package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.jwt.JwtBuilder;
import com.ibm.websphere.security.jwt.JwtConsumer;
import com.ibm.websphere.security.jwt.JwtToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.UserApiConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.utils.OAuthClientUtil;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TAIJwtUtils.class */
public class TAIJwtUtils {
    public static final TraceComponent tc = Tr.register(TAIJwtUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    static final long serialVersionUID = 6866510771679541117L;

    @FFDCIgnore({SocialLoginException.class})
    public JwtToken createJwtToken(OAuthClientUtil oAuthClientUtil, @Sensitive String str, SocialLoginConfig socialLoginConfig, @Sensitive String str2, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        JwtToken createJwtTokenFromIdToken;
        if (str == null) {
            UserApiConfig[] userApis = socialLoginConfig.getUserApis();
            if (userApis == null || userApis.length == 0) {
                throw new SocialLoginException("NO_USER_API_CONFIGS_PRESENT", null, new Object[]{socialLoginConfig.getUniqueId()});
            }
            String api = userApis[0].getApi();
            try {
                createJwtTokenFromIdToken = oAuthClientUtil.getUserApiAsJwtToken(api, str2, sSLSocketFactory, false, socialLoginConfig);
            } catch (SocialLoginException e) {
                throw new SocialLoginException("FAILED_TO_CREATE_JWT_FROM_USER_API", e, new Object[]{api, e.getMessage()});
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIJwtUtils", "53", this, new Object[]{oAuthClientUtil, "<sensitive java.lang.String>", socialLoginConfig, "<sensitive java.lang.String>", sSLSocketFactory});
                throw new SocialLoginException("FAILED_TO_CREATE_JWT_FROM_USER_API", e2, new Object[]{api, e2.getMessage()});
            }
        } else {
            createJwtTokenFromIdToken = createJwtTokenFromIdToken(str, socialLoginConfig.getUniqueId());
        }
        return createJwtTokenFromIdToken;
    }

    public JwtToken createJwtTokenFromIdToken(@Sensitive String str, String str2) throws SocialLoginException {
        try {
            return JwtConsumer.create(str2).createJwt(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.TAIJwtUtils", "67", this, new Object[]{"<sensitive java.lang.String>", str2});
            throw new SocialLoginException("FAILED_TO_CREATE_JWT_FROM_ID_TOKEN", e, new Object[]{str2, e.getMessage()});
        }
    }

    public JwtToken createJwtTokenFromJson(String str, SocialLoginConfig socialLoginConfig, boolean z) throws Exception {
        return JwtBuilder.create(socialLoginConfig.getJwtRef()).claim(handleJwtClaims(str, socialLoginConfig, z)).buildJwt();
    }

    public Map<String, Object> handleJwtClaims(String str, SocialLoginConfig socialLoginConfig, boolean z) throws Exception {
        String decodeFromBase64String;
        Map map = null;
        if (z) {
            String payload = JsonUtils.getPayload(str);
            if (payload != null && (decodeFromBase64String = JsonUtils.decodeFromBase64String(payload)) != null) {
                map = JsonUtils.claimsFromJsonObject(decodeFromBase64String);
            }
        } else {
            map = JsonUtils.claimsFromJsonObject(str);
        }
        return handleJwtClaimsMap(map, socialLoginConfig, z);
    }

    protected Map<String, Object> handleJwtClaimsMap(Map map, SocialLoginConfig socialLoginConfig, boolean z) {
        HashMap hashMap = new HashMap();
        if (map != null && !map.isEmpty()) {
            String[] jwtClaims = socialLoginConfig.getJwtClaims();
            if (jwtClaims != null && jwtClaims.length > 0) {
                for (String str : jwtClaims) {
                    Object obj = map.get(str);
                    if (obj != null) {
                        hashMap.put(str, obj);
                    }
                }
            } else if (z) {
                String userNameAttribute = socialLoginConfig.getUserNameAttribute();
                Object obj2 = map.get(userNameAttribute);
                if (userNameAttribute != null && obj2 != null) {
                    hashMap.put(userNameAttribute, obj2);
                }
            } else {
                hashMap.putAll(handleIssuerClaim(map));
            }
        }
        return hashMap;
    }

    private Map handleIssuerClaim(Map map) {
        if (map != null && !map.isEmpty() && map.containsKey("iss")) {
            map.remove("iss");
        }
        return map;
    }
}
