package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.structures.SingleTableCache;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.UserApiConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl;
import com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl;
import com.ibm.ws.security.social.internal.utils.IntrospectUserApiUtils;
import com.ibm.ws.security.social.internal.utils.OAuthClientUtil;
import com.ibm.ws.security.social.internal.utils.OpenShiftUserApiUtils;
import com.ibm.ws.security.social.internal.utils.SocialUtil;
import javax.net.ssl.SSLSocketFactory;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TAIUserApiUtils.class */
public class TAIUserApiUtils {
    public static final TraceComponent tc = Tr.register(TAIUserApiUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    static SingleTableCache userApiCache = null;
    static final long serialVersionUID = -3589337619905799999L;

    @FFDCIgnore({SocialLoginException.class})
    public String getUserApiResponse(OAuthClientUtil oAuthClientUtil, SocialLoginConfig socialLoginConfig, @Sensitive String str, SSLSocketFactory sSLSocketFactory) {
        UserApiConfig[] userApis = socialLoginConfig.getUserApis();
        if (userApis == null || userApis.length == 0) {
            Tr.warning(tc, "NO_USER_API_CONFIGS_PRESENT", new Object[]{socialLoginConfig.getUniqueId()});
            return null;
        }
        String api = userApis[0].getApi();
        try {
            return SocialUtil.isKubeConfig(socialLoginConfig) ? getUserApiResponseFromOpenShift(socialLoginConfig, str, sSLSocketFactory) : "introspect".equals(socialLoginConfig.getUserApiType()) ? getUserApiResponseFromIntrospectEndpoint((Oauth2LoginConfigImpl) socialLoginConfig, str, sSLSocketFactory) : isTokenExpectedToBeServiceAccountToken(socialLoginConfig) ? getUserApiResponseForServiceAccountToken(socialLoginConfig, str, sSLSocketFactory) : getUserApiResponseFromGenericThirdParty(oAuthClientUtil, socialLoginConfig, str, sSLSocketFactory, api);
        } catch (SocialLoginException e) {
            Tr.error(tc, "ERROR_GETTING_USER_API_RESPONSE", new Object[]{api, socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
            return null;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIUserApiUtils", "61", this, new Object[]{oAuthClientUtil, socialLoginConfig, "<sensitive java.lang.String>", sSLSocketFactory});
            Tr.error(tc, "ERROR_GETTING_USER_API_RESPONSE", new Object[]{api, socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
            return null;
        }
    }

    private String getUserApiResponseFromIntrospectEndpoint(Oauth2LoginConfigImpl oauth2LoginConfigImpl, @Sensitive String str, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        return new IntrospectUserApiUtils(oauth2LoginConfigImpl).getUserApiResponse(str, sSLSocketFactory);
    }

    private String getUserApiResponseFromOpenShift(SocialLoginConfig socialLoginConfig, @Sensitive String str, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        return new OpenShiftUserApiUtils(socialLoginConfig).getUserApiResponse(str, sSLSocketFactory);
    }

    private boolean isTokenExpectedToBeServiceAccountToken(SocialLoginConfig socialLoginConfig) {
        return SocialUtil.isOkdConfig(socialLoginConfig);
    }

    private String getUserApiResponseForServiceAccountToken(SocialLoginConfig socialLoginConfig, @Sensitive String str, SSLSocketFactory sSLSocketFactory) throws SocialLoginException {
        String userApiResponseFromCache = getUserApiResponseFromCache(socialLoginConfig, str);
        if (userApiResponseFromCache == null) {
            userApiResponseFromCache = new OpenShiftUserApiUtils(socialLoginConfig).getUserApiResponseForServiceAccountToken(str, sSLSocketFactory);
            cacheUserApiResponse(str + socialLoginConfig.getUniqueId(), userApiResponseFromCache);
        }
        return userApiResponseFromCache;
    }

    private String getUserApiResponseFromCache(SocialLoginConfig socialLoginConfig, @Sensitive String str) {
        initializeCache(socialLoginConfig);
        return (String) userApiCache.get(str + socialLoginConfig.getUniqueId());
    }

    private synchronized void initializeCache(SocialLoginConfig socialLoginConfig) {
        long apiResponseCacheTime = socialLoginConfig.getApiResponseCacheTime();
        if (userApiCache == null) {
            userApiCache = new SingleTableCache(apiResponseCacheTime);
        } else if (apiResponseCacheTime != userApiCache.getTimeoutInMilliseconds()) {
            userApiCache.rescheduleCleanup(apiResponseCacheTime);
        }
    }

    private void cacheUserApiResponse(@Sensitive String str, String str2) {
        userApiCache.put(str, str2);
    }

    private String getUserApiResponseFromGenericThirdParty(OAuthClientUtil oAuthClientUtil, SocialLoginConfig socialLoginConfig, String str, SSLSocketFactory sSLSocketFactory, String str2) throws Exception {
        String userApiResponse = oAuthClientUtil.getUserApiResponse(str2, str, sSLSocketFactory, false, socialLoginConfig.getUserApiNeedsSpecialHeader(), socialLoginConfig.getUseSystemPropertiesForHttpClientConnections());
        return socialLoginConfig instanceof LinkedinLoginConfigImpl ? convertLinkedinToJson(userApiResponse, socialLoginConfig.getUserNameAttribute()) : (userApiResponse != null && userApiResponse.startsWith("[") && userApiResponse.endsWith("]")) ? convertToJson(userApiResponse, socialLoginConfig.getUserNameAttribute()) : userApiResponse;
    }

    private String convertLinkedinToJson(String str, String str2) {
        int indexOf = str.indexOf(str2) - 1;
        if (indexOf > 0) {
            return str.substring(indexOf - 1, str.indexOf("}", indexOf) + 1);
        }
        return null;
    }

    private String convertToJson(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{\"").append(str2).append("\":").append(str).append("}");
        return stringBuffer.toString();
    }
}
