package com.ibm.oauth.core.internal.oauth20;

import com.google.gson.JsonArray;
import com.ibm.oauth.core.api.OAuthComponentInstance;
import com.ibm.oauth.core.api.OAuthConstants;
import com.ibm.oauth.core.api.OAuthResult;
import com.ibm.oauth.core.api.attributes.Attribute;
import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20BadParameterFormatException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20DuplicateParameterException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InternalException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidClientException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidClientSecretException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidRedirectUriException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidTokenException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidTokenRequestMethodException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MediatorException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MismatchedClientAuthenticationException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MissingParameterException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20PublicClientCredentialsException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20PublicClientForbiddenException;
import com.ibm.oauth.core.api.oauth20.OAuth20Component;
import com.ibm.oauth.core.api.oauth20.client.OAuth20Client;
import com.ibm.oauth.core.api.oauth20.mediator.OAuth20Mediator;
import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.oauth.core.api.oauth20.token.OAuth20TokenCache;
import com.ibm.oauth.core.internal.OAuthComponentImpl;
import com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigProvider;
import com.ibm.oauth.core.internal.oauth20.config.OAuth20ConfigurationImpl;
import com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandler;
import com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandlerFactory;
import com.ibm.oauth.core.internal.oauth20.granttype.OAuth20GrantTypeHandlerFactoryImpl;
import com.ibm.oauth.core.internal.oauth20.mediator.OAuth20MediatorFactory;
import com.ibm.oauth.core.internal.oauth20.responsetype.OAuth20ResponseTypeHandler;
import com.ibm.oauth.core.internal.oauth20.responsetype.OAuth20ResponseTypeHandlerFactory;
import com.ibm.oauth.core.internal.oauth20.responsetype.OAuth20ResponseTypeHandlerFactoryImpl;
import com.ibm.oauth.core.internal.oauth20.token.OAuth20TokenFactory;
import com.ibm.oauth.core.internal.oauth20.token.OAuth20TokenHelper;
import com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler;
import com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandlerFactory;
import com.ibm.oauth.core.internal.statistics.OAuthStatisticsImpl;
import com.ibm.oauth.core.util.WebUtils;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.util.OIDCConstants;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import com.ibm.ws.webcontainer.security.internal.ChallengeReply;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/com.ibm.ws.security.oauth20_1.1.11.cl50820160718-1423.jar:com/ibm/oauth/core/internal/oauth20/OAuth20ComponentImpl.class */
public class OAuth20ComponentImpl extends OAuthComponentImpl implements OAuth20Component, OAuth20ComponentInternal {
    Logger _log;
    static final String HTTP_METHOD_POST = "POST";
    static final String RESPONSE_MODE = "response_mode";
    static final String FORM_POST = "form_post";
    OAuth20GrantTypeHandlerFactory _grantTypeHandlerFactory;
    OAuth20ResponseTypeHandlerFactory _responseTypeHandlerFactory;
    static final String STATE_ENCODING = "UTF-8";
    OidcOAuth20ClientProvider _clientProvider;
    OAuth20TokenCache _tokenCache;
    boolean _allowPublicClients;
    protected OAuth20ConfigProvider _config20;
    static final String CLASS = OAuth20ComponentImpl.class.getName();
    protected static final TraceComponent tc = Tr.register((Class<?>) OAuth20ComponentImpl.class, "OAUTH20", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");

    public OAuth20ComponentImpl(OAuthComponentInstance oAuthComponentInstance, OAuthComponentConfiguration oAuthComponentConfiguration, OAuth20ConfigProvider oAuth20ConfigProvider) throws OAuthException {
        super(oAuthComponentInstance, oAuthComponentConfiguration);
        this._log = Logger.getLogger(CLASS);
        this._grantTypeHandlerFactory = null;
        this._responseTypeHandlerFactory = null;
        this._clientProvider = null;
        this._tokenCache = null;
        this._allowPublicClients = false;
        this._config20 = oAuth20ConfigProvider;
        this._grantTypeHandlerFactory = initGrantTypeHandlerFactory(this._config20);
        this._responseTypeHandlerFactory = initResponseTypeHandlerFactory(this._config20);
        this._clientProvider = this._config20.getClientProvider();
        this._tokenCache = this._config20.getTokenCache();
        this._allowPublicClients = this._config20.isAllowPublicClients();
    }

    public OAuth20ComponentImpl(OAuthComponentInstance oAuthComponentInstance, OAuthComponentConfiguration oAuthComponentConfiguration) throws OAuthException {
        super(oAuthComponentInstance, oAuthComponentConfiguration);
        this._log = Logger.getLogger(CLASS);
        this._grantTypeHandlerFactory = null;
        this._responseTypeHandlerFactory = null;
        this._clientProvider = null;
        this._tokenCache = null;
        this._allowPublicClients = false;
        OAuth20ConfigurationImpl oAuth20ConfigurationImpl = new OAuth20ConfigurationImpl(this, super.getConfiguration());
        oAuth20ConfigurationImpl.validate();
        this._config20 = oAuth20ConfigurationImpl.getConfigProvider();
        this._grantTypeHandlerFactory = initGrantTypeHandlerFactory(this._config20);
        this._responseTypeHandlerFactory = initResponseTypeHandlerFactory(this._config20);
        this._clientProvider = this._config20.getClientProvider();
        this._tokenCache = this._config20.getTokenCache();
        this._allowPublicClients = this._config20.isAllowPublicClients();
    }

    OAuth20GrantTypeHandlerFactory initGrantTypeHandlerFactory(OAuth20ConfigProvider oAuth20ConfigProvider) throws OAuthException {
        OAuth20GrantTypeHandlerFactory grantTypeHandlerFactory = oAuth20ConfigProvider.getGrantTypeHandlerFactory();
        if (grantTypeHandlerFactory == null) {
            grantTypeHandlerFactory = new OAuth20GrantTypeHandlerFactoryImpl();
        }
        return grantTypeHandlerFactory;
    }

    OAuth20ResponseTypeHandlerFactory initResponseTypeHandlerFactory(OAuth20ConfigProvider oAuth20ConfigProvider) throws OAuthException {
        OAuth20ResponseTypeHandlerFactory responseTypeHandlerFactory = oAuth20ConfigProvider.getResponseTypeHandlerFactory();
        if (responseTypeHandlerFactory == null) {
            responseTypeHandlerFactory = new OAuth20ResponseTypeHandlerFactoryImpl();
            responseTypeHandlerFactory.init(super.getConfiguration());
        }
        return responseTypeHandlerFactory;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.OAuth20ComponentInternal
    public OAuth20ConfigProvider get20Configuration() {
        return this._config20;
    }

    @Override // com.ibm.oauth.core.internal.OAuthComponentImpl, com.ibm.oauth.core.api.OAuthComponent
    public OAuthComponentConfiguration getConfiguration() {
        throw new UnsupportedOperationException("called OAuth20ComponentImpl.getConfiguration(). Use OAuth20ComponentImpl.get20Configuration() instead.");
    }

    @Override // com.ibm.oauth.core.api.oauth20.OAuth20Component
    public OAuthResult processAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AttributeList attributeList) {
        String name = httpServletRequest.getUserPrincipal().getName();
        String parameter = httpServletRequest.getParameter("client_id");
        String parameter2 = httpServletRequest.getParameter("redirect_uri");
        String parameter3 = httpServletRequest.getParameter("response_type");
        String parameter4 = httpServletRequest.getParameter("state");
        String[] strArr = null;
        if (attributeList != null) {
            strArr = attributeList.getAttributeValuesByName("scope");
        }
        return processAuthorization(name, parameter, parameter2, parameter3, parameter4, strArr, attributeList, httpServletRequest, httpServletResponse);
    }

    @Override // com.ibm.oauth.core.api.oauth20.OAuth20Component
    public OAuthResult processAuthorization(String str, String str2, String str3, String str4, String str5, String[] strArr, HttpServletResponse httpServletResponse) {
        return processAuthorization(str, str2, str3, str4, str5, strArr, null, null, httpServletResponse);
    }

    public OAuthResult processAuthorization(String str, String str2, String str3, String str4, String str5, String[] strArr, AttributeList attributeList, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = true;
        List<OAuth20Token> list = null;
        this._log.entering(CLASS, "processAuthorization", (Object[]) new String[]{str2, str3, str4, str5, "{" + OAuth20Util.arrayToSpaceString(strArr) + "}"});
        OAuthResult oAuthResult = null;
        OAuth20RequestContext oAuth20RequestContext = new OAuth20RequestContext();
        AttributeList attributeList2 = new AttributeList();
        OAuth20Mediator oAuth20Mediator = null;
        try {
            try {
                try {
                    oAuth20Mediator = OAuth20MediatorFactory.getMediator(this);
                    attributeList2 = buildAuthorizationAttributeList(str, str2, str3, str4, str5, strArr);
                    boolean z2 = false;
                    if (attributeList != null) {
                        for (Attribute attribute : attributeList.getAllAttributes()) {
                            if (attributeList2.getAttributeValuesByNameAndType(attribute.getName(), attribute.getType()) == null) {
                                attributeList2.setAttribute(attribute.getName(), attribute.getType(), attribute.getValuesArray());
                            }
                            if (OAuth20Constants.EXTERNAL_MEDIATION.equals(attribute.getType())) {
                                z2 = true;
                            }
                        }
                    }
                    OAuth20Client oAuth20Client = getOAuth20Client(oAuth20RequestContext, str2, null, str3, false);
                    JsonArray redirectUris = oAuth20Client.getRedirectUris();
                    OAuth20ResponseTypeHandler handler = this._responseTypeHandlerFactory.getHandler(str4, get20Configuration());
                    if (str4.indexOf("id_token") != -1 && httpServletRequest != null) {
                        populateFromRequestForOpenIDConnect(attributeList2, httpServletRequest);
                    }
                    handler.validateRequestResponseType(attributeList2, redirectUris);
                    if (z2) {
                        oAuth20Mediator.mediateAuthorize(attributeList2);
                    }
                    list = handler.buildTokensResponseType(attributeList2, new OAuth20TokenFactory(this), redirectUris.get(0).getAsString());
                    handler.buildResponseResponseType(attributeList2, list);
                    if (str5 != null && str5.length() > 0) {
                        attributeList2.setAttribute("state", OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{str5});
                    }
                    if (!z2) {
                        oAuth20Mediator.mediateAuthorize(attributeList2);
                    }
                    String asString = (str3 == null || str3.length() == 0) ? oAuth20Client.getRedirectUris().get(0).getAsString() : str3;
                    if ("form_post".equals(httpServletRequest != null ? httpServletRequest.getParameter("response_mode") : null)) {
                        postRedirect(httpServletResponse, attributeList2, asString);
                    } else {
                        String attributeValueByName = attributeList2.getAttributeValueByName("access_token");
                        sendRedirect(httpServletResponse, attributeList2, asString, attributeValueByName != null && attributeValueByName.length() > 0);
                    }
                    oAuthResult = new OAuthResultImpl(0, attributeList2);
                    z = false;
                    if (0 != 0 && list != null) {
                        ListIterator<OAuth20Token> listIterator = list.listIterator();
                        while (listIterator.hasNext()) {
                            OAuth20Token next = listIterator.next();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "processAuthorization: Found token to remove from cash.", new Object[0]);
                                Tr.debug(tc, "Type: " + next.getType(), new Object[0]);
                                Tr.debug(tc, "Subtype: " + next.getSubType(), new Object[0]);
                                Tr.debug(tc, "ClientId: " + next.getClientId(), new Object[0]);
                                Tr.debug(tc, "Username: " + next.getUsername(), new Object[0]);
                            }
                            this._tokenCache.remove(next.getId());
                        }
                    }
                    this._log.exiting(CLASS, "processAuthorization", oAuthResult);
                } catch (OAuthException e) {
                    oAuthResult = processAuthorizationException(attributeList2, oAuth20Mediator, e);
                    if (z && list != null) {
                        ListIterator<OAuth20Token> listIterator2 = list.listIterator();
                        while (listIterator2.hasNext()) {
                            OAuth20Token next2 = listIterator2.next();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "processAuthorization: Found token to remove from cash.", new Object[0]);
                                Tr.debug(tc, "Type: " + next2.getType(), new Object[0]);
                                Tr.debug(tc, "Subtype: " + next2.getSubType(), new Object[0]);
                                Tr.debug(tc, "ClientId: " + next2.getClientId(), new Object[0]);
                                Tr.debug(tc, "Username: " + next2.getUsername(), new Object[0]);
                            }
                            this._tokenCache.remove(next2.getId());
                        }
                    }
                    this._log.exiting(CLASS, "processAuthorization", oAuthResult);
                }
            } catch (Exception e2) {
                oAuthResult = processAuthorizationException(attributeList2, oAuth20Mediator, new OAuth20InternalException(e2));
                if (z && list != null) {
                    ListIterator<OAuth20Token> listIterator3 = list.listIterator();
                    while (listIterator3.hasNext()) {
                        OAuth20Token next3 = listIterator3.next();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processAuthorization: Found token to remove from cash.", new Object[0]);
                            Tr.debug(tc, "Type: " + next3.getType(), new Object[0]);
                            Tr.debug(tc, "Subtype: " + next3.getSubType(), new Object[0]);
                            Tr.debug(tc, "ClientId: " + next3.getClientId(), new Object[0]);
                            Tr.debug(tc, "Username: " + next3.getUsername(), new Object[0]);
                        }
                        this._tokenCache.remove(next3.getId());
                    }
                }
                this._log.exiting(CLASS, "processAuthorization", oAuthResult);
            }
            return oAuthResult;
        } catch (Throwable th) {
            if (z && list != null) {
                ListIterator<OAuth20Token> listIterator4 = list.listIterator();
                while (listIterator4.hasNext()) {
                    OAuth20Token next4 = listIterator4.next();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "processAuthorization: Found token to remove from cash.", new Object[0]);
                        Tr.debug(tc, "Type: " + next4.getType(), new Object[0]);
                        Tr.debug(tc, "Subtype: " + next4.getSubType(), new Object[0]);
                        Tr.debug(tc, "ClientId: " + next4.getClientId(), new Object[0]);
                        Tr.debug(tc, "Username: " + next4.getUsername(), new Object[0]);
                    }
                    this._tokenCache.remove(next4.getId());
                }
            }
            this._log.exiting(CLASS, "processAuthorization", oAuthResult);
            throw th;
        }
    }

    private OAuthResult processAuthorizationException(AttributeList attributeList, OAuth20Mediator oAuth20Mediator, OAuthException oAuthException) {
        OAuthResultImpl oAuthResultImpl;
        if (oAuth20Mediator != null) {
            try {
                oAuth20Mediator.mediateAuthorizeException(attributeList, oAuthException);
            } catch (OAuth20MediatorException e) {
                oAuthResultImpl = new OAuthResultImpl(1, attributeList, e);
            }
        }
        oAuthResultImpl = new OAuthResultImpl(1, attributeList, oAuthException);
        return oAuthResultImpl;
    }

    @Override // com.ibm.oauth.core.api.oauth20.OAuth20Component
    public OAuthResult processTokenRequest(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        OAuthResult processException;
        OAuth20Mediator mediator;
        String parameter;
        String parameter2;
        OAuth20Client oAuth20Client;
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        List list = null;
        this._log.entering(CLASS, "processTokenRequest", (Object[]) new String[]{str});
        AttributeList attributeList = (AttributeList) httpServletRequest.getAttribute(OAuth20Constants.ATTRTYPE_PARAM_OAUTH_REQUEST);
        if (attributeList == null) {
            attributeList = new AttributeList();
        }
        OAuth20RequestContext oAuth20RequestContext = new OAuth20RequestContext();
        try {
            try {
                try {
                    mediator = OAuth20MediatorFactory.getMediator(this);
                    parameter = httpServletRequest.getParameter("client_id");
                    parameter2 = httpServletRequest.getParameter("grant_type");
                    if (parameter == null) {
                        parameter = str;
                    }
                } catch (Exception e) {
                    processException = processException(attributeList, null, new OAuth20InternalException("security.oauth20.error.token.internal.exception", e.getCause() == null ? e : e.getCause(), httpServletRequest.getParameter("client_id"), e.getMessage()));
                    if (1 != 0 && 0 != 0) {
                        ListIterator listIterator = list.listIterator();
                        while (listIterator.hasNext()) {
                            OAuth20Token oAuth20Token = (OAuth20Token) listIterator.next();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "processTokenRequest: Found token to remove from cash.", new Object[0]);
                                Tr.debug(tc, "Type: " + oAuth20Token.getType(), new Object[0]);
                                Tr.debug(tc, "Subtype: " + oAuth20Token.getSubType(), new Object[0]);
                                Tr.debug(tc, "ClientId: " + oAuth20Token.getClientId(), new Object[0]);
                                Tr.debug(tc, "Username: " + oAuth20Token.getUsername(), new Object[0]);
                            }
                            this._tokenCache.remove(oAuth20Token.getId());
                        }
                    }
                    this._log.exiting(CLASS, "processTokenRequest", processException);
                }
            } catch (OAuthException e2) {
                processException = processException(attributeList, null, e2);
                if (1 != 0 && 0 != 0) {
                    ListIterator listIterator2 = list.listIterator();
                    while (listIterator2.hasNext()) {
                        OAuth20Token oAuth20Token2 = (OAuth20Token) listIterator2.next();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processTokenRequest: Found token to remove from cash.", new Object[0]);
                            Tr.debug(tc, "Type: " + oAuth20Token2.getType(), new Object[0]);
                            Tr.debug(tc, "Subtype: " + oAuth20Token2.getSubType(), new Object[0]);
                            Tr.debug(tc, "ClientId: " + oAuth20Token2.getClientId(), new Object[0]);
                            Tr.debug(tc, "Username: " + oAuth20Token2.getUsername(), new Object[0]);
                        }
                        this._tokenCache.remove(oAuth20Token2.getId());
                    }
                }
                this._log.exiting(CLASS, "processTokenRequest", processException);
            }
            if (!HTTP_METHOD_POST.equalsIgnoreCase(httpServletRequest.getMethod())) {
                throw new OAuth20InvalidTokenRequestMethodException("security.oauth20.error.invalid.tokenrequestmethod", httpServletRequest.getMethod());
            }
            if (str == null || str.length() <= 0) {
                String parameter3 = httpServletRequest.getParameter("client_secret");
                if (parameter3 == null || parameter3.length() == 0) {
                    if (parameter2 != null && parameter2.equals("client_credentials")) {
                        throw new OAuth20PublicClientCredentialsException("security.oauth20.error.publicclient.credential", parameter);
                    }
                    if (!this._allowPublicClients) {
                        throw new OAuth20PublicClientForbiddenException("security.oauth20.error.publicclient.forbidden", parameter);
                    }
                }
                oAuth20Client = getOAuth20Client(oAuth20RequestContext, parameter, parameter3, null, true);
            } else {
                if (!parameter.equals(str)) {
                    Tr.error(tc, "security.oauth20.detail.error.mismatched.clientauthentication", parameter, str);
                    throw new OAuth20MismatchedClientAuthenticationException("security.oauth20.error.mismatched.clientauthentication", parameter, str);
                }
                oAuth20Client = getOAuth20Client(oAuth20RequestContext, str, null, null, true);
            }
            AttributeList buildTokenAttributeList = buildTokenAttributeList(parameter2, oAuth20Client, httpServletRequest, attributeList);
            OAuth20GrantTypeHandler handler = this._grantTypeHandlerFactory.getHandler(this._parent.getInstanceId(), parameter2, get20Configuration());
            ArrayList arrayList = new ArrayList();
            List<String> keysGrantType = handler.getKeysGrantType(buildTokenAttributeList);
            if (keysGrantType != null) {
                ListIterator<String> listIterator3 = keysGrantType.listIterator();
                while (listIterator3.hasNext()) {
                    arrayList.add(getOAuth20Token(oAuth20RequestContext, listIterator3.next(), OAuth20Constants.TOKENTYPE_AUTHORIZATION_GRANT, parameter2, true));
                }
            }
            populateFromRequestForOpenIDConnect(buildTokenAttributeList, httpServletRequest);
            handler.validateRequestGrantType(buildTokenAttributeList, arrayList);
            List<OAuth20Token> buildTokensGrantType = handler.buildTokensGrantType(buildTokenAttributeList, new OAuth20TokenFactory(this), arrayList);
            ListIterator<OAuth20Token> listIterator4 = arrayList.listIterator();
            while (listIterator4.hasNext()) {
                this._tokenCache.remove(listIterator4.next().getId());
            }
            handler.buildResponseGrantType(buildTokenAttributeList, buildTokensGrantType);
            mediator.mediateToken(buildTokenAttributeList);
            String buildResponseDataString = buildResponseDataString(buildTokenAttributeList, true);
            if (isLoggable) {
                this._log.logp(Level.FINEST, CLASS, "processTokenRequest", "Response attributes: " + buildResponseDataString);
            }
            httpServletResponse.setHeader("Cache-Control", "no-store");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
            String JSONEncode = OAuth20Util.JSONEncode(buildResponseDataString);
            try {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write(JSONEncode);
                writer.flush();
                processException = new OAuthResultImpl(0, buildTokenAttributeList);
                if (0 != 0 && buildTokensGrantType != null) {
                    ListIterator<OAuth20Token> listIterator5 = buildTokensGrantType.listIterator();
                    while (listIterator5.hasNext()) {
                        OAuth20Token next = listIterator5.next();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "processTokenRequest: Found token to remove from cash.", new Object[0]);
                            Tr.debug(tc, "Type: " + next.getType(), new Object[0]);
                            Tr.debug(tc, "Subtype: " + next.getSubType(), new Object[0]);
                            Tr.debug(tc, "ClientId: " + next.getClientId(), new Object[0]);
                            Tr.debug(tc, "Username: " + next.getUsername(), new Object[0]);
                        }
                        this._tokenCache.remove(next.getId());
                    }
                }
                this._log.exiting(CLASS, "processTokenRequest", processException);
                return processException;
            } catch (IOException e3) {
                throw new OAuth20InternalException("security.oauth20.error.token.internal.exception", e3, parameter, e3.getMessage());
            }
        } catch (Throwable th) {
            if (1 != 0 && 0 != 0) {
                ListIterator listIterator6 = list.listIterator();
                while (listIterator6.hasNext()) {
                    OAuth20Token oAuth20Token3 = (OAuth20Token) listIterator6.next();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "processTokenRequest: Found token to remove from cash.", new Object[0]);
                        Tr.debug(tc, "Type: " + oAuth20Token3.getType(), new Object[0]);
                        Tr.debug(tc, "Subtype: " + oAuth20Token3.getSubType(), new Object[0]);
                        Tr.debug(tc, "ClientId: " + oAuth20Token3.getClientId(), new Object[0]);
                        Tr.debug(tc, "Username: " + oAuth20Token3.getUsername(), new Object[0]);
                    }
                    this._tokenCache.remove(oAuth20Token3.getId());
                }
            }
            this._log.exiting(CLASS, "processTokenRequest", null);
            throw th;
        }
    }

    private OAuthResult processException(AttributeList attributeList, OAuth20Mediator oAuth20Mediator, OAuthException oAuthException) {
        OAuthResultImpl oAuthResultImpl;
        if (oAuth20Mediator != null) {
            try {
                oAuth20Mediator.mediateTokenException(attributeList, oAuthException);
            } catch (OAuth20MediatorException e) {
                oAuthResultImpl = new OAuthResultImpl(1, attributeList, e);
            }
        }
        oAuthResultImpl = new OAuthResultImpl(1, attributeList, oAuthException);
        return oAuthResultImpl;
    }

    @Override // com.ibm.oauth.core.api.oauth20.OAuth20Component
    public OAuthResult processResourceRequest(HttpServletRequest httpServletRequest) {
        this._log.entering(CLASS, "processResourceRequest(HttpServletRequest)");
        OAuthResult oAuthResult = null;
        AttributeList attributeList = new AttributeList();
        OAuth20RequestContext oAuth20RequestContext = new OAuth20RequestContext();
        try {
            try {
                attributeList = buildResourceAttributeList(httpServletRequest);
                oAuthResult = processResourceRequestInternal(oAuth20RequestContext, attributeList);
                this._log.exiting(CLASS, "processResourceRequest(HttpServletRequest)", oAuthResult);
            } catch (OAuthException e) {
                oAuthResult = new OAuthResultImpl(1, attributeList, e);
                this._log.exiting(CLASS, "processResourceRequest(HttpServletRequest)", oAuthResult);
            }
            return oAuthResult;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "processResourceRequest(HttpServletRequest)", oAuthResult);
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.api.oauth20.OAuth20Component
    public OAuthResult processResourceRequest(AttributeList attributeList) {
        this._log.entering(CLASS, "processResourceRequest(AttributeList)");
        OAuthResult oAuthResult = null;
        try {
            oAuthResult = processResourceRequestInternal(new OAuth20RequestContext(), attributeList);
            this._log.exiting(CLASS, "processResourceRequest(AttributeList)", oAuthResult);
            return oAuthResult;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "processResourceRequest(AttributeList)", oAuthResult);
            throw th;
        }
    }

    OAuthResult processResourceRequestInternal(OAuth20RequestContext oAuth20RequestContext, AttributeList attributeList) {
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        this._log.entering(CLASS, "processResourceRequestInternal", new Object[]{attributeList});
        OAuthResultImpl oAuthResultImpl = null;
        OAuth20Mediator oAuth20Mediator = null;
        try {
            try {
                OAuth20MediatorFactory.getMediator(this);
            } catch (OAuthException e) {
                if (0 != 0) {
                    try {
                        oAuth20Mediator.mediateResourceException(attributeList, e);
                    } catch (OAuth20MediatorException e2) {
                        oAuthResultImpl = new OAuthResultImpl(1, attributeList, e2);
                        this._log.exiting(CLASS, "processResourceRequestInternal", oAuthResultImpl);
                        return oAuthResultImpl;
                    }
                }
                oAuthResultImpl = new OAuthResultImpl(1, attributeList, e);
                this._log.exiting(CLASS, "processResourceRequestInternal", oAuthResultImpl);
            }
            if (attributeList == null) {
                throw new OAuth20MissingParameterException("security.oauth20.error.missing.parameter", "access_token", null);
            }
            OAuth20TokenTypeHandler handler = OAuth20TokenTypeHandlerFactory.getHandler(this);
            String typeTokenType = handler.getTypeTokenType();
            List<String> keysTokenType = handler.getKeysTokenType(attributeList);
            ArrayList arrayList = new ArrayList();
            if (keysTokenType != null) {
                ListIterator<String> listIterator = keysTokenType.listIterator();
                while (listIterator.hasNext()) {
                    arrayList.add(getOAuth20Token(oAuth20RequestContext, listIterator.next(), "access_token", typeTokenType, false));
                }
            }
            handler.validateRequestTokenType(attributeList, arrayList);
            attributeList.setAttribute(com.ibm.oauth.core.internal.OAuthConstants.AUTHORIZED, OAuthConstants.ATTRTYPE_RESPONSE_DECISION, new String[]{"TRUE"});
            handler.buildResponseTokenType(attributeList, arrayList);
            OAuth20MediatorFactory.getMediator(this).mediateResource(attributeList);
            if (isLoggable) {
                this._log.logp(Level.FINEST, CLASS, "processResourceRequestInternal", "Response attributes: " + attributeList);
            }
            AttributeList attributeList2 = new AttributeList();
            Attribute[] attributesByType = attributeList.getAttributesByType(OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE);
            Attribute[] attributesByType2 = attributeList.getAttributesByType(OAuthConstants.ATTRTYPE_RESPONSE_DECISION);
            addResponseAttributes(attributeList2, attributesByType);
            addResponseAttributes(attributeList2, attributesByType2);
            oAuthResultImpl = new OAuthResultImpl(0, attributeList2);
            this._log.exiting(CLASS, "processResourceRequestInternal", oAuthResultImpl);
            return oAuthResultImpl;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "processResourceRequestInternal", oAuthResultImpl);
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.OAuth20ComponentInternal
    public OidcOAuth20ClientProvider getClientProvider() {
        return this._clientProvider;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.OAuth20ComponentInternal
    public OAuth20TokenCache getTokenCache() {
        return this._tokenCache;
    }

    @Override // com.ibm.oauth.core.internal.oauth20.OAuth20ComponentInternal
    public OAuthStatisticsImpl getStatisticsImpl() {
        return this._stats;
    }

    OAuth20Client getOAuth20Client(OAuth20RequestContext oAuth20RequestContext, String str, String str2, String str3, boolean z) throws OAuthException {
        this._log.entering(CLASS, "getOAuth20Client", new Object[]{str, str2, str3, Boolean.valueOf(z)});
        if (str != null) {
            try {
                if (str.length() != 0) {
                    OAuth20Client oAuth20Client = oAuth20RequestContext.getRequestClientCache().get(str);
                    if (oAuth20Client == null) {
                        oAuth20Client = this._clientProvider.get(str);
                    }
                    if (oAuth20Client == null || !str.equals(oAuth20Client.getClientId()) || !oAuth20Client.isEnabled()) {
                        throw new OAuth20InvalidClientException("security.oauth20.error.invalid.client", str, z);
                    }
                    if (str2 != null && str2.length() > 0 && !this._clientProvider.validateClient(str, str2)) {
                        throw new OAuth20InvalidClientSecretException("security.oauth20.error.invalid.clientsecret", str);
                    }
                    JsonArray redirectUris = oAuth20Client.getRedirectUris();
                    if (redirectUris != null && redirectUris.size() > 0 && !OidcOAuth20Util.validateRedirectUris(redirectUris)) {
                        throw new OAuth20InvalidRedirectUriException("security.oauth20.error.invalid.registered.redirecturi", OidcOAuth20Util.getSpaceDelimitedString(redirectUris), null);
                    }
                    if (str3 != null && str3.length() > 0) {
                        if (redirectUris == null || !OAuth20Util.validateRedirectUri(str3)) {
                            throw new OAuth20InvalidRedirectUriException("security.oauth20.error.invalid.redirecturi", str3, null);
                        }
                        if (!OidcOAuth20Util.jsonArrayContainsString(redirectUris, str3)) {
                            throw new OAuth20InvalidRedirectUriException("security.oauth20.error.invalid.redirecturi.mismatch", str3, OidcOAuth20Util.getSpaceDelimitedString(redirectUris), null);
                        }
                    }
                    if (oAuth20Client != null) {
                        oAuth20RequestContext.getRequestClientCache().put(str, oAuth20Client);
                    }
                    this._log.exiting(CLASS, "getOAuth20Client", oAuth20Client);
                    return oAuth20Client;
                }
            } catch (Throwable th) {
                this._log.exiting(CLASS, "getOAuth20Client", null);
                throw th;
            }
        }
        throw new OAuth20MissingParameterException("security.oauth20.error.missing.parameter", "client_id", null);
    }

    AttributeList buildAuthorizationAttributeList(String str, String str2, String str3, String str4, String str5, String[] strArr) throws OAuthException {
        this._log.entering(CLASS, "buildAuthorizationAttributeList");
        AttributeList attributeList = new AttributeList();
        try {
            attributeList.setAttribute(OAuth20Constants.REQUEST_TYPE, OAuthConstants.ATTRTYPE_REQUEST, new String[]{OAuth20Constants.REQUEST_TYPE_AUTHORIZATION});
            OAuth20Util.validateRequiredAttribute("username", str);
            addParameterToAttributeList("username", OAuthConstants.ATTRTYPE_REQUEST, str, attributeList);
            OAuth20Util.validateRequiredAttribute("client_id", str2);
            addParameterToAttributeList("client_id", OAuthConstants.ATTRTYPE_PARAM_QUERY, str2, attributeList);
            if (str3 != null && str3.length() > 0) {
                addParameterToAttributeList("redirect_uri", OAuthConstants.ATTRTYPE_PARAM_QUERY, str3, attributeList);
            }
            OAuth20Util.validateRequiredAttribute("response_type", str4);
            addParameterToAttributeList("response_type", OAuthConstants.ATTRTYPE_PARAM_QUERY, str4, attributeList);
            if (str5 != null && str5.length() > 0) {
                addParameterToAttributeList("state", OAuthConstants.ATTRTYPE_PARAM_QUERY, str5, attributeList);
            }
            if (strArr != null && strArr.length > 0) {
                HashSet hashSet = new HashSet();
                for (String str6 : strArr) {
                    if (hashSet.add(str6)) {
                        addParameterToAttributeList("scope", OAuthConstants.ATTRTYPE_REQUEST, str6, attributeList);
                    }
                }
            }
            return attributeList;
        } finally {
            this._log.exiting(CLASS, "buildAuthorizationAttributeList", attributeList);
        }
    }

    AttributeList buildTokenAttributeList(String str, OAuth20Client oAuth20Client, HttpServletRequest httpServletRequest, AttributeList attributeList) throws OAuthException {
        String parameter;
        this._log.entering(CLASS, "buildTokenAttributeList");
        String clientId = oAuth20Client.getClientId();
        String[] redirectUris = getRedirectUris(oAuth20Client);
        try {
            attributeList.setAttribute(OAuth20Constants.REQUEST_TYPE, OAuthConstants.ATTRTYPE_REQUEST, new String[]{"access_token"});
            attributeList.setAttribute("client_id", OAuthConstants.ATTRTYPE_PARAM_OAUTH, new String[]{clientId});
            attributeList.setAttribute(OIDCConstants.CLIENT_REDIRECT_URI, OAuthConstants.ATTRTYPE_PARAM_OAUTH, redirectUris);
            populateFromQueryString(httpServletRequest, attributeList);
            populateFromRequest(httpServletRequest, attributeList);
            if ("urn:ietf:params:oauth:grant-type:jwt-bearer".equalsIgnoreCase(str) && ((parameter = httpServletRequest.getParameter("client_secret")) == null || parameter.length() == 0)) {
                addParameterToAttributeList("client_secret", OAuthConstants.ATTRTYPE_RESPONSE_META, oAuth20Client.getClientSecret(), attributeList);
            }
            return attributeList;
        } finally {
            this._log.exiting(CLASS, "buildTokenAttributeList", attributeList);
        }
    }

    AttributeList buildResourceAttributeList(HttpServletRequest httpServletRequest) throws OAuthException {
        this._log.entering(CLASS, "buildResourceAttributeList");
        AttributeList attributeList = new AttributeList();
        try {
            attributeList.setAttribute(OAuth20Constants.REQUEST_TYPE, OAuthConstants.ATTRTYPE_REQUEST, new String[]{"resource"});
            populateRequestMetaAttributes(httpServletRequest, attributeList);
            populateFromAuthorizationHeader(httpServletRequest, attributeList);
            populateFromQueryString(httpServletRequest, attributeList);
            populateFromRequest(httpServletRequest, attributeList);
            this._log.exiting(CLASS, "buildResourceAttributeList", attributeList);
            return attributeList;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "buildResourceAttributeList", attributeList);
            throw th;
        }
    }

    private String buildRedirectUri(String str, String str2, boolean z) {
        this._log.entering(CLASS, "buildRedirectUri");
        String str3 = null;
        try {
            String stripQueryAndFragment = OAuth20Util.stripQueryAndFragment(str);
            String query = OAuth20Util.getQuery(str);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(stripQueryAndFragment);
            StringBuffer stringBuffer2 = new StringBuffer();
            if (query != null) {
                stringBuffer2.append(query);
            }
            StringBuffer stringBuffer3 = new StringBuffer();
            if (z) {
                stringBuffer3.append(str2.toString());
            } else {
                if (stringBuffer2.length() > 0) {
                    stringBuffer2.append("&");
                }
                stringBuffer2.append(str2.toString());
            }
            if (stringBuffer2.length() > 0) {
                stringBuffer.append("?" + stringBuffer2.toString());
            }
            if (stringBuffer3.length() > 0) {
                stringBuffer.append("#" + stringBuffer3.toString());
            }
            str3 = stringBuffer.toString();
            this._log.exiting(CLASS, "buildRedirectUri", str3);
            return str3;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "buildRedirectUri", str3);
            throw th;
        }
    }

    private OAuth20Token getOAuth20Token(OAuth20RequestContext oAuth20RequestContext, String str, String str2, String str3, boolean z) throws OAuthException {
        this._log.entering(CLASS, "getOAuth20Token", new Object[]{str, str2, str3});
        try {
            OAuth20Token oAuth20Token = this._tokenCache.get(str);
            if (oAuth20Token == null || !str2.equalsIgnoreCase(oAuth20Token.getType()) || !str3.equalsIgnoreCase(oAuth20Token.getSubType())) {
                throw new OAuth20InvalidTokenException("security.oauth20.error.invalid.token", str, str2, str3, z);
            }
            if (OAuth20TokenHelper.isTokenExpired(oAuth20Token)) {
                this._tokenCache.remove(str);
                throw new OAuth20InvalidTokenException("security.oauth20.error.invalid.token.expired", str, str2, str3, z);
            }
            String clientId = oAuth20Token.getClientId();
            OAuth20Client oAuth20Client = oAuth20RequestContext.getRequestClientCache().get(clientId);
            if (oAuth20Client == null) {
                oAuth20Client = this._clientProvider.get(oAuth20Token.getClientId());
                if (oAuth20Client != null) {
                    oAuth20RequestContext.getRequestClientCache().put(clientId, oAuth20Client);
                }
            }
            if (oAuth20Client != null && oAuth20Client.isEnabled()) {
                return oAuth20Token;
            }
            this._tokenCache.remove(str);
            throw new OAuth20InvalidTokenException("security.oauth20.error.invalid.token.client.not.available", str, str2, str3, z);
        } finally {
            this._log.exiting(CLASS, "getOAuth20Token");
        }
    }

    private void populateRequestMetaAttributes(HttpServletRequest httpServletRequest, AttributeList attributeList) throws OAuthException {
        this._log.entering(CLASS, "populateRequestMetaAttributes");
        try {
            String serverName = httpServletRequest.getServerName();
            String method = httpServletRequest.getMethod();
            String requestURI = httpServletRequest.getRequestURI();
            String scheme = httpServletRequest.getScheme();
            int localPort = httpServletRequest.getLocalPort();
            addParameterToAttributeList("host", OAuthConstants.ATTRTYPE_REQUEST, serverName, attributeList);
            addParameterToAttributeList(com.ibm.oauth.core.internal.OAuthConstants.METHOD, OAuthConstants.ATTRTYPE_REQUEST, method, attributeList);
            addParameterToAttributeList(com.ibm.oauth.core.internal.OAuthConstants.PATH, OAuthConstants.ATTRTYPE_REQUEST, requestURI, attributeList);
            addParameterToAttributeList(com.ibm.oauth.core.internal.OAuthConstants.SCHEME, OAuthConstants.ATTRTYPE_REQUEST, scheme, attributeList);
            if (localPort > 0 && (localPort != 80 || scheme == null || !scheme.equalsIgnoreCase("http") || localPort != 443 || scheme == null || !scheme.equalsIgnoreCase("https"))) {
                addParameterToAttributeList(com.ibm.oauth.core.internal.OAuthConstants.PORT, OAuthConstants.ATTRTYPE_REQUEST, ExtensionConstants.CORE_EXTENSION + localPort, attributeList);
            }
        } finally {
            this._log.exiting(CLASS, "populateRequestMetaAttributes");
        }
    }

    private void populateFromAuthorizationHeader(HttpServletRequest httpServletRequest, AttributeList attributeList) throws OAuthException {
        this._log.entering(CLASS, "populateFromAuthorizationHeader");
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        try {
            String header = httpServletRequest.getHeader("Authorization");
            if (isLoggable) {
                this._log.logp(Level.FINEST, CLASS, "populateFromAuthorizationHeader", "Authorization header (length=" + (header == null ? -1 : header.length()) + "): " + header);
            }
            if (header != null && header.length() > 0) {
                String bearerTokenFromAuthzHeader = WebUtils.getBearerTokenFromAuthzHeader(header);
                if (bearerTokenFromAuthzHeader != null) {
                    if (isLoggable) {
                        this._log.logp(Level.FINEST, CLASS, "populateFromAuthorizationHeader", "Found bearer token: " + bearerTokenFromAuthzHeader);
                    }
                    addParameterToAttributeList("access_token", OAuthConstants.ATTRTYPE_PARAM_OAUTH, bearerTokenFromAuthzHeader, attributeList);
                } else if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateFromAuthorizationHeader", "Authorization header does not appear to contain Bearer token data");
                }
            } else if (isLoggable) {
                this._log.logp(Level.FINEST, CLASS, "populateFromAuthorizationHeader", "No Authorization header");
            }
        } finally {
            this._log.exiting(CLASS, "populateFromAuthorizationHeader");
        }
    }

    private void populateFromQueryString(HttpServletRequest httpServletRequest, AttributeList attributeList) throws OAuthException {
        String[] split;
        this._log.entering(CLASS, "populateFromQueryString");
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        try {
            try {
                String queryString = httpServletRequest.getQueryString();
                if (queryString != null && (split = queryString.split("&")) != null) {
                    for (int i = 0; i < split.length; i++) {
                        String[] split2 = split[i].split("=", 2);
                        if (split2 != null && (split2.length == 1 || split2.length == 2)) {
                            String decode = URLDecoder.decode(split2[0], "UTF-8");
                            String str = ExtensionConstants.CORE_EXTENSION;
                            if (split2.length == 2) {
                                str = URLDecoder.decode(split2[1], "UTF-8");
                            }
                            String str2 = OAuthConstants.ATTRTYPE_PARAM_QUERY;
                            if (decode != null && decode.equalsIgnoreCase("access_token")) {
                                str2 = OAuthConstants.ATTRTYPE_PARAM_OAUTH;
                            }
                            addParameterToAttributeList(decode, str2, str, attributeList);
                            if (isLoggable) {
                                this._log.logp(Level.FINEST, CLASS, "populateFromQueryString", "[" + decode + "=" + str);
                            }
                        } else if (isLoggable) {
                            this._log.logp(Level.FINEST, CLASS, "populateFromQueryString", "Ignoring parameter string with no value: " + split[i]);
                        }
                    }
                }
            } catch (UnsupportedEncodingException e) {
                throw new OAuth20InternalException("security.oauth20.error.internal.unsupported.encoding.exception", e, new String[0]);
            }
        } finally {
            this._log.exiting(CLASS, "populateFromQueryString");
        }
    }

    private void addParameterToAttributeList(String str, String str2, String str3, AttributeList attributeList) throws OAuth20DuplicateParameterException, OAuth20BadParameterFormatException {
        if ("client_secret".equals(str)) {
            this._log.entering(CLASS, "addParameterToAttributeList", new Object[]{str, str2, "secret_removed"});
        } else {
            this._log.entering(CLASS, "addParameterToAttributeList", new Object[]{str, str2, str3});
        }
        try {
            Attribute attributeByNameAndType = attributeList.getAttributeByNameAndType(str, str2);
            if (attributeByNameAndType == null) {
                attributeList.setAttribute(str, str2, new String[0]);
                attributeByNameAndType = attributeList.getAttributeByNameAndType(str, str2);
            }
            List<String> values = attributeByNameAndType.getValues();
            if (!str.equals("scope")) {
                if (OAuth20Constants.OAuth20RequestParametersSet.contains(str) && values.size() > 0) {
                    throw new OAuth20DuplicateParameterException("security.oauth20.error.duplicate.parameter", str);
                }
                if (str3 != null && str3.length() > 0) {
                    values.add(str3);
                }
            } else if (str3 != null) {
                String[] split = str3.split(" ");
                if (split != null) {
                    HashSet hashSet = new HashSet();
                    for (String str4 : split) {
                        String trim = str4.trim();
                        if (trim != null && trim.length() > 0) {
                            if (!OAuth20Util.validateScopeString(trim)) {
                                throw new OAuth20BadParameterFormatException("security.oauth20.error.parameter.format", "scope", trim);
                            }
                            hashSet.add(trim);
                        }
                    }
                    values.addAll(hashSet);
                }
            }
        } finally {
            this._log.exiting(CLASS, "addParameterToAttributeList");
        }
    }

    private void populateFromRequest(HttpServletRequest httpServletRequest, AttributeList attributeList) throws OAuthException {
        this._log.entering(CLASS, "populateFromRequest");
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        try {
            if (containsFormData(httpServletRequest)) {
                Enumeration parameterNames = httpServletRequest.getParameterNames();
                while (parameterNames.hasMoreElements()) {
                    String str = (String) parameterNames.nextElement();
                    String[] parameterValues = httpServletRequest.getParameterValues(str);
                    String str2 = OAuthConstants.ATTRTYPE_PARAM_BODY;
                    if (str != null && str.equalsIgnoreCase("access_token")) {
                        str2 = OAuthConstants.ATTRTYPE_PARAM_OAUTH;
                    }
                    String[] attributeValuesByNameAndType = attributeList.getAttributeValuesByNameAndType(str, OAuthConstants.ATTRTYPE_PARAM_QUERY);
                    ArrayList arrayList = new ArrayList();
                    if (attributeValuesByNameAndType != null) {
                        arrayList.addAll(Arrays.asList(attributeValuesByNameAndType));
                    }
                    if (parameterValues != null) {
                        for (String str3 : parameterValues) {
                            if (arrayList.contains(str3)) {
                                arrayList.remove(str3);
                            } else {
                                addParameterToAttributeList(str, str2, str3, attributeList);
                                if (isLoggable) {
                                    if ("client_secret".equals(str)) {
                                        this._log.logp(Level.FINEST, CLASS, "populateFromRequest", str + "=secret_removed");
                                    } else {
                                        this._log.logp(Level.FINEST, CLASS, "populateFromRequest", str + "=" + str3);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        } finally {
            this._log.exiting(CLASS, "populateFromRequest");
        }
    }

    private void populateFromRequestForOpenIDConnect(AttributeList attributeList, HttpServletRequest httpServletRequest) throws OAuth20DuplicateParameterException, OAuth20BadParameterFormatException {
        this._log.entering(CLASS, "populateFromRequestForOpenIDConnect");
        String serverName = httpServletRequest.getServerName();
        String scheme = httpServletRequest.getScheme();
        int localPort = httpServletRequest.getLocalPort();
        String requestURI = httpServletRequest.getRequestURI();
        addParameterToAttributeList("issuerIdentifier", OAuthConstants.ATTRTYPE_REQUEST, scheme + "://" + serverName + ":" + localPort + requestURI.substring(0, requestURI.lastIndexOf(WsLocationConstants.LOC_VIRTUAL_ROOT)), attributeList);
        if (httpServletRequest.getAttribute("OidcRequest") != null) {
            addParameterToAttributeList(OAuth20Constants.REQUEST_FEATURE, OAuthConstants.ATTRTYPE_REQUEST, OAuth20Constants.REQUEST_FEATURE_OIDC, attributeList);
        }
        this._log.exiting(CLASS, "populateFromRequestForOpenIDConnect");
    }

    private boolean containsFormData(HttpServletRequest httpServletRequest) {
        this._log.entering(CLASS, "containsFormData");
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        boolean z = false;
        try {
            String header = httpServletRequest.getHeader("Content-Type");
            String header2 = httpServletRequest.getHeader(com.ibm.oauth.core.internal.OAuthConstants.HTTP_HEADER_TRANSFER_ENCODING);
            boolean z2 = header2 != null && header2.toLowerCase().indexOf("chunked") >= 0;
            if (header != null && header.toLowerCase().indexOf(com.ibm.oauth.core.internal.OAuthConstants.HTTP_CONTENT_TYPE_FORM) >= 0 && !z2) {
                z = true;
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "containsFormData", "Content type is application/x-www-form-urlencoded and request is not chunked");
                }
            }
            return z;
        } finally {
            this._log.exiting(CLASS, "containsFormData", ExtensionConstants.CORE_EXTENSION + z);
        }
    }

    private String buildResponseDataString(AttributeList attributeList, boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        Attribute[] attributesByType = attributeList.getAttributesByType(OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE);
        if (attributesByType != null) {
            for (int i = 0; i < attributesByType.length; i++) {
                String name = attributesByType[i].getName();
                List<String> values = attributesByType[i].getValues();
                if (name.equals("scope")) {
                    stringBuffer.append(name + "=");
                    if (values.size() > 0) {
                        for (int i2 = 0; i2 < values.size(); i2++) {
                            String str = values.get(i2);
                            if (!z) {
                                str = encode(str, "UTF-8");
                            }
                            stringBuffer.append(str);
                            if (i2 < values.size() - 1) {
                                stringBuffer.append(z ? " " : "%20");
                            }
                        }
                    }
                } else {
                    for (int i3 = 0; i3 < values.size(); i3++) {
                        String str2 = values.get(i3);
                        if (!z) {
                            str2 = encode(str2, "UTF-8");
                        }
                        stringBuffer.append(name + "=" + str2);
                        if (i3 < values.size() - 1) {
                            stringBuffer.append("&");
                        }
                    }
                }
                if (i < attributesByType.length - 1) {
                    stringBuffer.append("&");
                }
            }
        }
        return stringBuffer.toString();
    }

    protected String encode(String str, String str2) {
        try {
            str = URLEncoder.encode(str, str2);
        } catch (UnsupportedEncodingException e) {
            this._log.logp(Level.WARNING, CLASS, "encode", "Can NOT URLEncode value:" + str + " encoding:" + str2);
        }
        return str;
    }

    private void addResponseAttributes(AttributeList attributeList, Attribute[] attributeArr) {
        if (attributeArr != null) {
            for (int i = 0; i < attributeArr.length; i++) {
                List<String> values = attributeArr[i].getValues();
                String[] strArr = new String[values.size()];
                for (int i2 = 0; i2 < values.size(); i2++) {
                    strArr[i2] = values.get(i2);
                }
                attributeList.setAttribute(attributeArr[i].getName(), attributeArr[i].getType(), strArr);
            }
        }
    }

    private String[] getRedirectUris(OAuth20Client oAuth20Client) {
        String[] strArr;
        JsonArray redirectUris = oAuth20Client.getRedirectUris();
        if (redirectUris == null) {
            strArr = new String[0];
        } else {
            strArr = new String[redirectUris.size()];
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = redirectUris.get(i).getAsString();
            }
        }
        return strArr;
    }

    public void postRedirect(HttpServletResponse httpServletResponse, AttributeList attributeList, String str) throws OAuth20InternalException {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            String stripQueryAndFragment = OAuth20Util.stripQueryAndFragment(str);
            String query = OAuth20Util.getQuery(str);
            stringBuffer.append("<HTML xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">");
            stringBuffer.append("<HEAD><title>Submit This Form</title></HEAD>");
            stringBuffer.append("<BODY onload=\"javascript:document.forms[0].submit()\">");
            stringBuffer.append("<FORM name=\"redirectform\" id=\"redirectform\" action=\"");
            stringBuffer.append(stripQueryAndFragment);
            stringBuffer.append("\" method=\"POST\">");
            addHiddenInputs(stringBuffer, query);
            addHiddenInputs(stringBuffer, attributeList);
            stringBuffer.append("<button type=\"submit\" name=\"redirectform\">Process request</button>");
            stringBuffer.append("</FORM></BODY></HTML>");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "... expect to be redirected by the browser (\"POST\")\n" + stringBuffer.toString(), new Object[0]);
            }
            httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private, max-age=0");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setDateHeader("Expires", 0L);
            httpServletResponse.setContentType("text/html");
            try {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println(stringBuffer.toString());
                writer.flush();
            } catch (IOException e) {
                throw new OAuth20InternalException("security.oauth20.error.authorization.internal.ioexception", e, str, e.getMessage());
            }
        } catch (Exception e2) {
            throw new OAuth20InternalException(e2);
        }
    }

    void addHiddenInputs(StringBuffer stringBuffer, AttributeList attributeList) {
        Attribute[] attributesByType = attributeList.getAttributesByType(OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE);
        if (attributesByType != null) {
            for (int i = 0; i < attributesByType.length; i++) {
                String name = attributesByType[i].getName();
                List<String> values = attributesByType[i].getValues();
                if (name.equals("scope")) {
                    StringBuffer stringBuffer2 = new StringBuffer();
                    if (values.size() > 0) {
                        int i2 = 0;
                        while (i2 < values.size()) {
                            int i3 = i2;
                            i2++;
                            stringBuffer2.append(values.get(i3));
                            if (i2 < values.size()) {
                                stringBuffer2.append(" ");
                            }
                        }
                    }
                    addHiddenInput(stringBuffer, name, com.ibm.ws.security.oauth20.web.WebUtils.htmlEncode(stringBuffer2.toString()));
                } else {
                    for (int i4 = 0; i4 < values.size(); i4++) {
                        addHiddenInput(stringBuffer, name, com.ibm.ws.security.oauth20.web.WebUtils.htmlEncode(values.get(i4)));
                    }
                }
            }
        }
    }

    void addHiddenInputs(StringBuffer stringBuffer, String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        for (String str2 : str.split("&")) {
            int indexOf = str2.indexOf("=");
            if (indexOf < 0) {
                addHiddenInput(stringBuffer, str2, ExtensionConstants.CORE_EXTENSION);
            } else {
                addHiddenInput(stringBuffer, str2.substring(0, indexOf), com.ibm.ws.security.oauth20.web.WebUtils.htmlEncode(str2.substring(indexOf + 1)));
            }
        }
    }

    private void addHiddenInput(StringBuffer stringBuffer, String str, String str2) {
        String trim = str.trim();
        String trim2 = str2.trim();
        stringBuffer.append("<input type=\"hidden\" name=\"" + trim + ChallengeReply.REALM_HDR_SUFFIX);
        stringBuffer.append(" value=\"" + trim2 + "\" />");
    }

    void sendRedirect(HttpServletResponse httpServletResponse, AttributeList attributeList, String str, boolean z) throws OAuth20InternalException {
        boolean isLoggable = this._log.isLoggable(Level.FINEST);
        String buildRedirectUri = buildRedirectUri(str, buildResponseDataString(attributeList, false).toString(), z);
        if (isLoggable) {
            this._log.logp(Level.FINEST, CLASS, "sendRedirect", "Sending redirect to: " + buildRedirectUri);
        }
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        try {
            httpServletResponse.sendRedirect(buildRedirectUri);
        } catch (IOException e) {
            throw new OAuth20InternalException("security.oauth20.error.authorization.internal.ioexception", e, str, e.getMessage());
        }
    }
}
