package com.ibm.ws.security.oauth20.web;

import com.ibm.oauth.core.api.error.oauth20.OAuth20DuplicateParameterException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth20_1.1.14.jar:com/ibm/ws/security/oauth20/web/ClientAuthnData.class */
public class ClientAuthnData {
    public static final String Authorization_Header = "Authorization";
    public static final String AUTHORIZATION_ENCODING = "Authorization-Encoding";
    String userName;
    String passWord;
    boolean authnData;
    boolean isBasicAuth;
    static final long serialVersionUID = -182367662242483189L;
    private static TraceComponent tc = Tr.register((Class<?>) ClientAuthnData.class, "OAuth20Provider", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    public static final String BasicAuthEncoding = System.getProperty("com.ibm.websphere.security.BasicAuthEncoding", "UTF-8");

    public ClientAuthnData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAuth20DuplicateParameterException {
        this.userName = null;
        this.passWord = null;
        this.authnData = false;
        this.isBasicAuth = false;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization header was null or wasn't basic auth; looking for client_id and client_secret parameters", new Object[0]);
            }
            this.passWord = checkForRepeatedOrEmptyParameter(httpServletRequest, "client_secret");
            this.userName = checkForRepeatedOrEmptyParameter(httpServletRequest, "client_id");
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authorization header set to basic auth; decoding header and extracting user name and password", new Object[0]);
            }
            this.isBasicAuth = true;
            String decodeAuthorizationHeader = decodeAuthorizationHeader(header, httpServletRequest.getHeader("Authorization-Encoding"));
            int indexOf = decodeAuthorizationHeader.indexOf(58);
            if (indexOf < 0) {
                this.userName = decodeAuthorizationHeader;
            } else {
                this.userName = decodeAuthorizationHeader.substring(0, indexOf);
                this.passWord = decodeAuthorizationHeader.substring(indexOf + 1);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Use authentication data from Authentication head for client: " + this.userName, new Object[0]);
        }
        if (this.userName == null || this.userName.length() <= 0) {
            return;
        }
        this.authnData = true;
    }

    @Sensitive
    public static String decodeAuthorizationHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        String header2 = httpServletRequest.getHeader("Authorization-Encoding");
        if (header == null || !header.startsWith("Basic ")) {
            return null;
        }
        return decodeAuthorizationHeader(header, header2);
    }

    @Sensitive
    public static String decodeAuthorizationHeader(@Sensitive String str, String str2) {
        if (str == null) {
            return null;
        }
        boolean z = false;
        if (str2 == null) {
            str2 = BasicAuthEncoding;
            z = true;
        }
        byte[] decode = Base64.decode(str.substring(6));
        boolean z2 = false;
        if (str2 != null && str2.length() > 0) {
            try {
                str = new String(decode, str2);
                z2 = true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.ClientAuthnData", "96", null, new Object[]{"<sensitive java.lang.String>", str2});
                z2 = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Decoding fails with encoding:" + str2, e.getMessage());
                }
            }
        }
        if (!z2 && !z) {
            try {
                str = new String(decode, BasicAuthEncoding);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.oauth20.web.ClientAuthnData", "106", null, new Object[]{"<sensitive java.lang.String>", str2});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Decoding fails with default encoding:" + BasicAuthEncoding, e2.getMessage());
                }
            }
        }
        return str;
    }

    public String getUserName() {
        return this.userName;
    }

    @Sensitive
    public String getPassWord() {
        return this.passWord;
    }

    public boolean hasAuthnData() {
        return this.authnData;
    }

    public boolean isBasicAuth() {
        return this.isBasicAuth;
    }

    @Sensitive
    private String checkForRepeatedOrEmptyParameter(HttpServletRequest httpServletRequest, String str) throws OAuth20DuplicateParameterException {
        String[] parameterValues = httpServletRequest.getParameterValues(str);
        if (parameterValues != null && parameterValues.length > 1) {
            throw new OAuth20DuplicateParameterException("security.oauth20.error.duplicate.parameter", str);
        }
        if (parameterValues == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "No values found for parameter: " + str, new Object[0]);
            return null;
        }
        String str2 = parameterValues[0];
        if (str2.isEmpty()) {
            return null;
        }
        return str2;
    }
}
