiRequest != null) {
            return getAssociatedConfigAndHandleRequest(httpServletRequest, httpServletResponse, socialTaiRequest, create);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request is missing SocialTaiRequest attribute.", new Object[0]);
        }
        return this.taiWebUtils.sendToErrorPage(httpServletResponse, create);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FFDCIgnore({SocialLoginException.class})
    public TAIResult getAssociatedConfigAndHandleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialTaiRequest socialTaiRequest, TAIResult tAIResult) throws WebTrustAssociationFailedException {
        try {
            return handleRequestBasedOnSocialLoginConfig(httpServletRequest, httpServletResponse, socialTaiRequest.getTheOnlySocialLoginConfig(), tAIResult);
        } catch (SocialLoginException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "A unique social login config wasn't found for this request. Exception was " + e.getMessage(), new Object[0]);
            }
            return displaySocialMediaSelectionPage(httpServletRequest, httpServletResponse, socialTaiRequest);
        }
    }

    TAIResult displaySocialMediaSelectionPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialTaiRequest socialTaiRequest) throws WebTrustAssociationFailedException {
        try {
            getSelectionPageGenerator().displaySelectionPage(httpServletRequest, httpServletResponse, socialTaiRequest);
            return TAIResult.create(403);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.SocialLoginTAI", "359", this, new Object[]{httpServletRequest, httpServletResponse, socialTaiRequest});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(403));
        }
    }

    SelectionPageGenerator getSelectionPageGenerator() {
        return new SelectionPageGenerator();
    }

    TAIResult handleRequestBasedOnSocialLoginConfig(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig, TAIResult tAIResult) throws WebTrustAssociationFailedException {
        if (socialLoginConfig != null) {
            removeCachedDataFromLocalAuthentication(httpServletRequest, httpServletResponse);
            return isTwitterConfig(socialLoginConfig) ? handleTwitterLoginRequest(httpServletRequest, httpServletResponse, socialLoginConfig) : socialLoginConfig instanceof OidcLoginConfigImpl ? handleOidc(httpServletRequest, httpServletResponse, (OidcLoginConfigImpl) socialLoginConfig) : handleOAuthLoginRequest(httpServletRequest, httpServletResponse, socialLoginConfig);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Client config for request could not be found. An error must have occurred initializing this request.", new Object[0]);
        }
        return this.taiWebUtils.sendToErrorPage(httpServletResponse, tAIResult);
    }

    void removeCachedDataFromLocalAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.webUtils.removeRequestUrlAndParameters(httpServletRequest, httpServletResponse);
    }

    boolean isTwitterConfig(SocialLoginConfig socialLoginConfig) {
        return socialLoginConfig.getClass().getName().contains(TwitterConstants.TWITTER_CONFIG_CLASS);
    }

    public int initialize(Properties properties) throws WebTrustAssociationFailedException {
        return 0;
    }

    public String getVersion() {
        return null;
    }

    public String getType() {
        return null;
    }

    public void cleanup() {
    }

    public boolean isAuthenticationRequired(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Context path:" + contextPath, new Object[0]);
        return false;
    }

    public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "logout() userName:" + str, new Object[0]);
        }
        synchronized (socialLoginConfigRef) {
            Iterator services = socialLoginConfigRef.getServices();
            while (services.hasNext()) {
                SocialLoginConfig socialLoginConfig = (SocialLoginConfig) services.next();
                if ((socialLoginConfig instanceof OidcLoginConfigImpl) && isRunningBetaMode()) {
                    OidcSessionUtils.removeOidcSession(httpServletRequest, httpServletResponse, (OidcLoginConfigImpl) socialLoginConfig);
                }
            }
        }
        return false;
    }

    boolean isRunningBetaMode() {
        if (!ProductInfo.getBetaEdition()) {
            return false;
        }
        if (issuedBetaMessage) {
            return true;
        }
        Tr.info(tc, "BETA: A beta method has been invoked for the class " + getClass().getName() + " for the first time.", new Object[0]);
        issuedBetaMessage = !issuedBetaMessage;
        return true;
    }

    TAIResult handleOAuthLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        return getOAuthLoginFlow().handleOAuthRequest(httpServletRequest, httpServletResponse, socialLoginConfig);
    }

    OAuthLoginFlow getOAuthLoginFlow() {
        return new OAuthLoginFlow();
    }

    TAIResult handleTwitterLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        return getTwitterLoginFlow().handleTwitterRequest(httpServletRequest, httpServletResponse, socialLoginConfig);
    }

    TwitterLoginFlow getTwitterLoginFlow() {
        return new TwitterLoginFlow();
    }

    TAIResult handleOidc(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OidcLoginConfigImpl oidcLoginConfigImpl) throws WebTrustAssociationFailedException {
        if (!isConfigValid(oidcLoginConfigImpl)) {
            return TAIResult.create(403);
        }
        OIDCClientAuthenticatorUtil oIDCClientAuthenticatorUtil = new OIDCClientAuthenticatorUtil((SSLSupport) this.sslSupportRef.getService());
        httpServletRequest.setAttribute(ClientConstants.ATTRIB_OIDC_CLIENT_REQUEST, new OidcClientRequest(httpServletRequest, httpServletResponse, oidcLoginConfigImpl, (ReferrerURLCookieHandler) null));
        ProviderAuthenticationResult authenticate = oIDCClientAuthenticatorUtil.authenticate(httpServletRequest, httpServletResponse, oidcLoginConfigImpl);
        discoverOPAgain(authenticate, oidcLoginConfigImpl);
        if (authenticate.getStatus().compareTo(AuthResult.REDIRECT_TO_PROVIDER) == 0) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.event(tc, "redirecting to provider, javascript redirect supported = " + oidcLoginConfigImpl.isClientSideRedirect(), new Object[0]);
            }
            if (!oidcLoginConfigImpl.isClientSideRedirect()) {
                try {
                    httpServletResponse.sendRedirect(authenticate.getRedirectUrl());
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.SocialLoginTAI", "518", this, new Object[]{httpServletRequest, httpServletResponse, oidcLoginConfigImpl});
                }
            }
            return TAIResult.create(403);
        }
        if (authenticate.getStatus().compareTo(AuthResult.SUCCESS) != 0) {
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
        }
        String str = (String) authenticate.getCustomProperties().get(ClientConstants.ID_TOKEN);
        AuthorizationCodeAuthenticator authorizationCodeAuthenticator = new AuthorizationCodeAuthenticator(oidcLoginConfigImpl, authenticate.getCustomProperties());
        try {
            authorizationCodeAuthenticator.createJwtUserApiResponseAndIssuedJwtFromIdToken(str);
            TAISubjectUtils tAISubjectUtils = getTAISubjectUtils(authorizationCodeAuthenticator);
            String str2 = (String) authenticate.getCustomProperties().get("userinfo_string");
            if (str2 != null) {
                tAISubjectUtils.setUserInfo(str2);
            }
            TAIResult createResult = tAISubjectUtils.createResult(httpServletResponse, oidcLoginConfigImpl);
            this.taiWebUtils.restorePostParameters(httpServletRequest);
            return createResult;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.SocialLoginTAI", "544", this, new Object[]{httpServletRequest, httpServletResponse, oidcLoginConfigImpl});
            Tr.error(tc, "AUTH_CODE_ERROR_CREATING_RESULT", new Object[]{oidcLoginConfigImpl.getUniqueId(), e2.getLocalizedMessage()});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
        }
    }

    private void discoverOPAgain(ProviderAuthenticationResult providerAuthenticationResult, OidcLoginConfigImpl oidcLoginConfigImpl) {
        if (oidcLoginConfigImpl.isDiscoveryInUse()) {
            if (providerAuthenticationResult.getStatus().compareTo(AuthResult.SUCCESS) == 0) {
                oidcLoginConfigImpl.setNextDiscoveryTime();
            } else if (System.currentTimeMillis() > oidcLoginConfigImpl.getNextDiscoveryTime()) {
                oidcLoginConfigImpl.handleDiscoveryEndpoint(oidcLoginConfigImpl.getDiscoveryEndpointUrl());
            }
        }
    }

    boolean isConfigValid(ConvergedClientConfig convergedClientConfig) {
        boolean z = true;
        String clientId = convergedClientConfig.getClientId();
        String clientSecret = convergedClientConfig.getClientSecret();
        String tokenEndpointAuthMethod = convergedClientConfig.getTokenEndpointAuthMethod();
        String authorizationEndpointUrl = convergedClientConfig.getAuthorizationEndpointUrl();
        convergedClientConfig.getJwkEndpointUrl();
        if (clientId == null || clientId.length() == 0) {
            Tr.error(tc, "INVALID_CONFIG_PARAM", new Object[]{Oauth2LoginConfigImpl.KEY_clientId, clientId});
            z = false;
        }
        if (!"private_key_jwt".equals(tokenEndpointAuthMethod) && (clientSecret == null || clientSecret.isEmpty())) {
            Tr.error(tc, "INVALID_CONFIG_PARAM", new Object[]{Oauth2LoginConfigImpl.KEY_clientSecret, ""});
            z = false;
        }
        if (authorizationEndpointUrl == null || authorizationEndpointUrl.length() == 0 || !authorizationEndpointUrl.toLowerCase().startsWith("http")) {
            Tr.error(tc, "INVALID_CONFIG_PARAM", new Object[]{Oauth2LoginConfigImpl.KEY_authorizationEndpoint, authorizationEndpointUrl});
            z = false;
        }
        return z;
    }

    TAISubjectUtils getTAISubjectUtils(AuthorizationCodeAuthenticator authorizationCodeAuthenticator) {
        return new TAISubjectUtils(authorizationCodeAuthenticator);
    }

    public boolean postLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return false;
    }
}
