package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.http.AuthUtils;
import com.ibm.ws.security.common.web.WebUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.ErrorHandlerImpl;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import com.ibm.ws.security.social.web.RequestFilter;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.PostParameterHelper;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.wsspi.security.tai.TAIResult;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TAIWebUtils.class */
public class TAIWebUtils {
    public static final TraceComponent tc = Tr.register(TAIWebUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    private static final String JWT_SEGMENTS = "-segments";
    private static final String JWT_SEGMENT_INDEX = "-";
    private static final String Authorization_Header = "Authorization";
    private static final String ACCESS_TOKEN = "access_token";
    WebUtils webUtils = new WebUtils();
    SocialWebUtils socialWebUtils = new SocialWebUtils();
    AuthUtils authUtils = new AuthUtils();
    ReferrerURLCookieHandler referrerURLCookieHandler;
    static final long serialVersionUID = 6786416653334470568L;

    public TAIWebUtils() {
        this.referrerURLCookieHandler = null;
        this.referrerURLCookieHandler = getCookieHandler();
    }

    @FFDCIgnore({SocialLoginException.class})
    public String getRedirectUrl(HttpServletRequest httpServletRequest, SocialLoginConfig socialLoginConfig) {
        boolean z = false;
        String redirectToRPHostAndPort = socialLoginConfig.getRedirectToRPHostAndPort();
        if (redirectToRPHostAndPort != null && !redirectToRPHostAndPort.isEmpty()) {
            try {
                SocialUtil.validateEndpointFormat(redirectToRPHostAndPort, false);
                z = true;
            } catch (SocialLoginException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to validate URL format of redirectToRPHostAndPort value [" + redirectToRPHostAndPort + "] due to " + e.getMessage(), new Object[0]);
                }
            }
        }
        if (!z) {
            redirectToRPHostAndPort = getHostAndPort(httpServletRequest);
        }
        StringBuffer stringBuffer = new StringBuffer(redirectToRPHostAndPort);
        stringBuffer.append(Oauth2LoginConfigImpl.getContextRoot()).append(RequestFilter.REDIRECT).append(socialLoginConfig.getUniqueId());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "redirect=" + ((Object) stringBuffer), new Object[0]);
        }
        return stringBuffer.toString();
    }

    public String getAuthorizationEndpoint(SocialLoginConfig socialLoginConfig) throws SocialLoginException {
        String authorizationEndpoint = socialLoginConfig.getAuthorizationEndpoint();
        SocialUtil.validateEndpointWithQuery(authorizationEndpoint);
        return authorizationEndpoint;
    }

    public String createStateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String generateRandom = SocialUtil.generateRandom();
        String loginHint = this.socialWebUtils.getLoginHint(httpServletRequest);
        if (!httpServletRequest.getMethod().equalsIgnoreCase("GET") && loginHint != null) {
            generateRandom = generateRandom + loginHint;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting cookie WASSocialState to " + generateRandom, new Object[0]);
        }
        httpServletResponse.addCookie(this.referrerURLCookieHandler.createCookie(ClientConstants.COOKIE_NAME_STATE_KEY, generateRandom, httpServletRequest));
        return generateRandom;
    }

    public TAIResult sendToErrorPage(HttpServletResponse httpServletResponse, TAIResult tAIResult) {
        return ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse, tAIResult);
    }

    public void savePostParameters(HttpServletRequest httpServletRequest) {
        PostParameterHelper.savePostParams((SRTServletRequest) httpServletRequest);
    }

    public void restorePostParameters(HttpServletRequest httpServletRequest) {
        PostParameterHelper.restorePostParams((SRTServletRequest) httpServletRequest);
    }

    public ReferrerURLCookieHandler getCookieHandler() {
        WebAppSecurityConfig globalWebAppSecurityConfig = WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig();
        return globalWebAppSecurityConfig != null ? globalWebAppSecurityConfig.createReferrerURLCookieHandler() : new ReferrerURLCookieHandler(globalWebAppSecurityConfig);
    }

    String getHostAndPort(HttpServletRequest httpServletRequest) {
        String str;
        String serverName = httpServletRequest.getServerName();
        Integer redirectPortFromRequest = this.webUtils.getRedirectPortFromRequest(httpServletRequest);
        if (redirectPortFromRequest == null && httpServletRequest.isSecure()) {
            int serverPort = httpServletRequest.getServerPort();
            str = httpServletRequest.getScheme() + "://" + serverName + ((serverPort <= 0 || serverPort == 443) ? "" : ":" + serverPort);
        } else {
            str = "https://" + serverName + (redirectPortFromRequest == null ? "" : ":" + redirectPortFromRequest);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "hostAndPort=" + str, new Object[0]);
        }
        return str;
    }

    @Sensitive
    public String getBearerAccessToken(HttpServletRequest httpServletRequest, SocialLoginConfig socialLoginConfig) {
        String accessTokenHeaderName = socialLoginConfig.getAccessTokenHeaderName();
        if (accessTokenHeaderName == null) {
            return getBearerTokenFromAuthzHeaderOrRequestBody(httpServletRequest);
        }
        String bearerTokenFromCustomHeader = getBearerTokenFromCustomHeader(httpServletRequest, accessTokenHeaderName);
        if (bearerTokenFromCustomHeader == null) {
            Tr.warning(tc, "CUSTOM_ACCESS_TOKEN_HEADER_MISSING", new Object[]{Oauth2LoginConfigImpl.KEY_accessTokenHeaderName, socialLoginConfig.getUniqueId(), accessTokenHeaderName});
        }
        return bearerTokenFromCustomHeader;
    }

    @Sensitive
    String getBearerTokenFromCustomHeader(HttpServletRequest httpServletRequest, String str) {
        String bearerTokenFromHeader = this.authUtils.getBearerTokenFromHeader(httpServletRequest, new String[]{str});
        if (bearerTokenFromHeader == null) {
            return getBearerTokenFromCustomHeaderSegments(httpServletRequest, str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Header value is not null", new Object[0]);
        }
        return bearerTokenFromHeader.trim();
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    String getBearerTokenFromCustomHeaderSegments(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader(str + JWT_SEGMENTS);
        if (header == null) {
            return null;
        }
        String str2 = null;
        try {
            str2 = buildBearerTokenFromCustomHeaderSegments(httpServletRequest, str, Integer.parseInt(header));
            if (str2 != null) {
                if (str2.isEmpty()) {
                    str2 = null;
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to read Header Segments:", new Object[]{e.getMessage()});
            }
        }
        return str2;
    }

    @Sensitive
    String buildBearerTokenFromCustomHeaderSegments(HttpServletRequest httpServletRequest, String str, int i) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i2 = 1; i2 < i + 1; i2++) {
            String header = httpServletRequest.getHeader(str + JWT_SEGMENT_INDEX + i2);
            if (header != null) {
                stringBuffer.append(header.trim());
            }
        }
        return stringBuffer.toString();
    }

    @Sensitive
    String getBearerTokenFromAuthzHeaderOrRequestBody(HttpServletRequest httpServletRequest) {
        String bearerTokenFromHeader = this.authUtils.getBearerTokenFromHeader(httpServletRequest);
        if (bearerTokenFromHeader == null && ClientConstants.REQ_METHOD_POST.equalsIgnoreCase(httpServletRequest.getMethod()) && ClientConstants.REQ_CONTENT_TYPE_APP_FORM_URLENCODED.equals(httpServletRequest.getHeader(ClientConstants.REQ_CONTENT_TYPE_NAME))) {
            bearerTokenFromHeader = httpServletRequest.getParameter("access_token");
        }
        return bearerTokenFromHeader;
    }
}
