package com.ibm.ws.security.oauth20.web;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonPrimitive;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.oauth.core.api.error.OidcServerException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.security.oauth20.util.Base64;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.18.jar:com/ibm/ws/security/oauth20/web/CoverageMapEndpointServices.class */
public class CoverageMapEndpointServices extends AbstractOidcEndpointServices {
    protected static final String MESSAGE_BUNDLE = "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages";
    private static TraceComponent tc = Tr.register(CoverageMapEndpointServices.class);
    static final long serialVersionUID = 4915824348316262147L;

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleEndpointRequest(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OidcServerException, IOException {
        if (httpServletRequest.getMethod().equalsIgnoreCase("GET") || httpServletRequest.getMethod().equalsIgnoreCase("HEAD")) {
            processHeadOrGet(oAuth20Provider, httpServletRequest, httpServletResponse);
        } else {
            String formattedMessage = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_UNSUPPORTED_METHOD", new Object[]{httpServletRequest.getMethod(), getClass().getSimpleName()}, "CWWKS1433E: The HTTP method {0} is not supported for the service {1}.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "server_error", 405);
        }
    }

    private void processHeadOrGet(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OidcServerException {
        validateJsonAcceptable(httpServletRequest);
        validateTokenType(httpServletRequest, httpServletResponse);
        JsonArray jsonArray = new JsonArray();
        Iterator<String> it = getTrustedUriPrefixes(oAuth20Provider.getClientProvider()).iterator();
        while (it.hasNext()) {
            jsonArray.add(new JsonPrimitive(addTrailingSlash(it.next())));
        }
        String eTag = getETag(jsonArray);
        httpServletResponse.addHeader("ETag", String.format("\"%s\"", eTag));
        httpServletResponse.setHeader("Cache-Control", constructCacheControlHeaderWithMaxAge(true, String.valueOf(oAuth20Provider.getCoverageMapSessionMaxAge())));
        httpServletResponse.setHeader("Content-Type", "application/json");
        OidcServerException checkConditionalExecution = checkConditionalExecution(httpServletRequest, true, true, eTag, null);
        if (checkConditionalExecution != null) {
            httpServletResponse.setStatus(checkConditionalExecution.getHttpStatus());
            httpServletResponse.flushBuffer();
        } else {
            if (httpServletRequest.getMethod().equalsIgnoreCase("GET")) {
                httpServletResponse.getOutputStream().print(OidcOAuth20Util.GSON_RAW.toJson((JsonElement) jsonArray));
            }
            httpServletResponse.setStatus(200);
            httpServletResponse.flushBuffer();
        }
    }

    private Set<String> getTrustedUriPrefixes(OidcOAuth20ClientProvider oidcOAuth20ClientProvider) throws OidcServerException {
        HashSet hashSet = new HashSet();
        Iterator<OidcBaseClient> it = oidcOAuth20ClientProvider.getAll().iterator();
        while (it.hasNext()) {
            Iterator<JsonElement> it2 = it.next().getTrustedUriPrefixes().iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().getAsString());
            }
        }
        return hashSet;
    }

    private String validateTokenType(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OidcServerException {
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            String formattedMessage = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_COVERAGE_MAP_MISSING_PARAMS", new Object[]{"token_type"}, "CWWKS1434E: Missing required parameters in request.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "invalid_request", 400);
        }
        String[] strArr = parseQueryParameters(queryString).get("token_type");
        if (strArr == null) {
            String formattedMessage2 = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_COVERAGE_MAP_MISSING_TOKEN_PARAM", new Object[]{"token_type"}, "CWWKS1435E: Missing {0} parameter in request.");
            Tr.error(tc, formattedMessage2, new Object[0]);
            throw new OidcServerException(formattedMessage2, "invalid_request", 400);
        }
        if (strArr.length > 1) {
            String formattedMessage3 = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_COVERAGE_MAP_MULTIPLE_TOKEN_PARAM", new Object[]{"token_type"}, "CWWKS1436E: Request contains multiple {0} parameters.");
            Tr.error(tc, formattedMessage3, new Object[0]);
            throw new OidcServerException(formattedMessage3, "invalid_request", 400);
        }
        String decode = decode(strArr[0]);
        if (decode.equalsIgnoreCase("Bearer")) {
            return decode.toLowerCase();
        }
        String formattedMessage4 = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_COVERAGE_MAP_UNRECOGNIZED_TOKEN_PARAM", new Object[]{decode}, "CWWKS1437E: Request contains unrecognized token type parameter {0}.");
        Tr.error(tc, formattedMessage4, new Object[0]);
        throw new OidcServerException(formattedMessage4, "invalid_request", 400);
    }

    private String getETag(JsonArray jsonArray) {
        List<String> list = getList(jsonArray);
        Collections.sort(list);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                messageDigest.update(Base64Coder.getBytes(it.next()));
            }
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.CoverageMapEndpointServices", "214", this, new Object[]{jsonArray});
            throw new RuntimeException(e);
        }
    }
}
