package com.ibm.ws.security.oauth20.mediator;

import com.ibm.oauth.core.api.OAuthConstants;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MediatorException;
import com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.wsspi.security.registry.RegistryHelper;
import java.rmi.RemoteException;
import org.apache.aries.blueprint.parser.Parser;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.18.jar:com/ibm/ws/security/oauth20/mediator/ResourceOwnerValidationMediator.class */
public class ResourceOwnerValidationMediator implements OAuth20Mediator {
    private static TraceComponent tc = Tr.register((Class<?>) ResourceOwnerValidationMediator.class, "OAuth20Provider", "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages");
    private static final String INVALID = "invalid_resource_owner_credential";
    private UserRegistry reg = null;
    private static final String FLOW_PASSWORD = "password";
    static final long serialVersionUID = -8042854942392365872L;

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    @ManualTrace
    public void init(OAuthComponentConfiguration oAuthComponentConfiguration) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init", new Object[0]);
        }
        try {
            this.reg = RegistryHelper.getUserRegistry(null);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "init: getUserRegistry returned:" + (this.reg != null ? "not null" : Parser.NULL_ELEMENT), new Object[0]);
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS, "50", this, new Object[]{oAuthComponentConfiguration});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to get user registry for resource owner validation", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init");
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateAuthorize(AttributeList attributeList) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateAuthorizeException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateResource(AttributeList attributeList) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateResourceException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    @ManualTrace
    public void mediateToken(AttributeList attributeList) throws OAuth20MediatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mediateToken", new Object[0]);
        }
        if ("password".equals(attributeList.getAttributeValueByName("grant_type"))) {
            String attributeValueByName = attributeList.getAttributeValueByName("username");
            String attributeValueByName2 = attributeList.getAttributeValueByName("password");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "mediateToken: Username and Password is " + attributeValueByName + attributeValueByName2, new Object[0]);
            }
            try {
                if (this.reg == null) {
                    this.reg = RegistryHelper.getUserRegistry(null);
                    if (this.reg == null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getUserRegistry returned null.", new Object[0]);
                        }
                        throw new OAuth20MediatorException(INVALID, new Throwable("getUserRegistry returned null"));
                    }
                }
                this.reg.checkPassword(attributeValueByName, attributeValueByName2);
            } catch (PasswordCheckFailedException e) {
                FFDCFilter.processException(e, ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS, "108", this, new Object[]{attributeList});
                throw new OAuth20MediatorException(INVALID, e);
            } catch (WSSecurityException e2) {
                FFDCFilter.processException(e2, ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS, "114", this, new Object[]{attributeList});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to get user registry for resource owner validation", e2);
                }
                throw new OAuth20MediatorException(INVALID, e2);
            } catch (RemoteException e3) {
                FFDCFilter.processException(e3, ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS, "112", this, new Object[]{attributeList});
                throw new OAuth20MediatorException(INVALID, e3);
            } catch (CustomRegistryException e4) {
                FFDCFilter.processException(e4, ConfigUtils.BUILTIN_SAMPLE_MEDIATOR_CLASS, "110", this, new Object[]{attributeList});
                throw new OAuth20MediatorException(INVALID, e4);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mediateToken");
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    @ManualTrace
    public void mediateTokenException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mediateTokenException", new Object[0]);
        }
        if ("password".equals(attributeList.getAttributeValueByName("grant_type"))) {
            attributeList.setAttribute("access_token", OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[0]);
            attributeList.setAttribute("refresh_token", OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[0]);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mediateTokenException");
        }
    }
}
