package com.ibm.ws.security.openidconnect.client;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.client.internal.HashUtils;
import com.ibm.ws.security.openidconnect.client.internal.OidcUtil;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.13.cl160220160718-1411.jar:com/ibm/ws/security/openidconnect/client/OidcClientRequest.class */
public class OidcClientRequest {
    private static final TraceComponent tc = Tr.register(OidcClientRequest.class);
    HttpServletRequest request;
    HttpServletResponse response;
    OidcClientConfig oidcClientConfig;
    protected String clientConfigId;
    String preCookieValue = null;
    boolean authnSessionDisabled;
    boolean bInboundRequired;
    static final long serialVersionUID = 6437666894469995281L;

    public boolean isInboundRequired() {
        return this.bInboundRequired;
    }

    public OidcClientRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OidcClientConfig oidcClientConfig) {
        this.authnSessionDisabled = true;
        this.bInboundRequired = false;
        this.oidcClientConfig = oidcClientConfig;
        this.clientConfigId = oidcClientConfig.getId();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.authnSessionDisabled = oidcClientConfig.isAuthnSessionDisabled_propagation();
        httpServletRequest.setAttribute("com.ibm.ws.webcontainer.security.openidconnect.authn.session.disabled", Boolean.valueOf(this.authnSessionDisabled));
        String inboundPropagation = oidcClientConfig.getInboundPropagation();
        this.bInboundRequired = ClientConstants.PROPAGATION_REQUIRED.equalsIgnoreCase(inboundPropagation);
        httpServletRequest.setAttribute("com.ibm.ws.webcontainer.security.openidconnect.inbound.propagation.value", inboundPropagation);
    }

    public void createOidcClientCookieIfAnyAndDisableLtpa() {
        if (this.oidcClientConfig.isDisableLtpaCookie()) {
            Boolean bool = (Boolean) this.request.getAttribute("com.ibm.ws.webcontainer.security.openidconnect.propagation.token.authenticated");
            if (bool == null ? false : bool.booleanValue()) {
                return;
            }
            String oidcClientCookieName = getOidcClientCookieName();
            String str = this.preCookieValue;
            if (oidcClientCookieName == null || str == null) {
                return;
            }
            createCookie(this.request, this.response, oidcClientCookieName, str);
        }
    }

    public String getOidcClientCookieName() {
        return this.oidcClientConfig.getOidcClientCookieName();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("OidcClientRequest [clientId:").append(this.clientConfigId).append(" request:").append(this.request).append("]");
        return sb.toString();
    }

    public static void createCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        httpServletResponse.addCookie(new ReferrerURLCookieHandler(WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig()).createCookie(str, str2, httpServletRequest));
    }

    @Trivial
    public String generatePreCookieValue() {
        if (this.preCookieValue == null) {
            this.preCookieValue = OidcUtil.generateRandom();
            return this.preCookieValue;
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "preCookieValue exists:" + this.preCookieValue, new Object[0]);
        return null;
    }

    @Trivial
    public String getAndSetCustomCacheKeyValue() {
        return getCustomCookieValue(generatePreCookieValue());
    }

    @Sensitive
    @Trivial
    public String getCustomCookieValue(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        return HashUtils.digest(this.clientConfigId + "_" + str + "_ibm");
    }

    public HttpServletRequest getRequest() {
        return this.request;
    }

    public HttpServletResponse getResponse() {
        return this.response;
    }

    public OidcClientConfig getOidcClientConfig() {
        return this.oidcClientConfig;
    }
}
