package com.ibm.ws.security.oauth20.plugins.custom;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.oauth.core.util.JSONUtil;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.oauth20.store.OAuthStore;
import com.ibm.websphere.security.oauth20.store.OAuthStoreException;
import com.ibm.websphere.security.oauth20.store.OAuthToken;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache;
import com.ibm.ws.security.oauth20.plugins.OAuth20TokenImpl;
import com.ibm.ws.security.oauth20.util.CacheUtil;
import com.ibm.ws.security.oauth20.util.MessageDigestUtil;
import com.ibm.ws.security.oauth20.web.EndpointUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/oauth20/plugins/custom/OauthTokenStore.class */
public class OauthTokenStore implements OAuth20EnhancedTokenCache {
    private static TraceComponent tc = Tr.register(OauthTokenStore.class, "OAUTH", "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages");
    private final String componentId;
    private final OAuthStore oauthStore;
    private Timer timer;
    private long cleanupIntervalInMilliseconds;
    private String accessTokenEncoding;
    int accessTokenLength;
    static final long serialVersionUID = -2008003845962852648L;

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/ws/security/oauth20/plugins/custom/OauthTokenStore$CleanupTask.class */
    public class CleanupTask extends TimerTask {
        static final long serialVersionUID = -3461699394986553976L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore$CleanupTask", CleanupTask.class, (String) null, (String) null);

        private CleanupTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                OauthTokenStore.this.oauthStore.deleteTokens(OauthTokenStore.this.componentId, new Date().getTime());
            } catch (OAuthStoreException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore$CleanupTask", "417", this, new Object[0]);
                if (TraceComponent.isAnyTracingEnabled() && OauthTokenStore.tc.isErrorEnabled()) {
                    Tr.error(OauthTokenStore.tc, "ERROR_PERFORMING_OAUTH_STORE_DELETE_TOKENS", new Object[]{e.getLocalizedMessage()});
                }
            }
        }
    }

    public OauthTokenStore(String str, OAuthStore oAuthStore, long j) {
        this.cleanupIntervalInMilliseconds = 0L;
        this.accessTokenEncoding = "plain";
        this.componentId = str;
        this.oauthStore = oAuthStore;
        this.cleanupIntervalInMilliseconds = j;
    }

    public OauthTokenStore(String str, OAuthStore oAuthStore, long j, String str2, int i) {
        this.cleanupIntervalInMilliseconds = 0L;
        this.accessTokenEncoding = "plain";
        this.componentId = str;
        this.oauthStore = oAuthStore;
        this.cleanupIntervalInMilliseconds = j;
        this.accessTokenEncoding = str2;
        this.accessTokenLength = i;
    }

    @Override // com.ibm.oauth.core.api.oauth20.token.OAuth20TokenCache
    public void init(OAuthComponentConfiguration oAuthComponentConfiguration) {
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public void initialize() {
        scheduleCleanupTask();
    }

    private void scheduleCleanupTask() {
        if (this.cleanupIntervalInMilliseconds > 0) {
            CleanupTask cleanupTask = new CleanupTask();
            this.timer = new Timer(true);
            long j = this.cleanupIntervalInMilliseconds;
            this.timer.schedule(cleanupTask, j, j);
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.token.OAuth20TokenCache
    public void add(@Sensitive String str, OAuth20Token oAuth20Token, int i) {
        String digest;
        boolean z = false;
        CacheUtil cacheUtil = new CacheUtil();
        if (cacheUtil.shouldHash(oAuth20Token, this.accessTokenEncoding)) {
            z = true;
            digest = cacheUtil.computeHash(str, this.accessTokenEncoding);
        } else {
            digest = MessageDigestUtil.getDigest(str);
        }
        try {
            this.oauthStore.create(getOauthToken(digest, oAuth20Token, false, z));
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "121", this, new Object[]{"<sensitive java.lang.String>", oAuth20Token, Integer.valueOf(i)});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_CREATE_TOKEN", new Object[]{digest, e.getLocalizedMessage()});
            }
        }
    }

    private OAuthToken getOauthToken(String str, OAuth20Token oAuth20Token, boolean z, boolean z2) {
        String accessTokenKey;
        String id = oAuth20Token.getId();
        String componentId = oAuth20Token.getComponentId();
        String type = oAuth20Token.getType();
        String subType = oAuth20Token.getSubType();
        long createdAt = oAuth20Token.getCreatedAt();
        int lifetimeSeconds = oAuth20Token.getLifetimeSeconds();
        String tokenString = oAuth20Token.getTokenString();
        CacheUtil cacheUtil = new CacheUtil();
        if (!z) {
            if (z2) {
                id = cacheUtil.computeHash(id, this.accessTokenEncoding);
                tokenString = cacheUtil.computeHash(tokenString, this.accessTokenEncoding);
            } else {
                tokenString = PasswordUtil.passwordEncode(tokenString);
            }
        }
        String clientId = oAuth20Token.getClientId();
        String username = oAuth20Token.getUsername();
        long createdAt2 = oAuth20Token.getLifetimeSeconds() > 0 ? oAuth20Token.getCreatedAt() + (1000 * oAuth20Token.getLifetimeSeconds()) : 0L;
        StringBuffer stringBuffer = new StringBuffer();
        String[] scope = oAuth20Token.getScope();
        if (scope != null && scope.length > 0) {
            for (int i = 0; i < scope.length; i++) {
                stringBuffer.append(scope[i].trim());
                if (i < scope.length - 1) {
                    stringBuffer.append(" ");
                }
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        String redirectUri = oAuth20Token.getRedirectUri();
        String stateId = oAuth20Token.getStateId();
        JsonObject jsonObject = JSONUtil.getJsonObject(oAuth20Token.getExtensionProperties());
        if (jsonObject == null) {
            jsonObject = new JsonObject();
        }
        jsonObject.addProperty("grant_type", oAuth20Token.getGrantType());
        if ("access_token".equals(oAuth20Token.getType())) {
            String refreshTokenKey = ((OAuth20TokenImpl) oAuth20Token).getRefreshTokenKey();
            if (refreshTokenKey != null) {
                jsonObject.addProperty(OAuth20Constants.REFRESH_TOKEN_ID, refreshTokenKey);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Access Token is added to cache , refresh token id " + refreshTokenKey, new Object[0]);
                }
            }
        } else if ("id_token".equals(oAuth20Token.getType()) && (accessTokenKey = ((OAuth20TokenImpl) oAuth20Token).getAccessTokenKey()) != null) {
            jsonObject.addProperty(OAuth20Constants.ACCESS_TOKEN_ID, accessTokenKey);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ID Token is added to cache , access token id " + accessTokenKey, new Object[0]);
            }
        }
        return new OAuthToken(str, id, componentId, type, subType, createdAt, lifetimeSeconds, createdAt2, tokenString, clientId, username, stringBuffer2, redirectUri, stateId, jsonObject.toString());
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache, com.ibm.oauth.core.api.oauth20.token.OAuth20TokenCache
    public OAuth20Token get(@Sensitive String str) {
        String str2 = str;
        if (!PasswordUtil.isHashed(str2)) {
            str2 = (!"plain".equals(this.accessTokenEncoding) || str.length() == this.accessTokenLength + 2) ? "plain".equals(this.accessTokenEncoding) ? EndpointUtils.computeTokenHash(str) : EndpointUtils.computeTokenHash(str, this.accessTokenEncoding) : MessageDigestUtil.getDigest(str);
        }
        return getByHash(str2);
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public OAuth20Token getByHash(String str) {
        OAuth20Token oAuth20Token = null;
        try {
            OAuthToken readToken = this.oauthStore.readToken(this.componentId, str);
            if (readToken != null) {
                oAuth20Token = createToken(readToken);
            }
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "226", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_READ_TOKEN", new Object[]{str, e.getLocalizedMessage()});
            }
        }
        if (oAuth20Token != null) {
            oAuth20Token.setLastAccess();
        }
        return oAuth20Token;
    }

    private OAuth20Token createToken(OAuthToken oAuthToken) {
        OAuth20TokenImpl oAuth20TokenImpl = null;
        String uniqueId = oAuthToken.getUniqueId();
        String providerId = oAuthToken.getProviderId();
        String type = oAuthToken.getType();
        String subType = oAuthToken.getSubType();
        long createdAt = oAuthToken.getCreatedAt();
        int lifetimeInSeconds = oAuthToken.getLifetimeInSeconds();
        long expires = oAuthToken.getExpires();
        String tokenString = oAuthToken.getTokenString();
        String clientId = oAuthToken.getClientId();
        String username = oAuthToken.getUsername();
        String scope = oAuthToken.getScope();
        String[] strArr = null;
        if (scope != null) {
            strArr = scope.split(" ");
        }
        String redirectUri = oAuthToken.getRedirectUri();
        String stateId = oAuthToken.getStateId();
        JsonObject asJsonObject = new JsonParser().parse(oAuthToken.getTokenProperties()).getAsJsonObject();
        String str = null;
        String str2 = null;
        String str3 = null;
        if (asJsonObject != null) {
            str = asJsonObject.get("grant_type").getAsString();
            if ("access_token".equals(type)) {
                if (asJsonObject.get(OAuth20Constants.REFRESH_TOKEN_ID) != null) {
                    str2 = asJsonObject.get(OAuth20Constants.REFRESH_TOKEN_ID).getAsString();
                }
            } else if ("id_token".equals(type)) {
                if (asJsonObject.get(OAuth20Constants.ACCESS_TOKEN_ID) != null) {
                    str3 = asJsonObject.get(OAuth20Constants.ACCESS_TOKEN_ID).getAsString();
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Type is " + type + " but " + OAuth20Constants.ACCESS_TOKEN_ID + " from extended fields was null. " + asJsonObject, new Object[0]);
                }
            }
            asJsonObject.remove("grant_type");
            asJsonObject.remove(OAuth20Constants.REFRESH_TOKEN_ID);
            asJsonObject.remove(OAuth20Constants.ACCESS_TOKEN_ID);
        }
        boolean z = "app_password".equals(str) || "app_token".equals(str);
        if ((OAuth20Constants.TOKENTYPE_AUTHORIZATION_GRANT.equals(type) && "authorization_code".equals(subType)) || (!z && "plain".equals(this.accessTokenEncoding))) {
            tokenString = PasswordUtil.passwordDecode(tokenString);
        }
        Map<String, String[]> jsonObjectToStringsMap = JSONUtil.jsonObjectToStringsMap(asJsonObject);
        if (new Date().getTime() < expires) {
            oAuth20TokenImpl = new OAuth20TokenImpl(uniqueId, providerId, type, subType, createdAt, lifetimeInSeconds, tokenString, clientId, username, strArr, redirectUri, stateId, jsonObjectToStringsMap, str);
            if (str2 != null) {
                oAuth20TokenImpl.setRefreshTokenKey(str2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got the Access Token from cache, refresh token id = " + str2, new Object[0]);
                }
            } else if (str3 != null) {
                oAuth20TokenImpl.setAccessTokenKey(str3);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got the ID Token from cache, access token id = " + str3, new Object[0]);
                }
            }
        } else {
            try {
                throw new Exception("The OAuth20Token is expired already");
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "314", this, new Object[]{oAuthToken});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Internal error ceating token :" + e.getMessage(), new Object[]{e});
                }
            }
        }
        if (oAuth20TokenImpl != null) {
            oAuth20TokenImpl.setLastAccess();
        }
        return oAuth20TokenImpl;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public Collection<OAuth20Token> getAllUserTokens(String str) {
        try {
            return createTokens(this.oauthStore.readAllTokens(this.componentId, str));
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "331", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_READ_ALL_TOKENS", new Object[]{e.getLocalizedMessage()});
            }
            return Collections.emptyList();
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public Collection<OAuth20Token> getAll() {
        return Collections.emptyList();
    }

    private Collection<OAuth20Token> createTokens(Collection<OAuthToken> collection) {
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            Iterator<OAuthToken> it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(createToken(it.next()));
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public int getNumTokens(String str, String str2) {
        try {
            return this.oauthStore.countTokens(this.componentId, str, str2);
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "363", this, new Object[]{str, str2});
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isErrorEnabled()) {
                return 0;
            }
            Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_COUNT_TOKENS", new Object[]{e.getLocalizedMessage()});
            return 0;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache, com.ibm.oauth.core.api.oauth20.token.OAuth20TokenCache
    public void remove(@Sensitive String str) {
        String str2 = str;
        if (!PasswordUtil.isHashed(str2)) {
            str2 = (!"plain".equals(this.accessTokenEncoding) || str.length() == this.accessTokenLength + 2) ? "plain".equals(this.accessTokenEncoding) ? EndpointUtils.computeTokenHash(str) : EndpointUtils.computeTokenHash(str, this.accessTokenEncoding) : MessageDigestUtil.getDigest(str);
        }
        removeByHash(str2);
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public void removeByHash(String str) {
        try {
            this.oauthStore.deleteToken(this.componentId, str);
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "395", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_DELETE_TOKEN", new Object[]{str, e.getLocalizedMessage()});
            }
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public void stopCleanupThread() {
        if (this.timer != null) {
            this.timer.cancel();
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public void addByHash(@Sensitive String str, OAuth20Token oAuth20Token, int i) {
        try {
            this.oauthStore.create(getOauthToken(str, oAuth20Token, true, false));
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "433", this, new Object[]{"<sensitive java.lang.String>", oAuth20Token, Integer.valueOf(i)});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_CREATE_TOKEN", new Object[]{str, e.getLocalizedMessage()});
            }
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public Collection<OAuth20Token> getMatchingTokens(String str, String str2, String str3) {
        Collection<OAuth20Token> userAndClientTokens = getUserAndClientTokens(str, str2);
        return (userAndClientTokens == null || userAndClientTokens.isEmpty()) ? Collections.emptyList() : getTokensMatchingType(userAndClientTokens, str3);
    }

    private static Collection<OAuth20Token> getTokensMatchingClientId(Collection<OAuth20Token> collection, String str) {
        HashSet hashSet = new HashSet();
        for (OAuth20Token oAuth20Token : collection) {
            if (str.equals(oAuth20Token.getClientId())) {
                hashSet.add(oAuth20Token);
            }
        }
        return hashSet;
    }

    private static Collection<OAuth20Token> getTokensMatchingType(Collection<OAuth20Token> collection, String str) {
        HashSet hashSet = new HashSet();
        for (OAuth20Token oAuth20Token : collection) {
            if (oAuth20Token.getStateId().equals(str)) {
                hashSet.add(oAuth20Token);
            }
        }
        return hashSet;
    }

    @Override // com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache
    public Collection<OAuth20Token> getUserAndClientTokens(String str, String str2) {
        try {
            Collection<OAuth20Token> createTokens = createTokens(this.oauthStore.readAllTokens(this.componentId, str));
            if (createTokens != null && !createTokens.isEmpty()) {
                return getTokensMatchingClientId(createTokens, str2);
            }
        } catch (OAuthStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.custom.OauthTokenStore", "498", this, new Object[]{str, str2});
            if (TraceComponent.isAnyTracingEnabled() && tc.isErrorEnabled()) {
                Tr.error(tc, "ERROR_PERFORMING_OAUTH_STORE_READ_ALL_TOKENS", new Object[]{e.getLocalizedMessage()});
            }
        }
        return Collections.emptyList();
    }
}
