package com.ibm.ws.security.mp.jwt.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.mp.jwt.MicroProfileJwtConfig;
import com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException;
import com.ibm.ws.security.mp.jwt.impl.MicroProfileJwtConfigImpl;
import com.ibm.ws.security.mp.jwt.impl.utils.ClientConstants;
import com.ibm.ws.security.mp.jwt.impl.utils.MicroProfileJwtTaiRequest;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/mp/jwt/tai/TAIRequestHelper.class */
public class TAIRequestHelper {
    private static TraceComponent tc = Tr.register(TAIRequestHelper.class, "MPJWT", "com.ibm.ws.security.mp.jwt.resources.MicroProfileJwtMessages");
    public static final String ATTRIBUTE_TAI_REQUEST = "MPJwtTaiRequest";
    private static final String Authorization_Header = "Authorization";
    private static final String APPLICATION_AUTH_METHOD = "com.ibm.ws.security.tai.appAuthType";
    public static final String REQ_METHOD_POST = "POST";
    public static final String REQ_CONTENT_TYPE_NAME = "Content-Type";
    public static final String REQ_CONTENT_TYPE_APP_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String AUTHN_TYPE = "MP-JWT";
    static final long serialVersionUID = -7289571863124519604L;

    @ManualTrace
    public MicroProfileJwtTaiRequest createMicroProfileJwtTaiRequestAndSetRequestAttribute(HttpServletRequest httpServletRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "createMicroProfileJwtTaiRequestAndSetRequestAttribute", new Object[]{httpServletRequest});
        }
        MicroProfileJwtTaiRequest microProfileJwtTaiRequest = new MicroProfileJwtTaiRequest(httpServletRequest);
        httpServletRequest.setAttribute("MPJwtTaiRequest", microProfileJwtTaiRequest);
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "createMicroProfileJwtTaiRequestAndSetRequestAttribute", microProfileJwtTaiRequest);
        }
        return microProfileJwtTaiRequest;
    }

    @ManualTrace
    public boolean requestShouldBeHandledByTAI(HttpServletRequest httpServletRequest, MicroProfileJwtTaiRequest microProfileJwtTaiRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "requestShouldBeHandledByTAI", new Object[]{httpServletRequest, microProfileJwtTaiRequest});
        }
        MicroProfileJwtTaiRequest taiRequestConfigInfo = setTaiRequestConfigInfo(httpServletRequest, getLoginHint(httpServletRequest), microProfileJwtTaiRequest);
        boolean z = false;
        MicroProfileJwtConfig microProfileJwtConfig = null;
        try {
            microProfileJwtConfig = taiRequestConfigInfo.getOnlyMatchingConfig();
        } catch (MpJwtProcessingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.tai.TAIRequestHelper", "84", this, new Object[]{httpServletRequest, taiRequestConfigInfo});
        }
        if (microProfileJwtConfig != null) {
            if (shouldDeferToJwtSso(httpServletRequest, microProfileJwtConfig)) {
                return false;
            }
            z = microProfileJwtConfig.ignoreApplicationAuthMethod() ? taiRequestConfigInfo.hasServices() : isMpJwtSpecifiedInLoginConfig(httpServletRequest);
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "requestShouldBeHandledByTAI", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean shouldDeferToJwtSso(HttpServletRequest httpServletRequest, MicroProfileJwtConfig microProfileJwtConfig) {
        if (!isJwtSsoFeatureActive(microProfileJwtConfig)) {
            return false;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Authorization header=", new Object[]{header});
        }
        return !(header != null && header.startsWith("Bearer "));
    }

    public boolean isJwtSsoFeatureActive(MicroProfileJwtConfig microProfileJwtConfig) {
        return microProfileJwtConfig.toString().contains("com.ibm.ws.security.jwtsso.internal.JwtSsoComponent");
    }

    private boolean isMpJwtSpecifiedInLoginConfig(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getAttribute(APPLICATION_AUTH_METHOD) == null) {
            String formatMessage = Tr.formatMessage(tc, "MPJWT_NOT_FOUND_IN_APPLICATION", new Object[]{AUTHN_TYPE, "null", MicroProfileJwtConfigImpl.CFG_KEY_IGNORE_APP_AUTH_METHOD, "false"});
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "isMpJwtSpecifiedInLoginConfig ", new Object[]{formatMessage});
            return false;
        }
        String str = (String) httpServletRequest.getAttribute(APPLICATION_AUTH_METHOD);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Auth method = ", new Object[]{str});
            Tr.debug(tc, "isMpJwtSpecifiedInLoginConfig ", new Object[]{Boolean.valueOf(AUTHN_TYPE.equals(str))});
        }
        if (!AUTHN_TYPE.equals(str)) {
            String formatMessage2 = Tr.formatMessage(tc, "MPJWT_NOT_FOUND_IN_APPLICATION", new Object[]{AUTHN_TYPE, str, MicroProfileJwtConfigImpl.CFG_KEY_IGNORE_APP_AUTH_METHOD, "false"});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isMpJwtSpecifiedInLoginConfig ", new Object[]{formatMessage2});
            }
        }
        return AUTHN_TYPE.equals(str);
    }

    @ManualTrace
    String getLoginHint(HttpServletRequest httpServletRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getLoginHint", new Object[]{httpServletRequest});
        }
        String loginHintFromHeaderOrParameter = getLoginHintFromHeaderOrParameter(httpServletRequest);
        if (loginHintFromHeaderOrParameter == null || loginHintFromHeaderOrParameter.isEmpty()) {
            loginHintFromHeaderOrParameter = null;
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getLoginHint", loginHintFromHeaderOrParameter);
        }
        return loginHintFromHeaderOrParameter;
    }

    @ManualTrace
    String getLoginHintFromHeaderOrParameter(HttpServletRequest httpServletRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getLoginHintFromHeaderOrParameter", new Object[]{httpServletRequest});
        }
        String header = httpServletRequest.getHeader(ClientConstants.LOGIN_HINT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "specifiedService(h) id:" + header, new Object[0]);
        }
        if (header == null || header.isEmpty()) {
            header = httpServletRequest.getParameter(ClientConstants.LOGIN_HINT);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "specifiedService(p) id:" + header, new Object[0]);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getLoginHintFromHeaderOrParameter", header);
        }
        return header;
    }

    @ManualTrace
    public String getBearerToken(HttpServletRequest httpServletRequest, MicroProfileJwtConfig microProfileJwtConfig) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getBearerToken", new Object[]{httpServletRequest, microProfileJwtConfig});
        }
        String bearerTokenFromHeader = getBearerTokenFromHeader(httpServletRequest);
        if (bearerTokenFromHeader == null) {
            bearerTokenFromHeader = getBearerTokenFromParameter(httpServletRequest);
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getBearerToken", bearerTokenFromHeader);
        }
        return bearerTokenFromHeader;
    }

    @ManualTrace
    String getBearerTokenFromHeader(HttpServletRequest httpServletRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getBearerTokenFromHeader", new Object[]{httpServletRequest});
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Authorization header=", new Object[]{header});
        }
        if (header != null && header.startsWith("Bearer ")) {
            header = header.substring("Bearer ".length());
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getBearerTokenFromHeader", header);
        }
        return header;
    }

    @ManualTrace
    String getBearerTokenFromParameter(HttpServletRequest httpServletRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getBearerTokenFromParameter", new Object[]{httpServletRequest});
        }
        String str = null;
        if (REQ_METHOD_POST.equalsIgnoreCase(httpServletRequest.getMethod())) {
            String header = httpServletRequest.getHeader(REQ_CONTENT_TYPE_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Request content type: " + header, new Object[0]);
            }
            if (REQ_CONTENT_TYPE_APP_FORM_URLENCODED.equals(header)) {
                str = httpServletRequest.getParameter("access_token");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getBearerTokenFromParameter", str);
        }
        return str;
    }

    @ManualTrace
    MicroProfileJwtTaiRequest setTaiRequestConfigInfo(HttpServletRequest httpServletRequest, String str, MicroProfileJwtTaiRequest microProfileJwtTaiRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setTaiRequestConfigInfo", new Object[]{httpServletRequest, str, microProfileJwtTaiRequest});
        }
        if (str != null) {
            MicroProfileJwtTaiRequest specificConfigTaiRequestInfo = setSpecificConfigTaiRequestInfo(httpServletRequest, str, microProfileJwtTaiRequest);
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "setTaiRequestConfigInfo", specificConfigTaiRequestInfo);
            }
            return specificConfigTaiRequestInfo;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Specific config ID not provided, so will set generic config information for MpJwtTaiRequest object", new Object[0]);
        }
        MicroProfileJwtTaiRequest genericAndFilteredConfigTaiRequestInfo = setGenericAndFilteredConfigTaiRequestInfo(httpServletRequest, microProfileJwtTaiRequest);
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setTaiRequestConfigInfo", genericAndFilteredConfigTaiRequestInfo);
        }
        return genericAndFilteredConfigTaiRequestInfo;
    }

    @ManualTrace
    MicroProfileJwtTaiRequest setGenericAndFilteredConfigTaiRequestInfo(HttpServletRequest httpServletRequest, MicroProfileJwtTaiRequest microProfileJwtTaiRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setGenericAndFilteredConfigTaiRequestInfo", new Object[]{httpServletRequest, microProfileJwtTaiRequest});
        }
        if (microProfileJwtTaiRequest == null) {
            microProfileJwtTaiRequest = createMicroProfileJwtTaiRequestAndSetRequestAttribute(httpServletRequest);
        }
        MicroProfileJwtTaiRequest genericAndFilteredConfigTaiRequestInfoFromConfigServices = setGenericAndFilteredConfigTaiRequestInfoFromConfigServices(httpServletRequest, microProfileJwtTaiRequest, getConfigServices());
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setGenericAndFilteredConfigTaiRequestInfo", genericAndFilteredConfigTaiRequestInfoFromConfigServices);
        }
        return genericAndFilteredConfigTaiRequestInfoFromConfigServices;
    }

    @ManualTrace
    MicroProfileJwtTaiRequest setGenericAndFilteredConfigTaiRequestInfoFromConfigServices(HttpServletRequest httpServletRequest, MicroProfileJwtTaiRequest microProfileJwtTaiRequest, Iterator<MicroProfileJwtConfig> it) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setGenericAndFilteredConfigTaiRequestInfoFromConfigServices", new Object[]{httpServletRequest, microProfileJwtTaiRequest, it});
        }
        if (it == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "setGenericAndFilteredConfigTaiRequestInfoFromConfigServices", microProfileJwtTaiRequest);
            }
            return microProfileJwtTaiRequest;
        }
        if (microProfileJwtTaiRequest == null) {
            microProfileJwtTaiRequest = createMicroProfileJwtTaiRequestAndSetRequestAttribute(httpServletRequest);
        }
        while (it.hasNext()) {
            microProfileJwtTaiRequest.addGenericConfig(it.next());
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setGenericAndFilteredConfigTaiRequestInfoFromConfigServices", microProfileJwtTaiRequest);
        }
        return microProfileJwtTaiRequest;
    }

    @ManualTrace
    MicroProfileJwtTaiRequest setSpecificConfigTaiRequestInfo(HttpServletRequest httpServletRequest, String str, MicroProfileJwtTaiRequest microProfileJwtTaiRequest) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setSpecificConfigTaiRequestInfo", new Object[]{httpServletRequest, str, microProfileJwtTaiRequest});
        }
        if (microProfileJwtTaiRequest == null) {
            microProfileJwtTaiRequest = createMicroProfileJwtTaiRequestAndSetRequestAttribute(httpServletRequest);
        }
        MicroProfileJwtConfig configAssociatedWithRequestAndId = getConfigAssociatedWithRequestAndId(httpServletRequest, str);
        if (configAssociatedWithRequestAndId == null) {
            microProfileJwtTaiRequest = handleNoMatchingConfiguration(str, microProfileJwtTaiRequest);
        } else {
            microProfileJwtTaiRequest.setSpecifiedConfig(configAssociatedWithRequestAndId);
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setSpecificConfigTaiRequestInfo", microProfileJwtTaiRequest);
        }
        return microProfileJwtTaiRequest;
    }

    MicroProfileJwtTaiRequest handleNoMatchingConfiguration(String str, MicroProfileJwtTaiRequest microProfileJwtTaiRequest) {
        String formatMessage = Tr.formatMessage(tc, "MPJWT_NO_SUCH_PROVIDER", new Object[]{str});
        Tr.error(tc, formatMessage, new Object[0]);
        microProfileJwtTaiRequest.setTaiException(new MpJwtProcessingException(formatMessage));
        return microProfileJwtTaiRequest;
    }

    @ManualTrace
    MicroProfileJwtConfig getConfigAssociatedWithRequestAndId(HttpServletRequest httpServletRequest, String str) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getConfigAssociatedWithRequestAndId", new Object[]{httpServletRequest, str});
        }
        MicroProfileJwtConfig config = getConfig(str);
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getConfigAssociatedWithRequestAndId", config);
        }
        return config;
    }

    Iterator<MicroProfileJwtConfig> getConfigServices() {
        return MicroProfileJwtTAI.getServices();
    }

    MicroProfileJwtConfig getConfig(String str) {
        return MicroProfileJwtTAI.getMicroProfileJwtConfig(str);
    }
}
