package com.ibm.ws.security.openidconnect.clients.common;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.web.WebUtils;
import com.ibm.ws.security.openidconnect.common.Constants;
import com.ibm.ws.webcontainer.security.CookieHelper;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/openidconnect/clients/common/RedirectionProcessor.class */
public class RedirectionProcessor {
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private final TraceComponent tc;
    static final long serialVersionUID = -7396039957130555256L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(RedirectionProcessor.class);

    public RedirectionProcessor(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TraceComponent traceComponent) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.tc = traceComponent;
    }

    public void processRedirection(RedirectionEntry redirectionEntry) throws IOException {
        String parameter = this.request.getParameter("state");
        if (parameter == null && "GET".equalsIgnoreCase(this.request.getMethod())) {
            getTokenFromFragment(redirectionEntry);
        } else {
            continueWithRedirection(redirectionEntry, parameter);
        }
    }

    private void getTokenFromFragment(RedirectionEntry redirectionEntry) throws IOException {
        ConvergedClientConfig convergedClientConfig = redirectionEntry.getConvergedClientConfig(this.request, getClientId());
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<HTML xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\"><HEAD><title>Submit This Form</title></HEAD>");
        stringBuffer.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">");
        stringBuffer.append("<BODY onload=\"javascript:document.forms[0].submit()\">");
        String redirectUrlFromServerToClient = convergedClientConfig.getRedirectUrlFromServerToClient();
        if (redirectUrlFromServerToClient == null) {
            redirectUrlFromServerToClient = this.request.getRequestURL().toString();
        }
        String htmlEncode = WebUtils.htmlEncode(redirectUrlFromServerToClient);
        stringBuffer.append("<FORM name=\"redirectform\" id=\"redirectform\" action=\"");
        stringBuffer.append(htmlEncode);
        stringBuffer.append("\" method=\"POST\">");
        stringBuffer.append("<script type=\"text/javascript\" language=\"javascript\">");
        stringBuffer.append("function createInput(name, value) {");
        stringBuffer.append("var input = document.createElement(\"input\");");
        stringBuffer.append("input.setAttribute(\"type\", \"hidden\");");
        stringBuffer.append("input.setAttribute(\"name\", name);");
        stringBuffer.append("input.setAttribute(\"value\", value);");
        stringBuffer.append("return input;");
        stringBuffer.append("}");
        stringBuffer.append("var form=document.forms[0];");
        stringBuffer.append("var state=null;");
        stringBuffer.append("var params = {}, postBody = location.hash.substring(1),");
        stringBuffer.append("regex = /([^&=]+)=([^&]*)/g, m;");
        stringBuffer.append("while (m = regex.exec(postBody)){");
        stringBuffer.append("form.appendChild( createInput(decodeURIComponent(m[1]), decodeURIComponent(m[2])));");
        stringBuffer.append("}");
        stringBuffer.append("</script>");
        stringBuffer.append("<button type=\"submit\" name=\"redirectform\">Process Form Post</button></FORM></BODY></HTML>");
        if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "... expect to be redirected by the browser (\"POST\")\n" + stringBuffer.toString(), new Object[0]);
        }
        this.response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private, max-age=0");
        this.response.setHeader("Pragma", "no-cache");
        this.response.setDateHeader("Expires", 0L);
        this.response.setContentType("text/html; charset=UTF-8");
        PrintWriter writer = this.response.getWriter();
        writer.println(stringBuffer.toString());
        writer.flush();
    }

    private void continueWithRedirection(RedirectionEntry redirectionEntry, String str) throws IOException {
        if (str == null || str.isEmpty()) {
            redirectionEntry.handleNoState(this.request, this.response);
            return;
        }
        String originalRequestUrl = getOriginalRequestUrl(str);
        if (originalRequestUrl == null || originalRequestUrl.isEmpty()) {
            Tr.error(this.tc, Tr.formatMessage(this.tc, "OIDC_CLIENT_BAD_REQUEST_NO_COOKIE", new Object[]{this.request.getRequestURL()}), new Object[0]);
            this.response.sendError(500);
            return;
        }
        String clientId = getClientId();
        String oidcClientId = getOidcClientId(str);
        String parameter = this.request.getParameter("code");
        String parameter2 = this.request.getParameter("id_token");
        if (parameter == null && parameter2 == null) {
            redirectionEntry.sendError(this.request, this.response);
        } else {
            sendToOriginalRequestUrl(originalRequestUrl, str, clientId, oidcClientId, parameter2, redirectionEntry.getConvergedClientConfig(this.request, clientId));
        }
    }

    private String getOriginalRequestUrl(String str) {
        String str2 = ClientConstants.WAS_REQ_URL_OIDC + HashUtils.getStrHashCode(str);
        String cookieValue = CookieHelper.getCookieValue(this.request.getCookies(), str2);
        OidcClientUtil.invalidateReferrerURLCookie(this.request, this.response, str2);
        return cookieValue;
    }

    private String getClientId() {
        String str = null;
        int lastIndexOf = this.request.getRequestURI().lastIndexOf("/");
        if (lastIndexOf > -1) {
            str = this.request.getRequestURI().substring(lastIndexOf + 1);
        }
        return str;
    }

    private String getOidcClientId(String str) {
        String str2 = null;
        if (str.length() > 24) {
            str2 = str.substring(24);
        }
        return str2;
    }

    private void sendToOriginalRequestUrl(String str, String str2, String str3, String str4, String str5, ConvergedClientConfig convergedClientConfig) throws IOException {
        String parameter = this.request.getParameter(Constants.SESSION_STATE);
        if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "Request info: state: " + str2 + " session_state: " + parameter, new Object[0]);
        }
        boolean startsWith = str.toLowerCase().startsWith("https");
        new OidcClientUtil();
        OidcClientUtil.setCookieForRequestParameter(this.request, this.response, str3, str2, startsWith, convergedClientConfig);
        if ((str4 != null && !str4.isEmpty()) || str5 != null) {
            postToWASReqURLForImplicitFlow(str, str4);
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "... expect to be redirected by the browser:" + str, new Object[0]);
        }
        this.response.sendRedirect(str);
    }

    private void postToWASReqURLForImplicitFlow(String str, String str2) throws IOException {
        String parameter = this.request.getParameter(Constants.ACCESS_TOKEN);
        String parameter2 = this.request.getParameter("id_token");
        if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "id_token:" + parameter2, new Object[0]);
        }
        StringBuffer stringBuffer = new StringBuffer("");
        this.response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private, max-age=0");
        this.response.setHeader("Pragma", "no-cache");
        this.response.setDateHeader("Expires", 0L);
        this.response.setContentType("text/html");
        stringBuffer.append("<HTML xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">");
        stringBuffer.append("<HEAD>");
        stringBuffer.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>");
        stringBuffer.append("<meta http-equiv=\"Cache-Control\" content=\"no-cache, no-store, must-revalidate\"/>");
        stringBuffer.append("<meta http-equiv=\"Pragma\" content=\"no-cache\"/>");
        stringBuffer.append("<meta http-equiv=\"Expires\" content=\"0\"/>");
        stringBuffer.append("</HEAD>");
        stringBuffer.append("<BODY onload=\"document.forms[0].submit()\">");
        stringBuffer.append("<FORM name=\"redirectform\" id=\"redirectform\" action=\"");
        stringBuffer.append(WebUtils.htmlEncode(str));
        stringBuffer.append("\" method=\"POST\"><div>");
        if (str2 != null) {
            stringBuffer.append("<input type=\"hidden\" name=\"oidc_client\" value=\"" + WebUtils.htmlEncode(str2) + "\"/>");
        }
        if (parameter != null) {
            stringBuffer.append("<input type=\"hidden\" name=\"access_token\" value=\"" + WebUtils.htmlEncode(parameter) + "\"/>");
        }
        if (parameter2 != null) {
            stringBuffer.append("<input type=\"hidden\" name=\"id_token\" value=\"" + WebUtils.htmlEncode(parameter2) + "\"/>");
        }
        stringBuffer.append("</div>");
        stringBuffer.append("<noscript><div>");
        stringBuffer.append("<button type=\"submit\" name=\"redirectform\">Process request</button>");
        stringBuffer.append("</div></noscript>");
        stringBuffer.append("</FORM></BODY></HTML>");
        if (TraceComponent.isAnyTracingEnabled() && this.tc.isDebugEnabled()) {
            Tr.debug(this.tc, "... expect to be redirected by the browser\n" + stringBuffer.toString(), new Object[0]);
        }
        PrintWriter writer = this.response.getWriter();
        writer.println(stringBuffer.toString());
        writer.flush();
    }
}
