package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.wsspi.security.tai.TAIResult;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/OAuthLoginFlow.class */
public class OAuthLoginFlow {
    public static final TraceComponent tc = Tr.register(OAuthLoginFlow.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    ReferrerURLCookieHandler referrerURLCookieHandler;
    TAIWebUtils taiWebUtils = new TAIWebUtils();
    SocialWebUtils webUtils = new SocialWebUtils();
    static final long serialVersionUID = 5882953905548549290L;

    public OAuthLoginFlow() {
        this.referrerURLCookieHandler = null;
        this.referrerURLCookieHandler = this.taiWebUtils.getCookieHandler();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TAIResult handleOAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        String andClearCookie = this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, ClientConstants.COOKIE_NAME_STATE_KEY);
        return andClearCookie == null ? handleRedirectToServer(httpServletRequest, httpServletResponse, socialLoginConfig) : handleAuthorizationCode(httpServletRequest, httpServletResponse, andClearCookie, socialLoginConfig);
    }

    @FFDCIgnore({SocialLoginException.class})
    TAIResult handleRedirectToServer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        try {
            httpServletRequest.getSession(true);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.OAuthLoginFlow", "59", this, new Object[]{httpServletRequest, httpServletResponse, socialLoginConfig});
        }
        String createStateCookie = this.taiWebUtils.createStateCookie(httpServletRequest, httpServletResponse);
        String redirectUrl = this.taiWebUtils.getRedirectUrl(httpServletRequest, socialLoginConfig);
        try {
            this.taiWebUtils.savePostParameters(httpServletRequest);
            String buildAuthorizationUrlWithQuery = buildAuthorizationUrlWithQuery(createStateCookie, socialLoginConfig, redirectUrl, httpServletRequest.getParameter("acr_values"));
            if (socialLoginConfig.isClientSideRedirectSupported()) {
                this.webUtils.doClientSideRedirect(httpServletResponse, ClientConstants.COOKIE_NAME_REQ_URL_PREFIX + createStateCookie.hashCode(), buildAuthorizationUrlWithQuery);
                return TAIResult.create(403);
            }
            httpServletResponse.addCookie(this.referrerURLCookieHandler.createCookie(ClientConstants.COOKIE_NAME_REQ_URL_PREFIX + createStateCookie.hashCode(), this.webUtils.getRequestUrlWithEncodedQueryString(httpServletRequest), httpServletRequest));
            httpServletResponse.sendRedirect(buildAuthorizationUrlWithQuery);
            return TAIResult.create(403);
        } catch (SocialLoginException e2) {
            Tr.error(tc, "FAILED_TO_REDIRECT_TO_AUTHZ_ENDPOINT", new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(403));
        } catch (IOException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.social.tai.OAuthLoginFlow", "84", this, new Object[]{httpServletRequest, httpServletResponse, socialLoginConfig});
            Tr.error(tc, "FAILED_TO_REDIRECT_TO_AUTHZ_ENDPOINT", new Object[]{socialLoginConfig.getUniqueId(), e3.getLocalizedMessage()});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(403));
        }
    }

    String buildAuthorizationUrlWithQuery(String str, SocialLoginConfig socialLoginConfig, String str2, String str3) throws SocialLoginException {
        String resource;
        if (str == null) {
            throw new SocialLoginException("STATE_IS_NULL", null, new Object[]{socialLoginConfig.getUniqueId()});
        }
        if (str2 == null) {
            throw new SocialLoginException("REDIRECT_URL_IS_NULL", null, new Object[]{socialLoginConfig.getUniqueId()});
        }
        String authorizationEndpoint = this.taiWebUtils.getAuthorizationEndpoint(socialLoginConfig);
        String responseType = socialLoginConfig.getResponseType();
        String clientId = socialLoginConfig.getClientId();
        if (clientId == null) {
            Tr.warning(tc, "OUTGOING_REQUEST_MISSING_PARAMETER", new Object[]{authorizationEndpoint, ClientConstants.CLIENT_ID});
            clientId = "";
        }
        String scope = socialLoginConfig.getScope();
        if (scope == null) {
            scope = "";
        }
        try {
            String format = String.format("response_type=%s&client_id=%s&state=%s&redirect_uri=%s&scope=%s", URLEncoder.encode(responseType, "UTF-8"), URLEncoder.encode(clientId, "UTF-8"), URLEncoder.encode(str, "UTF-8"), URLEncoder.encode(str2, "UTF-8"), URLEncoder.encode(scope, "UTF-8"));
            if (socialLoginConfig.createNonce()) {
                format = String.format("%s&nonce=%s", format, URLEncoder.encode(SocialUtil.generateRandom(), "UTF-8"));
            }
            if (str3 != null && !str3.isEmpty()) {
                format = String.format("%s&acr_values=%s", format, URLEncoder.encode(str3, "UTF-8"));
            }
            String addResponseModeToQuery = addResponseModeToQuery(format, socialLoginConfig);
            if (!responseType.equals(ClientConstants.CODE) && (resource = socialLoginConfig.getResource()) != null) {
                addResponseModeToQuery = String.format("%s&%s", addResponseModeToQuery, URLEncoder.encode(resource, "UTF-8"));
            }
            return authorizationEndpoint + "?" + addResponseModeToQuery;
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.OAuthLoginFlow", "136", this, new Object[]{str, socialLoginConfig, str2, str3});
            throw new SocialLoginException(e);
        }
    }

    String addResponseModeToQuery(String str, SocialLoginConfig socialLoginConfig) throws UnsupportedEncodingException {
        String responseMode = socialLoginConfig.getResponseMode();
        if (!socialLoginConfig.getResponseType().equals(ClientConstants.CODE)) {
            responseMode = ClientConstants.FORM_POST;
        }
        if (responseMode != null) {
            str = String.format("%s&response_mode=%s", str, URLEncoder.encode(responseMode, "UTF-8"));
        }
        return str;
    }

    TAIResult handleAuthorizationCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SocialLoginConfig socialLoginConfig) throws WebTrustAssociationFailedException {
        AuthorizationCodeAuthenticator authorizationCodeAuthenticator = getAuthorizationCodeAuthenticator(httpServletRequest, httpServletResponse, str, socialLoginConfig);
        try {
            authorizationCodeAuthenticator.generateJwtAndTokenInformation();
            try {
                TAIResult createResult = getTAISubjectUtils(authorizationCodeAuthenticator).createResult(httpServletResponse, socialLoginConfig);
                this.taiWebUtils.restorePostParameters(httpServletRequest);
                return createResult;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.OAuthLoginFlow", "169", this, new Object[]{httpServletRequest, httpServletResponse, str, socialLoginConfig});
                Tr.error(tc, "AUTH_CODE_ERROR_CREATING_RESULT", new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
                return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.OAuthLoginFlow", "161", this, new Object[]{httpServletRequest, httpServletResponse, str, socialLoginConfig});
            return this.taiWebUtils.sendToErrorPage(httpServletResponse, TAIResult.create(401));
        }
    }

    AuthorizationCodeAuthenticator getAuthorizationCodeAuthenticator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SocialLoginConfig socialLoginConfig) {
        return new AuthorizationCodeAuthenticator(httpServletRequest, httpServletResponse, str, socialLoginConfig);
    }

    TAISubjectUtils getTAISubjectUtils(AuthorizationCodeAuthenticator authorizationCodeAuthenticator) {
        return new TAISubjectUtils(authorizationCodeAuthenticator);
    }
}
