package com.ibm.ws.security.social.web;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.openidconnect.clients.common.ConvergedClientConfig;
import com.ibm.ws.security.openidconnect.clients.common.RedirectionEntry;
import com.ibm.ws.security.openidconnect.clients.common.RedirectionProcessor;
import com.ibm.ws.security.social.Constants;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.ErrorHandlerImpl;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.OidcLoginConfigImpl;
import com.ibm.ws.security.social.internal.utils.ClientConstants;
import com.ibm.ws.security.social.internal.utils.SocialLoginRequest;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import com.ibm.ws.security.social.twitter.TwitterConstants;
import com.ibm.ws.security.social.twitter.TwitterTokenServices;
import com.ibm.ws.security.social.web.utils.ConfigInfoJsonBuilder;
import com.ibm.ws.security.social.web.utils.SocialWebUtils;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/web/EndpointServices.class */
public class EndpointServices {
    private static TraceComponent tc = Tr.register(EndpointServices.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    static ConcurrentServiceReferenceMap<String, SocialLoginConfig> socialLoginConfigRef = null;
    static AtomicServiceReference<SecurityService> securityServiceRef = null;
    SocialWebUtils webUtils = new SocialWebUtils();
    static final long serialVersionUID = 1643824506544530142L;

    public static void setActivatedSocialLoginConfigRef(ConcurrentServiceReferenceMap<String, SocialLoginConfig> concurrentServiceReferenceMap) {
        socialLoginConfigRef = concurrentServiceReferenceMap;
    }

    public static void setActivatedSecurityServiceRef(AtomicServiceReference<SecurityService> atomicServiceReference) {
        securityServiceRef = atomicServiceReference;
    }

    protected void activate(ComponentContext componentContext) {
        Tr.info(tc, "SOCIAL_LOGIN_ENDPOINT_SERVICE_ACTIVATED", new Object[0]);
    }

    protected void deactivate(ComponentContext componentContext) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleSocialLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SocialLoginException {
        SocialLoginRequest socialLoginRequest = (SocialLoginRequest) httpServletRequest.getAttribute(Constants.ATTRIBUTE_SOCIALMEDIA_REQUEST);
        if (socialLoginRequest == null) {
            throw new SocialLoginException("SOCIAL_LOGIN_INVALID_URL", null, new Object[]{httpServletRequest.getRequestURL().toString()});
        }
        handleSocialLoginRequest(httpServletRequest, httpServletResponse, socialLoginRequest);
    }

    void handleSocialLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginRequest socialLoginRequest) throws SocialLoginException {
        if (socialLoginRequest.isRedirect()) {
            try {
                SocialLoginConfig socialLoginConfig = socialLoginRequest.getSocialLoginConfig();
                if (socialLoginConfig == null) {
                    throw new SocialLoginException("REDIRECT_NO_MATCHING_CONFIG", null, new Object[]{httpServletRequest.getRequestURL().toString()});
                }
                if (socialLoginConfig.getClass().getName().contains(TwitterConstants.TWITTER_CONFIG_CLASS)) {
                    doTwitter(httpServletRequest, httpServletResponse, socialLoginConfig);
                } else {
                    doRedirect(httpServletRequest, httpServletResponse, socialLoginConfig);
                }
                return;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.web.EndpointServices", "108", this, new Object[]{httpServletRequest, httpServletResponse, socialLoginRequest});
                throw new SocialLoginException("ERROR_PROCESSING_REDIRECT", null, new Object[]{e});
            }
        }
        if (socialLoginRequest.isLogout()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "logout:" + socialLoginRequest.getRequestUrl(), new Object[0]);
            }
        } else if (socialLoginRequest.isWellknownConfig()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, ".well-known/config:" + socialLoginRequest.getRequestUrl(), new Object[0]);
            }
            handleSocialLoginAPIRequest(httpServletRequest, httpServletResponse);
        } else if (socialLoginRequest.isUnknown()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unknown URL:" + socialLoginRequest.getRequestUrl(), new Object[0]);
            }
            throw new SocialLoginException("SOCIAL_LOGIN_INVALID_URL", null, new Object[]{socialLoginRequest.getRequestUrl()});
        }
    }

    protected Map<String, Object> getParameterMap(SocialLoginConfig socialLoginConfig) {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.KEY_SOCIALLOGIN_SERVICE, socialLoginConfig);
        if (securityServiceRef != null) {
            hashMap.put(Constants.KEY_SECURITY_SERVICE, securityServiceRef.getService());
        }
        return hashMap;
    }

    @FFDCIgnore({SocialLoginException.class})
    protected void doTwitter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws IOException {
        Map<String, Object> accessToken = getTwitterTokenServices().getAccessToken(httpServletRequest, httpServletResponse, socialLoginConfig);
        if (accessToken == null) {
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        String str = (String) accessToken.get("access_token");
        String str2 = (String) accessToken.get(TwitterConstants.RESULT_ACCESS_TOKEN_SECRET);
        String stateCookieValue = getStateCookieValue(httpServletRequest, httpServletResponse);
        if (stateCookieValue == null || stateCookieValue.isEmpty()) {
            Tr.error(tc, "TWITTER_STATE_MISSING", new Object[]{socialLoginConfig.getUniqueId()});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        String requestUrlCookieValue = getRequestUrlCookieValue(httpServletRequest, httpServletResponse, stateCookieValue);
        if (requestUrlCookieValue == null || requestUrlCookieValue.isEmpty()) {
            Tr.error(tc, "TWITTER_ORIGINAL_REQUEST_URL_MISSING_OR_EMPTY", new Object[]{socialLoginConfig.getUniqueId()});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        try {
            SocialUtil.validateEndpointWithQuery(requestUrlCookieValue);
            cacheValueInCookie(httpServletRequest, httpServletResponse, TwitterConstants.COOKIE_NAME_ACCESS_TOKEN, str);
            cacheSensitiveValueInCookie(httpServletRequest, httpServletResponse, TwitterConstants.COOKIE_NAME_ACCESS_TOKEN_SECRET, str2);
            httpServletResponse.sendRedirect(requestUrlCookieValue);
        } catch (SocialLoginException e) {
            Tr.error(tc, "REQUEST_URL_NOT_VALID", new Object[]{requestUrlCookieValue, e.getMessage()});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
        }
    }

    @Trivial
    private String dumpMap(Map<String, String[]> map) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(" --- request parameters: ---\n");
        for (String str : map.keySet()) {
            String[] strArr = map.get(str);
            stringBuffer.append(str + ": ");
            for (String str2 : strArr) {
                stringBuffer.append("[" + str2 + "] ");
            }
            stringBuffer.append("\n");
        }
        return stringBuffer.toString();
    }

    protected void doRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, final SocialLoginConfig socialLoginConfig) throws IOException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, dumpMap(httpServletRequest.getParameterMap()), new Object[0]);
        }
        if (httpServletRequest.getParameter("error") != null) {
            Tr.error(tc, "REDIRECT_REQUEST_CONTAINED_ERROR", new Object[]{httpServletRequest.getParameter("error"), httpServletRequest.getParameter("error_description"), httpServletRequest.getParameter(ClientConstants.ERROR_URI)});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter(ClientConstants.STATE);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "state is " + parameter, new Object[0]);
        }
        if (socialLoginConfig instanceof OidcLoginConfigImpl) {
            new RedirectionProcessor(httpServletRequest, httpServletResponse, tc).processRedirection(new RedirectionEntry() { // from class: com.ibm.ws.security.social.web.EndpointServices.1
                static final long serialVersionUID = 3032711230049420361L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.social.web.EndpointServices$1", AnonymousClass1.class, (String) null, (String) null);

                public ConvergedClientConfig getConvergedClientConfig(HttpServletRequest httpServletRequest2, String str) {
                    return socialLoginConfig;
                }

                public void handleNoState(HttpServletRequest httpServletRequest2, HttpServletResponse httpServletResponse2) throws IOException {
                    EndpointServices.this.traceAndSetResponseForNoState(httpServletResponse2);
                }

                public void sendError(HttpServletRequest httpServletRequest2, HttpServletResponse httpServletResponse2) throws IOException {
                    throw new UnsupportedOperationException();
                }
            });
        } else {
            finishOAuthRedirect(httpServletRequest, httpServletResponse, socialLoginConfig);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void traceAndSetResponseForNoState(HttpServletResponse httpServletResponse) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "The state is null", new Object[0]);
        }
        Tr.error(tc, "STATE_NULL_OR_MISMATCHED", new Object[0]);
        ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
    }

    private void finishOAuthRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SocialLoginConfig socialLoginConfig) throws IOException {
        String parameter = httpServletRequest.getParameter(ClientConstants.STATE);
        if (parameter == null || parameter.isEmpty()) {
            traceAndSetResponseForNoState(httpServletResponse);
            return;
        }
        if (!parameter.equals(getStateCookieValue(httpServletRequest, httpServletResponse))) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The state mismatches", new Object[0]);
            }
            Tr.error(tc, "STATE_NULL_OR_MISMATCHED", new Object[0]);
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        String requestUrlCookieValue = getRequestUrlCookieValue(httpServletRequest, httpServletResponse, parameter);
        if (requestUrlCookieValue == null || requestUrlCookieValue.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "requestURL is null or empty", new Object[0]);
            }
            Tr.error(tc, "REQUEST_URL_NULL_OR_EMPTY", new Object[0]);
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "requestURL is not null or empty", new Object[0]);
        }
        try {
            SocialUtil.validateEndpointWithQuery(requestUrlCookieValue);
            String parameter2 = httpServletRequest.getParameter(ClientConstants.CODE);
            if (parameter2 != null && !parameter2.isEmpty()) {
                cacheValueInCookie(httpServletRequest, httpServletResponse, ClientConstants.COOKIE_NAME_STATE_KEY, parameter2);
                httpServletResponse.sendRedirect(requestUrlCookieValue);
                return;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "code parameter in request is null or empty, return internal error", new Object[0]);
            }
            Tr.error(tc, "CODE_PARAMETER_NULL_OR_EMPTY", new Object[0]);
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
        } catch (SocialLoginException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.web.EndpointServices", "300", this, new Object[]{httpServletRequest, httpServletResponse, socialLoginConfig});
            Tr.error(tc, "REQUEST_URL_NOT_VALID", new Object[]{requestUrlCookieValue, e.getMessage()});
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
        }
    }

    protected String getStateCookieValue(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, ClientConstants.COOKIE_NAME_STATE_KEY);
    }

    protected String getRequestUrlCookieValue(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String decodeAndNormalizeRequestUrl = decodeAndNormalizeRequestUrl(this.webUtils.getAndClearCookie(httpServletRequest, httpServletResponse, ClientConstants.COOKIE_NAME_REQ_URL_PREFIX + str.hashCode()));
        if (tc.isDebugEnabled() && decodeAndNormalizeRequestUrl != null) {
            Tr.debug(tc, "The restored request Url: " + decodeAndNormalizeRequestUrl, new Object[0]);
        }
        return decodeAndNormalizeRequestUrl;
    }

    String decodeAndNormalizeRequestUrl(String str) {
        try {
            str = URLDecoder.decode(str, "UTF-8").replaceAll(" ", "%20");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.web.EndpointServices", "339", this, new Object[]{str});
        }
        return str;
    }

    protected void cacheValueInCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        if (str2 != null) {
            httpServletResponse.addCookie(getReferrerUrlCookieHandler().createCookie(str, str2, httpServletRequest));
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Value to store in cookie is null, so no cookie will be created", new Object[0]);
        }
    }

    ReferrerURLCookieHandler getReferrerUrlCookieHandler() {
        return WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig().createReferrerURLCookieHandler();
    }

    protected void cacheSensitiveValueInCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, @Sensitive String str2) {
        if (str2 != null) {
            httpServletResponse.addCookie(getReferrerUrlCookieHandler().createCookie(str, str2, httpServletRequest));
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Value to store in cookie is null, so no cookie will be created", new Object[0]);
        }
    }

    protected void handleSocialLoginAPIRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        writeToResponse(getAllSocialLoginConfigs(), httpServletResponse);
    }

    private void writeToResponse(JSONObject jSONObject, HttpServletResponse httpServletResponse) {
        if (jSONObject == null || jSONObject.toString() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Provided JSON object is null", new Object[0]);
            }
            ErrorHandlerImpl.getInstance().handleErrorResponse(httpServletResponse);
            return;
        }
        addNoCacheHeaders(httpServletResponse);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "socialLoginConfigs json :" + jSONObject.toString(), new Object[0]);
        }
        httpServletResponse.setStatus(200);
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            httpServletResponse.setHeader(ClientConstants.REQ_CONTENT_TYPE_NAME, "application/json;charset=UTF-8");
            writer.write(jSONObject.toString());
            writer.flush();
            writer.close();
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.web.EndpointServices", "408", this, new Object[]{jSONObject, httpServletResponse});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught an exception attempting to get the response writer: " + e.getLocalizedMessage(), new Object[0]);
            }
        }
    }

    private void addNoCacheHeaders(HttpServletResponse httpServletResponse) {
        String header = httpServletResponse.getHeader("Cache-Control");
        httpServletResponse.setHeader("Cache-Control", (header == null || header.isEmpty()) ? "no-store" : header + ", no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
    }

    JSONObject getAllSocialLoginConfigs() {
        if (socialLoginConfigRef != null) {
            return new ConfigInfoJsonBuilder((Iterator<SocialLoginConfig>) socialLoginConfigRef.getServices()).buildJsonResponse();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Social login config reference not set", new Object[0]);
        }
        return new JSONObject();
    }

    protected TwitterTokenServices getTwitterTokenServices() {
        return new TwitterTokenServices();
    }
}
