package com.ibm.ws.security.jwtsso.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.jwt.JwtToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.jwt.utils.TokenBuilder;
import com.ibm.ws.security.mp.jwt.MicroProfileJwtConfig;
import com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException;
import com.ibm.ws.security.mp.jwt.impl.DefaultJsonWebTokenImpl;
import com.ibm.ws.security.mp.jwt.tai.MicroProfileJwtTAI;
import com.ibm.ws.security.mp.jwt.tai.TAIJwtUtils;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.microprofile.jwt.JsonWebToken;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/jwtsso/utils/JwtSsoTokenUtils.class */
public class JwtSsoTokenUtils {
    private static TraceComponent tc = Tr.register(JwtSsoTokenUtils.class);
    String builderId;
    String consumerId;
    boolean isValid;
    MicroProfileJwtTAI mpjwttai;
    TAIJwtUtils taiJwtUtils;
    static final long serialVersionUID = 6984400432103815896L;

    public JwtSsoTokenUtils() {
        this.builderId = null;
        this.consumerId = null;
        this.isValid = true;
        this.mpjwttai = null;
        this.taiJwtUtils = new TAIJwtUtils();
    }

    public JwtSsoTokenUtils(String str) {
        this.builderId = null;
        this.consumerId = null;
        this.isValid = true;
        this.mpjwttai = null;
        this.taiJwtUtils = new TAIJwtUtils();
        this.builderId = str;
    }

    public JwtSsoTokenUtils(String str, AtomicServiceReference<TrustAssociationInterceptor> atomicServiceReference) {
        this.builderId = null;
        this.consumerId = null;
        this.isValid = true;
        this.mpjwttai = null;
        this.taiJwtUtils = new TAIJwtUtils();
        this.consumerId = str;
        MicroProfileJwtTAI microProfileJwtTAI = (TrustAssociationInterceptor) atomicServiceReference.getService();
        if (microProfileJwtTAI instanceof MicroProfileJwtTAI) {
            this.mpjwttai = microProfileJwtTAI;
        }
    }

    public boolean isValid() {
        return this.isValid;
    }

    public JsonWebToken buildTokenFromSecuritySubject() throws Exception {
        Subject runAsSubject = WSSubject.getRunAsSubject();
        Iterator<Principal> it = runAsSubject.getPrincipals().iterator();
        while (it.hasNext()) {
            JsonWebToken jsonWebToken = (Principal) it.next();
            if (jsonWebToken instanceof JsonWebToken) {
                return jsonWebToken;
            }
        }
        return buildTokenFromSecuritySubject(runAsSubject);
    }

    public JsonWebToken buildTokenFromSecuritySubject(Subject subject) throws Exception {
        if (!this.isValid) {
            return null;
        }
        TokenBuilder tokenBuilder = new TokenBuilder();
        SubjectUtil subjectUtil = new SubjectUtil(subject);
        String customCacheKey = subjectUtil.getCustomCacheKey();
        String customAuthProvider = subjectUtil.getCustomAuthProvider();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "custom values, cck : ", new Object[]{customCacheKey});
            Tr.debug(tc, "custom values, apr : ", new Object[]{customAuthProvider});
        }
        String createTokenString = tokenBuilder.createTokenString(this.builderId, subject, customCacheKey, customAuthProvider);
        if (createTokenString == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "returning null because tokenString was null, creation failed.", new Object[0]);
            return null;
        }
        String userName = tokenBuilder.getUserName(subject);
        if (userName != null && userName.compareTo(JwtSsoConstants.UNAUTHENTICATED) != 0) {
            return new DefaultJsonWebTokenImpl(createTokenString, "JWT", userName);
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "returning null because username = " + userName, new Object[0]);
        return null;
    }

    private boolean checkForClaim(JsonWebToken jsonWebToken, String str) {
        return jsonWebToken.containsClaim(str);
    }

    public Subject handleJwtSsoTokenValidation(String str) throws Exception {
        return handleValidationUsingMPjwtConsumer(str);
    }

    public Subject handleJwtSsoTokenValidationWithSubject(Subject subject, String str) throws Exception {
        if (recreateJwt(str) == null) {
            return null;
        }
        subject.getPrincipals().add(new DefaultJsonWebTokenImpl(str, "JWT", new TokenBuilder().getUserName(subject)));
        return subject;
    }

    private Subject handleValidationUsingMPjwtConsumer(String str) throws Exception {
        return this.mpjwttai.handleMicroProfileJwtValidation((HttpServletRequest) null, (HttpServletResponse) null, getMpJwtConsumer(), str, true).getSubject();
    }

    protected JwtToken recreateJwt(String str) throws Exception {
        JwtToken jwtToken = null;
        try {
            jwtToken = this.taiJwtUtils.createJwt(str, getMpJwtConsumer().getUniqueId());
        } catch (MpJwtProcessingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwtsso.utils.JwtSsoTokenUtils", "204", this, new Object[]{str});
        }
        return jwtToken;
    }

    private MicroProfileJwtConfig getMpJwtConsumer() throws MpJwtProcessingException {
        MicroProfileJwtTAI microProfileJwtTAI = this.mpjwttai;
        Iterator services = MicroProfileJwtTAI.getServices();
        boolean z = false;
        int i = 0;
        String str = "";
        String str2 = null;
        while (services.hasNext()) {
            MicroProfileJwtConfig microProfileJwtConfig = (MicroProfileJwtConfig) services.next();
            if (!microProfileJwtConfig.toString().contains("com.ibm.ws.security.jwtsso.internal.JwtSsoComponent")) {
                z = true;
                str2 = microProfileJwtConfig.getUniqueId();
                str = str.concat(str2).concat(" ");
                i++;
            }
        }
        if (i > 1) {
            String formatMessage = Tr.formatMessage(tc, "TOO_MANY_MP_JWT_PROVIDERS", new Object[]{str});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage);
        }
        if (z) {
            this.consumerId = str2;
        }
        MicroProfileJwtTAI microProfileJwtTAI2 = this.mpjwttai;
        MicroProfileJwtConfig microProfileJwtConfig2 = MicroProfileJwtTAI.getMicroProfileJwtConfig(this.consumerId);
        if (microProfileJwtConfig2 != null) {
            return microProfileJwtConfig2;
        }
        String formatMessage2 = Tr.formatMessage(tc, "MPJWT_CONSUMER_CONFIG_NOT_FOUND", new Object[]{this.consumerId});
        Tr.error(tc, formatMessage2, new Object[0]);
        throw new MpJwtProcessingException(formatMessage2);
    }

    public boolean isJwtValid(String str) {
        try {
            return recreateJwt(str) != null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwtsso.utils.JwtSsoTokenUtils", "248", this, new Object[]{str});
            return false;
        }
    }

    public String getCustomCacheKeyFromToken(String str) {
        String str2 = null;
        String decodedPayload = decodedPayload(str);
        if (decodedPayload != null) {
            str2 = (String) getClaim(decodedPayload, Constants.CCK_CLAIM);
        }
        return str2;
    }

    private Object getClaim(String str, String str2) {
        try {
            return JsonUtils.claimFromJsonObject(str, str2);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwtsso.utils.JwtSsoTokenUtils", "266", this, new Object[]{str, str2});
            return null;
        }
    }

    public String decodedPayload(String str) {
        if (str != null) {
            return JsonUtils.decodeFromBase64String(JsonUtils.getPayload(str));
        }
        return null;
    }
}
