package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.web.WebUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.ErrorHandlerImpl;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import com.ibm.ws.security.social.web.RequestFilter;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.PostParameterHelper;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.wsspi.security.tai.TAIResult;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TAIWebUtils.class */
public class TAIWebUtils {
    public static final TraceComponent tc = Tr.register(TAIWebUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    WebUtils webUtils = new WebUtils();
    SocialWebUtils socialWebUtils = new SocialWebUtils();
    ReferrerURLCookieHandler referrerURLCookieHandler;
    static final long serialVersionUID = -2995225354196403339L;

    public TAIWebUtils() {
        this.referrerURLCookieHandler = null;
        this.referrerURLCookieHandler = getCookieHandler();
    }

    @FFDCIgnore({SocialLoginException.class})
    public String getRedirectUrl(HttpServletRequest httpServletRequest, SocialLoginConfig socialLoginConfig) {
        boolean z = false;
        String redirectToRPHostAndPort = socialLoginConfig.getRedirectToRPHostAndPort();
        if (redirectToRPHostAndPort != null && !redirectToRPHostAndPort.isEmpty()) {
            try {
                SocialUtil.validateEndpointFormat(redirectToRPHostAndPort, false);
                z = true;
            } catch (SocialLoginException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to validate URL format of redirectToRPHostAndPort value [" + redirectToRPHostAndPort + "] due to " + e.getMessage(), new Object[0]);
                }
            }
        }
        if (!z) {
            redirectToRPHostAndPort = getHostAndPort(httpServletRequest);
        }
        StringBuffer stringBuffer = new StringBuffer(redirectToRPHostAndPort);
        stringBuffer.append(Oauth2LoginConfigImpl.getContextRoot()).append(RequestFilter.REDIRECT).append(socialLoginConfig.getUniqueId());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "redirect=" + ((Object) stringBuffer), new Object[0]);
        }
        return stringBuffer.toString();
    }

    public String getAuthorizationEndpoint(SocialLoginConfig socialLoginConfig) throws SocialLoginException {
        String authorizationEndpoint = socialLoginConfig.getAuthorizationEndpoint();
        SocialUtil.validateEndpointWithQuery(authorizationEndpoint);
        return authorizationEndpoint;
    }

    public String createStateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String generateRandom = SocialUtil.generateRandom();
        String loginHint = this.socialWebUtils.getLoginHint(httpServletRequest);
        if (!httpServletRequest.getMethod().equalsIgnoreCase("GET") && loginHint != null) {
            generateRandom = generateRandom + loginHint;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting cookie WASSocialState to " + generateRandom, new Object[0]);
        }
        httpServletResponse.addCookie(this.referrerURLCookieHandler.createCookie(ClientConstants.COOKIE_NAME_STATE_KEY, generateRandom, httpServletRequest));
        return generateRandom;
    }

    public TAIResult sendToErrorPage(HttpServletResponse httpServletResponse, TAIResult tAIResult) {
        return ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse, tAIResult);
    }

    public void savePostParameters(HttpServletRequest httpServletRequest) {
        PostParameterHelper.savePostParams((SRTServletRequest) httpServletRequest);
    }

    public void restorePostParameters(HttpServletRequest httpServletRequest) {
        PostParameterHelper.restorePostParams((SRTServletRequest) httpServletRequest);
    }

    public ReferrerURLCookieHandler getCookieHandler() {
        WebAppSecurityConfig globalWebAppSecurityConfig = WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig();
        return globalWebAppSecurityConfig != null ? globalWebAppSecurityConfig.createReferrerURLCookieHandler() : new ReferrerURLCookieHandler(globalWebAppSecurityConfig);
    }

    String getHostAndPort(HttpServletRequest httpServletRequest) {
        String str;
        String serverName = httpServletRequest.getServerName();
        Integer redirectPortFromRequest = this.webUtils.getRedirectPortFromRequest(httpServletRequest);
        if (redirectPortFromRequest == null && httpServletRequest.isSecure()) {
            int serverPort = httpServletRequest.getServerPort();
            str = httpServletRequest.getScheme() + "://" + serverName + ((serverPort <= 0 || serverPort == 443) ? "" : ":" + serverPort);
        } else {
            str = "https://" + serverName + (redirectPortFromRequest == null ? "" : ":" + redirectPortFromRequest);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "hostAndPort=" + str, new Object[0]);
        }
        return str;
    }
}
