package com.ibm.ws.security.openidconnect.client.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.filter.AuthenticationFilter;
import com.ibm.ws.security.openidconnect.client.ClientConstants;
import com.ibm.ws.security.openidconnect.client.OidcClientAuthenticator;
import com.ibm.ws.security.openidconnect.client.OidcClientConfig;
import com.ibm.ws.webcontainer.security.PostParameterHelper;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.ws.webcontainer.security.openidconnect.OidcClient;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.ssl.SSLSupport;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.10.cl50720160308-1847.jar:com/ibm/ws/security/openidconnect/client/internal/OidcClientImpl.class */
public class OidcClientImpl implements OidcClient {
    private static final TraceComponent tc = Tr.register(OidcClientImpl.class);
    static final String KEY_SECURITY_SERVICE = "securityService";
    public static final String CFG_KEY_OPENID_CONNECT_CLIENT_CONFIG = "oidcClientConfig";
    public static final String KEY_FILTER = "authFilter";
    public static final String CFG_KEY_ID = "id";
    public static final String KEY_SSL_SUPPORT = "sslSupport";
    OidcClientAuthenticator oidcClientAuthenticator;
    static final String URI_PREFIX = "oidcclient/redirect/";
    static final long serialVersionUID = -5146782373832986730L;
    protected final AtomicServiceReference<SSLSupport> sslSupportRef = new AtomicServiceReference<>(KEY_SSL_SUPPORT);
    boolean initOidcClientAuth = false;
    private final AtomicServiceReference<SecurityService> securityServiceRef = new AtomicServiceReference<>("securityService");
    SecurityService securityService = null;
    private final ConcurrentServiceReferenceMap<String, OidcClientConfig> oidcClientConfigRef = new ConcurrentServiceReferenceMap<>(CFG_KEY_OPENID_CONNECT_CLIENT_CONFIG);
    protected final ConcurrentServiceReferenceMap<String, AuthenticationFilter> authFilterServiceRef = new ConcurrentServiceReferenceMap<>(KEY_FILTER);

    protected void setOidcClientConfig(ServiceReference<OidcClientConfig> serviceReference) {
        this.oidcClientConfigRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void updatedOidcClientConfig(ServiceReference<OidcClientConfig> serviceReference) {
        this.oidcClientConfigRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void unsetOidcClientConfig(ServiceReference<OidcClientConfig> serviceReference) {
        this.oidcClientConfigRef.removeReference((String) serviceReference.getProperty("id"), serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void setSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void updatedSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.setReference(serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void unsetSslSupport(ServiceReference<SSLSupport> serviceReference) {
        this.sslSupportRef.unsetReference(serviceReference);
        this.initOidcClientAuth = true;
    }

    protected void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.setReference(serviceReference);
        this.securityService = this.securityServiceRef.getService();
        this.initOidcClientAuth = true;
    }

    protected void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.unsetReference(serviceReference);
        this.securityService = null;
        this.initOidcClientAuth = true;
    }

    protected void setOidcClientAuthenticator(OidcClientAuthenticator oidcClientAuthenticator) {
        this.oidcClientAuthenticator = oidcClientAuthenticator;
    }

    protected OidcClientAuthenticator getOidcClientAuthenticator() {
        return this.oidcClientAuthenticator;
    }

    protected void setAuthFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "setAuthenticationFilter id:" + serviceReference.getProperty("id"), new Object[0]);
        }
        this.authFilterServiceRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
    }

    protected void updatedAuthenticationFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "updatedAuthenticationFilter id:" + serviceReference.getProperty("id"), new Object[0]);
        }
        this.authFilterServiceRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
    }

    protected void unsetAuthFilter(ServiceReference<AuthenticationFilter> serviceReference) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "unsetAuthenticationFilter id:" + serviceReference.getProperty("id"), new Object[0]);
        }
        this.authFilterServiceRef.removeReference((String) serviceReference.getProperty("id"), serviceReference);
    }

    protected void activate(ComponentContext componentContext) {
        this.oidcClientConfigRef.activate(componentContext);
        this.sslSupportRef.activate(componentContext);
        this.securityServiceRef.activate(componentContext);
        this.authFilterServiceRef.activate(componentContext);
        this.initOidcClientAuth = true;
    }

    protected synchronized void modify(Map<String, Object> map) {
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        this.oidcClientConfigRef.deactivate(componentContext);
        this.sslSupportRef.deactivate(componentContext);
        this.securityServiceRef.deactivate(componentContext);
        this.authFilterServiceRef.deactivate(componentContext);
        this.oidcClientAuthenticator = null;
    }

    @Override // com.ibm.ws.webcontainer.security.openidconnect.OidcClient
    public ProviderAuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, ReferrerURLCookieHandler referrerURLCookieHandler) {
        OidcClientConfig service = this.oidcClientConfigRef.getService(str);
        if (this.initOidcClientAuth) {
            this.oidcClientAuthenticator = new OidcClientAuthenticator(this.sslSupportRef, service);
            this.initOidcClientAuth = false;
        }
        return this.oidcClientAuthenticator.authenticate(httpServletRequest, httpServletResponse, service, referrerURLCookieHandler);
    }

    @Override // com.ibm.ws.webcontainer.security.openidconnect.OidcClient
    public String getOidcProvider(HttpServletRequest httpServletRequest) {
        PostParameterHelper postParameterHelper = null;
        byte[] bArr = null;
        if (httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            postParameterHelper = new PostParameterHelper(WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig());
            bArr = postParameterHelper.getInputStreamData(httpServletRequest);
            postParameterHelper.putInputStreamData(httpServletRequest, bArr);
        }
        String parameter = httpServletRequest.getParameter(ClientConstants.OIDC_CLIENT);
        if (postParameterHelper != null) {
            postParameterHelper.putInputStreamData(httpServletRequest, bArr);
        }
        return getProviderConfig(this.oidcClientConfigRef.getServices(), parameter, httpServletRequest);
    }

    protected String getProviderConfig(Iterator<OidcClientConfig> it, String str, HttpServletRequest httpServletRequest) {
        String str2 = null;
        while (it.hasNext()) {
            OidcClientConfig next = it.next();
            String id = next.getId();
            if (str != null && str.equalsIgnoreCase(id)) {
                return str;
            }
            if (str == null && str2 == null) {
                str2 = authFilter(next, httpServletRequest, id);
            }
        }
        return str2;
    }

    String authFilter(OidcClientConfig oidcClientConfig, HttpServletRequest httpServletRequest, String str) {
        String authFilterId = oidcClientConfig.getAuthFilterId();
        if (authFilterId != null && authFilterId.length() > 0) {
            AuthenticationFilter service = this.authFilterServiceRef.getService(authFilterId);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "authFilter id:" + authFilterId + " authFilter:" + service, new Object[0]);
            }
            if (service != null && !service.isAccepted(httpServletRequest)) {
                return null;
            }
        }
        return str;
    }

    @Override // com.ibm.ws.webcontainer.security.openidconnect.OidcClient
    public boolean isMapIdentityToRegistryUser(String str) {
        return this.oidcClientConfigRef.getService(str).isMapIdentityToRegistryUser();
    }

    @Override // com.ibm.ws.webcontainer.security.openidconnect.OidcClient
    public boolean isValidRedirectUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Validate Request URI:" + requestURI, new Object[0]);
        }
        int indexOf = requestURI.indexOf(URI_PREFIX);
        if (indexOf <= -1) {
            return false;
        }
        String substring = requestURI.substring(indexOf + 20);
        if (this.oidcClientConfigRef.getService(substring) == null) {
            return false;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Configuration id:" + this.oidcClientConfigRef.getService(substring).getId(), new Object[0]);
        return true;
    }
}
