package com.ibm.ws.security.social.twitter;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.ErrorHandlerImpl;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/twitter/TwitterTokenServices.class */
public class TwitterTokenServices {
    private static TraceComponent tc = Tr.register(TwitterTokenServices.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    SocialWebUtils webUtils = new SocialWebUtils();
    static final long serialVersionUID = -1138610379368419889L;

    protected TwitterEndpointServices getTwitterEndpointServices() {
        return new TwitterEndpointServices();
    }

    public void getRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SocialLoginConfig socialLoginConfig) {
        TwitterEndpointServices twitterEndpointServices = getTwitterEndpointServices();
        twitterEndpointServices.setConsumerKey(socialLoginConfig.getClientId());
        twitterEndpointServices.setConsumerSecret(socialLoginConfig.getClientSecret());
        Map<String, Object> obtainRequestToken = twitterEndpointServices.obtainRequestToken(socialLoginConfig, str);
        if (obtainRequestToken == null || obtainRequestToken.isEmpty()) {
            Tr.error(tc, "TWITTER_ERROR_OBTAINING_ENDPOINT_RESULT", new Object[]{TwitterConstants.TWITTER_ENDPOINT_REQUEST_TOKEN});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "/oauth/request_token result: " + obtainRequestToken.toString(), new Object[0]);
        }
        try {
            if (!isSuccessfulResult(obtainRequestToken, TwitterConstants.TWITTER_ENDPOINT_REQUEST_TOKEN)) {
                ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
                return;
            }
            String str3 = (String) obtainRequestToken.get("oauth_token");
            setCookies(httpServletRequest, httpServletResponse, str3, str2);
            String authorizationEndpoint = socialLoginConfig.getAuthorizationEndpoint();
            try {
                SocialUtil.validateEndpointWithQuery(authorizationEndpoint);
                httpServletResponse.sendRedirect(authorizationEndpoint + (authorizationEndpoint.contains("?") ? "&" : "?") + "oauth_token=" + str3);
            } catch (SocialLoginException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.twitter.TwitterTokenServices", "88", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, socialLoginConfig});
                Tr.error(tc, "FAILED_TO_REDIRECT_TO_AUTHZ_ENDPOINT", new Object[]{socialLoginConfig.getUniqueId(), e.getMessage()});
                ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.twitter.TwitterTokenServices", "96", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, socialLoginConfig});
            Tr.error(tc, "TWITTER_REDIRECT_IOEXCEPTION", new Object[]{TwitterConstants.TWITTER_ENDPOINT_REQUEST_TOKEN, e2.getLocalizedMessage()});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse, 400);
        }
    }

    @Sensitive
    public Map<String, Object> getAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) {
        TwitterEndpointServices twitterEndpointServices = getTwitterEndpointServices();
        twitterEndpointServices.setConsumerKey(socialLoginConfig.getClientId());
        twitterEndpointServices.setConsumerSecret(socialLoginConfig.getClientSecret());
        if (isMissingParameter(httpServletRequest.getParameterMap(), TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN)) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("oauth_token");
        String andClearCookie = this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, TwitterConstants.COOKIE_NAME_REQUEST_TOKEN);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Obtained token from request: [" + parameter + "], matching against: [" + andClearCookie + "]", new Object[0]);
        }
        if (!parameter.equals(andClearCookie)) {
            Tr.error(tc, "TWITTER_TOKEN_DOES_NOT_MATCH", new Object[0]);
            return null;
        }
        Map<String, Object> obtainAccessToken = twitterEndpointServices.obtainAccessToken(socialLoginConfig, andClearCookie, httpServletRequest.getParameter(TwitterConstants.PARAM_OAUTH_VERIFIER));
        if (obtainAccessToken == null || obtainAccessToken.isEmpty()) {
            Tr.error(tc, "TWITTER_ERROR_OBTAINING_ENDPOINT_RESULT", new Object[]{TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN});
            return null;
        }
        if (isSuccessfulResult(obtainAccessToken, TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN)) {
            return obtainAccessToken;
        }
        return null;
    }

    public Map<String, Object> verifyCredentials(HttpServletResponse httpServletResponse, String str, @Sensitive String str2, SocialLoginConfig socialLoginConfig) {
        TwitterEndpointServices twitterEndpointServices = getTwitterEndpointServices();
        twitterEndpointServices.setConsumerKey(socialLoginConfig.getClientId());
        twitterEndpointServices.setConsumerSecret(socialLoginConfig.getClientSecret());
        Map<String, Object> verifyCredentials = twitterEndpointServices.verifyCredentials(socialLoginConfig, str, str2);
        if (verifyCredentials == null || verifyCredentials.isEmpty()) {
            Tr.error(tc, "TWITTER_ERROR_OBTAINING_ENDPOINT_RESULT", new Object[]{TwitterConstants.TWITTER_ENDPOINT_VERIFY_CREDENTIALS});
            return null;
        }
        if (!isSuccessfulResult(verifyCredentials, TwitterConstants.TWITTER_ENDPOINT_VERIFY_CREDENTIALS)) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.putAll(verifyCredentials);
        hashMap.put("access_token", str);
        return hashMap;
    }

    protected void setCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        ReferrerURLCookieHandler createReferrerURLCookieHandler = WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig().createReferrerURLCookieHandler();
        httpServletResponse.addCookie(createReferrerURLCookieHandler.createCookie(TwitterConstants.COOKIE_NAME_REQUEST_TOKEN, str, httpServletRequest));
        httpServletResponse.addCookie(createReferrerURLCookieHandler.createCookie(ClientConstants.COOKIE_NAME_REQ_URL_PREFIX + str2.hashCode(), this.webUtils.getRequestUrlWithEncodedQueryString(httpServletRequest), httpServletRequest));
    }

    protected boolean isMissingParameter(Map<String, String[]> map, String str) {
        if (!TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN.equals(str)) {
            return false;
        }
        if (!map.containsKey("oauth_token")) {
            Tr.error(tc, "TWITTER_REQUEST_MISSING_PARAMETER", new Object[]{TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN, "oauth_token"});
            return true;
        }
        if (map.containsKey(TwitterConstants.PARAM_OAUTH_VERIFIER)) {
            return false;
        }
        Tr.error(tc, "TWITTER_REQUEST_MISSING_PARAMETER", new Object[]{TwitterConstants.TWITTER_ENDPOINT_ACCESS_TOKEN, TwitterConstants.PARAM_OAUTH_VERIFIER});
        return true;
    }

    protected boolean isSuccessfulResult(@Sensitive Map<String, Object> map, String str) {
        if (map == null) {
            Tr.error(tc, "TWITTER_ERROR_OBTAINING_ENDPOINT_RESULT", new Object[]{str});
            return false;
        }
        String str2 = map.containsKey(TwitterConstants.RESULT_RESPONSE_STATUS) ? (String) map.get(TwitterConstants.RESULT_RESPONSE_STATUS) : null;
        String str3 = map.containsKey(TwitterConstants.RESULT_MESSAGE) ? (String) map.get(TwitterConstants.RESULT_MESSAGE) : null;
        if (str2 == null) {
            Tr.error(tc, "TWITTER_RESPONSE_STATUS_MISSING", new Object[]{str});
            return false;
        }
        if (str2.equals(TwitterConstants.RESULT_SUCCESS)) {
            return true;
        }
        TraceComponent traceComponent = tc;
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str3 == null ? "" : str3;
        Tr.error(traceComponent, "TWITTER_RESPONSE_FAILURE", objArr);
        return false;
    }
}
