package com.ibm.ws.security.jwt.config;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jwt.utils.Constants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/jwt/config/MpConfigProperties.class */
public class MpConfigProperties extends HashMap<String, String> {
    private static final TraceComponent tc = Tr.register(MpConfigProperties.class, (String) null, (String) null);
    private static final long serialVersionUID = 3205984119272840498L;
    public static final String ISSUER = "mp.jwt.verify.issuer";
    public static final String PUBLIC_KEY = "mp.jwt.verify.publickey";
    public static final String KEY_LOCATION = "mp.jwt.verify.publickey.location";
    public static final String PUBLIC_KEY_ALG = "mp.jwt.verify.publickey.algorithm";
    public static final String DECRYPT_KEY_LOCATION = "mp.jwt.decrypt.key.location";
    public static final String VERIFY_AUDIENCES = "mp.jwt.verify.audiences";
    public static final String TOKEN_HEADER = "mp.jwt.token.header";
    public static final String TOKEN_COOKIE = "mp.jwt.token.cookie";

    public MpConfigProperties() {
    }

    public MpConfigProperties(MpConfigProperties mpConfigProperties) {
        super(mpConfigProperties);
    }

    @Trivial
    public static Set<String> getSensitivePropertyNames() {
        HashSet hashSet = new HashSet();
        hashSet.add(DECRYPT_KEY_LOCATION);
        return hashSet;
    }

    @Trivial
    public static boolean isSensitivePropertyName(String str) {
        return getSensitivePropertyNames().contains(str);
    }

    public String getConfiguredSignatureAlgorithm(JwtConsumerConfig jwtConsumerConfig) {
        String signatureAlgorithm = jwtConsumerConfig.getSignatureAlgorithm();
        return signatureAlgorithm != null ? signatureAlgorithm : getSignatureAlgorithmFromMpConfigProps();
    }

    String getSignatureAlgorithmFromMpConfigProps() {
        String str = get(PUBLIC_KEY_ALG);
        if (str == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Didn't find mp.jwt.verify.publickey.algorithm property in MP Config props; defaulting to " + Constants.SIGNATURE_ALG_RS256, new Object[0]);
            }
            return Constants.SIGNATURE_ALG_RS256;
        }
        if (isSupportedSignatureAlgorithm(str)) {
            return str;
        }
        Tr.warning(tc, "MP_CONFIG_PUBLIC_KEY_ALG_NOT_SUPPORTED", new Object[]{str, Constants.SIGNATURE_ALG_RS256, getSupportedSignatureAlgorithms()});
        return Constants.SIGNATURE_ALG_RS256;
    }

    private boolean isSupportedSignatureAlgorithm(String str) {
        if (str == null) {
            return false;
        }
        return getSupportedSignatureAlgorithms().contains(str);
    }

    private List<String> getSupportedSignatureAlgorithms() {
        return Arrays.asList(Constants.SIGNATURE_ALG_RS256, Constants.SIGNATURE_ALG_RS384, Constants.SIGNATURE_ALG_RS512, Constants.SIGNATURE_ALG_HS256, Constants.SIGNATURE_ALG_HS384, Constants.SIGNATURE_ALG_HS512, Constants.SIGNATURE_ALG_ES256, Constants.SIGNATURE_ALG_ES384, Constants.SIGNATURE_ALG_ES512);
    }

    public List<String> getConfiguredAudiences(JwtConsumerConfig jwtConsumerConfig) {
        List<String> audiences = jwtConsumerConfig.getAudiences();
        return audiences != null ? audiences : getAudiencesFromMpConfigProps();
    }

    List<String> getAudiencesFromMpConfigProps() {
        String str = get(VERIFY_AUDIENCES);
        if (str == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Didn't find mp.jwt.verify.audiences property in MP Config props; defaulting to " + ((Object) null), new Object[0]);
            }
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            if (!str2.isEmpty()) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    @Override // java.util.AbstractMap
    public String toString() {
        String str = "{";
        Set<String> sensitivePropertyNames = getSensitivePropertyNames();
        Iterator<Map.Entry<String, String>> it = entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            String key = next.getKey();
            String str2 = str + key + "=";
            str = sensitivePropertyNames.contains(key) ? str2 + "****" : str2 + next.getValue();
            if (it.hasNext()) {
                str = str + ", ";
            }
        }
        return str + "}";
    }
}
