package io.openliberty.grpc.internal.client.security.authorization.oauth;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import io.openliberty.grpc.internal.client.GrpcClientMessages;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:io/openliberty/grpc/internal/client/security/authorization/oauth/GrpcOAuthPropagationHelper.class */
public class GrpcOAuthPropagationHelper {
    private static final TraceComponent tc = Tr.register(GrpcOAuthPropagationHelper.class, GrpcClientMessages.GRPC_TRACE_NAME, GrpcClientMessages.GRPC_BUNDLE);
    public static final String ISSUED_JWT_TOKEN = "issuedJwt";

    public static String getAccessTokenType() {
        return getSubjectAttributeString("token_type", true);
    }

    public static String getAccessToken() {
        return getSubjectAttributeString("access_token", true);
    }

    public static String getJwtToken() {
        String issuedJwtToken = getIssuedJwtToken();
        if (issuedJwtToken == null) {
            issuedJwtToken = getAccessToken();
            if (!isJwt(issuedJwtToken)) {
                issuedJwtToken = null;
            }
        }
        return issuedJwtToken;
    }

    private static boolean isJwt(String str) {
        return str != null && str.indexOf(".") >= 0;
    }

    public static String getIssuedJwtToken() {
        return getSubjectAttributeString(ISSUED_JWT_TOKEN, true);
    }

    public static String getScopes() {
        return getSubjectAttributeString("scope", true);
    }

    static Subject getRunAsSubject() {
        try {
            return WSSubject.getRunAsSubject();
        } catch (WSSecurityException e) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception while getting runAsSubject:", new Object[]{e.getCause()});
            return null;
        }
    }

    static String getSubjectAttributeString(String str, boolean z) {
        try {
            Subject runAsSubject = getRunAsSubject();
            if (runAsSubject != null) {
                return getSubjectAttributeObject(runAsSubject, str, z);
            }
            return null;
        } catch (Exception e) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Exception caught", new Object[]{e});
            return null;
        }
    }

    @FFDCIgnore({PrivilegedActionException.class})
    static String getSubjectAttributeObject(Subject subject, String str, boolean z) {
        try {
            String credentialAttribute = getCredentialAttribute(subject.getPublicCredentials(), str, z, "publicCredentials");
            if (credentialAttribute == null || credentialAttribute.isEmpty()) {
                credentialAttribute = getCredentialAttribute(subject.getPrivateCredentials(), str, z, "privateCredentials");
            }
            return credentialAttribute;
        } catch (PrivilegedActionException e) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Did not find a value for the attribute (" + str + ")", new Object[0]);
            return null;
        }
    }

    static String getCredentialAttribute(final Set<Object> set, final String str, final boolean z, final String str2) throws PrivilegedActionException {
        Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: io.openliberty.grpc.internal.client.security.authorization.oauth.GrpcOAuthPropagationHelper.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                int i = 0;
                for (Object obj : set) {
                    i++;
                    if (TraceComponent.isAnyTracingEnabled() && GrpcOAuthPropagationHelper.tc.isDebugEnabled()) {
                        Tr.debug(GrpcOAuthPropagationHelper.tc, str2 + "(" + i + ") class:" + obj.getClass().getName(), new Object[0]);
                    }
                    if ((obj instanceof Map) && (!z || ((Map) obj).get("access_token") != null)) {
                        Object obj2 = ((Map) obj).get(str);
                        if (obj2 != null) {
                            return obj2;
                        }
                    }
                }
                return null;
            }
        });
        if (doPrivileged != null) {
            return doPrivileged.toString();
        }
        return null;
    }
}
