package com.ibm.ws.security.oauth20.web;

import com.ibm.oauth.core.internal.OAuthConstants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.webcontainer.security.CookieHelper;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/oauth20/web/OAuthClientTracker.class */
public class OAuthClientTracker {
    public static final String TRACK_OAUTH_CLIENT_COOKIE_NAME = "WasOAuthTrackClients";
    public static final String POST_LOGOUT_QUERY_PARAMETER_NAME = "clients_interacted_with";
    private final String clientIdDelimiter = ",";
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private final OAuth20Provider provider;
    static final long serialVersionUID = -6067776399465575560L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.oauth20.web.OAuthClientTracker", OAuthClientTracker.class, "OAUTH", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");

    public OAuthClientTracker(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth20Provider oAuth20Provider) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.provider = oAuth20Provider;
    }

    public Cookie trackOAuthClient(String str) {
        ReferrerURLCookieHandler referrerURLCookieHandler = getReferrerURLCookieHandler();
        Cookie cookie = CookieHelper.getCookie(this.request.getCookies(), getCookieName());
        Cookie createNewClientTrackingCookie = cookie == null ? createNewClientTrackingCookie(referrerURLCookieHandler, str) : updateExistingTrackingCookie(cookie, str, referrerURLCookieHandler);
        this.response.addCookie(createNewClientTrackingCookie);
        return createNewClientTrackingCookie;
    }

    public String updateLogoutUrlAndDeleteCookie(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        Cookie cookie = CookieHelper.getCookie(this.request.getCookies(), getCookieName());
        if (cookie == null) {
            return str;
        }
        String updatedLogoutUrl = getUpdatedLogoutUrl(str, cookie);
        invalidateCookie();
        return updatedLogoutUrl;
    }

    ReferrerURLCookieHandler getReferrerURLCookieHandler() {
        return WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig().createReferrerURLCookieHandler();
    }

    Cookie createNewClientTrackingCookie(ReferrerURLCookieHandler referrerURLCookieHandler, String str) {
        return createCookie(referrerURLCookieHandler, encodeValue(encodeValue(str)));
    }

    Cookie createCookie(ReferrerURLCookieHandler referrerURLCookieHandler, String str) {
        Cookie createCookie = referrerURLCookieHandler.createCookie(getCookieName(), str, this.request);
        setAdditionalCookieProperties(createCookie);
        return createCookie;
    }

    Cookie updateExistingTrackingCookie(Cookie cookie, String str, ReferrerURLCookieHandler referrerURLCookieHandler) {
        String value = cookie.getValue();
        return (value == null || value.isEmpty()) ? createNewClientTrackingCookie(referrerURLCookieHandler, str) : updateExistingCookieValue(value, str, referrerURLCookieHandler);
    }

    Cookie updateExistingCookieValue(String str, String str2, ReferrerURLCookieHandler referrerURLCookieHandler) {
        List<String> existingTrackedClientIds = getExistingTrackedClientIds(str);
        if (!existingTrackedClientIds.contains(str2)) {
            existingTrackedClientIds.add(str2);
        }
        return createCookie(referrerURLCookieHandler, createCookieValue(existingTrackedClientIds));
    }

    List<String> getExistingTrackedClientIds(String str) {
        ArrayList arrayList = new ArrayList();
        String decodeValue = decodeValue(str);
        if (decodeValue == null) {
            return arrayList;
        }
        for (String str2 : decodeValue.split(",")) {
            String decodeValue2 = decodeValue(str2);
            if (decodeValue2 != null && !arrayList.contains(decodeValue2)) {
                arrayList.add(decodeValue2);
            }
        }
        return arrayList;
    }

    String createCookieValue(List<String> list) {
        String str = "";
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            str = str + encodeValue(it.next()) + ",";
        }
        if (str.endsWith(",")) {
            str = str.substring(0, str.length() - ",".length());
        }
        return encodeValue(str);
    }

    void setAdditionalCookieProperties(Cookie cookie) {
        cookie.setPath(getCookiePath());
        cookie.setSecure(true);
    }

    String getCookiePath() {
        String requestURI = this.request.getRequestURI();
        int indexOf = requestURI.indexOf("/", 1);
        return indexOf < 0 ? requestURI : requestURI.substring(0, indexOf);
    }

    String getUpdatedLogoutUrl(String str, Cookie cookie) {
        String value = cookie.getValue();
        return (value == null || value.isEmpty()) ? str : addTrackedClientIdsToUrl(str, getExistingTrackedClientIds(value));
    }

    String addTrackedClientIdsToUrl(String str, List<String> list) {
        if (list == null || list.isEmpty()) {
            return str;
        }
        String str2 = (str.contains("?") ? str + "&" : str + "?") + "clients_interacted_with=";
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                str2 = str2 + URLEncoder.encode(encodeValue(it.next()), OAuthConstants.UTF8) + ",";
            } catch (UnsupportedEncodingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.OAuthClientTracker", "165", this, new Object[]{str, list});
            }
        }
        if (str2.endsWith(",")) {
            str2 = str2.substring(0, str2.length() - 1);
        }
        return str2;
    }

    void invalidateCookie() {
        Cookie createCookie = createCookie(getReferrerURLCookieHandler(), "");
        createCookie.setMaxAge(0);
        this.response.addCookie(createCookie);
    }

    String encodeValue(String str) {
        return Base64Coder.base64Encode(str);
    }

    String decodeValue(String str) {
        return Base64Coder.base64Decode(str);
    }

    private String getCookieName() {
        return "WasOAuthTrackClients_" + this.provider.getID().hashCode();
    }
}
