package com.ibm.ws.security.oauth20.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import com.ibm.ws.webcontainer.security.oauth20.OAuth20Authenticator;
import com.ibm.ws.webcontainer.security.oauth20.OAuth20Service;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServerConfig;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.oauth20_1.1.12.cl50920160718-1415.jar:com/ibm/ws/security/oauth20/internal/OAuth20ServiceImpl.class */
public class OAuth20ServiceImpl implements OAuth20Service {
    OAuth20Authenticator authenticator = new OAuth20AuthenticatorImpl();
    protected static final String KEY_ID = "id";
    static final long serialVersionUID = 2411904141867757784L;
    public static final TraceComponent tc = Tr.register(OAuth20ServiceImpl.class);
    protected static final Pattern OAUTH_PROTECTED_PATTERN = Pattern.compile("/([\\w-]+)/(authorize|registration)");
    protected static final Pattern OAUTH_SPECIFIC_PATTERN = Pattern.compile("/([\\w-]+)/.*");
    protected static final String KEY_oauth20Provider = "oauth20Provider";
    protected static final ConcurrentServiceReferenceMap<String, OAuth20Provider> oauth20ProviderRef = new ConcurrentServiceReferenceMap<>(KEY_oauth20Provider);

    protected void setOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " setOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected void updatedOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.putReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " updateOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected void unsetOauth20Provider(ServiceReference<OAuth20Provider> serviceReference) {
        String str = (String) serviceReference.getProperty("id");
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.removeReference(str, serviceReference);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " unsetOAuth20Provider id:" + str, new Object[0]);
        }
    }

    protected synchronized void activate(ComponentContext componentContext) {
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.activate(componentContext);
        }
    }

    protected synchronized void modify(Map<String, Object> map) {
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        synchronized (oauth20ProviderRef) {
            oauth20ProviderRef.deactivate(componentContext);
        }
    }

    public ProviderAuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.authenticator.authenticate(httpServletRequest, httpServletResponse);
    }

    public ProviderAuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ConcurrentServiceReferenceMap<String, OidcServerConfig> concurrentServiceReferenceMap) {
        return this.authenticator.authenticate(httpServletRequest, httpServletResponse);
    }

    public boolean isOauthSpecificURI(HttpServletRequest httpServletRequest, boolean z) {
        Matcher endpointRequest;
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "contextPath=" + contextPath + " uri=" + requestURI, new Object[0]);
        }
        if (contextPath != null && contextPath.equals("/oauth2") && (endpointRequest = endpointRequest(httpServletRequest)) != null && getOAuth20Provider(getProviderNameFromUrl(endpointRequest)) != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "check " + (z ? "Protected-Endpoints" : "All-endpoints"), new Object[0]);
            }
            if (!z || protectedEndpointRequest(httpServletRequest) != null) {
                return true;
            }
        }
        if (0 == 0 && !z) {
            synchronized (oauth20ProviderRef) {
                Iterator<OAuth20Provider> services = oauth20ProviderRef.getServices();
                while (services.hasNext()) {
                    if (services.next().isMiscUri(httpServletRequest)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private Matcher endpointRequest(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "path=" + pathInfo, new Object[0]);
        }
        if (pathInfo == null || pathInfo.isEmpty()) {
            return null;
        }
        Matcher matcher = OAUTH_SPECIFIC_PATTERN.matcher(pathInfo);
        if (matcher.matches()) {
            return matcher;
        }
        return null;
    }

    private Matcher protectedEndpointRequest(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "path=" + pathInfo, new Object[0]);
        }
        if (pathInfo == null || pathInfo.isEmpty()) {
            return null;
        }
        Matcher matcher = OAUTH_PROTECTED_PATTERN.matcher(pathInfo);
        if (matcher.matches()) {
            return matcher;
        }
        return null;
    }

    protected String getProviderNameFromUrl(Matcher matcher) {
        return matcher.group(1);
    }

    private OAuth20Provider getOAuth20Provider(String str) {
        OAuth20Provider service;
        synchronized (oauth20ProviderRef) {
            service = oauth20ProviderRef.getService(str);
        }
        return service;
    }
}
