package com.ibm.ws.security.oauth20.web;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonPrimitive;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.oauth.core.api.error.OidcServerException;
import com.ibm.oauth.core.internal.OAuthUtil;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OidcOAuth20Client;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientSerializer;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientValidator;
import com.ibm.ws.security.oauth20.util.Base64;
import com.ibm.ws.security.oauth20.util.OIDCConstants;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.osgi.storage.Storage;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.1.13.jar:com/ibm/ws/security/oauth20/web/RegistrationEndpointServices.class */
public class RegistrationEndpointServices extends AbstractOidcEndpointServices {
    private static final int DEFAULT_CLIENT_SECRET_LENGTH = 60;
    public static final String ROLE_REQUIRED = "clientManager";
    public static final String UNAUTHORIZED_HEADER_VALUE = "Basic realm=\"clientManager\"";
    protected static final String MESSAGE_BUNDLE = "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages";
    private static final String REGEX_REGISTRATION_CLIENTID = "^/([\\w-]+)/registration(/\\S*)?$";
    static final long serialVersionUID = -2436181126238739822L;
    private static TraceComponent tc = Tr.register(RegistrationEndpointServices.class);
    public static final Gson GSON = new GsonBuilder().excludeFieldsWithoutExposeAnnotation().registerTypeAdapter(OidcBaseClient.class, new OidcBaseClientSerializer()).create();

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.1.13.jar:com/ibm/ws/security/oauth20/web/RegistrationEndpointServices$ClientSecretAction.class */
    public enum ClientSecretAction {
        NEW,
        RETAIN,
        CLEAR;

        static final long serialVersionUID = 169084571366617429L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(ClientSecretAction.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleEndpointRequest(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OidcServerException, IOException {
        if (httpServletRequest.getMethod().equalsIgnoreCase("GET") || httpServletRequest.getMethod().equalsIgnoreCase("HEAD")) {
            processHeadOrGet(oAuth20Provider, httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            processPost(oAuth20Provider, httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getMethod().equalsIgnoreCase("PUT")) {
            processPut(oAuth20Provider, httpServletRequest, httpServletResponse);
        } else if (httpServletRequest.getMethod().equalsIgnoreCase("DELETE")) {
            processDelete(oAuth20Provider, httpServletRequest, httpServletResponse);
        } else {
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_UNSUPPORTED_METHOD", new Object[]{httpServletRequest.getMethod(), "Registration Endpoint Service"}, "CWWKS1433E: The HTTP method {0} is not supported for the service {1}.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "server_error", 405);
        }
    }

    private void processHeadOrGet(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OidcServerException, IOException {
        validateJsonAcceptable(httpServletRequest);
        OidcOAuth20ClientProvider clientProvider = oAuth20Provider.getClientProvider();
        String extractClientId = extractClientId(httpServletRequest.getPathInfo());
        if (OidcOAuth20Util.isNullEmpty(extractClientId)) {
            processHeadOrGetAllClients(clientProvider, httpServletRequest, httpServletResponse);
        } else {
            processHeadOrGetSingleClient(extractClientId, clientProvider, httpServletRequest, httpServletResponse);
        }
    }

    private void processHeadOrGetSingleClient(String str, OidcOAuth20ClientProvider oidcOAuth20ClientProvider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OidcServerException {
        OidcBaseClient oidcBaseClient = oidcOAuth20ClientProvider.get(str);
        if (oidcBaseClient == null) {
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_CLIENTID_NOT_FOUND", new Object[]{str}, "CWWKS1424E: The client id {0} was not found.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "invalid_client", 404);
        }
        omitEmptyArrays(oidcBaseClient);
        String computeETag = computeETag(oidcBaseClient);
        processClientRegistationUri(oidcBaseClient, httpServletRequest);
        setCommonResponseHeaders(computeETag, httpServletResponse, true);
        OidcServerException checkConditionalExecution = checkConditionalExecution(httpServletRequest, true, true, computeETag, null);
        if (checkConditionalExecution != null) {
            httpServletResponse.setStatus(checkConditionalExecution.getHttpStatus());
            httpServletResponse.flushBuffer();
        } else {
            if (httpServletRequest.getMethod().equalsIgnoreCase("GET")) {
                httpServletResponse.getOutputStream().print(GSON.toJson(oidcBaseClient));
            }
            httpServletResponse.setStatus(200);
            httpServletResponse.flushBuffer();
        }
    }

    private void processHeadOrGetAllClients(OidcOAuth20ClientProvider oidcOAuth20ClientProvider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OidcServerException {
        JsonArray asJsonArray = GSON.toJsonTree(oidcOAuth20ClientProvider.getAll(httpServletRequest)).getAsJsonArray();
        omitEmptyArrays(asJsonArray);
        String computeETag = computeETag(asJsonArray);
        setCommonResponseHeaders(computeETag, httpServletResponse, true);
        OidcServerException checkConditionalExecution = checkConditionalExecution(httpServletRequest, true, true, computeETag, null);
        if (checkConditionalExecution != null) {
            httpServletResponse.setStatus(checkConditionalExecution.getHttpStatus());
            httpServletResponse.flushBuffer();
            return;
        }
        if (httpServletRequest.getMethod().equalsIgnoreCase("GET")) {
            JsonObject jsonObject = new JsonObject();
            jsonObject.add(Storage.BUNDLE_DATA_DIR, GSON.toJsonTree(asJsonArray));
            httpServletResponse.getOutputStream().print(jsonObject.toString());
        }
        httpServletResponse.setStatus(200);
        httpServletResponse.flushBuffer();
    }

    private void processPost(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OidcServerException, IOException {
        validateJsonAcceptable(httpServletRequest);
        validateContentType(httpServletRequest, "application/json");
        if (!OidcOAuth20Util.isNullEmpty(extractClientId(httpServletRequest.getPathInfo()))) {
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_INVALID_REQUEST_PATH", (Object[]) null, "CWWKS1425E: The registration request was made to an incorrect URI.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "invalid_request", 400);
        }
        OidcBaseClient validateCreateUpdate = OidcBaseClientValidator.getInstance(getOidcBaseClientFromRequestBody(httpServletRequest)).validateCreateUpdate();
        OidcOAuth20ClientProvider clientProvider = oAuth20Provider.getClientProvider();
        processClientId(validateCreateUpdate, clientProvider);
        processClientName(validateCreateUpdate);
        processNewClientSecret(validateCreateUpdate);
        processClientRegistationUri(validateCreateUpdate, httpServletRequest);
        OidcBaseClient defaultsForOmitted = OidcBaseClientValidator.getInstance(clientProvider.put(validateCreateUpdate)).setDefaultsForOmitted();
        omitEmptyArrays(defaultsForOmitted);
        setCommonResponseHeaders(computeETag(defaultsForOmitted), httpServletResponse, true);
        httpServletResponse.getOutputStream().print(OidcOAuth20Util.GSON_RAW.toJson(defaultsForOmitted));
        httpServletResponse.setStatus(201);
        httpServletResponse.flushBuffer();
    }

    private void processPut(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OidcServerException, IOException {
        validateJsonAcceptable(httpServletRequest);
        validateContentType(httpServletRequest, "application/json");
        String validateRequestContainsClientId = validateRequestContainsClientId(httpServletRequest);
        OidcOAuth20ClientProvider clientProvider = oAuth20Provider.getClientProvider();
        OidcOAuth20Client validateClientIdExists = validateClientIdExists(validateRequestContainsClientId, clientProvider);
        OidcBaseClient oidcBaseClientFromRequestBody = getOidcBaseClientFromRequestBody(httpServletRequest);
        oidcBaseClientFromRequestBody.setClientId(validateRequestContainsClientId);
        OidcBaseClient validateCreateUpdate = OidcBaseClientValidator.getInstance(oidcBaseClientFromRequestBody).validateCreateUpdate();
        copyExistingOutputParams(validateCreateUpdate, validateClientIdExists);
        processClientName(validateCreateUpdate);
        ClientSecretAction processUpdateClientSecret = processUpdateClientSecret(validateCreateUpdate, validateClientIdExists);
        String str = null;
        if (processUpdateClientSecret == ClientSecretAction.NEW) {
            str = validateCreateUpdate.getClientSecret();
            validateCreateUpdate.setClientSecret(PasswordUtil.passwordEncode(str));
        }
        processClientRegistationUri(validateCreateUpdate, httpServletRequest);
        httpServletResponse.setHeader("Content-Type", "application/json");
        omitEmptyArrays((OidcBaseClient) validateClientIdExists);
        OidcServerException checkConditionalExecution = checkConditionalExecution(httpServletRequest, false, true, computeETag((OidcBaseClient) validateClientIdExists), null);
        if (checkConditionalExecution == null) {
            OidcBaseClient defaultsForOmitted = OidcBaseClientValidator.getInstance(clientProvider.update(validateCreateUpdate)).setDefaultsForOmitted();
            omitEmptyArrays(defaultsForOmitted);
            httpServletResponse.addHeader("ETag", String.format("\"%s\"", computeETag(defaultsForOmitted)));
            if (processUpdateClientSecret != ClientSecretAction.RETAIN || OidcOAuth20Util.isNullEmpty(defaultsForOmitted.getClientSecret())) {
                defaultsForOmitted.setClientSecret(str);
                httpServletResponse.getOutputStream().print(OidcOAuth20Util.GSON_RAW.toJson(defaultsForOmitted));
            } else {
                httpServletResponse.getOutputStream().print(GSON.toJson(defaultsForOmitted));
            }
            httpServletResponse.setStatus(200);
        } else {
            if (checkConditionalExecution.isComplete()) {
                throw checkConditionalExecution;
            }
            httpServletResponse.setStatus(checkConditionalExecution.getHttpStatus());
        }
        httpServletResponse.flushBuffer();
    }

    private void processDelete(OAuth20Provider oAuth20Provider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, OidcServerException {
        String extractClientId = extractClientId(httpServletRequest.getPathInfo());
        if (OidcOAuth20Util.isNullEmpty(extractClientId)) {
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_MISSING_CLIENTID", new Object[]{httpServletRequest.getMethod(), "client_id"}, "CWWKS1426E: The {0} operation failed as the request did not contain the {1} parameter.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, "invalid_request", 400);
        }
        OidcOAuth20ClientProvider clientProvider = oAuth20Provider.getClientProvider();
        OidcBaseClient oidcBaseClient = clientProvider.get(extractClientId);
        if (oidcBaseClient == null) {
            String formattedMessage2 = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_INVALID_CLIENTID", new Object[]{httpServletRequest.getMethod(), "client_id", extractClientId}, "CWWKS1427E: The {0} operation failed as the request contains an invalid {1} parameter {2}.");
            Tr.error(tc, formattedMessage2, new Object[0]);
            throw new OidcServerException(formattedMessage2, "invalid_client", 404);
        }
        omitEmptyArrays(oidcBaseClient);
        OidcServerException checkConditionalExecution = checkConditionalExecution(httpServletRequest, false, true, computeETag(oidcBaseClient), null);
        if (checkConditionalExecution != null) {
            httpServletResponse.setStatus(checkConditionalExecution.getHttpStatus());
            httpServletResponse.flushBuffer();
        } else {
            clientProvider.delete(extractClientId);
            httpServletResponse.setStatus(204);
            httpServletResponse.flushBuffer();
        }
    }

    private OidcBaseClient getOidcBaseClientFromRequestBody(HttpServletRequest httpServletRequest) throws IOException, OidcServerException {
        try {
            return (OidcBaseClient) GSON.fromJson((Reader) httpServletRequest.getReader(), OidcBaseClient.class);
        } catch (JsonParseException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.RegistrationEndpointServices", "408", this, new Object[]{httpServletRequest});
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_MALFORMED_REQUEST", (Object[]) null, "CWWKS1428E: The request body is malformed.");
            Tr.error(tc, formattedMessage, new Object[0]);
            Tr.error(tc, e.getLocalizedMessage(), new Object[0]);
            throw new OidcServerException(formattedMessage, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 400);
        }
    }

    private String extractClientId(String str) {
        String group;
        Matcher matcher = Pattern.compile(REGEX_REGISTRATION_CLIENTID).matcher(str);
        if (!matcher.matches() || (group = matcher.group(2)) == null) {
            return null;
        }
        return trimSlashes(group);
    }

    private void processClientId(OidcBaseClient oidcBaseClient, OidcOAuth20ClientProvider oidcOAuth20ClientProvider) throws OidcServerException {
        String str;
        String clientId = oidcBaseClient.getClientId();
        if (OidcOAuth20Util.isNullEmpty(clientId)) {
            String generateUUID = generateUUID();
            while (true) {
                str = generateUUID;
                if (!oidcOAuth20ClientProvider.exists(str)) {
                    break;
                } else {
                    generateUUID = generateUUID();
                }
            }
            oidcBaseClient.setClientId(str);
        } else if (oidcOAuth20ClientProvider.exists(clientId)) {
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_CLIENTID_EXISTS", new Object[]{clientId}, "CWWKS1429E: Client id {0} already exists.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 400);
        }
        oidcBaseClient.setClientIdIssuedAt(System.currentTimeMillis() / 1000);
    }

    private void processClientName(OidcBaseClient oidcBaseClient) {
        String clientId = oidcBaseClient.getClientId();
        if (!OidcOAuth20Util.isNullEmpty(oidcBaseClient.getClientName()) || OidcOAuth20Util.isNullEmpty(clientId)) {
            return;
        }
        oidcBaseClient.setClientName(clientId);
    }

    private void processNewClientSecret(OidcBaseClient oidcBaseClient) throws OidcServerException {
        if ((OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTokenEndpointAuthMethod()) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_BASIC) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_POST)) && OidcOAuth20Util.isNullEmpty(oidcBaseClient.getClientSecret())) {
            oidcBaseClient.setClientSecret(OAuthUtil.getRandom(60));
        } else {
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTokenEndpointAuthMethod()) || !oidcBaseClient.getTokenEndpointAuthMethod().equals("none") || OidcOAuth20Util.isNullEmpty(oidcBaseClient.getClientSecret())) {
                return;
            }
            String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_PUBLIC_CLIENT_CREATE_FAILURE", (Object[]) null, "CWWKS1438E: Creation of the client fails.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new OidcServerException(formattedMessage, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 400);
        }
    }

    private ClientSecretAction processUpdateClientSecret(OidcBaseClient oidcBaseClient, OidcOAuth20Client oidcOAuth20Client) throws OidcServerException {
        ClientSecretAction clientSecretAction = null;
        if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getClientSecret())) {
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTokenEndpointAuthMethod()) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_BASIC) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_POST)) {
                clientSecretAction = ClientSecretAction.NEW;
                oidcBaseClient.setClientSecret(OAuthUtil.getRandom(60));
            } else if (oidcBaseClient.getTokenEndpointAuthMethod().equals("none")) {
                clientSecretAction = !OidcOAuth20Util.isNullEmpty(oidcOAuth20Client.getClientSecret()) ? ClientSecretAction.CLEAR : ClientSecretAction.RETAIN;
            }
        } else if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTokenEndpointAuthMethod()) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_BASIC) || oidcBaseClient.getTokenEndpointAuthMethod().equals(OIDCConstants.OIDC_DISC_TOKEN_EP_AUTH_METH_SUPP_CLIENT_SECRET_POST)) {
            if (!oidcBaseClient.getClientSecret().equals("*")) {
                clientSecretAction = ClientSecretAction.NEW;
            } else {
                if (OidcOAuth20Util.isNullEmpty(oidcOAuth20Client.getClientSecret())) {
                    String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_CLIENT_SECRET_UPDATE_FAILURE", (Object[]) null, "CWWKS1430E: An update of the client fails.");
                    Tr.error(tc, formattedMessage, new Object[0]);
                    throw new OidcServerException(formattedMessage, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 400);
                }
                clientSecretAction = ClientSecretAction.RETAIN;
                oidcBaseClient.setClientSecret(oidcOAuth20Client.getClientSecret());
            }
        } else if (oidcBaseClient.getTokenEndpointAuthMethod().equals("none")) {
            String formattedMessage2 = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_PUBLIC_CLIENT_UPDATE_FAILURE", (Object[]) null, "CWWKS1431E: An update of the client fails.");
            Tr.error(tc, formattedMessage2, new Object[0]);
            throw new OidcServerException(formattedMessage2, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 400);
        }
        if (clientSecretAction != null) {
            return clientSecretAction;
        }
        String formattedMessage3 = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_INVALID_CONFIG", (Object[]) null, "CWWKS1432E: An update of the client fails.");
        Tr.error(tc, formattedMessage3, new Object[0]);
        throw new OidcServerException(formattedMessage3, OIDCConstants.ERROR_INVALID_CLIENT_METADATA, 500);
    }

    public static void processClientRegistationUri(OidcOAuth20Client oidcOAuth20Client, HttpServletRequest httpServletRequest) {
        oidcOAuth20Client.setRegistrationClientUri(computeRegistrationUri(httpServletRequest, oidcOAuth20Client.getClientId()));
    }

    private static String computeRegistrationUri(HttpServletRequest httpServletRequest, String str) {
        String trimTrailingSlash = trimTrailingSlash(httpServletRequest.getRequestURL().toString());
        if (!trimTrailingSlash.endsWith(str)) {
            trimTrailingSlash = trimTrailingSlash + "/" + str;
        }
        return trimTrailingSlash;
    }

    private OidcOAuth20Client validateClientIdExists(String str, OidcOAuth20ClientProvider oidcOAuth20ClientProvider) throws OidcServerException {
        OidcBaseClient oidcBaseClient = oidcOAuth20ClientProvider.get(str);
        if (oidcBaseClient != null) {
            return oidcBaseClient;
        }
        String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_CLIENTID_NOT_FOUND", new Object[]{str}, "CWWKS1424E: The client id {0} was not found.");
        Tr.error(tc, formattedMessage, new Object[0]);
        throw new OidcServerException(formattedMessage, "invalid_client", 404);
    }

    private String validateRequestContainsClientId(HttpServletRequest httpServletRequest) throws OidcServerException {
        String extractClientId = extractClientId(httpServletRequest.getPathInfo());
        if (!OidcOAuth20Util.isNullEmpty(extractClientId)) {
            return extractClientId;
        }
        String formattedMessage = TraceNLS.getFormattedMessage((Class<?>) RegistrationEndpointServices.class, "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OAUTH_CLIENT_REGISTRATION_MISSING_CLIENTID", new Object[]{httpServletRequest.getMethod(), "client_id"}, "CWWKS1426E: The {0} operation failed as the request did not contain the {1} parameter.");
        Tr.error(tc, formattedMessage, new Object[0]);
        throw new OidcServerException(formattedMessage, "invalid_request", 400);
    }

    private void copyExistingOutputParams(OidcBaseClient oidcBaseClient, OidcOAuth20Client oidcOAuth20Client) {
        oidcBaseClient.setClientIdIssuedAt(oidcOAuth20Client.getClientIdIssuedAt());
        oidcBaseClient.setClientSecretExpiresAt(oidcOAuth20Client.getClientSecretExpiresAt());
    }

    private String computeETag(OidcBaseClient oidcBaseClient) throws IOException {
        JsonArray jsonArray = new JsonArray();
        jsonArray.add(OidcOAuth20Util.getJsonObj(oidcBaseClient));
        return computeETag(jsonArray);
    }

    private String computeETag(JsonArray jsonArray) throws IOException {
        Comparator<JsonObject> comparator = new Comparator<JsonObject>() { // from class: com.ibm.ws.security.oauth20.web.RegistrationEndpointServices.1
            static final long serialVersionUID = 8729864700888484025L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.util.Comparator
            public int compare(JsonObject jsonObject, JsonObject jsonObject2) {
                return jsonObject.get("client_id").getAsString().compareTo(jsonObject2.get("client_id").getAsString());
            }
        };
        List<JsonObject> listOfJsonObjects = OidcOAuth20Util.getListOfJsonObjects(jsonArray);
        Collections.sort(listOfJsonObjects, comparator);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            for (JsonObject jsonObject : listOfJsonObjects) {
                String str = null;
                JsonElement jsonElement = jsonObject.get(OIDCConstants.OIDC_CLIENTREG_REGISTRATION_CLIENT_URI);
                if (jsonElement != null && !jsonElement.getAsString().isEmpty()) {
                    str = jsonElement.getAsString();
                    jsonObject.remove(OIDCConstants.OIDC_CLIENTREG_REGISTRATION_CLIENT_URI);
                }
                String str2 = null;
                JsonElement jsonElement2 = jsonObject.get("client_secret");
                if (jsonElement2 != null && !jsonElement2.getAsString().isEmpty()) {
                    str2 = jsonElement2.getAsString();
                    jsonObject.remove("client_secret");
                }
                StringWriter stringWriter = new StringWriter();
                new Gson().toJson((JsonElement) jsonObject, (Appendable) stringWriter);
                messageDigest.update(Base64Coder.getBytes(stringWriter.toString()));
                if (str != null) {
                    jsonObject.add(OIDCConstants.OIDC_CLIENTREG_REGISTRATION_CLIENT_URI, new JsonPrimitive(str));
                }
                if (str2 != null) {
                    jsonObject.add("client_secret", new JsonPrimitive(str2));
                }
            }
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.RegistrationEndpointServices", "651", this, new Object[]{jsonArray});
            throw new RuntimeException(e);
        }
    }

    private void setCommonResponseHeaders(String str, HttpServletResponse httpServletResponse, boolean z) {
        httpServletResponse.setHeader("Cache-Control", "private");
        if (!OidcOAuth20Util.isNullEmpty(str)) {
            httpServletResponse.addHeader("ETag", String.format("\"%s\"", str));
        }
        if (z) {
            httpServletResponse.setHeader("Content-Type", "application/json");
        }
    }

    public static void omitEmptyArrays(JsonArray jsonArray) {
        List<JsonObject> listOfJsonObjects;
        if (jsonArray == null || jsonArray.size() == 0 || (listOfJsonObjects = OidcOAuth20Util.getListOfJsonObjects(jsonArray)) == null || listOfJsonObjects.size() == 0) {
            return;
        }
        for (JsonObject jsonObject : listOfJsonObjects) {
            OidcBaseClient oidcBaseClient = (OidcBaseClient) GSON.fromJson((JsonElement) jsonObject, OidcBaseClient.class);
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getRedirectUris())) {
                jsonObject.remove(OIDCConstants.OIDC_CLIENTREG_REDIRECT_URIS);
            }
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getPostLogoutRedirectUris())) {
                jsonObject.remove(OIDCConstants.OIDC_CLIENTREG_POST_LOGOUT_URIS);
            }
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTrustedUriPrefixes())) {
                jsonObject.remove(OIDCConstants.JSA_CLIENTREG_TRUSTED_URI_PREFIXES);
            }
            if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getFunctionalUserGroupIds())) {
                jsonObject.remove("functional_user_groupIds");
            }
        }
    }

    public static void omitEmptyArrays(OidcBaseClient oidcBaseClient) {
        if (oidcBaseClient == null) {
            return;
        }
        if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getRedirectUris())) {
            oidcBaseClient.setRedirectUris(null);
        }
        if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getPostLogoutRedirectUris())) {
            oidcBaseClient.setPostLogoutRedirectUris(null);
        }
        if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getTrustedUriPrefixes())) {
            oidcBaseClient.setTrustedUriPrefixes(null);
        }
        if (OidcOAuth20Util.isNullEmpty(oidcBaseClient.getFunctionalUserGroupIds())) {
            oidcBaseClient.setFunctionalUserGroupIds(null);
        }
    }
}
