package com.ibm.ws.security.oauth20.web;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.web.OAuth20Request;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.15.jar:com/ibm/ws/security/oauth20/web/OAuth20RequestFilter.class */
public class OAuth20RequestFilter implements Filter {
    public static final String REGEX_COMPONENT_ID = "/([\\w-]+)/";
    public static final String REGEX_REGISTRATION = "registration(/\\S*)?";
    public static final String PATH_DISCOVERY = ".well-known/openid-configuration";
    public static final String PATH_REGISTRATION = "registration";
    public static final String SLASH_PATH_REGISTRATION = "/registration";
    public static final String PATH_REGISTRATION_SLASH = "registration/";
    static final long serialVersionUID = -2188926150871451831L;
    private static TraceComponent tc = Tr.register(OAuth20RequestFilter.class);
    private static final Pattern PATH_RE = Pattern.compile("^/([\\w-]+)/(authorize|token|introspect|revoke|.well-known/openid-configuration|userinfo|registration(/\\S*)?|check_session_iframe|end_session|coverage_map|proxy|jwk)$");

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletResponse.isCommitted()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "doFilter response.isCommitted() do nothing...", new Object[0]);
                return;
            }
            return;
        }
        Matcher endpointRequest = endpointRequest(httpServletRequest);
        if (endpointRequest != null) {
            setEndpointRequest(httpServletRequest, httpServletResponse, filterChain, endpointRequest);
            return;
        }
        String formattedMessage = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "security.oauth20.filter.request.null", new Object[]{httpServletRequest.getPathInfo()}, "CWOAU0039W: The request directed to the endpoint URL of [" + httpServletRequest.getPathInfo() + "] was not recognized by the OAuth provider as a valid request.");
        if (tc.isWarningEnabled()) {
            Tr.warning(tc, "security.oauth20.filter.request.null", httpServletRequest.getPathInfo());
        }
        httpServletResponse.sendError(404, formattedMessage);
    }

    public void setEndpointRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Matcher matcher) throws IOException, ServletException {
        httpServletRequest.setAttribute("OAuth20Request", new OAuth20Request(getProviderNameFromUrl(matcher), getEndpointTypeFromUrl(matcher), httpServletRequest));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected String getProviderNameFromUrl(Matcher matcher) {
        return matcher.group(1);
    }

    protected OAuth20Request.EndpointType getEndpointTypeFromUrl(Matcher matcher) {
        return getType(matcher.group(2));
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    private Matcher endpointRequest(HttpServletRequest httpServletRequest) {
        Matcher matcher = PATH_RE.matcher(httpServletRequest.getPathInfo());
        if (matcher.matches()) {
            return matcher;
        }
        return null;
    }

    private static OAuth20Request.EndpointType getType(String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "path type is " + str, new Object[0]);
        }
        return str.equals(PATH_DISCOVERY) ? OAuth20Request.EndpointType.discovery : str.startsWith(PATH_REGISTRATION_SLASH) ? OAuth20Request.EndpointType.registration : OAuth20Request.EndpointType.valueOf(str);
    }
}
