package com.ibm.ws.security.openidconnect.common;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.config.CommonConfigUtils;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.FilterUtils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/openidconnect/common/ConfigUtils.class */
public class ConfigUtils {
    private final AtomicServiceReference<ConfigurationAdmin> configAdminRef;
    private final CommonConfigUtils commonConfigUtils = new CommonConfigUtils();
    public static final String CFG_KEY_SCOPE_TO_CLAIM_MAP = "scopeToClaimMap";
    public static final String CFG_KEY_CLAIM_TO_UR_MAP = "claimToUserRegistryMap";
    public static final String CFG_KEY_DISCOVERY = "discovery";
    public static final String CFG_VALUES_DELIMITER = ",";
    private static boolean defaultDiscoveryClaimsParmSupp;
    private static boolean defaultDiscoveryRequestParmSupp;
    private static boolean defaultDiscoveryRequestUriParmSupp;
    private static boolean defaultDiscoveryRequireRequestUriRegistrationSupp;
    public static final String KEY_OIDC_ISSUER_ID = "issuerIdentifier";
    public static final String KEY_OIDC_AUTHORIZATION_EP = "authorizationEndpoint";
    public static final String KEY_OIDC_TOKEN_EP = "tokenEndpoint";
    public static final String KEY_OIDC_JWKS_URI = "jwksURI";
    public static final String KEY_OIDC_RESPONSE_TYPES_SUPP = "responseTypesSupported";
    public static final String KEY_OIDC_SUB_TYPES_SUPP = "subjectTypesSupported";
    public static final String KEY_OIDC_ID_TOKEN_SIGNING_ALG_VAL_SUPP = "idTokenSigningAlgValuesSupported";
    public static final String KEY_OIDC_USERINFO_EP = "userinfoEndpoint";
    public static final String KEY_OIDC_REGISTRATION_EP = "registrationEndpoint";
    public static final String KEY_OIDC_SCOPES_SUPP = "scopesSupported";
    public static final String KEY_OIDC_CLAIMS_SUPP = "claimsSupported";
    public static final String KEY_OIDC_RESP_MODES_SUPP = "responseModesSupported";
    public static final String KEY_OIDC_GRANT_TYPES_SUPP = "grantTypesSupported";
    public static final String KEY_OIDC_TOKEN_EP_AUTH_METHODS_SUPP = "tokenEndpointAuthMethodsSupported";
    public static final String KEY_OIDC_DISPLAY_VAL_SUPP = "displayValuesSupported";
    public static final String KEY_OIDC_CLAIM_TYPES_SUPP = "claimTypesSupported";
    public static final String KEY_OIDC_CLAIM_PARAM_SUPP = "claimsParameterSupported";
    public static final String KEY_OIDC_REQ_PARAM_SUPP = "requestParameterSupported";
    public static final String KEY_OIDC_REQ_URI_PARAM_SUPP = "requestUriParameterSupported";
    public static final String KEY_OIDC_REQUIRE_REQ_URI_REGISTRATION = "requireRequestUriRegistration";
    public static final String KEY_OIDC_CHECK_SESSION_IFRAME = "checkSessionIframe";
    public static final String KEY_OIDC_END_SESSION_EP = "endSessionEndpoint";
    public static final String KEY_OIDC_INTROSPECTION_EP = "introspectionEndpoint";
    public static final String KEY_OIDC_COVERAGE_MAP_EP = "coverageMapEndpoint";
    public static final String KEY_OIDC_PROXY_EP = "proxyEndpoint";
    public static final String KEY_OIDC_BACKING_IDP_URI_PREFIX = "backingIdpUriPrefix";
    static final long serialVersionUID = -6356576369757781590L;
    private static final TraceComponent tc = Tr.register(ConfigUtils.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private static HashMap<String, String[]> defaultDiscoveryProperties = new HashMap<>();
    private static HashMap<String, String[]> specScopesToClaims = new HashMap<>();
    private static final HashSet<String> specDefinedScopes = new HashSet<>(Arrays.asList("profile", "email", "address", "phone"));
    private static HashMap<String, String> defaultClaimsToVMMProperties = new HashMap<>();
    private static final HashSet<String> supportedSpecDefinedClaims = new HashSet<>(Arrays.asList("name", "given_name", "picture", "email", "address", "phone_number"));

    private static void setDefaultDiscoveryProperties() {
        defaultDiscoveryProperties.put(KEY_OIDC_RESPONSE_TYPES_SUPP, new String[]{"code", "token", "id_token token"});
        defaultDiscoveryProperties.put(KEY_OIDC_SUB_TYPES_SUPP, new String[]{"public"});
        defaultDiscoveryProperties.put(KEY_OIDC_ID_TOKEN_SIGNING_ALG_VAL_SUPP, new String[]{Constants.SIG_ALG_HS256});
        defaultDiscoveryProperties.put(KEY_OIDC_SCOPES_SUPP, new String[]{"openid", "general", "profile", "email", "address", "phone"});
        defaultDiscoveryProperties.put(KEY_OIDC_CLAIMS_SUPP, new String[]{"sub", "groupIds", "name", "preferred_username", "picture", "locale", "email", "profile"});
        defaultDiscoveryProperties.put(KEY_OIDC_RESP_MODES_SUPP, new String[]{"query", "fragment", "form_post"});
        defaultDiscoveryProperties.put(KEY_OIDC_GRANT_TYPES_SUPP, new String[]{"authorization_code", Constants.IMPLICIT, Constants.REFRESH_TOKEN, "client_credentials", "password", "urn:ietf:params:oauth:grant-type:jwt-bearer"});
        defaultDiscoveryProperties.put(KEY_OIDC_TOKEN_EP_AUTH_METHODS_SUPP, new String[]{"client_secret_post", "client_secret_basic"});
        defaultDiscoveryProperties.put(KEY_OIDC_DISPLAY_VAL_SUPP, new String[]{"page"});
        defaultDiscoveryProperties.put(KEY_OIDC_CLAIM_TYPES_SUPP, new String[]{"normal"});
        defaultDiscoveryClaimsParmSupp = false;
        defaultDiscoveryRequestParmSupp = false;
        defaultDiscoveryRequestUriParmSupp = false;
        defaultDiscoveryRequireRequestUriRegistrationSupp = false;
    }

    public ConfigUtils(AtomicServiceReference<ConfigurationAdmin> atomicServiceReference) {
        this.configAdminRef = atomicServiceReference;
    }

    public Properties processDiscoveryProps(Map<String, Object> map, String str) {
        if (map.get(str) != null && !((String) map.get(str)).isEmpty()) {
            return processProps(map, str);
        }
        Properties properties = new Properties();
        for (String str2 : defaultDiscoveryProperties.keySet()) {
            properties.put(str2, defaultDiscoveryProperties.get(str2));
        }
        properties.put(KEY_OIDC_CLAIM_PARAM_SUPP, Boolean.valueOf(defaultDiscoveryClaimsParmSupp));
        properties.put(KEY_OIDC_REQ_PARAM_SUPP, Boolean.valueOf(defaultDiscoveryRequestParmSupp));
        properties.put(KEY_OIDC_REQ_URI_PARAM_SUPP, Boolean.valueOf(defaultDiscoveryRequestUriParmSupp));
        properties.put(KEY_OIDC_REQUIRE_REQ_URI_REGISTRATION, Boolean.valueOf(defaultDiscoveryRequireRequestUriRegistrationSupp));
        return properties;
    }

    public Properties processProps(Map<String, Object> map, String str) {
        Properties properties = new Properties();
        String str2 = (String) map.get(str);
        if (str2 != null) {
            ConfigurationAdmin configurationAdmin = (ConfigurationAdmin) this.configAdminRef.getServiceWithException();
            Configuration configuration = null;
            try {
                Configuration[] listConfigurations = configurationAdmin.listConfigurations(FilterUtils.createPropertyFilter("service.pid", str2));
                if (listConfigurations != null && listConfigurations.length > 0) {
                    configuration = configurationAdmin.getConfiguration(str2, this.configAdminRef.getReference().getBundle().getLocation());
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.common.ConfigUtils", "206", this, new Object[]{map, str});
            }
            if (configuration != null) {
                Dictionary properties2 = configuration.getProperties();
                Enumeration keys = properties2.keys();
                while (keys.hasMoreElements()) {
                    String str3 = (String) keys.nextElement();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "found key: " + str3, new Object[0]);
                    }
                    if (!str3.startsWith(".") && !str3.startsWith("config.") && !str3.startsWith("service.") && !str3.equals("id")) {
                        Object obj = properties2.get(str3);
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "key: " + str3 + " value: " + obj, new Object[0]);
                        }
                        properties.put(str3, getValue(obj));
                    }
                }
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "pid null", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, str + ": " + properties.toString(), new Object[0]);
        }
        return properties;
    }

    public Properties processFlatProps(Map<String, Object> map, String str) {
        Map<String, Object> map2;
        Properties properties = new Properties();
        List<Map<String, Object>> nest = Nester.nest(str, map);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "listOfPropMaps: " + nest, new Object[0]);
        }
        if (!nest.isEmpty() && (map2 = nest.get(0)) != null) {
            getConfigProperties(map2, properties, str);
            List<Map<String, Object>> nest2 = Nester.nest("property", map2);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "subelement listOfPropMaps: " + nest2, new Object[0]);
            }
            if (!nest2.isEmpty()) {
                Map<String, Object> hashMap = new HashMap<>();
                for (Map<String, Object> map3 : nest2) {
                    hashMap.put((String) map3.get("name"), (String) map3.get("value"));
                }
                getConfigProperties(hashMap, properties, str);
            }
        }
        if (str.equals(CFG_KEY_SCOPE_TO_CLAIM_MAP)) {
            Iterator<String> it = specDefinedScopes.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (!properties.containsKey(next)) {
                    properties.put(next, specScopesToClaims.get(next));
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "adding default claims for scope " + next + " : " + Arrays.toString(specScopesToClaims.get(next)), new Object[0]);
                    }
                }
            }
        } else if (str.equals(CFG_KEY_CLAIM_TO_UR_MAP)) {
            Iterator<String> it2 = supportedSpecDefinedClaims.iterator();
            while (it2.hasNext()) {
                String next2 = it2.next();
                if (!properties.containsKey(next2)) {
                    properties.put(next2, defaultClaimsToVMMProperties.get(next2));
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "adding default vmm property for claim " + next2 + " : " + defaultClaimsToVMMProperties.get(next2), new Object[0]);
                    }
                }
            }
        }
        return properties;
    }

    private void getConfigProperties(Map<String, Object> map, Properties properties, String str) {
        Object value;
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "found key: " + key, new Object[0]);
            }
            if (!key.startsWith(".") && !key.startsWith("config.") && !key.startsWith("service.") && !key.startsWith("property.") && !key.equals("id")) {
                Object value2 = entry.getValue();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "key: " + key + " value: " + value2, new Object[0]);
                }
                if (str.equals(CFG_KEY_SCOPE_TO_CLAIM_MAP)) {
                    String[] split = ((String) value2).split(CFG_VALUES_DELIMITER);
                    for (int i = 0; i < split.length; i++) {
                        split[i] = split[i].trim();
                    }
                    value = split;
                } else {
                    value = getValue(value2);
                }
                properties.put(key, value);
            }
        }
    }

    private Object getValue(Object obj) {
        if (obj != null) {
            if (obj instanceof String) {
                return ((String) obj).trim();
            }
            if (obj instanceof String[]) {
                return obj;
            }
            if (obj instanceof Boolean) {
                return obj;
            }
            if (obj instanceof Long) {
                return obj;
            }
        }
        return obj;
    }

    public List<String> readAndSanitizeForwardLoginParameter(Map<String, Object> map, String str, String str2) {
        String[] stringArrayConfigAttribute = this.commonConfigUtils.getStringArrayConfigAttribute(map, str2);
        return stringArrayConfigAttribute == null ? new ArrayList() : removeDisallowedForwardAuthzParametersFromConfiguredList(new ArrayList(Arrays.asList(stringArrayConfigAttribute)), str, str2);
    }

    List<String> removeDisallowedForwardAuthzParametersFromConfiguredList(List<String> list, String str, String str2) {
        if (list == null) {
            return new ArrayList();
        }
        HashSet hashSet = new HashSet(list);
        hashSet.retainAll(getDisallowedForwardAuthzParameterNames());
        if (!hashSet.isEmpty()) {
            Tr.warning(tc, "DISALLOWED_FORWARD_AUTHZ_PARAMS_CONFIGURED", new Object[]{str, hashSet, str2});
            list.removeAll(hashSet);
        }
        return list;
    }

    Set<String> getDisallowedForwardAuthzParameterNames() {
        HashSet hashSet = new HashSet();
        hashSet.add(Constants.REDIRECT_URI);
        hashSet.add(Constants.CLIENT_ID);
        hashSet.add(Constants.RESPONSE_TYPE);
        hashSet.add(Constants.NONCE);
        hashSet.add(Constants.STATE);
        hashSet.add(Constants.SCOPE);
        return hashSet;
    }

    public void populateCustomRequestParameterMap(ConfigurationAdmin configurationAdmin, HashMap<String, String> hashMap, String[] strArr, String str, String str2) {
        if (strArr == null) {
            return;
        }
        for (String str3 : strArr) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Configured custom request param [" + str3 + "]", new Object[0]);
            }
            Configuration configurationFromConfigAdmin = getConfigurationFromConfigAdmin(configurationAdmin, str3);
            if (configurationFromConfigAdmin != null) {
                addCustomRequestParameterValueToMap(configurationFromConfigAdmin, hashMap, str, str2);
            }
        }
    }

    Configuration getConfigurationFromConfigAdmin(ConfigurationAdmin configurationAdmin, String str) {
        Configuration configuration = null;
        try {
            configuration = configurationAdmin.getConfiguration(str, "");
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.common.ConfigUtils", "427", this, new Object[]{configurationAdmin, str});
        }
        return configuration;
    }

    @FFDCIgnore({ClassCastException.class})
    void addCustomRequestParameterValueToMap(Configuration configuration, HashMap<String, String> hashMap, String str, String str2) {
        Dictionary properties = configuration.getProperties();
        if (properties == null || str == null || str2 == null) {
            return;
        }
        String str3 = null;
        String str4 = null;
        try {
            str3 = (String) properties.get(str);
            str4 = (String) properties.get(str2);
        } catch (ClassCastException e) {
        }
        if (str3 == null || str4 == null) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding parameter name [" + str3 + "] and value [" + str4 + "] to map", new Object[0]);
        }
        if (hashMap == null) {
            hashMap = new HashMap<>();
        }
        hashMap.put(str3, str4);
    }

    static {
        specScopesToClaims.put("profile", new String[]{"name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at"});
        specScopesToClaims.put("email", new String[]{"email", "email_verified"});
        specScopesToClaims.put("address", new String[]{"address"});
        specScopesToClaims.put("phone", new String[]{"phone_number", "phone_number_verified"});
        defaultClaimsToVMMProperties.put("name", "displayName");
        defaultClaimsToVMMProperties.put("given_name", "givenName");
        defaultClaimsToVMMProperties.put("picture", "photoURL");
        defaultClaimsToVMMProperties.put("email", "mail");
        defaultClaimsToVMMProperties.put("address", "postalAddress");
        defaultClaimsToVMMProperties.put("phone_number", "telephoneNumber");
        setDefaultDiscoveryProperties();
    }
}
