package com.ibm.ws.webcontainer.security.extended;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jwtsso.token.proxy.JwtSSOTokenHelper;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.webcontainer.security.SSOCookieHelperImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.internal.StringUtil;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServer;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.util.ArrayList;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security.provider_1.0.21.jar:com/ibm/ws/webcontainer/security/extended/SSOCookieHelperImplExtended.class */
public class SSOCookieHelperImplExtended extends SSOCookieHelperImpl {
    private static final TraceComponent tc = Tr.register(SSOCookieHelperImplExtended.class);
    private static final String OIDC_BROWSER_STATE_COOKIE = "oidc_bsc";
    private final AtomicServiceReference<OidcServer> oidcServerRef;
    static final long serialVersionUID = 8632033790336810115L;

    public SSOCookieHelperImplExtended(WebAppSecurityConfig webAppSecurityConfig, String str) {
        this(webAppSecurityConfig, str, (AtomicServiceReference) null);
    }

    public SSOCookieHelperImplExtended(WebAppSecurityConfig webAppSecurityConfig) {
        this(webAppSecurityConfig, null, (AtomicServiceReference) null);
    }

    public SSOCookieHelperImplExtended(WebAppSecurityConfig webAppSecurityConfig, AtomicServiceReference<OidcServer> atomicServiceReference) {
        this(webAppSecurityConfig, null, atomicServiceReference);
    }

    private SSOCookieHelperImplExtended(WebAppSecurityConfig webAppSecurityConfig, String str, AtomicServiceReference<OidcServer> atomicServiceReference) {
        super(webAppSecurityConfig, str);
        this.oidcServerRef = atomicServiceReference;
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelperImpl, com.ibm.ws.webcontainer.security.SSOCookieHelper
    public void addSSOCookiesToResponse(Subject subject, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SingleSignonToken defaultSSOTokenFromSubject;
        byte[] bytes;
        if (allowToAddCookieToResponse(httpServletRequest)) {
            addJwtSsoCookiesToResponse(subject, httpServletRequest, httpServletResponse);
            if (!JwtSSOTokenHelper.shouldAlsoIncludeLtpaCookie() || (defaultSSOTokenFromSubject = getDefaultSSOTokenFromSubject(subject)) == null || (bytes = defaultSSOTokenFromSubject.getBytes()) == null) {
                return;
            }
            ByteArray byteArray = new ByteArray(bytes);
            String str = cookieByteStringCache.get(byteArray);
            if (str == null) {
                str = StringUtil.toString(Base64Coder.base64Encode(bytes));
                updateCookieCache(byteArray, str);
            }
            httpServletResponse.addCookie(createCookie(httpServletRequest, str));
            if (this.oidcServerRef == null || this.oidcServerRef.getService() == null || !isBrowserStateEnabled(httpServletRequest)) {
                return;
            }
            removeBrowserStateCookie(httpServletRequest, httpServletResponse);
        }
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelperImpl, com.ibm.ws.webcontainer.security.SSOCookieHelper
    public void createLogoutCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        ArrayList<Cookie> arrayList = new ArrayList<>();
        if (cookies != null) {
            String resolveCookieName = resolveCookieName(cookies);
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equalsIgnoreCase(resolveCookieName)) {
                    cookies[i].setValue(null);
                    addLogoutCookieToList(httpServletRequest, resolveCookieName, arrayList);
                } else if (cookies[i].getName().equalsIgnoreCase("oidc_bsc") && this.oidcServerRef != null && this.oidcServerRef.getService() != null) {
                    removeBrowserStateCookie(httpServletRequest, httpServletResponse);
                }
            }
            logoutJwtCookies(httpServletRequest, cookies, arrayList);
            Iterator<Cookie> it = arrayList.iterator();
            while (it.hasNext()) {
                httpServletResponse.addCookie(it.next());
            }
        }
    }

    protected boolean isBrowserStateEnabled(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equalsIgnoreCase("oidc_bsc")) {
                return true;
            }
        }
        return false;
    }

    protected void removeBrowserStateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("oidc_bsc", "");
        cookie.setMaxAge(0);
        cookie.setPath("/");
        cookie.setSecure(httpServletRequest.isSecure());
        httpServletResponse.addCookie(cookie);
    }
}
