package com.ibm.ws.security.openidconnect.client;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.internal.ChallengeReply;
import com.ibm.wsspi.kernel.service.location.WsLocationConstants;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.StatusLine;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.AbstractHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.util.EntityUtils;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.11.cl50820160310-1510.jar:com/ibm/ws/security/openidconnect/client/OidcClientHttpUtil.class */
public class OidcClientHttpUtil {
    private static final long serialVersionUID = 1;
    private static final TraceComponent tc = Tr.register(OidcClientHttpUtil.class);
    private String clientId;

    public void setClientId(String str) {
        this.clientId = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String extractTokensFromResponse(Map<String, Object> map) throws Exception {
        HttpEntity entity = ((HttpResponse) map.get(ClientConstants.RESPONSEMAP_CODE)).getEntity();
        if (entity == null) {
            return null;
        }
        try {
            return EntityUtils.toString(entity);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.OidcClientHttpUtil", "77", this, new Object[]{map});
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[2];
            objArr[0] = e.getMessage() != null ? e.getMessage() : "Invalid http response";
            objArr[1] = this.clientId;
            Tr.error(traceComponent, "OIDC_CLIENT_INVALID_HTTP_RESPONSE", objArr);
            throw e;
        }
    }

    HttpPost createPostMethod(String str, List<NameValuePair> list) {
        HttpPost httpPost = new HttpPost(str);
        for (NameValuePair nameValuePair : list) {
            httpPost.addHeader(nameValuePair.getName(), nameValuePair.getValue());
        }
        return httpPost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpGet createHttpGetMethod(String str, List<NameValuePair> list) {
        HttpGet httpGet = new HttpGet(str);
        for (NameValuePair nameValuePair : list) {
            httpGet.addHeader(nameValuePair.getName(), nameValuePair.getValue());
        }
        return httpGet;
    }

    HttpClient createHTTPClientWithDefaultSSLConfig(SSLContext sSLContext, String str, boolean z) {
        return str.startsWith("http:") ? new DefaultHttpClient() : createHTTPClientWithDefaultSSLConfig(new SSLSocketFactory(sSLContext), str, z);
    }

    HttpClient createHTTPClientWithDefaultSSLConfig(SSLSocketFactory sSLSocketFactory, String str, boolean z) {
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        if (z) {
            sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        } else {
            sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        }
        schemeRegistry.register(new Scheme("https", sSLSocketFactory, getTokenEndPointPort(str)));
        return new DefaultHttpClient(new ThreadSafeClientConnManager(basicHttpParams, schemeRegistry), basicHttpParams);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClient getDefaultHttpClient() {
        return new DefaultHttpClient();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FFDCIgnore({SSLException.class})
    public Map<String, Object> postToEndpoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, SSLContext sSLContext, List<NameValuePair> list2, boolean z, String str5) throws Exception {
        debugPostToEndPoint(str, list, str2, str3, str4, list2);
        HttpPost createPostMethod = createPostMethod(str, list2);
        createPostMethod.setEntity(new UrlEncodedFormEntity(list));
        setAuthorizationHeaderForPostMethod(str2, str3, str4, createPostMethod, str5);
        try {
            HttpResponse execute = createHTTPClientWithDefaultSSLConfig(sSLContext, str, z).execute(createPostMethod);
            StatusLine statusLine = execute.getStatusLine();
            if (statusLine == null || statusLine.getStatusCode() != 200) {
                HttpEntity entity = execute.getEntity();
                throw new IOException("Failed to reach endpoint " + str + " because of the following error: " + (entity != null ? EntityUtils.toString(entity).trim() : "Could not get the status of the response, or the response returned an error."));
            }
            HashMap hashMap = new HashMap();
            hashMap.put(ClientConstants.RESPONSEMAP_CODE, execute);
            hashMap.put(ClientConstants.RESPONSEMAP_METHOD, createPostMethod);
            return hashMap;
        } catch (SSLException e) {
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.openidconnect.client.OidcClientHttpUtil", "173", this, new Object[]{str, "<sensitive java.util.List>", str2, "<sensitive java.lang.String>", str4, sSLContext, list2, Boolean.valueOf(z), str5});
            throw e2;
        }
    }

    void setAuthorizationHeaderForPostMethod(String str, @Sensitive String str2, String str3, HttpPost httpPost, String str4) {
        if (str4.equals(ClientConstants.METHOD_BASIC)) {
            httpPost.setHeader("Authorization", "Basic " + Base64Coder.base64Encode(str + ":" + str2));
        }
        if (str3 != null) {
            httpPost.addHeader("Authorization", ClientConstants.BEARER + str3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAuthorizationHeaderForGetMethod(String str, @Sensitive String str2, String str3, HttpGet httpGet, HttpClient httpClient) {
        if (str != null && str2 != null) {
            ((AbstractHttpClient) httpClient).getCredentialsProvider().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str, str2));
        }
        if (str3 != null) {
            httpGet.addHeader("Authorization", ClientConstants.BEARER + str3);
        }
    }

    static int getTokenEndPointPort(String str) {
        int indexOf;
        int i = 0;
        int indexOf2 = str.indexOf(":");
        int lastIndexOf = str.lastIndexOf(":");
        if (indexOf2 != lastIndexOf) {
            if (lastIndexOf > 0 && (indexOf = str.substring(lastIndexOf).indexOf(WsLocationConstants.LOC_VIRTUAL_ROOT)) > 0) {
                i = Integer.valueOf(str.substring(lastIndexOf + 1, lastIndexOf + indexOf)).intValue();
            }
        } else if (str.startsWith("https:")) {
            i = 443;
        } else if (str.startsWith("http:")) {
            i = 80;
        }
        return i;
    }

    void debugPostToEndPoint(String str, @Sensitive List<NameValuePair> list, String str2, @Sensitive String str3, String str4, List<NameValuePair> list2) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "postToEndpoint: url: " + str + " headers: " + list2 + " params: ***** baUsername: " + str2 + " baPassword: " + (str3 != null ? "****" : null) + " accessToken: " + str4, new Object[0]);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("curl -k -v");
            if (list2 != null) {
                for (NameValuePair nameValuePair : list2) {
                    stringBuffer.append(" -H \"");
                    stringBuffer.append(nameValuePair.getName());
                    stringBuffer.append(": ");
                    stringBuffer.append(nameValuePair.getValue());
                    stringBuffer.append(ChallengeReply.REALM_HDR_SUFFIX);
                }
            }
            if (list != null && list.size() > 0) {
                stringBuffer.append(" -d \"");
                Iterator<NameValuePair> it = list.iterator();
                while (it.hasNext()) {
                    NameValuePair next = it.next();
                    String name = next.getName();
                    stringBuffer.append(name);
                    stringBuffer.append("=");
                    if (name.equals(ClientConstants.CLIENT_SECRET)) {
                        stringBuffer.append("*****");
                    } else {
                        stringBuffer.append(next.getValue());
                    }
                    if (it.hasNext()) {
                        stringBuffer.append("&");
                    }
                }
                stringBuffer.append(ChallengeReply.REALM_HDR_SUFFIX);
            }
            if (str2 != null && str3 != null) {
                stringBuffer.append(" -u \"");
                stringBuffer.append(str2);
                stringBuffer.append(":");
                stringBuffer.append("****");
                stringBuffer.append(ChallengeReply.REALM_HDR_SUFFIX);
            }
            if (str4 != null) {
                stringBuffer.append(" -H \"Authorization: bearer ");
                stringBuffer.append(str4);
                stringBuffer.append(ChallengeReply.REALM_HDR_SUFFIX);
            }
            stringBuffer.append(" ");
            stringBuffer.append(str);
            Tr.debug(tc, "CURL Command: " + stringBuffer.toString(), new Object[0]);
        }
    }
}
