package com.ibm.ws.security.openidconnect.client;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.token.IDToken;
import com.ibm.ws.webcontainer.internalRuntimeExport.srt.IPrivateRequestAttributes;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.10.cl50720160308-1847.jar:com/ibm/ws/security/openidconnect/client/OidcClientUtil.class */
public class OidcClientUtil {
    private static final long serialVersionUID = 1;
    private static final TraceComponent tc = Tr.register(OidcClientUtil.class);
    private final List<NameValuePair> commonHeaders = new ArrayList();
    OidcClientHttpUtil oidcHttpUtil = null;

    public OidcClientUtil() {
        this.commonHeaders.add(new BasicNameValuePair("Accept", "application/json"));
        init(new OidcClientHttpUtil());
    }

    void init(OidcClientHttpUtil oidcClientHttpUtil) {
        this.oidcHttpUtil = oidcClientHttpUtil;
    }

    final List<NameValuePair> getCommonHeaders() {
        return this.commonHeaders;
    }

    public HashMap<String, String> getTokensFromAuthzCode(String str, String str2, @Sensitive String str3, String str4, String str5, String str6, SSLContext sSLContext, boolean z, String str7) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(ClientConstants.GRANT_TYPE, str6));
        arrayList.add(new BasicNameValuePair(ClientConstants.REDIRECT_URI, str4));
        arrayList.add(new BasicNameValuePair(ClientConstants.CODE, str5));
        this.oidcHttpUtil.setClientId(str2);
        if (str7.equals(ClientConstants.METHOD_POST)) {
            arrayList.add(new BasicNameValuePair(ClientConstants.CLIENT_ID, str2));
            arrayList.add(new BasicNameValuePair(ClientConstants.CLIENT_SECRET, str3));
        }
        HashMap<String, String> hashMap = new HashMap<>();
        for (Map.Entry entry : JSONObject.parse(this.oidcHttpUtil.extractTokensFromResponse(postToTokenEndpoint(str, arrayList, str2, str3, sSLContext, z, str7))).entrySet()) {
            if ((entry.getKey() instanceof String) && (entry.getValue() instanceof String)) {
                hashMap.put((String) entry.getKey(), (String) entry.getValue());
            }
        }
        return hashMap;
    }

    public String getAccessTokenFromAuthzCode(String str, String str2, @Sensitive String str3, String str4, String str5, String str6, SSLContext sSLContext, String str7) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(ClientConstants.GRANT_TYPE, str6));
        arrayList.add(new BasicNameValuePair(ClientConstants.REDIRECT_URI, str4));
        arrayList.add(new BasicNameValuePair(ClientConstants.CODE, str5));
        return (String) JSONObject.parse(this.oidcHttpUtil.extractTokensFromResponse(postToTokenEndpoint(str, arrayList, str2, str3, sSLContext, false, str7))).get("access_token");
    }

    public String checkToken(String str, String str2, @Sensitive String str3, String str4, boolean z, String str5) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("token", str4));
        return this.oidcHttpUtil.extractTokensFromResponse(postToCheckTokenEndpoint(str, arrayList, str2, str3, z, str5));
    }

    public String getUserinfo(String str, String str2) throws Exception {
        return this.oidcHttpUtil.extractTokensFromResponse(getFromUserinfoEndpoint(str, null, str2));
    }

    Map<String, Object> postToTokenEndpoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, SSLContext sSLContext, boolean z, String str4) throws Exception {
        return this.oidcHttpUtil.postToEndpoint(str, list, str2, str3, null, sSLContext, this.commonHeaders, z, str4);
    }

    Map<String, Object> postToCheckTokenEndpoint(String str, List<NameValuePair> list, String str2, @Sensitive String str3, boolean z, String str4) throws Exception {
        return this.oidcHttpUtil.postToEndpoint(str, list, str2, str3, null, null, this.commonHeaders, z, str4);
    }

    Map<String, Object> getFromUserinfoEndpoint(String str, List<NameValuePair> list, String str2) throws HttpException, IOException {
        return getFromEndpoint(str, list, null, null, str2);
    }

    Map<String, Object> getFromEndpoint(String str, List<NameValuePair> list, String str2, @Sensitive String str3, String str4) throws HttpException, IOException {
        String str5 = null;
        if (list != null) {
            str5 = URLEncodedUtils.format(list, ClientConstants.CHARSET);
        }
        if (str5 != null) {
            if (!str.endsWith("?")) {
                str = str + "?";
            }
            str = str + str5;
        }
        HttpGet createHttpGetMethod = this.oidcHttpUtil.createHttpGetMethod(str, this.commonHeaders);
        HttpClient defaultHttpClient = this.oidcHttpUtil.getDefaultHttpClient();
        this.oidcHttpUtil.setAuthorizationHeaderForGetMethod(str2, str3, str4, createHttpGetMethod, defaultHttpClient);
        HttpResponse execute = defaultHttpClient.execute(createHttpGetMethod);
        HashMap hashMap = new HashMap();
        hashMap.put(ClientConstants.RESPONSEMAP_CODE, execute);
        hashMap.put(ClientConstants.RESPONSEMAP_METHOD, createHttpGetMethod);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRedirectUrl(HttpServletRequest httpServletRequest, String str) {
        String serverName = httpServletRequest.getServerName();
        Integer redirectPortFromRequest = getRedirectPortFromRequest(httpServletRequest);
        String str2 = "/oidcclient/redirect/" + str;
        if (redirectPortFromRequest != null || !httpServletRequest.isSecure()) {
            return "https://" + serverName + (redirectPortFromRequest == null ? ExtensionConstants.CORE_EXTENSION : ":" + redirectPortFromRequest) + str2;
        }
        int serverPort = httpServletRequest.getServerPort();
        return httpServletRequest.getScheme() + "://" + serverName + ((serverPort <= 0 || serverPort == 443) ? ExtensionConstants.CORE_EXTENSION : ":" + serverPort) + str2;
    }

    public IDToken createIDToken(String str, @Sensitive Object obj, String str2, String str3, String str4, String str5) {
        return new IDToken(str, obj, str2, str3, str4, str5);
    }

    protected Integer getRedirectPortFromRequest(HttpServletRequest httpServletRequest) {
        IPrivateRequestAttributes wrappedServletRequestObject = getWrappedServletRequestObject(httpServletRequest);
        if (wrappedServletRequestObject instanceof IPrivateRequestAttributes) {
            return (Integer) wrappedServletRequestObject.getPrivateAttribute("SecurityRedirectPort");
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "getRedirectUrl called for non-IPrivateRequestAttributes object", httpServletRequest);
        return null;
    }

    private static HttpServletRequest getWrappedServletRequestObject(HttpServletRequest httpServletRequest) {
        if (httpServletRequest instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest).getRequest();
            while (true) {
                httpServletRequest = (HttpServletRequest) request;
                if (!(httpServletRequest instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest).getRequest();
            }
        }
        return httpServletRequest;
    }
}
