package com.ibm.ws.security.oauth20.plugins;

import com.ibm.oauth.core.api.attributes.AttributeList;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.error.OAuthException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20DuplicateParameterException;
import com.ibm.oauth.core.api.error.oauth20.OAuth20MissingParameterException;
import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.oauth.core.internal.OAuthConstants;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.oauth.core.internal.oauth20.OAuth20Util;
import com.ibm.oauth.core.internal.oauth20.token.OAuth20TokenHelper;
import com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.ProvidersService;
import com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;

@InjectedFFDC
@TraceObjectField(fieldName = "_log", fieldDesc = "Ljava/util/logging/Logger;")
/* loaded from: input_file:lib/com.ibm.ws.security.oauth20_1.1.12.cl50920160718-1415.jar:com/ibm/ws/security/oauth20/plugins/BaseTokenHandler.class */
public class BaseTokenHandler implements OAuth20TokenTypeHandler {
    static final String CLASS = BaseTokenHandler.class.getName();
    private static Logger _log = Logger.getLogger(CLASS);
    static final long serialVersionUID = -1042279500640039066L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public BaseTokenHandler() {
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.entering(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "<init>", new Object[0]);
        }
        if (_log == null || !_log.isLoggable(Level.FINER)) {
            return;
        }
        _log.exiting(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "<init>", this);
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public void init(OAuthComponentConfiguration oAuthComponentConfiguration) {
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.entering(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "init", new Object[]{oAuthComponentConfiguration});
        }
        if (_log == null || !_log.isLoggable(Level.FINER)) {
            return;
        }
        _log.exiting(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "init");
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public String getTypeTokenType() {
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.entering(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "getTypeTokenType", new Object[0]);
        }
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.exiting(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "getTypeTokenType", "Bearer");
        }
        return "Bearer";
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @ManualTrace
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public OAuth20Token createToken(Map<String, String[]> map) {
        _log.entering(CLASS, "createToken");
        try {
            String valueFromMap = OAuth20Util.getValueFromMap("client_id", map);
            String valueFromMap2 = OAuth20Util.getValueFromMap(OAuth20Constants.COMPONENTID, map);
            String valueFromMap3 = OAuth20Util.getValueFromMap("username", map);
            String valueFromMap4 = OAuth20Util.getValueFromMap("redirect_uri", map);
            String[] strArr = map.get("scope");
            int parseInt = Integer.parseInt(OAuth20Util.getValueFromMap(OAuth20Constants.LENGTH, map));
            int parseInt2 = Integer.parseInt(OAuth20Util.getValueFromMap(OAuth20Constants.LIFETIME, map));
            String valueFromMap5 = OAuth20Util.getValueFromMap(OAuthConstants.STATE_ID, map);
            if (valueFromMap5 == null) {
                valueFromMap5 = OAuth20Util.generateUUID();
            }
            String valueFromMap6 = OAuth20Util.getValueFromMap("grant_type", map);
            OAuth20BearerTokenImpl oAuth20BearerTokenImpl = new OAuth20BearerTokenImpl(OAuth20Util.getRandom(parseInt), valueFromMap2, valueFromMap, valueFromMap3, valueFromMap4, valueFromMap5, strArr, parseInt2, OAuth20TokenHelper.getExternalClaims(map), valueFromMap6);
            if (oAuth20BearerTokenImpl != null) {
                updateAccessToken(oAuth20BearerTokenImpl, map, valueFromMap2);
            }
            _log.exiting(CLASS, "createToken");
            return oAuth20BearerTokenImpl;
        } catch (Throwable th) {
            _log.exiting(CLASS, "createToken");
            throw th;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected void updateAccessToken(OAuth20Token oAuth20Token, Map<String, String[]> map, String str) {
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.entering(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "updateAccessToken", new Object[]{oAuth20Token, map, str});
        }
        if (map.containsKey(OAuth20Constants.REFRESH_TOKEN_KEY)) {
            String valueFromMap = OAuth20Util.getValueFromMap(OAuth20Constants.REFRESH_TOKEN_KEY, map);
            ((OAuth20TokenImpl) oAuth20Token).setRefreshTokenKey(valueFromMap);
            if (map.containsKey(OAuth20Constants.OLD_REFRESH_TOKEN_KEY)) {
                String valueFromMap2 = OAuth20Util.getValueFromMap(OAuth20Constants.OLD_REFRESH_TOKEN_KEY, map);
                if (valueFromMap != null && !valueFromMap.equals(valueFromMap2)) {
                    updateExistingAccessTokens(str, valueFromMap, map);
                }
            }
        }
        if (_log == null || !_log.isLoggable(Level.FINER)) {
            return;
        }
        _log.exiting(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "updateAccessToken");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    protected void updateExistingAccessTokens(String str, String str2, Map<String, String[]> map) {
        if (_log != null && _log.isLoggable(Level.FINER)) {
            _log.entering(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "updateExistingAccessTokens", new Object[]{str, str2, map});
        }
        OAuth20Provider oAuth20Provider = ProvidersService.getOAuth20Provider(str);
        if (oAuth20Provider != null && oAuth20Provider.getTokenCache() != null) {
            OAuth20EnhancedTokenCache tokenCache = oAuth20Provider.getTokenCache();
            String valueFromMap = OAuth20Util.getValueFromMap("username", map);
            String valueFromMap2 = OAuth20Util.getValueFromMap("client_id", map);
            if (valueFromMap != null && valueFromMap2 != null) {
                for (OAuth20Token oAuth20Token : tokenCache.getAllUserTokens(valueFromMap)) {
                    if ("access_token".equals(oAuth20Token.getType()) && valueFromMap2.equals(oAuth20Token.getClientId())) {
                        ((OAuth20TokenImpl) oAuth20Token).setRefreshTokenKey(str2);
                    }
                }
            }
        }
        if (_log == null || !_log.isLoggable(Level.FINER)) {
            return;
        }
        _log.exiting(ConfigUtils.BUILTIN_BASE_TOKEN_HANDLER_CLASS, "updateExistingAccessTokens");
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @ManualTrace
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public List<String> getKeysTokenType(AttributeList attributeList) throws OAuthException {
        _log.entering(CLASS, "getKeysTokenType");
        try {
            String attributeValueByName = attributeList.getAttributeValueByName("access_token");
            if (attributeValueByName == null || attributeValueByName.length() <= 0) {
                throw new OAuth20MissingParameterException("security.oauth20.error.missing.parameter", "access_token", null);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(attributeValueByName);
            _log.exiting(CLASS, "getKeysTokenType");
            return arrayList;
        } catch (Throwable th) {
            _log.exiting(CLASS, "getKeysTokenType");
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @ManualTrace
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public void validateRequestTokenType(AttributeList attributeList, List<OAuth20Token> list) throws OAuthException {
        _log.entering(CLASS, "validateRequestTokenType");
        try {
            String[] attributeValuesByName = attributeList.getAttributeValuesByName("access_token");
            if (attributeValuesByName != null && attributeValuesByName.length > 1) {
                throw new OAuth20DuplicateParameterException("security.oauth20.error.duplicate.parameter", "access_token");
            }
            _log.exiting(CLASS, "validateRequestTokenType");
        } catch (Throwable th) {
            _log.exiting(CLASS, "validateRequestTokenType");
            throw th;
        }
    }

    @Override // com.ibm.oauth.core.internal.oauth20.tokentype.OAuth20TokenTypeHandler
    @ManualTrace
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public void buildResponseTokenType(AttributeList attributeList, List<OAuth20Token> list) {
        OAuth20Token oAuth20Token;
        _log.entering(CLASS, "buildResponseTokenType");
        try {
            if (list.size() >= 1 && (oAuth20Token = list.get(0)) != null) {
                attributeList.setAttribute(OAuth20Constants.RESPONSEATTR_EXPIRES, com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_DECISION, new String[]{OAuth20TokenHelper.expiresUTC(oAuth20Token)});
                attributeList.setAttribute("username", com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{oAuth20Token.getUsername()});
                attributeList.setAttribute("access_token", com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{oAuth20Token.getTokenString()});
                attributeList.setAttribute(OAuth20Constants.ACCESS_TOKEN_ID, com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_META, new String[]{oAuth20Token.getId()});
                attributeList.setAttribute(OAuth20Constants.OAUTH_TOKEN_CLIENT_ID, com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, new String[]{oAuth20Token.getClientId()});
                attributeList.setAttribute(OAuthConstants.STATE_ID, com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_STATE, new String[]{oAuth20Token.getStateId()});
                String[] scope = oAuth20Token.getScope();
                if (scope != null) {
                    attributeList.setAttribute("scope", com.ibm.oauth.core.api.OAuthConstants.ATTRTYPE_RESPONSE_ATTRIBUTE, scope);
                }
            }
            _log.exiting(CLASS, "buildResponseTokenType");
        } catch (Throwable th) {
            _log.exiting(CLASS, "buildResponseTokenType");
            throw th;
        }
    }
}
