package com.ibm.ws.security.oauth20.mediator;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MediatorException;
import com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator;
import com.ibm.oauth.core.internal.OAuthConstants;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.security.oauth20.api.Constants;
import com.ibm.wsspi.security.registry.RegistryHelper;
import java.rmi.RemoteException;

/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.0.4.jar:com/ibm/ws/security/oauth20/mediator/ResourceOwnerValidationMedidator.class */
public class ResourceOwnerValidationMedidator implements OAuth20Mediator {
    private static TraceComponent tc = Tr.register((Class<?>) ResourceOwnerValidationMedidator.class, "OAuth20Provider", Constants.RESOURCE_BUNDLE);
    private static final String INVALID = "invalid_resource_owner_credential";
    private UserRegistry reg = null;
    private static final String FLOW_PASSWORD = "password";

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void init(OAuthComponentConfiguration oAuthComponentConfiguration) {
        try {
            this.reg = RegistryHelper.getUserRegistry(null);
        } catch (WSSecurityException e) {
            Tr.error(tc, "Fail to get UserRegistry for resource owner validation", e);
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateAuthorize(AttributeList attributeList) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateAuthorizeException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateResource(AttributeList attributeList) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateResourceException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateToken(AttributeList attributeList) throws OAuth20MediatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mediateToken");
        }
        if ("password".equals(attributeList.getAttributeValueByName("grant_type"))) {
            try {
                this.reg.checkPassword(attributeList.getAttributeValueByName(OAuthConstants.USERNAME), attributeList.getAttributeValueByName("password"));
            } catch (CustomRegistryException e) {
                throw new OAuth20MediatorException(INVALID, e);
            } catch (RemoteException e2) {
                throw new OAuth20MediatorException(INVALID, e2);
            } catch (PasswordCheckFailedException e3) {
                throw new OAuth20MediatorException(INVALID, e3);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mediateToken");
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator
    public void mediateTokenException(AttributeList attributeList, OAuthException oAuthException) throws OAuth20MediatorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mediateTokenException");
        }
        if ("password".equals(attributeList.getAttributeValueByName("grant_type"))) {
            attributeList.setAttribute("access_token", com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[0]);
            attributeList.setAttribute("refresh_token", com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[0]);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mediateTokenException");
        }
    }
}
