package com.ibm.ws.security.social.internal.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.http.HttpUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl;
import com.ibm.ws.security.social.twitter.TwitterConstants;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.net.HttpURLConnection;
import java.util.HashMap;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import javax.json.stream.JsonParsingException;
import javax.net.ssl.SSLSocketFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/internal/utils/OpenShiftUserApiUtils.class */
public class OpenShiftUserApiUtils {
    public static final TraceComponent tc = Tr.register(OpenShiftUserApiUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    SocialLoginConfig config;
    HttpUtils httpUtils = new HttpUtils();
    static final long serialVersionUID = -9104719396216649146L;

    public OpenShiftUserApiUtils(SocialLoginConfig socialLoginConfig) {
        this.config = null;
        this.config = socialLoginConfig;
    }

    public String getUserApiResponse(@Sensitive String str, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        try {
            return readUserApiResponse(sendUserApiRequest(str, sSLSocketFactory));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OpenShiftUserApiUtils", "58", this, new Object[]{"<sensitive java.lang.String>", sSLSocketFactory});
            throw new SocialLoginException("KUBERNETES_ERROR_GETTING_USER_INFO", e, new Object[]{e});
        }
    }

    public String getUserApiResponseForServiceAccountToken(@Sensitive String str, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        try {
            return readServiceAccountIntrospectResponse(sendServiceAccountIntrospectRequest(str, sSLSocketFactory));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OpenShiftUserApiUtils", "68", this, new Object[]{"<sensitive java.lang.String>", sSLSocketFactory});
            throw new SocialLoginException("ERROR_INTROSPECTING_SERVICE_ACCOUNT", e, new Object[]{e});
        }
    }

    HttpURLConnection sendUserApiRequest(@Sensitive String str, SSLSocketFactory sSLSocketFactory) throws IOException, SocialLoginException {
        HttpURLConnection headers = this.httpUtils.setHeaders(this.httpUtils.createConnection(HttpUtils.RequestMethod.POST, this.config.getUserApi(), sSLSocketFactory), getUserApiRequestHeaders());
        headers.setDoOutput(true);
        OutputStream outputStream = headers.getOutputStream();
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream, "UTF-8");
        outputStreamWriter.write(createUserApiRequestBody(str));
        outputStreamWriter.close();
        outputStream.close();
        headers.connect();
        return headers;
    }

    HttpURLConnection sendServiceAccountIntrospectRequest(@Sensitive String str, SSLSocketFactory sSLSocketFactory) throws IOException {
        HttpURLConnection headers = this.httpUtils.setHeaders(this.httpUtils.createConnection(HttpUtils.RequestMethod.GET, this.config.getUserApi(), sSLSocketFactory), getServiceAccountIntrospectRequestHeaders(str));
        headers.connect();
        return headers;
    }

    @Sensitive
    Map<String, String> getUserApiRequestHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put(ClientConstants.AUTHORIZATION, "Bearer " + this.config.getUserApiToken());
        hashMap.put("Accept", "application/json");
        hashMap.put(ClientConstants.REQ_CONTENT_TYPE_NAME, "application/json");
        return hashMap;
    }

    @Sensitive
    Map<String, String> getServiceAccountIntrospectRequestHeaders(@Sensitive String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(ClientConstants.AUTHORIZATION, "Bearer " + str);
        hashMap.put("Accept", "application/json");
        return hashMap;
    }

    String createUserApiRequestBody(@Sensitive String str) throws SocialLoginException {
        if (str == null) {
            throw new SocialLoginException("KUBERNETES_ACCESS_TOKEN_MISSING", null, null);
        }
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        createObjectBuilder.add("kind", "TokenReview");
        createObjectBuilder.add("apiVersion", "authentication.k8s.io/v1");
        createObjectBuilder.add("spec", Json.createObjectBuilder().add(ClientConstants.TOKEN, str));
        return createObjectBuilder.build().toString();
    }

    String readUserApiResponse(HttpURLConnection httpURLConnection) throws IOException, SocialLoginException {
        int responseCode = httpURLConnection.getResponseCode();
        String readConnectionResponse = this.httpUtils.readConnectionResponse(httpURLConnection);
        if (responseCode != 201) {
            throw new SocialLoginException("KUBERNETES_USER_API_BAD_STATUS", null, new Object[]{Integer.valueOf(responseCode), readConnectionResponse});
        }
        return modifyExistingResponseToJSON(readConnectionResponse);
    }

    String readServiceAccountIntrospectResponse(HttpURLConnection httpURLConnection) throws IOException, SocialLoginException {
        int responseCode = httpURLConnection.getResponseCode();
        String readConnectionResponse = this.httpUtils.readConnectionResponse(httpURLConnection);
        if (responseCode != 200) {
            throw new SocialLoginException("USER_API_RESPONSE_BAD_STATUS", null, new Object[]{Integer.valueOf(responseCode), readConnectionResponse});
        }
        return processServiceAccountIntrospectResponse(readConnectionResponse);
    }

    String modifyExistingResponseToJSON(String str) throws SocialLoginException {
        return createModifiedResponse(getUserJsonObjectFromResponse(getStatusJsonObjectFromResponse(getJsonResponseIfValid(str))));
    }

    private JsonObject getJsonResponseIfValid(String str) throws SocialLoginException {
        if (str == null || str.isEmpty()) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_NULL_EMPTY", null, null);
        }
        try {
            return Json.createReader(new StringReader(str)).readObject();
        } catch (JsonParsingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OpenShiftUserApiUtils", "155", this, new Object[]{str});
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_NOT_JSON", null, new Object[]{str, e});
        }
    }

    String createModifiedResponse(JsonObject jsonObject) throws SocialLoginException {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        if ("email".equals(this.config.getUserNameAttribute())) {
            addUserAttributeToResponseWithEmail(jsonObject, createObjectBuilder);
        } else {
            addUserToResponseWithoutEmail(jsonObject, createObjectBuilder);
        }
        addGroupNameToResponse(jsonObject, createObjectBuilder);
        return createObjectBuilder.build().toString();
    }

    void addGroupNameToResponse(JsonObject jsonObject, JsonObjectBuilder jsonObjectBuilder) throws SocialLoginException {
        if (jsonObject.containsKey(this.config.getGroupNameAttribute())) {
            JsonValue jsonValue = (JsonValue) jsonObject.get(this.config.getGroupNameAttribute());
            if (jsonValue.getValueType() != JsonValue.ValueType.ARRAY) {
                throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_WRONG_JSON_TYPE", null, new Object[]{this.config.getGroupNameAttribute(), JsonValue.ValueType.ARRAY, jsonValue.getValueType(), jsonObject});
            }
            jsonObjectBuilder.add(this.config.getGroupNameAttribute(), jsonObject.getJsonArray(this.config.getGroupNameAttribute()));
        }
    }

    void addUserToResponseWithoutEmail(JsonObject jsonObject, JsonObjectBuilder jsonObjectBuilder) throws SocialLoginException {
        if (!jsonObject.containsKey(this.config.getUserNameAttribute())) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_MISSING_KEY", null, new Object[]{this.config.getUserNameAttribute(), jsonObject});
        }
        JsonValue jsonValue = (JsonValue) jsonObject.get(this.config.getUserNameAttribute());
        if (jsonValue.getValueType() != JsonValue.ValueType.STRING) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_WRONG_JSON_TYPE", null, new Object[]{this.config.getUserNameAttribute(), JsonValue.ValueType.STRING, jsonValue.getValueType(), jsonObject});
        }
        jsonObjectBuilder.add(this.config.getUserNameAttribute(), jsonObject.getString(this.config.getUserNameAttribute()));
    }

    void addUserAttributeToResponseWithEmail(JsonObject jsonObject, JsonObjectBuilder jsonObjectBuilder) throws SocialLoginException {
        if (jsonObject.containsKey("email")) {
            JsonValue jsonValue = (JsonValue) jsonObject.get("email");
            if (jsonValue.getValueType() != JsonValue.ValueType.STRING) {
                throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_WRONG_JSON_TYPE", null, new Object[]{"email", JsonValue.ValueType.STRING, jsonValue.getValueType(), jsonObject});
            }
            jsonObjectBuilder.add(this.config.getUserNameAttribute(), jsonObject.getString("email"));
            return;
        }
        Tr.warning(tc, "KUBERNETES_USER_API_RESPONSE_DEFAULT_USER_ATTR_NOT_FOUND", new Object[]{this.config.getUniqueId(), "email", Oauth2LoginConfigImpl.KEY_userNameAttribute, "username"});
        if (!jsonObject.containsKey("username")) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_MISSING_KEY", null, new Object[]{"username", jsonObject});
        }
        jsonObjectBuilder.add(this.config.getUserNameAttribute(), jsonObject.getString("username"));
    }

    JsonObject getUserJsonObjectFromResponse(JsonObject jsonObject) throws SocialLoginException {
        if (jsonObject.containsKey("error")) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_ERROR", null, new Object[]{jsonObject.get("error")});
        }
        if (!jsonObject.containsKey("user")) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_MISSING_KEY", null, new Object[]{"user", jsonObject});
        }
        JsonValue jsonValue = (JsonValue) jsonObject.get("user");
        if (jsonValue.getValueType() != JsonValue.ValueType.OBJECT) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_WRONG_JSON_TYPE", null, new Object[]{"user", JsonValue.ValueType.OBJECT, jsonValue.getValueType(), jsonObject});
        }
        return jsonObject.getJsonObject("user");
    }

    JsonObject getStatusJsonObjectFromResponse(JsonObject jsonObject) throws SocialLoginException {
        if (!jsonObject.containsKey("status")) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_MISSING_KEY", null, new Object[]{"status", jsonObject});
        }
        JsonValue jsonValue = (JsonValue) jsonObject.get("status");
        if (JsonValue.ValueType.STRING == jsonValue.getValueType() && jsonObject.getString("status").equals("Failure") && jsonObject.containsKey(TwitterConstants.RESULT_MESSAGE) && ((JsonValue) jsonObject.get(TwitterConstants.RESULT_MESSAGE)).getValueType() == JsonValue.ValueType.STRING) {
            throw new SocialLoginException(jsonObject.getString(TwitterConstants.RESULT_MESSAGE), null, null);
        }
        if (jsonValue.getValueType() != JsonValue.ValueType.OBJECT) {
            throw new SocialLoginException("KUBERNETES_USER_API_RESPONSE_WRONG_JSON_TYPE", null, new Object[]{"status", JsonValue.ValueType.OBJECT, jsonValue.getValueType(), jsonObject});
        }
        return jsonObject.getJsonObject("status");
    }

    String processServiceAccountIntrospectResponse(String str) throws SocialLoginException {
        return addProjectNameAsGroup(modifyUsername(getJsonObjectValueFromJson(readResponseAsJsonObject(str), "metadata"))).toString();
    }

    @FFDCIgnore({JsonParsingException.class})
    JsonObject readResponseAsJsonObject(String str) throws SocialLoginException {
        if (str == null || str.isEmpty()) {
            throw new SocialLoginException("RESPONSE_NOT_JSON", null, new Object[]{str});
        }
        try {
            return Json.createReader(new StringReader(str)).readObject();
        } catch (JsonParsingException e) {
            throw new SocialLoginException("RESPONSE_NOT_JSON", null, new Object[]{str, e});
        }
    }

    JsonObject getJsonObjectValueFromJson(JsonObject jsonObject, String str) throws SocialLoginException {
        if (!jsonObject.containsKey(str)) {
            throw new SocialLoginException("JSON_MISSING_KEY", null, new Object[]{str, jsonObject});
        }
        JsonValue jsonValue = (JsonValue) jsonObject.get(str);
        if (jsonValue.getValueType() != JsonValue.ValueType.OBJECT) {
            throw new SocialLoginException("JSON_ENTRY_WRONG_JSON_TYPE", null, new Object[]{str, JsonValue.ValueType.OBJECT, jsonValue.getValueType(), jsonObject});
        }
        return jsonObject.getJsonObject(str);
    }

    String getStringValueFromJson(JsonObject jsonObject, String str) throws SocialLoginException {
        if (!jsonObject.containsKey(str)) {
            throw new SocialLoginException("JSON_MISSING_KEY", null, new Object[]{str, jsonObject});
        }
        JsonValue jsonValue = (JsonValue) jsonObject.get(str);
        if (jsonValue.getValueType() != JsonValue.ValueType.STRING) {
            throw new SocialLoginException("JSON_ENTRY_WRONG_JSON_TYPE", null, new Object[]{str, JsonValue.ValueType.STRING, jsonValue.getValueType(), jsonObject});
        }
        return jsonObject.getString(str);
    }

    JsonObject modifyUsername(JsonObject jsonObject) throws SocialLoginException {
        JsonObject jsonObject2 = jsonObject;
        String userNameAttribute = this.config.getUserNameAttribute();
        if (userNameAttribute != null) {
            String stringValueFromJson = getStringValueFromJson(jsonObject, userNameAttribute);
            if (stringValueFromJson.startsWith("system:serviceaccount:")) {
                stringValueFromJson = stringValueFromJson.substring("system:serviceaccount:".length());
            }
            JsonObjectBuilder copyJsonObject = copyJsonObject(jsonObject);
            copyJsonObject.add(userNameAttribute, stringValueFromJson);
            jsonObject2 = copyJsonObject.build();
        }
        return jsonObject2;
    }

    JsonObject addProjectNameAsGroup(JsonObject jsonObject) throws SocialLoginException {
        String substring;
        String groupNameAttribute;
        JsonObject jsonObject2 = jsonObject;
        String stringValueFromJson = getStringValueFromJson(jsonObject, this.config.getUserNameAttribute());
        int indexOf = stringValueFromJson.indexOf(":");
        if (indexOf >= 0 && (substring = stringValueFromJson.substring(0, indexOf)) != null && !substring.isEmpty() && (groupNameAttribute = this.config.getGroupNameAttribute()) != null) {
            JsonObjectBuilder copyJsonObject = copyJsonObject(jsonObject);
            copyJsonObject.add(groupNameAttribute, substring);
            jsonObject2 = copyJsonObject.build();
        }
        return jsonObject2;
    }

    private JsonObjectBuilder copyJsonObject(JsonObject jsonObject) {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        for (Map.Entry entry : jsonObject.entrySet()) {
            createObjectBuilder.add((String) entry.getKey(), (JsonValue) entry.getValue());
        }
        return createObjectBuilder;
    }
}
