package com.ibm.ws.security.openidconnect.server.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import com.ibm.ws.webcontainer.security.oauth20.OAuth20Service;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServer;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServerConfig;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/openidconnect/server/internal/OidcServerImpl.class */
public class OidcServerImpl implements OidcServer {
    public static final String REGEX_COMPONENT_ID = "/([\\w-]+)/";
    public static final String REGEX_REGISTRATION = "registration(/\\S*)?";
    public static final String apwPattern = "app-passwords|app-passwords/.*";
    public static final String atokPattern = "app-tokens|app-tokens/.*";
    public static final String usersTokMgmtPattern = "usersTokenManagement|usersTokenManagement/.*";
    public static final String persTokMgmtPattern = "personalTokenManagement|personalTokenManagement/.*";
    public static final String clientMgmtPattern = "clientManagement|clientManagement/.*";
    public static final String CFG_KEY_ID = "id";
    public static final String CFG_KEY_OIDC_SERVER_CONFIG = "oidcServerConfig";
    private final ConcurrentServiceReferenceMap<String, OidcServerConfig> oidcServerConfigRef = new ConcurrentServiceReferenceMap<>("oidcServerConfig");
    private boolean bOidcUpdated = false;
    HashMap<String, OidcServerConfig> oidcMap = new HashMap<>();
    ConfigUtils configUtils = new ConfigUtils();
    protected static final String KEY_ID = "id";
    static final long serialVersionUID = 7211094829080578136L;
    private static TraceComponent tc = Tr.register(OidcServerImpl.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.server.internal.resources.OidcServerMessages");
    private static final Pattern PATH_RE = Pattern.compile("^/([\\w-]+)/(authorize|token|introspect|revoke|.well-known/openid-configuration|userinfo|registration(/\\S*)?|check_session_iframe|end_session|coverage_map|proxy|app-passwords|app-passwords/.*|app-tokens|app-tokens/.*|usersTokenManagement|usersTokenManagement/.*|personalTokenManagement|personalTokenManagement/.*|clientManagement|clientManagement/.*)$");
    protected static final String KEY_oauth20Provider = "oauth20Provider";
    protected static final ConcurrentServiceReferenceMap<String, OAuth20Provider> oauth20ProviderRef = new ConcurrentServiceReferenceMap<>(KEY_oauth20Provider);

    protected void setOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " setOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected void updatedOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " updateOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected void unsetOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.removeReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " unsetOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected void setOidcServerConfig(ServiceReference<OidcServerConfig> serviceReference) {
        synchronized (this.oidcServerConfigRef) {
            this.oidcServerConfigRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
            this.bOidcUpdated = true;
        }
    }

    protected void unsetOidcServerConfig(ServiceReference<OidcServerConfig> serviceReference) {
        synchronized (this.oidcServerConfigRef) {
            this.oidcServerConfigRef.removeReference((String) serviceReference.getProperty("id"), serviceReference);
            this.bOidcUpdated = true;
        }
    }

    protected synchronized void activate(ComponentContext componentContext) {
        synchronized (this.oidcServerConfigRef) {
            this.oidcServerConfigRef.activate(componentContext);
            this.bOidcUpdated = true;
        }
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.activate(componentContext);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "activate", new Object[0]);
        }
    }

    protected synchronized void modify(Map<String, Object> map) {
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        synchronized (this.oidcServerConfigRef) {
            this.oidcServerConfigRef.deactivate(componentContext);
            this.bOidcUpdated = true;
        }
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.deactivate(componentContext);
        }
    }

    public ProviderAuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AtomicServiceReference<OAuth20Service> atomicServiceReference) {
        return null;
    }

    public boolean isOIDCSpecificURI(HttpServletRequest httpServletRequest, boolean z) {
        Matcher endpointRequest;
        OidcServerConfig oidcServerConfig;
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "contextPath=" + contextPath + " uri=" + requestURI, new Object[0]);
            Tr.debug(tc, "check " + (z ? "Protected-Endpoints" : "All-endpoints"), new Object[0]);
        }
        if (contextPath != null && contextPath.equals("/oidc") && (endpointRequest = endpointRequest(httpServletRequest)) != null && (oidcServerConfig = getOidcServerConfig(getProviderNameFromUrl(endpointRequest))) != null) {
            if (z) {
                if (oidcServerConfig.getProtectedEndpointsPattern().matcher(requestURI).matches()) {
                    return true;
                }
            } else if (oidcServerConfig.getEndpointsPattern().matcher(requestURI).matches()) {
                return !oidcServerConfig.getNonEndpointsPattern().matcher(requestURI).matches();
            }
        }
        if (z) {
            return false;
        }
        synchronized (oauth20ProviderRef) {
            Iterator services = oauth20ProviderRef.getServices();
            while (services.hasNext()) {
                if (((OAuth20Provider) services.next()).isMiscUri(httpServletRequest)) {
                    return true;
                }
            }
            return false;
        }
    }

    private OidcServerConfig getOidcServerConfig(String str) {
        synchronized (this.oidcServerConfigRef) {
            if (this.bOidcUpdated) {
                this.oidcMap = this.configUtils.checkDuplicateOAuthProvider(this.oidcServerConfigRef);
                this.bOidcUpdated = false;
            }
        }
        return this.oidcMap.get(str);
    }

    protected String getProviderNameFromUrl(Matcher matcher) {
        return matcher.group(1);
    }

    private Matcher endpointRequest(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "path=" + pathInfo, new Object[0]);
        }
        if (pathInfo == null || pathInfo.isEmpty()) {
            return null;
        }
        Matcher matcher = PATH_RE.matcher(pathInfo);
        if (matcher.matches()) {
            return matcher;
        }
        return null;
    }

    public boolean allowDefaultSsoCookieName() {
        synchronized (this.oidcServerConfigRef) {
            if (this.bOidcUpdated) {
                this.oidcMap = this.configUtils.checkDuplicateOAuthProvider(this.oidcServerConfigRef);
                this.bOidcUpdated = false;
            }
        }
        boolean z = false;
        if (this.oidcMap.entrySet() != null) {
            Iterator<Map.Entry<String, OidcServerConfig>> it = this.oidcMap.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (!it.next().getValue().allowDefaultSsoCookieName()) {
                    z = false;
                    break;
                }
                z = true;
            }
        }
        return z;
    }
}
