package com.ibm.ws.security.oauth20.web;

import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.oauth.core.internal.OAuthConstants;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.websphere.crypto.InvalidPasswordEncodingException;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.crypto.UnsupportedCryptoAlgorithmException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import javax.servlet.http.HttpServletRequest;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/oauth20/web/EndpointUtils.class */
public class EndpointUtils {
    private static TraceComponent tc = Tr.register(EndpointUtils.class, "OAuth20Provider", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    public static final String PBKDF2WithHmacSHA512 = "PBKDF2WithHmacSHA512";
    public static final String DEFAULT_HASH = "PBKDF2WithHmacSHA512";
    public static final String PLAIN = "plain";
    public static final String HASH = "hash";
    static final long serialVersionUID = 2677485352199670461L;

    public static boolean reachedTokenLimit(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, String str, String str2) {
        long clientTokenCacheSize = oAuth20Provider.getClientTokenCacheSize();
        if (clientTokenCacheSize <= 0 || getTokensForUser(false, true, str, str2, oAuth20Provider).size() < clientTokenCacheSize) {
            return false;
        }
        Tr.error(tc, "security.oauth20.token.limit.error", new Object[]{str, str2, Long.valueOf(clientTokenCacheSize)});
        return true;
    }

    public static String getParameter(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getParameter(str);
    }

    public static Collection<OAuth20Token> getTokensForUser(boolean z, boolean z2, String str, String str2, OAuth20Provider oAuth20Provider) {
        String str3 = str;
        try {
            str3 = URLDecoder.decode(str, OAuthConstants.UTF8);
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.EndpointUtils", "72", (Object) null, new Object[]{Boolean.valueOf(z), Boolean.valueOf(z2), str, str2, oAuth20Provider});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "raw user name: " + str + " urlDecoded user name going to database: " + str3, new Object[0]);
        }
        if (z2) {
            return removeAppPasswordOrAppTokens(oAuth20Provider.getTokenCache().getUserAndClientTokens(str3, str2));
        }
        return oAuth20Provider.getTokenCache().getMatchingTokens(str3, str2, z ? OAuth20Constants.APP_PASSWORD_STATE_ID : OAuth20Constants.APP_TOKEN_STATE_ID);
    }

    private static Collection<OAuth20Token> getTokensMatchingClientId(Collection<OAuth20Token> collection, String str) {
        HashSet hashSet = new HashSet();
        for (OAuth20Token oAuth20Token : collection) {
            if (str.equals(oAuth20Token.getClientId())) {
                hashSet.add(oAuth20Token);
            }
        }
        return hashSet;
    }

    private static Collection<OAuth20Token> getTokensMatchingGrantType(Collection<OAuth20Token> collection, String str) {
        HashSet hashSet = new HashSet();
        for (OAuth20Token oAuth20Token : collection) {
            if (oAuth20Token.getGrantType().equals(str)) {
                hashSet.add(oAuth20Token);
            }
        }
        return hashSet;
    }

    private static Collection<OAuth20Token> removeAppPasswordOrAppTokens(Collection<OAuth20Token> collection) {
        HashSet hashSet = new HashSet();
        if (collection != null) {
            for (OAuth20Token oAuth20Token : collection) {
                if (!oAuth20Token.getGrantType().equals("app_password") && !oAuth20Token.getGrantType().equals("app_token")) {
                    hashSet.add(oAuth20Token);
                }
            }
        }
        return hashSet;
    }

    @FFDCIgnore({InvalidPasswordEncodingException.class, UnsupportedCryptoAlgorithmException.class})
    public static String computeTokenHash(OAuth20Token oAuth20Token, @Sensitive String str, String str2) {
        String str3 = str;
        String str4 = null;
        if (oAuth20Token != null) {
            str4 = oAuth20Token.getGrantType();
        } else if (str2 != null) {
            str4 = str2;
        }
        if ("app_password".equals(str4) || "app_token".equals(str4)) {
            HashMap hashMap = new HashMap();
            hashMap.put("option.notrim", "true");
            hashMap.put("hash.salt", OAuth20Constants.APP_PASSWORD_HASH_SALT);
            try {
                str3 = PasswordUtil.encode(str, "hash", hashMap);
            } catch (UnsupportedCryptoAlgorithmException e) {
            } catch (InvalidPasswordEncodingException e2) {
            }
        }
        return str3;
    }

    @Trivial
    public static String computeTokenHash(String str) {
        return computeTokenHash(str, null);
    }

    @FFDCIgnore({InvalidPasswordEncodingException.class, UnsupportedCryptoAlgorithmException.class})
    public static String computeTokenHash(String str, String str2) {
        String str3 = str;
        HashMap hashMap = new HashMap();
        hashMap.put("option.notrim", "true");
        hashMap.put("hash.salt", OAuth20Constants.APP_PASSWORD_HASH_SALT);
        hashMap.put("hash.algorithm", str2 == null ? "PBKDF2WithHmacSHA512" : str2);
        try {
            str3 = PasswordUtil.encode(str, "hash", hashMap);
        } catch (UnsupportedCryptoAlgorithmException e) {
        } catch (InvalidPasswordEncodingException e2) {
        }
        return str3;
    }

    public static String escapeQuotesForJson(String str) {
        if (!str.contains("\"")) {
            return str;
        }
        String str2 = "";
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            String str3 = str2;
            str2 = str.substring(i, i + 1);
            if (!str2.equals("\"") || str3.equals("\\")) {
                stringBuffer.append(str2);
            } else {
                stringBuffer.append("\\").append(str2);
            }
        }
        return stringBuffer.toString();
    }
}
