package com.ibm.ws.security.oauth20.web;

import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.internal.LibertyOAuth20Provider;
import com.ibm.ws.security.oauth20.plugins.BaseClient;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.security.oauth20.util.OIDCConstants;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.metatype.AttributeDefinition;
import org.osgi.service.metatype.MetaTypeInformation;
import org.osgi.service.metatype.MetaTypeService;
import org.osgi.service.metatype.ObjectClassDefinition;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {OAuth20ClientMetatypeService.class}, name = OAuth20EndpointServices.KEY_OAUTH_CLIENT_METATYPE_SERVICE, immediate = true, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/oauth20/web/OAuth20ClientMetatypeService.class */
public class OAuth20ClientMetatypeService {
    private static TraceComponent tc = Tr.register(OAuth20ClientMetatypeService.class, "OAUTH", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    public static final String RESPONSE_KEY_ID = "id";
    public static final String RESPONSE_KEY_NAME = "name";
    public static final String RESPONSE_KEY_DESCRIPTION = "description";
    public static final String RESPONSE_KEY_TYPE = "type";
    public static final String RESPONSE_KEY_DEFAULT = "default";
    public static final String RESPONSE_KEY_OPTIONS = "options";
    public static final String RESPONSE_KEY_OPTIONS_LABEL = "label";
    public static final String RESPONSE_KEY_OPTIONS_VALUE = "value";
    public static final String RESPONSE_KEY_CARDINALITY = "cardinality";
    public static final String RESPONSE_KEY_REQUIRED = "required";
    public static final String RESPONSE_KEY_SEPARATION_CHAR = "separationChar";
    public static final String RESPONSE_KEY_ALLOW_USER_PROVIDED_VALUE = "allowUserProvidedValue";
    public static final String RESPONSE_KEY_REQUEST_PARAMETER_NAME = "requestParameterName";
    public static final String KEY_METATYPE_SERVICE = "metaTypeService";
    protected final AtomicServiceReference<MetaTypeService> metaTypeServiceRef = new AtomicServiceReference<>(KEY_METATYPE_SERVICE);
    private Bundle thisBundle = null;
    private JsonObject allMetatypeData = new JsonObject();
    static final long serialVersionUID = -1991420527789932663L;

    @Reference(service = MetaTypeService.class, name = KEY_METATYPE_SERVICE, policy = ReferencePolicy.DYNAMIC)
    protected void setMetaTypeService(ServiceReference<MetaTypeService> serviceReference) {
        this.metaTypeServiceRef.setReference(serviceReference);
    }

    protected void unsetMetaTypeService(ServiceReference<MetaTypeService> serviceReference) {
        this.metaTypeServiceRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.metaTypeServiceRef.activate(componentContext);
        this.thisBundle = componentContext.getBundleContext().getBundle();
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.metaTypeServiceRef.deactivate(componentContext);
    }

    public void sendClientMetatypeData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isSupportedHttpMethod(httpServletRequest.getMethod())) {
            writeMetatypeDataToResponse(httpServletResponse, getOAuthClientMetatypeData(getRequestLocales(httpServletRequest)));
        } else {
            httpServletResponse.sendError(405);
        }
    }

    JsonArray getOAuthClientMetatypeData(List<String> list) {
        MetaTypeInformation metaTypeInformation = getMetaTypeInformation();
        if (metaTypeInformation == null) {
            return null;
        }
        this.allMetatypeData = createMetatypeJson(metaTypeInformation, list);
        return putMetatypeDataInAppropriateOrder();
    }

    void writeMetatypeDataToResponse(HttpServletResponse httpServletResponse, JsonArray jsonArray) throws IOException {
        try {
            if (jsonArray == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Null metatype object was supplied; error response will be returned", new Object[0]);
                }
                httpServletResponse.sendError(500);
            } else {
                httpServletResponse.setHeader("Content-Type", AbstractOidcEndpointServices.CT_APPLICATION_JSON);
                httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.toString());
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println(new String(jsonArray.toString().getBytes(StandardCharsets.UTF_16.toString()), StandardCharsets.UTF_16));
                writer.flush();
                writer.close();
            }
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.OAuth20ClientMetatypeService", "135", this, new Object[]{httpServletResponse, jsonArray});
            httpServletResponse.sendError(500);
        }
    }

    private boolean isSupportedHttpMethod(String str) {
        return TokenExchange.HTTP_METHOD_GET.equalsIgnoreCase(str);
    }

    private List<String> getRequestLocales(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        Enumeration locales = httpServletRequest.getLocales();
        if (locales != null) {
            while (locales.hasMoreElements()) {
                arrayList.add(((Locale) locales.nextElement()).toString());
            }
        }
        return arrayList;
    }

    private MetaTypeInformation getMetaTypeInformation() {
        MetaTypeService metaTypeService = (MetaTypeService) this.metaTypeServiceRef.getService();
        if (metaTypeService == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Failed to find MetaTypeService", new Object[0]);
            return null;
        }
        if (this.thisBundle == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Missing bundle information", new Object[0]);
            return null;
        }
        MetaTypeInformation metaTypeInformation = metaTypeService.getMetaTypeInformation(this.thisBundle);
        if (metaTypeInformation != null) {
            return metaTypeInformation;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Failed to find MetaTypeInformation for this bundle (" + this.thisBundle.getBundleId() + " - " + this.thisBundle.getSymbolicName() + ")", new Object[0]);
        return null;
    }

    private JsonObject createMetatypeJson(MetaTypeInformation metaTypeInformation, List<String> list) {
        JsonObject jsonObject = null;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            ObjectClassDefinition objectClassDefinition = metaTypeInformation.getObjectClassDefinition("com.ibm.ws.security.oauth20.client", next);
            if (objectClassDefinition != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating metatype information based on locale [" + next + "]", new Object[0]);
                }
                jsonObject = createMetatypeJsonForObjectClassDefinition(metaTypeInformation, objectClassDefinition);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not find translated metatype information for locale [" + next + "]", new Object[0]);
            }
        }
        return jsonObject;
    }

    private JsonObject createMetatypeJsonForObjectClassDefinition(MetaTypeInformation metaTypeInformation, ObjectClassDefinition objectClassDefinition) {
        AttributeDefinition[] attributeDefinitions = objectClassDefinition.getAttributeDefinitions(-1);
        if (attributeDefinitions == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Failed to find any attribute definitions for OCD [" + objectClassDefinition.getID() + "]", new Object[0]);
            return null;
        }
        List<String> requiredAttributeIds = getRequiredAttributeIds(objectClassDefinition);
        JsonObject jsonObject = new JsonObject();
        for (AttributeDefinition attributeDefinition : attributeDefinitions) {
            if (!isAttributeToIgnore(attributeDefinition)) {
                JsonObject createJsonForConfigAttribute = createJsonForConfigAttribute(attributeDefinition, requiredAttributeIds);
                if (createJsonForConfigAttribute != null) {
                    jsonObject.add(attributeDefinition.getID(), createJsonForConfigAttribute);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attribute [" + attributeDefinition.getID() + "] will not be included", new Object[0]);
            }
        }
        return jsonObject;
    }

    private List<String> getRequiredAttributeIds(ObjectClassDefinition objectClassDefinition) {
        ArrayList arrayList = new ArrayList();
        AttributeDefinition[] attributeDefinitions = objectClassDefinition.getAttributeDefinitions(1);
        if (attributeDefinitions == null) {
            return arrayList;
        }
        for (AttributeDefinition attributeDefinition : attributeDefinitions) {
            arrayList.add(attributeDefinition.getID());
        }
        return arrayList;
    }

    @Trivial
    private boolean isAttributeToIgnore(AttributeDefinition attributeDefinition) {
        return "internal".equals(attributeDefinition.getName()) || isUnsupportedRegistrationAttribute(attributeDefinition);
    }

    @Trivial
    private boolean isUnsupportedRegistrationAttribute(AttributeDefinition attributeDefinition) {
        String id = attributeDefinition.getID();
        return "trustedUriPrefixes".equals(id) || "resourceIds".equals(id) || "enabled".equals(id) || OIDCConstants.OIDC_SESSION_MANAGED.equals(id);
    }

    private JsonObject createJsonForConfigAttribute(AttributeDefinition attributeDefinition, List<String> list) {
        JsonObject jsonObject = new JsonObject();
        addApiRequiredEntriesForConfigAttribute(attributeDefinition, jsonObject);
        addApiOptionalEntriesForConfigAttribute(attributeDefinition, jsonObject, list);
        addApiSpecificEntriesForConfigAttribute(attributeDefinition, jsonObject);
        return jsonObject;
    }

    private void addApiRequiredEntriesForConfigAttribute(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        jsonObject.addProperty("id", attributeDefinition.getID());
        jsonObject.addProperty("name", attributeDefinition.getName());
        jsonObject.addProperty(RESPONSE_KEY_DESCRIPTION, attributeDefinition.getDescription());
        jsonObject.addProperty("type", getAttributeTypeString(attributeDefinition));
    }

    private String getAttributeTypeString(AttributeDefinition attributeDefinition) {
        int type = attributeDefinition.getType();
        if (type == 1) {
            return "String";
        }
        if (type == 11) {
            return "Boolean";
        }
        if (type == 6) {
            return "Byte";
        }
        if (type == 5) {
            return "Character";
        }
        if (type == 7) {
            return "Double";
        }
        if (type == 8) {
            return "Float";
        }
        if (type == 3) {
            return "Integer";
        }
        if (type == 2) {
            return "Long";
        }
        if (type == 12) {
            return "Password";
        }
        if (type == 4) {
            return "Short";
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Encountered unknown type value [" + type + "]", new Object[0]);
        return null;
    }

    private void addApiOptionalEntriesForConfigAttribute(AttributeDefinition attributeDefinition, JsonObject jsonObject, List<String> list) {
        addAttributeEntryForDefault(attributeDefinition, jsonObject);
        addAttributeEntryForOptions(attributeDefinition, jsonObject);
        addAttributeEntryForCardinality(attributeDefinition, jsonObject);
        addAttributeEntryForRequired(attributeDefinition, jsonObject, list);
        addAttributeEntryForRequestParameterName(attributeDefinition, jsonObject);
    }

    private void addAttributeEntryForDefault(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        String[] defaultValue = attributeDefinition.getDefaultValue();
        if (defaultValue == null) {
            return;
        }
        JsonArray jsonArray = new JsonArray();
        for (String str : defaultValue) {
            jsonArray.add(new JsonPrimitive(str));
        }
        jsonObject.add(RESPONSE_KEY_DEFAULT, jsonArray);
    }

    private void addAttributeEntryForOptions(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        String[] optionLabels = attributeDefinition.getOptionLabels();
        String[] optionValues = attributeDefinition.getOptionValues();
        if (optionLabels == null || optionValues == null) {
            return;
        }
        if (optionLabels.length != optionValues.length) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Number of option labels " + Arrays.toString(optionLabels) + " did not match number of option values " + Arrays.toString(optionValues), new Object[0]);
                return;
            }
            return;
        }
        JsonArray jsonArray = new JsonArray();
        for (int i = 0; i < optionLabels.length; i++) {
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(RESPONSE_KEY_OPTIONS_LABEL, optionLabels[i]);
            jsonObject2.addProperty("value", optionValues[i]);
            jsonArray.add(jsonObject2);
        }
        jsonObject.add(RESPONSE_KEY_OPTIONS, jsonArray);
    }

    private void addAttributeEntryForCardinality(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        int cardinality = attributeDefinition.getCardinality();
        if (cardinality != 0) {
            jsonObject.addProperty(RESPONSE_KEY_CARDINALITY, Integer.valueOf(cardinality));
        }
    }

    private void addAttributeEntryForRequired(AttributeDefinition attributeDefinition, JsonObject jsonObject, List<String> list) {
        if (list.contains(attributeDefinition.getID())) {
            jsonObject.addProperty(RESPONSE_KEY_REQUIRED, true);
        }
    }

    private void addAttributeEntryForRequestParameterName(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        String registrationApiRequestParameterName = getRegistrationApiRequestParameterName(attributeDefinition.getID());
        if (registrationApiRequestParameterName != null) {
            jsonObject.addProperty(RESPONSE_KEY_REQUEST_PARAMETER_NAME, registrationApiRequestParameterName);
        }
    }

    private String getRegistrationApiRequestParameterName(String str) {
        return getConfigAttributeNameToRegistrationApiParameterNameMap().get(str);
    }

    private Map<String, String> getConfigAttributeNameToRegistrationApiParameterNameMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "client_id");
        hashMap.put("secret", "client_secret");
        hashMap.put("displayname", BaseClient.SN_CLIENT_NAME);
        hashMap.put("redirect", "redirect_uris");
        hashMap.put("scope", "scope");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_GRANT_TYPES, OidcBaseClient.SN_GRANT_TYPES);
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_RESPONSE_TYPES, OidcBaseClient.SN_RESPONSE_TYPES);
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_TOKEN_EP_AUTH_METHOD, "token_endpoint_auth_method");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_PREAUTHORIZED_SCOPE, "preauthorized_scope");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_APP_TYPE, "application_type");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_POST_LOGOUT_REDIRECT_URIS, "post_logout_redirect_uris");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_SUBJECT_TYPE, "subject_type");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_FUNCTIONAL_USER_ID, "functional_user_id");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_FUNCTIONAL_USER_GROUPIDS, "functional_user_groupIds");
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_INTROSPECT_TOKENS, OidcBaseClient.SN_INTROSPECT_TOKENS);
        hashMap.put(LibertyOAuth20Provider.KEY_CLIENT_allowRegexpRedirects, BaseClient.SN_ALLOW_REGEXP_REDIRECTS);
        return hashMap;
    }

    private void addApiSpecificEntriesForConfigAttribute(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        addAttributeEntryForValidation(attributeDefinition, jsonObject);
        addAttributeEntryForSeparationChar(attributeDefinition, jsonObject);
        addAttributeEntryForAllowUserProvidedValue(attributeDefinition, jsonObject);
    }

    private void addAttributeEntryForValidation(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        attributeDefinition.getID();
    }

    private void addAttributeEntryForSeparationChar(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        String str = null;
        if (isSpaceSeparatedAttribute(attributeDefinition.getID())) {
            str = " ";
        }
        if (str != null) {
            jsonObject.addProperty(RESPONSE_KEY_SEPARATION_CHAR, str);
        }
    }

    private boolean isSpaceSeparatedAttribute(String str) {
        return "scope".equals(str) || LibertyOAuth20Provider.KEY_CLIENT_PREAUTHORIZED_SCOPE.equals(str);
    }

    private void addAttributeEntryForAllowUserProvidedValue(AttributeDefinition attributeDefinition, JsonObject jsonObject) {
        if (isAttributeThatAllowsUserProvidedValues(attributeDefinition.getID())) {
            jsonObject.addProperty(RESPONSE_KEY_ALLOW_USER_PROVIDED_VALUE, true);
        }
    }

    private boolean isAttributeThatAllowsUserProvidedValues(String str) {
        return "scope".equals(str) || LibertyOAuth20Provider.KEY_CLIENT_PREAUTHORIZED_SCOPE.equals(str);
    }

    private JsonArray putMetatypeDataInAppropriateOrder() {
        JsonArray jsonArray = new JsonArray();
        jsonArray.addAll(getPrioritizedMetatypeData());
        jsonArray.addAll(getUnprioritizedMetatypeData());
        return jsonArray;
    }

    private JsonArray getPrioritizedMetatypeData() {
        JsonArray jsonArray = new JsonArray();
        for (String str : getPrioritizedEntryOrder()) {
            JsonObject asJsonObject = this.allMetatypeData.getAsJsonObject(str);
            if (asJsonObject != null) {
                jsonArray.add(processMetatypeDataEntryForResponse(str, asJsonObject));
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to find data corresponding to expected config attribute [" + str + "]", new Object[0]);
            }
        }
        return jsonArray;
    }

    private JsonArray getUnprioritizedMetatypeData() {
        JsonArray jsonArray = new JsonArray();
        List<String> metatypeJsonObjectKeys = getMetatypeJsonObjectKeys();
        metatypeJsonObjectKeys.removeAll(getPrioritizedEntryOrder());
        Collections.sort(metatypeJsonObjectKeys);
        for (String str : metatypeJsonObjectKeys) {
            JsonObject asJsonObject = this.allMetatypeData.getAsJsonObject(str);
            if (asJsonObject != null) {
                jsonArray.add(processMetatypeDataEntryForResponse(str, asJsonObject));
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to find data corresponding to expected config attribute [" + str + "]", new Object[0]);
            }
        }
        return jsonArray;
    }

    private List<String> getMetatypeJsonObjectKeys() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.allMetatypeData.entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(((Map.Entry) it.next()).getKey());
        }
        return arrayList;
    }

    private List<String> getPrioritizedEntryOrder() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("name");
        arrayList.add("secret");
        arrayList.add("displayname");
        arrayList.add("redirect");
        arrayList.add("scope");
        arrayList.add(LibertyOAuth20Provider.KEY_CLIENT_GRANT_TYPES);
        arrayList.add(LibertyOAuth20Provider.KEY_CLIENT_RESPONSE_TYPES);
        arrayList.add(LibertyOAuth20Provider.KEY_CLIENT_TOKEN_EP_AUTH_METHOD);
        arrayList.add(LibertyOAuth20Provider.KEY_CLIENT_PREAUTHORIZED_SCOPE);
        return arrayList;
    }

    private JsonObject processMetatypeDataEntryForResponse(String str, JsonObject jsonObject) {
        updateSpecialCaseEntries(str, jsonObject);
        return jsonObject;
    }

    private void updateSpecialCaseEntries(String str, JsonObject jsonObject) {
        if ("scope".equals(str)) {
            updateEntriesUniqueToScope(jsonObject);
        }
        if (LibertyOAuth20Provider.KEY_CLIENT_GRANT_TYPES.equals(str)) {
            updateEntriesUniqueToGrantTypes(jsonObject);
        }
        if (LibertyOAuth20Provider.KEY_CLIENT_RESPONSE_TYPES.equals(str)) {
            updateEntriesUniqueToResponseTypes(jsonObject);
        }
    }

    private void updateEntriesUniqueToScope(JsonObject jsonObject) {
        JsonArray asJsonArray = jsonObject.getAsJsonArray(RESPONSE_KEY_DEFAULT);
        if (asJsonArray == null) {
            asJsonArray = new JsonArray();
        }
        asJsonArray.add(new JsonPrimitive("openid"));
        jsonObject.add(RESPONSE_KEY_DEFAULT, asJsonArray);
    }

    private void updateEntriesUniqueToGrantTypes(JsonObject jsonObject) {
        JsonArray jsonArray = new JsonArray();
        jsonArray.add(new JsonPrimitive("authorization_code"));
        jsonObject.add(RESPONSE_KEY_DEFAULT, jsonArray);
    }

    private void updateEntriesUniqueToResponseTypes(JsonObject jsonObject) {
        JsonArray jsonArray = new JsonArray();
        jsonArray.add(new JsonPrimitive("code"));
        jsonObject.add(RESPONSE_KEY_DEFAULT, jsonArray);
    }
}
