package com.ibm.ws.jaxrs20.client.security.oauth;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.jaxrs20.client.MpJwtPropagation;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {OAuthPropagationHelper.class}, name = "OAuthPropagationHelper", immediate = true, property = {"service.vendor=IBM"})
/* loaded from: input_file:com/ibm/ws/jaxrs20/client/security/oauth/OAuthPropagationHelper.class */
public class OAuthPropagationHelper {
    public static final String ISSUED_JWT_TOKEN = "issuedJwt";
    static final long serialVersionUID = 6970744262472130248L;
    private static final TraceComponent tc = Tr.register(OAuthPropagationHelper.class, "com.ibm.ws.jaxrs20.client", "com.ibm.ws.jaxrs20.client.internal.resources.JAXRSClientMessages");
    public static final String MP_JSON_WEB_TOKEN_PROPAGATION = "MpJwtPropagation";
    protected static final AtomicServiceReference<MpJwtPropagation> MpJsonWebTokenUtilRef = new AtomicServiceReference<>(MP_JSON_WEB_TOKEN_PROPAGATION);

    @Reference(service = MpJwtPropagation.class, name = MP_JSON_WEB_TOKEN_PROPAGATION, cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setMpJwtPropagation(ServiceReference<MpJwtPropagation> serviceReference) {
        MpJsonWebTokenUtilRef.setReference(serviceReference);
    }

    protected void unsetMpJwtPropagation(ServiceReference<MpJwtPropagation> serviceReference) {
        MpJsonWebTokenUtilRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        MpJsonWebTokenUtilRef.activate(componentContext);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "MpJwtPropagation service is activated", new Object[0]);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "OAuthPropagationHelper service is activated", new Object[0]);
        }
    }

    @Modified
    protected void modified(Map<String, Object> map) {
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        MpJsonWebTokenUtilRef.deactivate(componentContext);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "MpJwtPropagation service is deactivated", new Object[0]);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "OAuthPropagationHelper service is activated", new Object[0]);
        }
    }

    public static String getMpJsonWebToken() {
        if (MpJsonWebTokenUtilRef.getService() != null) {
            return ((MpJwtPropagation) MpJsonWebTokenUtilRef.getService()).getJsonWebTokenPrincipal(getRunAsSubject());
        }
        Tr.warning(tc, Tr.formatMessage(tc, "warn_mpjwt_prop_service_notavail", new Object[0]), new Object[0]);
        return null;
    }

    public static String getAccessTokenType() {
        return getSubjectAttributeString("token_type", true);
    }

    public static String getAccessToken() {
        return getSubjectAttributeString("access_token", true);
    }

    public static String getJwtToken() throws Exception {
        String issuedJwtToken = getIssuedJwtToken();
        if (issuedJwtToken == null) {
            issuedJwtToken = getAccessToken();
            if (!isJwt(issuedJwtToken)) {
                issuedJwtToken = null;
            }
        }
        return issuedJwtToken;
    }

    private static boolean isJwt(String str) {
        return str != null && str.indexOf(".") >= 0;
    }

    public static String getIssuedJwtToken() throws Exception {
        return getSubjectAttributeString(ISSUED_JWT_TOKEN, true);
    }

    public static String getScopes() {
        return getSubjectAttributeString("scope", true);
    }

    static Subject getRunAsSubject() {
        try {
            return WSSubject.getRunAsSubject();
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.jaxrs20.client.security.oauth.OAuthPropagationHelper", "144", (Object) null, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while getting runAsSubject:", new Object[]{e.getCause()});
            }
            Tr.warning(tc, "failed_run_as_subject", new Object[]{e.getLocalizedMessage()});
            return null;
        }
    }

    static String getSubjectAttributeString(String str, boolean z) {
        Subject runAsSubject = getRunAsSubject();
        if (runAsSubject != null) {
            return getSubjectAttributeObject(runAsSubject, str, z);
        }
        return null;
    }

    @FFDCIgnore({PrivilegedActionException.class})
    static String getSubjectAttributeObject(Subject subject, String str, boolean z) {
        try {
            String credentialAttribute = getCredentialAttribute(subject.getPublicCredentials(), str, z, "publicCredentials");
            if (credentialAttribute == null || credentialAttribute.isEmpty()) {
                credentialAttribute = getCredentialAttribute(subject.getPrivateCredentials(), str, z, "privateCredentials");
            }
            return credentialAttribute;
        } catch (PrivilegedActionException e) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Did not find a value for the attribute (" + str + ")", new Object[0]);
            return null;
        }
    }

    static String getCredentialAttribute(final Set<Object> set, final String str, final boolean z, final String str2) throws PrivilegedActionException {
        Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.jaxrs20.client.security.oauth.OAuthPropagationHelper.1
            static final long serialVersionUID = -719887960180542843L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.jaxrs20.client.security.oauth.OAuthPropagationHelper$1", AnonymousClass1.class, (String) null, (String) null);

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                int i = 0;
                for (Object obj : set) {
                    i++;
                    if (TraceComponent.isAnyTracingEnabled() && OAuthPropagationHelper.tc.isDebugEnabled()) {
                        Tr.debug(OAuthPropagationHelper.tc, str2 + "(" + i + ") class:" + obj.getClass().getName(), new Object[0]);
                    }
                    if ((obj instanceof Map) && (!z || ((Map) obj).get("access_token") != null)) {
                        Object obj2 = ((Map) obj).get(str);
                        if (obj2 != null) {
                            return obj2;
                        }
                    }
                }
                return null;
            }
        });
        if (doPrivileged != null) {
            return doPrivileged.toString();
        }
        return null;
    }
}
