package com.ibm.oauth.core.internal.oauth20.granttype.impl;

import com.ibm.oauth.core.api.OAuthConstants;
import com.ibm.oauth.core.api.attributes.Attribute;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.InvalidGrantException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20Exception;
import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.oauth.core.internal.oauth20.OAuth20Util;
import com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler;
import com.ibm.oauth.core.internal.oauth20.token.OAuth20TokenFactory;
import com.ibm.oauth.core.internal.oauth20.token.OAuth20TokenHelper;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServerConfig;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/oauth/core/internal/oauth20/granttype/impl/OAuth20GrantTypeHandlerAppTokenAndPasswordImpl.class */
public class OAuth20GrantTypeHandlerAppTokenAndPasswordImpl implements OAuth20GrantTypeHandler {
    static final String CLASS = OAuth20GrantTypeHandlerAppTokenAndPasswordImpl.class.getName();
    private static Logger _log = Logger.getLogger(CLASS);
    static final ArrayList<String> _emptyList = new ArrayList<>();
    String grant_type;
    OAuth20Provider oauth20Config;

    public OAuth20GrantTypeHandlerAppTokenAndPasswordImpl(String str, OAuth20Provider oAuth20Provider) {
        this.grant_type = str;
        this.oauth20Config = oAuth20Provider;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler
    public List<String> getKeysGrantType(@Sensitive AttributeList attributeList) throws OAuthException {
        return _emptyList;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler
    @FFDCIgnore({InvalidGrantException.class})
    public void validateRequestGrantType(@Sensitive AttributeList attributeList, List<OAuth20Token> list) throws OAuthException {
        boolean isLoggable = _log.isLoggable(Level.FINEST);
        _log.entering(CLASS, "validateRequestGrantType");
        if (isLoggable) {
            for (Attribute attribute : attributeList.getAllAttributes()) {
                _log.logp(Level.FINEST, CLASS, "validateRequestGrantType", "attrib: " + attribute.getName() + " :" + attribute.toString());
            }
        }
        attributeList.getAttributeValueByName("client_id");
        attributeList.getAttributeValueByName("client_secret");
        getOidcServerConfig(attributeList);
        try {
            verifyAccessToken(getTokenString(attributeList));
        } catch (InvalidGrantException e) {
            throw e;
        } catch (Exception e2) {
            String message = e2.getMessage();
            if (message == null || message.isEmpty()) {
                message = e2.toString();
            }
            throw new InvalidGrantException(message, e2);
        }
    }

    private boolean verifyAccessToken(String str) throws InvalidGrantException {
        return true;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler
    public List<OAuth20Token> buildTokensGrantType(AttributeList attributeList, OAuth20TokenFactory oAuth20TokenFactory, List<OAuth20Token> list) {
        boolean isLoggable = _log.isLoggable(Level.FINEST);
        ArrayList arrayList = new ArrayList();
        String attributeValueByName = attributeList.getAttributeValueByName("client_id");
        String attributeValueByName2 = attributeList.getAttributeValueByName("username");
        String[] attributeValuesByNameAndType = attributeList.getAttributeValuesByNameAndType("scope", OAuth20Constants.ATTRTYPE_PARAM_OAUTH_REQUEST);
        String str = null;
        if ("app_password".equals(this.grant_type)) {
            str = OAuth20Constants.APP_PASSWORD_STATE_ID;
        } else if ("app_token".equals(this.grant_type)) {
            str = OAuth20Constants.APP_TOKEN_STATE_ID;
        }
        String[] attributeValuesByNameAndType2 = attributeList.getAttributeValuesByNameAndType(OAuth20Constants.REDIRECT_URI, OAuthConstants.ATTRTYPE_PARAM_OAUTH);
        Map<String, String[]> buildTokenMap = oAuth20TokenFactory.buildTokenMap(attributeValueByName, attributeValueByName2, attributeValuesByNameAndType2 == null ? null : attributeValuesByNameAndType2.length > 0 ? attributeValuesByNameAndType2[0] : null, str, attributeValuesByNameAndType, (OAuth20Token) null, this.grant_type);
        if (this.oauth20Config != null) {
            buildTokenMap.put("com.ibm.wsspi.security.oidc.external.claims:app_id", new String[]{OAuth20Util.getRandom(this.oauth20Config.getAccessTokenLength())});
            if ("app_password".equals(this.grant_type)) {
                buildTokenMap.put(OAuth20Constants.LIFETIME, new String[]{"" + this.oauth20Config.getAppPasswordLifetime()});
            } else {
                buildTokenMap.put(OAuth20Constants.LIFETIME, new String[]{"" + this.oauth20Config.getAppTokenLifetime()});
            }
        }
        OAuth20Util.populateJwtAccessTokenData(attributeList, buildTokenMap);
        buildTokenMap.put(OAuth20Constants.PROXY_HOST, new String[]{attributeList.getAttributeValueByName(OAuth20Constants.PROXY_HOST)});
        OAuth20TokenHelper.getExternalClaims(buildTokenMap, attributeList);
        OAuth20Token createAccessTokenAsAppPasswordOrToken = oAuth20TokenFactory.createAccessTokenAsAppPasswordOrToken(buildTokenMap);
        if (isLoggable) {
            _log.logp(Level.FINEST, CLASS, "buildTokensGrantType", "access token is " + createAccessTokenAsAppPasswordOrToken);
        }
        if (createAccessTokenAsAppPasswordOrToken != null) {
            arrayList.add(createAccessTokenAsAppPasswordOrToken);
        }
        return arrayList;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler
    public void buildResponseGrantType(AttributeList attributeList, List<OAuth20Token> list) {
        _log.isLoggable(Level.FINEST);
        try {
            for (OAuth20Token oAuth20Token : list) {
                String type = oAuth20Token.getType();
                if ("access_token".equals(type)) {
                    handleAccessToken(attributeList, oAuth20Token);
                } else {
                    _log.logp(Level.FINEST, CLASS, "buildResponseGrantType", "Unknown token type:'" + type + "'");
                }
            }
            _log.exiting(CLASS, "buildResponseGrantType");
        } catch (Throwable th) {
            _log.exiting(CLASS, "buildResponseGrantType");
            throw th;
        }
    }

    public void handleAccessToken(AttributeList attributeList, OAuth20Token oAuth20Token) {
        attributeList.setAttribute(this.grant_type, OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{oAuth20Token.getTokenString()});
        attributeList.setAttribute(OAuth20Constants.APP_ID, OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{oAuth20Token.getExtensionProperty("com.ibm.wsspi.security.oidc.external.claims:app_id")[0]});
        attributeList.setAttribute(OAuth20Constants.CREATED_AT, OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{"" + oAuth20Token.getCreatedAt()});
        attributeList.setAttribute(OAuth20Constants.EXPIRES_AT, OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{"" + (oAuth20Token.getCreatedAt() + (oAuth20Token.getLifetimeSeconds() * 1000))});
    }

    protected String convertToString(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer("");
        boolean z = true;
        for (String str : strArr) {
            if (!z) {
                stringBuffer.append(" ");
            }
            stringBuffer.append(str);
            z = false;
        }
        return stringBuffer.toString();
    }

    protected void verifyJwtSub(String str) throws OAuth20Exception {
        if (str == null) {
            throw new InvalidGrantException("JWT_TOKEN_MISS_REQUIRED_CLAIM_ERR", null);
        }
    }

    public String getString(Object obj) {
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        if (!(obj instanceof String[])) {
            return obj.toString();
        }
        String[] strArr = (String[]) obj;
        if (strArr.length > 0) {
            return strArr[0];
        }
        return null;
    }

    protected OidcServerConfig getOidcServerConfig(AttributeList attributeList) throws OAuthException {
        return OAuth20Constants.REQUEST_FEATURE_OAUTH2.equals(attributeList.getAttributeValueByName(OAuth20Constants.REQUEST_FEATURE)) ? null : null;
    }

    protected String getTokenString(AttributeList attributeList) throws OAuthException {
        String[] attributeValuesByName = attributeList.getAttributeValuesByName("access_token");
        if (attributeValuesByName == null || attributeValuesByName.length < 1 || attributeValuesByName[0].isEmpty()) {
            throw new InvalidGrantException("JWT_TOKEN_NO_TOKEN_EXTERNAL_ERR", null);
        }
        if (attributeValuesByName.length > 1) {
            throw new InvalidGrantException("JWT_TOKEN_TOO_MANY_TOKENS_ERR", null);
        }
        return attributeValuesByName[0];
    }

    protected String[] getStrings(Object obj) {
        if (obj == null || (obj instanceof String[])) {
            return (String[]) obj;
        }
        if (obj instanceof String) {
            return new String[]{(String) obj};
        }
        if (!(obj instanceof List)) {
            return obj instanceof Object ? new String[]{obj.toString()} : new String[0];
        }
        List list = (List) obj;
        String[] strArr = new String[list.size()];
        int i = 0;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = it.next().toString();
        }
        return strArr;
    }
}
