package io.openliberty.security.oauth20.web;

import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.ProvidersService;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.web.OAuth20Request;
import io.openliberty.security.common.http.SupportedHttpMethodHandler;
import io.openliberty.security.oauth20.internal.config.OAuthEndpointSettings;
import io.openliberty.security.oauth20.internal.config.SpecificOAuthEndpointSettings;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:io/openliberty/security/oauth20/web/OAuthSupportedHttpMethodHandler.class */
public class OAuthSupportedHttpMethodHandler extends SupportedHttpMethodHandler {
    private static TraceComponent tc = Tr.register(OAuthSupportedHttpMethodHandler.class, "OAUTH", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    protected OAuth20Request oauth20Request;
    protected String oauth20ProviderName;
    protected OAuth20Provider oauthProvider;
    static final long serialVersionUID = 607599999667979948L;

    public OAuthSupportedHttpMethodHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(httpServletRequest, httpServletResponse);
        this.oauth20Request = null;
        this.oauth20ProviderName = null;
        this.oauthProvider = null;
        this.oauth20Request = getOAuth20RequestAttribute();
        if (this.oauth20Request != null) {
            this.oauth20ProviderName = this.oauth20Request.getProviderName();
            this.oauthProvider = getOAuth20Provider();
        }
    }

    public boolean isValidHttpMethodForRequest(SupportedHttpMethodHandler.HttpMethod httpMethod) {
        Set<SupportedHttpMethodHandler.HttpMethod> supportedMethodsForEndpoint;
        OAuth20Request.EndpointType endpointType = getEndpointType();
        return (endpointType == null || (supportedMethodsForEndpoint = getSupportedMethodsForEndpoint(endpointType)) == null || !supportedMethodsForEndpoint.contains(httpMethod)) ? false : true;
    }

    public void sendHttpOptionsResponse() throws IOException {
        OAuth20Request.EndpointType endpointType = getEndpointType();
        if (endpointType != null) {
            setAllowHeaderAndSendResponse(getSupportedMethodsForEndpoint(endpointType));
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Failed to find a known endpoint type from the inbound request", new Object[0]);
        }
        this.response.sendError(404);
    }

    protected OAuth20Request.EndpointType getEndpointType() {
        if (this.oauth20Request == null) {
            return null;
        }
        return this.oauth20Request.getType();
    }

    Set<SupportedHttpMethodHandler.HttpMethod> getSupportedMethodsForEndpoint(OAuth20Request.EndpointType endpointType) {
        Set<SupportedHttpMethodHandler.HttpMethod> defaultSupportedMethodsForEndpoint = getDefaultSupportedMethodsForEndpoint(endpointType);
        return (defaultSupportedMethodsForEndpoint == null || defaultSupportedMethodsForEndpoint.isEmpty()) ? defaultSupportedMethodsForEndpoint : getAdjustedSupportedMethodsForEndpoint(defaultSupportedMethodsForEndpoint, getConfiguredSupportedMethodsForEndpoint(endpointType));
    }

    protected Set<SupportedHttpMethodHandler.HttpMethod> getDefaultSupportedMethodsForEndpoint(OAuth20Request.EndpointType endpointType) {
        HashSet hashSet = new HashSet();
        hashSet.add(SupportedHttpMethodHandler.HttpMethod.OPTIONS);
        if (endpointType == OAuth20Request.EndpointType.authorize) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
        } else if (endpointType == OAuth20Request.EndpointType.introspect) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
        } else if (endpointType == OAuth20Request.EndpointType.revoke) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
        } else if (endpointType == OAuth20Request.EndpointType.token) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
        } else if (endpointType == OAuth20Request.EndpointType.coverage_map) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
        } else if (endpointType == OAuth20Request.EndpointType.registration) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.DELETE);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.PUT);
        } else if (endpointType == OAuth20Request.EndpointType.logout) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.DELETE);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.PUT);
        } else if (endpointType == OAuth20Request.EndpointType.app_password) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.DELETE);
        } else if (endpointType == OAuth20Request.EndpointType.app_token) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.POST);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.DELETE);
        } else if (endpointType == OAuth20Request.EndpointType.clientManagement) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
        } else if (endpointType == OAuth20Request.EndpointType.personalTokenManagement) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
        } else if (endpointType == OAuth20Request.EndpointType.usersTokenManagement) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
        } else {
            if (endpointType != OAuth20Request.EndpointType.clientMetatype) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Received a request for an unknown OAuth endpoint: [" + endpointType + "]", new Object[0]);
                return null;
            }
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.GET);
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.HEAD);
        }
        return hashSet;
    }

    protected Set<SupportedHttpMethodHandler.HttpMethod> getConfiguredSupportedMethodsForEndpoint(OAuth20Request.EndpointType endpointType) {
        OAuthEndpointSettings configuredOAuthEndpointSettings = getConfiguredOAuthEndpointSettings();
        if (configuredOAuthEndpointSettings == null) {
            return null;
        }
        SpecificOAuthEndpointSettings specificOAuthEndpointSettings = configuredOAuthEndpointSettings.getSpecificOAuthEndpointSettings(endpointType);
        if (specificOAuthEndpointSettings != null) {
            return specificOAuthEndpointSettings.getSupportedHttpMethods();
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Did not find any specific OAuth endpoint settings for endpoint [" + endpointType + "]", new Object[0]);
        return null;
    }

    OAuthEndpointSettings getConfiguredOAuthEndpointSettings() {
        if (this.oauthProvider == null) {
            return null;
        }
        return this.oauthProvider.getOAuthEndpointSettings();
    }

    protected OAuth20Provider getOAuth20Provider() {
        if (this.oauth20ProviderName == null) {
            return null;
        }
        OAuth20Provider oAuth20Provider = ProvidersService.getOAuth20Provider(this.oauth20ProviderName);
        if (oAuth20Provider == null && tc.isDebugEnabled()) {
            Tr.debug(tc, "Did not find an OAuth provider matching the name [{0}]", new Object[]{this.oauth20ProviderName});
        }
        return oAuth20Provider;
    }

    Set<SupportedHttpMethodHandler.HttpMethod> getAdjustedSupportedMethodsForEndpoint(Set<SupportedHttpMethodHandler.HttpMethod> set, Set<SupportedHttpMethodHandler.HttpMethod> set2) {
        if (set == null || set.isEmpty()) {
            return set;
        }
        HashSet hashSet = new HashSet(set);
        if (set2 != null) {
            hashSet.retainAll(set2);
        }
        if (!hashSet.contains(SupportedHttpMethodHandler.HttpMethod.OPTIONS)) {
            hashSet.add(SupportedHttpMethodHandler.HttpMethod.OPTIONS);
        }
        return hashSet;
    }

    OAuth20Request getOAuth20RequestAttribute() {
        OAuth20Request oAuth20Request = (OAuth20Request) this.request.getAttribute(OAuth20Constants.OAUTH_REQUEST_OBJECT_ATTR_NAME);
        if (oAuth20Request == null && tc.isDebugEnabled()) {
            Tr.debug(tc, "Failed to find OAuth20Request information from the inbound request", new Object[0]);
        }
        return oAuth20Request;
    }
}
