package com.ibm.ws.security.social.internal.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.social.error.SocialLoginException;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.StatusLine;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/internal/utils/OAuthClientHttpUtil.class */
public class OAuthClientHttpUtil {
    private static final TraceComponent tc = Tr.register(OAuthClientHttpUtil.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    static OAuthClientHttpUtil instance = null;
    static final long serialVersionUID = -6905112042812687003L;

    OAuthClientHttpUtil() {
    }

    @Sensitive
    public String extractTokensFromResponse(Map<String, Object> map) throws SocialLoginException {
        if (map == null) {
            return null;
        }
        HttpResponse httpResponse = (HttpResponse) map.get(ClientConstants.RESPONSEMAP_CODE);
        if (httpResponse == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "An HttpResponse object was not found in the map", new Object[0]);
            return null;
        }
        HttpEntity entity = httpResponse.getEntity();
        if (entity == null) {
            return null;
        }
        try {
            return EntityUtils.toString(entity);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OAuthClientHttpUtil", "77", this, new Object[]{map});
            throw new SocialLoginException("ERROR_PARSING_RESPONSE_ENTITY", e, new Object[]{e.getLocalizedMessage()});
        }
    }

    HttpPost createPostMethod(String str, List<NameValuePair> list) throws SocialLoginException {
        SocialUtil.validateEndpointWithQuery(str);
        HttpPost httpPost = new HttpPost(str);
        if (list != null) {
            for (NameValuePair nameValuePair : list) {
                httpPost.addHeader(nameValuePair.getName(), nameValuePair.getValue());
            }
        }
        return httpPost;
    }

    HttpGet createHttpGetMethod(String str, List<NameValuePair> list) throws SocialLoginException {
        SocialUtil.validateEndpointWithQuery(str);
        HttpGet httpGet = new HttpGet(str);
        if (list != null) {
            for (NameValuePair nameValuePair : list) {
                httpGet.addHeader(nameValuePair.getName(), nameValuePair.getValue());
            }
        }
        return httpGet;
    }

    HttpResponse executeRequest(SSLSocketFactory sSLSocketFactory, String str, boolean z, HttpUriRequest httpUriRequest, boolean z2) throws SocialLoginException {
        try {
            return createHTTPClient(sSLSocketFactory, str, z, z2).execute(httpUriRequest);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OAuthClientHttpUtil", "115", this, new Object[]{sSLSocketFactory, str, Boolean.valueOf(z), httpUriRequest, Boolean.valueOf(z2)});
            throw new SocialLoginException("ERROR_EXECUTING_REQUEST", e, new Object[]{str, e.getLocalizedMessage()});
        }
    }

    void verifyResponse(String str, HttpResponse httpResponse) throws SocialLoginException {
        if (httpResponse == null) {
            return;
        }
        StatusLine statusLine = httpResponse.getStatusLine();
        if (statusLine == null || statusLine.getStatusCode() != 200) {
            String str2 = statusLine == null ? null : statusLine.getStatusCode() + " " + statusLine.getReasonPhrase();
            String formatMessage = Tr.formatMessage(tc, "RESPONSE_STATUS_MISSING_OR_ERROR", new Object[]{str2});
            HttpEntity entity = httpResponse.getEntity();
            if (entity != null) {
                try {
                    formatMessage = EntityUtils.toString(entity).trim();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OAuthClientHttpUtil", "135", this, new Object[]{str, httpResponse});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Caught error parsing HttpEntity: " + e, new Object[0]);
                    }
                }
            }
            throw new SocialLoginException("RESPONSE_STATUS_UNSUCCESSFUL", null, new Object[]{str, str2, formatMessage});
        }
    }

    public Map<String, Object> postToEndpoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, SSLSocketFactory sSLSocketFactory, List<NameValuePair> list2, boolean z, String str5, boolean z2) throws SocialLoginException {
        SocialUtil.validateEndpointWithQuery(str);
        debugPostToEndPoint(str, list, str2, str3, str4, list2);
        return commonEndpointInvocation(setPostParameters(createPostMethod(str, list2), list), str, str2, str3, str4, sSLSocketFactory, z, str5, z2);
    }

    public Map<String, Object> getToEndpoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, SSLSocketFactory sSLSocketFactory, List<NameValuePair> list2, boolean z, String str5, boolean z2) throws SocialLoginException {
        SocialUtil.validateEndpointWithQuery(str);
        debugPostToEndPoint(str, list, str2, str3, str4, list2);
        HttpGet createHttpGetMethod = createHttpGetMethod(str, list2);
        if (list != null) {
            for (NameValuePair nameValuePair : list) {
                createHttpGetMethod.addHeader(nameValuePair.getName(), nameValuePair.getValue());
            }
        }
        return commonEndpointInvocation(createHttpGetMethod, str, str2, str3, str4, sSLSocketFactory, z, str5, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Object> postToIntrospectEndpoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, SSLSocketFactory sSLSocketFactory, List<NameValuePair> list2, boolean z, String str5, boolean z2) throws SocialLoginException {
        SocialUtil.validateEndpointWithQuery(str);
        debugPostToEndPoint(str, list, str2, str3, str4, list2);
        return commonEndpointInvocation(setPostParameters(createPostMethod(str, list2), list), str, str2, str3, str4, sSLSocketFactory, z, str5, z2);
    }

    HttpPost setPostParameters(HttpPost httpPost, @Sensitive List<NameValuePair> list) {
        if (list != null) {
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(list));
            } catch (UnsupportedEncodingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.social.internal.utils.OAuthClientHttpUtil", "215", this, new Object[]{httpPost, "<sensitive java.util.List>"});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The default encoding is not supported; parameters might not be present in the request", new Object[0]);
                }
            }
        }
        return httpPost;
    }

    Map<String, Object> commonEndpointInvocation(HttpUriRequest httpUriRequest, String str, String str2, @Sensitive String str3, String str4, SSLSocketFactory sSLSocketFactory, boolean z, String str5, boolean z2) throws SocialLoginException {
        setAuthorizationHeader(str2, str3, str4, httpUriRequest, str5);
        HttpResponse executeRequest = executeRequest(sSLSocketFactory, str, z, httpUriRequest, z2);
        verifyResponse(str, executeRequest);
        HashMap hashMap = new HashMap();
        hashMap.put(ClientConstants.RESPONSEMAP_CODE, executeRequest);
        hashMap.put(ClientConstants.RESPONSEMAP_METHOD, httpUriRequest);
        return hashMap;
    }

    void setAuthorizationHeader(String str, @Sensitive String str2, String str3, HttpUriRequest httpUriRequest, String str4) {
        if (str3 != null) {
            httpUriRequest.addHeader(ClientConstants.AUTHORIZATION, ClientConstants.BEARER + str3);
        } else {
            if (str4 == null || !str4.equals("client_secret_basic")) {
                return;
            }
            httpUriRequest.addHeader(ClientConstants.AUTHORIZATION, "Basic " + Base64Coder.base64Encode(str + ":" + str2));
        }
    }

    void debugPostToEndPoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, List<NameValuePair> list2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postToEndpoint: url: " + str + " headers: " + list2 + " params: ***** baUsername: " + str2 + " baPassword: " + (str3 != null ? "****" : null) + " accessToken: " + str4, new Object[0]);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("curl -k -v");
            if (list2 != null) {
                for (NameValuePair nameValuePair : list2) {
                    stringBuffer.append(" -H \"");
                    stringBuffer.append(nameValuePair.getName());
                    stringBuffer.append(": ");
                    stringBuffer.append(nameValuePair.getValue());
                    stringBuffer.append("\"");
                }
            }
            if (list != null && list.size() > 0) {
                stringBuffer.append(" -d \"");
                Iterator<NameValuePair> it = list.iterator();
                while (it.hasNext()) {
                    NameValuePair next = it.next();
                    String name = next.getName();
                    stringBuffer.append(name);
                    stringBuffer.append("=");
                    if (name.equals(ClientConstants.CLIENT_SECRET)) {
                        stringBuffer.append("*****");
                    } else {
                        stringBuffer.append(next.getValue());
                    }
                    if (it.hasNext()) {
                        stringBuffer.append("&");
                    }
                }
                stringBuffer.append("\"");
            }
            if (str2 != null && str3 != null) {
                stringBuffer.append(" -u \"");
                stringBuffer.append(str2);
                stringBuffer.append(":");
                stringBuffer.append("****");
                stringBuffer.append("\"");
            }
            if (str4 != null) {
                stringBuffer.append(" -H \"Authorization: bearer ");
                stringBuffer.append(str4);
                stringBuffer.append("\"");
            }
            stringBuffer.append(" ");
            stringBuffer.append(str);
            Tr.debug(tc, "CURL Command: " + stringBuffer.toString(), new Object[0]);
        }
    }

    public HttpClient createHTTPClient(SSLSocketFactory sSLSocketFactory, String str, boolean z, boolean z2) {
        CloseableHttpClient build;
        if (str == null || !str.startsWith("http:")) {
            build = getBuilder(z2).setSSLSocketFactory(!z ? new SSLConnectionSocketFactory(sSLSocketFactory, new NoopHostnameVerifier()) : new SSLConnectionSocketFactory(sSLSocketFactory, new DefaultHostnameVerifier())).build();
        } else {
            build = getBuilder(z2).build();
        }
        return build;
    }

    public HttpClient createHTTPClient(SSLSocketFactory sSLSocketFactory, String str, boolean z, String str2, @Sensitive String str3, boolean z2) {
        CloseableHttpClient build;
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str2, str3));
        if (str == null || !str.startsWith("http:")) {
            build = getBuilder(z2).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(!z ? new SSLConnectionSocketFactory(sSLSocketFactory, new NoopHostnameVerifier()) : new SSLConnectionSocketFactory(sSLSocketFactory, new DefaultHostnameVerifier())).build();
        } else {
            build = getBuilder(z2).setDefaultCredentialsProvider(basicCredentialsProvider).build();
        }
        return build;
    }

    private HttpClientBuilder getBuilder(boolean z) {
        return z ? HttpClientBuilder.create().disableCookieManagement().useSystemProperties() : HttpClientBuilder.create().disableCookieManagement();
    }

    public static OAuthClientHttpUtil getInstance() {
        if (instance == null) {
            instance = new OAuthClientHttpUtil();
        }
        return instance;
    }
}
