package com.ibm.ws.security.oauth20.util;

import com.google.gson.JsonArray;
import com.ibm.json.java.JSONObject;
import com.ibm.oauth.core.api.OAuthConstants;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.error.OAuthConfigurationException;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20Exception;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.exception.OAuth20BadParameterException;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/oauth20/util/OAuth20ProviderUtils.class */
public class OAuth20ProviderUtils {
    private static TraceComponent tc = Tr.register(OAuth20ProviderUtils.class, "OAUTH", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    protected static String OAuthConfigFileDir = null;
    public static final String AUTHENTICATE_HDR = "WWW-Authenticate";
    static final long serialVersionUID = -4998153886747493417L;

    @ManualTrace
    public static Object processClass(String str, String str2, Class<?> cls, ClassLoader classLoader) throws OAuthException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "processClass", new Object[]{str, str2, cls, classLoader});
        }
        try {
            if (str == null) {
                throw new OAuthConfigurationException("security.oauth.error.config.notspecified.exception", str2, "null", null);
            }
            try {
                Object newInstance = classLoader.loadClass(str).newInstance();
                if (!cls.isAssignableFrom(newInstance.getClass())) {
                    throw new OAuthConfigurationException("security.oauth.error.classmismatch.exception", str2, cls.getName(), null);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "processClass");
                }
                return newInstance;
            } catch (ClassNotFoundException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.util.OAuth20ProviderUtils", "67", (Object) null, new Object[]{str, str2, cls, classLoader});
                throw new OAuthConfigurationException("security.oauth.error.classinstantiation.exception", str2, str, e);
            } catch (IllegalAccessException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.util.OAuth20ProviderUtils", "69", (Object) null, new Object[]{str, str2, cls, classLoader});
                throw new OAuthConfigurationException("security.oauth.error.classinstantiation.exception", str2, str, e2);
            } catch (InstantiationException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.oauth20.util.OAuth20ProviderUtils", "71", (Object) null, new Object[]{str, str2, cls, classLoader});
                throw new OAuthConfigurationException("security.oauth.error.classinstantiation.exception", str2, str, e3);
            }
        } catch (Throwable th) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "processClass");
            }
            throw th;
        }
    }

    public static OidcBaseClient getOidcOAuth20Client(OAuth20Provider oAuth20Provider, String str) throws OAuth20Exception {
        OidcOAuth20ClientProvider clientProvider;
        if (oAuth20Provider == null || (clientProvider = oAuth20Provider.getClientProvider()) == null) {
            return null;
        }
        return clientProvider.get(str);
    }

    public static void validateResource(HttpServletRequest httpServletRequest, AttributeList attributeList, OidcBaseClient oidcBaseClient) throws OAuth20BadParameterException {
        String[] parameterValues = httpServletRequest.getParameterValues("resource");
        if (parameterValues == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The resource parameter was not found", new Object[0]);
                return;
            }
            return;
        }
        JsonArray resourceIds = oidcBaseClient.getResourceIds();
        HashSet hashSet = new HashSet();
        int length = parameterValues.length;
        for (int i = 0; i < length; i++) {
            for (String str : parameterValues[0].split(" ")) {
                String trim = str.trim();
                if (trim != null && trim.length() > 0) {
                    if (!OidcOAuth20Util.jsonArrayContainsString(resourceIds, trim)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The requested resource [" + trim + "] is not authorized.", new Object[0]);
                        }
                        throw new OAuth20BadParameterException("SECURITY.OAUTH20.ERROR.VALUE.NOT.IN.LIST", new Object[]{"resource", trim, OidcOAuth20Util.getSpaceDelimitedString(resourceIds), "resourceIds"});
                    }
                    hashSet.add(trim);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The requested resource [" + trim + "] is authorized.", new Object[0]);
                    }
                }
            }
        }
        String[] strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        if (attributeList != null) {
            attributeList.setAttribute("resource", OAuthConstants.ATTRTYPE_PARAM_OAUTH, strArr);
        }
        httpServletRequest.setAttribute(OAuth20Constants.OAUTH20_AUTHEN_PARAM_RESOURCE, strArr);
    }

    public static void handleOAuthChallenge(HttpServletResponse httpServletResponse, ProviderAuthenticationResult providerAuthenticationResult, String str) throws IOException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.setStatus(401);
        String header = httpServletResponse.getHeader("WWW-Authenticate");
        if (header == null || header.isEmpty()) {
            header = "Bearer realm=\"oauth\"";
            httpServletResponse.setHeader("WWW-Authenticate", header);
        }
        httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("error", 401);
        if (str != null) {
            jSONObject.put("error_description", str);
        }
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(jSONObject.toString());
        writer.flush();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "WWW-Authenticate:'" + header + "' code:401 reason:" + str, new Object[0]);
        }
    }
}
