package com.ibm.ws.security.oauth20.web;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonPrimitive;
import com.google.gson.reflect.TypeToken;
import com.ibm.oauth.core.api.error.OidcServerException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.util.CharsetRange;
import com.ibm.ws.security.oauth20.util.DateUtil;
import com.ibm.ws.security.oauth20.util.MediaRange;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import com.ibm.ws.security.oauth20.util.StringUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.openjpa.jdbc.kernel.exps.Math;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.16.jar:com/ibm/ws/security/oauth20/web/AbstractOidcEndpointServices.class */
public abstract class AbstractOidcEndpointServices {
    protected static final String FORWARD_SLASH = "/";
    protected static final String BACKWARDS_SLASH = "\\";
    protected static final String COLON = ":";
    protected static final String COLON_SLASH_SLASH = "://";
    protected static final String UTF_8 = "UTF-8";
    private static final char AMPERSAND = '&';
    private static final char EQUALS = '=';
    private static final String EMPTY_STRING = "";
    private static final String URL_ENCODED_SPACE = "%20";
    public static final String CT = "Content-Type";
    public static final String CT_APPLICATION_JSON = "application/json";
    protected static final String CT_WILDCARD = "*/*";
    private static final String HDR_IF_MATCH = "If-Match";
    private static final String HDR_IF_NONE_MATCH = "If-None-Match";
    private static final String HDR_IF_MODIFIED_SINCE = "If-Modified-Since";
    private static final String HDR_IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
    public static final String HDR_WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String HDR_ACCEPT = "Accept";
    private static final String HDR_ACCEPT_CHARSET = "Accept-Charset";
    protected static final String HDR_ETAG = "ETag";
    protected static final String HDR_VALUE_PUBLIC = "public";
    protected static final String HDR_VALUE_PRIVATE = "private";
    private static final String HDR_VALUE_MAX_AGE = "max-age";
    protected static final int HTTP_DEFAULT_PORT = 80;
    protected static final int HTTP_DEFAULT_SECURE_PORT = 443;
    protected static final String HTTP_METHOD_GET = "GET";
    protected static final String HTTP_METHOD_HEAD = "HEAD";
    protected static final String HTTP_METHOD_POST = "POST";
    protected static final String HTTP_METHOD_PUT = "PUT";
    protected static final String HTTP_METHOD_DELETE = "DELETE";
    protected static final String ALG_MD5 = "MD5";
    private static TraceComponent tc = Tr.register(AbstractOidcEndpointServices.class);
    static final long serialVersionUID = -8709065230662084702L;

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, String[]> parseQueryParameters(String str) {
        return parseQueryParameters(str, false);
    }

    protected static Map<String, String[]> parseQueryParameters(String str, boolean z) {
        String substring;
        int i;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Query String is " + str, new Object[0]);
        }
        HashMap hashMap = new HashMap();
        if (str == null || str.length() == 0) {
            return new HashMap();
        }
        if (str.charAt(0) != '&') {
            str = '&' + str;
        }
        int i2 = 0;
        while (i2 < str.length()) {
            int i3 = i2 + 1;
            int indexOf = str.indexOf(38, i3);
            if (indexOf == -1) {
                substring = str.substring(i3);
                i = str.length();
            } else {
                substring = str.substring(i3, indexOf);
                i = indexOf;
            }
            i2 = i;
            loadParmInMap(substring, hashMap, z);
        }
        HashMap hashMap2 = new HashMap(hashMap.size());
        for (String str2 : hashMap.keySet()) {
            ArrayList arrayList = (ArrayList) hashMap.get(str2);
            String[] strArr = new String[arrayList.size()];
            for (int i4 = 0; i4 < arrayList.size(); i4++) {
                strArr[i4] = (String) arrayList.get(i4);
            }
            hashMap2.put(str2, strArr);
        }
        return hashMap2;
    }

    private static void loadParmInMap(String str, HashMap<String, ArrayList<String>> hashMap, boolean z) {
        String substring;
        int indexOf = str.indexOf(61);
        String str2 = "";
        if (indexOf == -1) {
            substring = str;
        } else if (indexOf == str.length() - 1) {
            substring = str.substring(0, indexOf);
        } else {
            substring = str.substring(0, indexOf);
            str2 = str.substring(indexOf + 1);
        }
        if (z) {
            substring = decode(substring);
            str2 = decode(str2);
        }
        ArrayList<String> arrayList = hashMap.get(substring);
        if (arrayList == null) {
            arrayList = new ArrayList<>();
            hashMap.put(substring, arrayList);
        }
        arrayList.add(str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String decode(String str) {
        if (str == null) {
            throw new IllegalArgumentException("str must not be null");
        }
        String replace = str.replace(URL_ENCODED_SPACE, "+");
        try {
            return URLDecoder.decode(replace, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.web.AbstractOidcEndpointServices", "250", null, new Object[]{replace});
            throw new RuntimeException(String.format("An encoding error occurred during the %s encoding of string \"%s\". The exception message is \"%s\".", "UTF-8", replace, e.getMessage()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String constructCacheControlHeaderWithMaxAge(boolean z, String str) {
        return String.format("%s, %s=%s", z ? "public" : "private", "max-age", str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String generateUUID() {
        return UUID.randomUUID().toString().replace(Math.SUBTRACT, "");
    }

    public static JsonArray getSlashTerminated(JsonArray jsonArray) {
        JsonArray jsonArray2 = new JsonArray();
        if (jsonArray != null && jsonArray.size() > 0) {
            Iterator<JsonElement> it = jsonArray.iterator();
            while (it.hasNext()) {
                jsonArray2.add(new JsonPrimitive(addTrailingSlash(it.next().getAsString())));
            }
        }
        return jsonArray2;
    }

    public static String addTrailingSlash(String str) {
        String trimTrailingSlash = trimTrailingSlash(str);
        return trimTrailingSlash == null ? trimTrailingSlash : trimTrailingSlash + "/";
    }

    protected static String addLeadingSlash(String str) {
        String trimLeadingSlash = trimLeadingSlash(str);
        return trimLeadingSlash == null ? trimLeadingSlash : "/" + trimLeadingSlash;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String trimSlashes(String str) {
        return trimTrailingSlash(trimLeadingSlash(str));
    }

    protected static String trimLeadingSlash(String str) {
        if (str == null) {
            return str;
        }
        String trim = str.trim();
        if (trim.startsWith("/") || trim.startsWith(BACKWARDS_SLASH)) {
            if (trim.length() > 1) {
                return trim.substring(1);
            }
            trim = "";
        }
        return trim;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String trimTrailingSlash(String str) {
        if (str == null) {
            return str;
        }
        String trim = str.trim();
        if (trim.endsWith("/") || trim.endsWith(BACKWARDS_SLASH)) {
            int length = trim.length();
            if (length > 1) {
                return trim.substring(0, length - 1);
            }
            trim = "";
        }
        return trim;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void validateContentType(HttpServletRequest httpServletRequest, String str) throws OidcServerException {
        if (!isValidContentType(httpServletRequest, str)) {
            throw new OidcServerException(String.format("The request must contain content-type of \"%s\"", str), "invalid_request", 415);
        }
    }

    private static boolean isValidContentType(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().startsWith(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void validateJsonAcceptable(HttpServletRequest httpServletRequest) throws OidcServerException {
        if (!isMimeTypeAcceptable(httpServletRequest, "application/json", null)) {
            throw new OidcServerException(String.format("The request does not allow for a response of media type \"%s\"", "application/json"), "invalid_request", 406);
        }
        if (!isCharsetAcceptable(httpServletRequest, "UTF-8")) {
            throw new OidcServerException(String.format("The request does not allow for a response that not charset \"%s\"", "UTF-8"), "invalid_request", 406);
        }
    }

    private static boolean isMimeTypeAcceptable(HttpServletRequest httpServletRequest, String str, Collection<String> collection) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("request must not be null");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("mimeType must not be null or empty");
        }
        String lowerCase = str.trim().toLowerCase();
        String str2 = StringUtil.splitAcceptPairAllowingSingleAsterisk(lowerCase)[0];
        for (MediaRange mediaRange : parseAcceptContentHeaders(httpServletRequest)) {
            String type = mediaRange.getType();
            String[] splitAcceptPairAllowingSingleAsterisk = StringUtil.splitAcceptPairAllowingSingleAsterisk(type);
            String str3 = splitAcceptPairAllowingSingleAsterisk[0];
            String str4 = splitAcceptPairAllowingSingleAsterisk[1];
            if ((type.equals(lowerCase) || ((str3.equals(str2) && str4.equals("*")) || type.equals("*/*"))) && mediaRange.getQValue().floatValue() != 0.0f) {
                if (collection != null) {
                    return parmsInMap(collection, mediaRange.getParameters());
                }
                return true;
            }
        }
        return false;
    }

    private static boolean isCharsetAcceptable(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("request must not be null");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("charset must not be null or empty");
        }
        String lowerCase = str.trim().toLowerCase();
        for (CharsetRange charsetRange : parseAcceptCharsetHeaders(httpServletRequest)) {
            String type = charsetRange.getType();
            if ((type.equals(lowerCase) || type.equals("*")) && charsetRange.getQValue().floatValue() != 0.0f) {
                return true;
            }
        }
        return false;
    }

    private static MediaRange[] parseAcceptContentHeaders(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("request must not be null");
        }
        return MediaRange.parse(getHeaderValue("Accept", httpServletRequest));
    }

    private static CharsetRange[] parseAcceptCharsetHeaders(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("request must not be null");
        }
        return CharsetRange.parse(getHeaderValue("Accept-Charset", httpServletRequest));
    }

    private static String getHeaderValue(String str, HttpServletRequest httpServletRequest) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("headerName must not be null or empty");
        }
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("request must not be null");
        }
        StringBuilder sb = new StringBuilder();
        Enumeration<String> headers = httpServletRequest.getHeaders(str);
        if (!headers.hasMoreElements()) {
            return sb.toString();
        }
        HashSet hashSet = new HashSet();
        while (headers.hasMoreElements()) {
            hashSet.add(headers.nextElement());
        }
        if (hashSet.size() > 0) {
            int i = 0;
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                sb.append((String) it.next());
                if (i < hashSet.size() - 1) {
                    sb.append(",");
                }
                i++;
            }
        }
        return sb.toString();
    }

    private static boolean parmsInMap(Collection<String> collection, Map<String, String[]> map) {
        if (collection == null) {
            throw new IllegalArgumentException("parms cannot be null");
        }
        if (map == null) {
            throw new IllegalArgumentException("parmMap cannot be null");
        }
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            String[] splitPair = StringUtil.splitPair(it.next(), '=');
            String lowerCase = splitPair[0].toLowerCase();
            String lowerCase2 = splitPair[1].toLowerCase();
            if (!map.containsKey(lowerCase)) {
                return false;
            }
            boolean z = false;
            String[] strArr = map.get(lowerCase);
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (lowerCase2.equals(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static List<String> getList(JsonArray jsonArray) {
        return OidcOAuth20Util.isNullEmpty(jsonArray) ? new ArrayList() : (List) new Gson().fromJson(jsonArray, new TypeToken<List<String>>() { // from class: com.ibm.ws.security.oauth20.web.AbstractOidcEndpointServices.1
            static final long serialVersionUID = 8614990559892212720L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);
        }.getType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OidcServerException checkConditionalExecution(HttpServletRequest httpServletRequest, boolean z, boolean z2, String str, Date date) throws OidcServerException {
        boolean z3 = (OidcOAuth20Util.isNullEmpty(httpServletRequest.getHeaders("If-Match")) && OidcOAuth20Util.isNullEmpty(httpServletRequest.getHeaders("If-None-Match"))) ? false : true;
        boolean z4 = (OidcOAuth20Util.isNullEmpty(httpServletRequest.getHeaders("If-Modified-Since")) && OidcOAuth20Util.isNullEmpty(httpServletRequest.getHeaders("If-Unmodified-Since"))) ? false : true;
        if (!z3 && !z4) {
            return null;
        }
        OidcServerException oidcServerException = null;
        if (z3 && str != null && str.length() != 0) {
            oidcServerException = checkETagConditions(httpServletRequest, z, z2, str);
            if (!z4) {
                return oidcServerException;
            }
        }
        OidcServerException oidcServerException2 = null;
        if (z4 && date != null) {
            oidcServerException2 = checkModifiedConditions(httpServletRequest, date);
            if (!z3) {
                return oidcServerException2;
            }
        }
        if (oidcServerException != null && oidcServerException.getHttpStatus() == 304) {
            return oidcServerException2;
        }
        if ((oidcServerException2 == null || oidcServerException2.getHttpStatus() != 304) && oidcServerException == null) {
            if (oidcServerException2 != null) {
                return oidcServerException2;
            }
            return null;
        }
        return oidcServerException;
    }

    private static OidcServerException checkETagConditions(HttpServletRequest httpServletRequest, boolean z, boolean z2, String str) throws OidcServerException {
        Object obj;
        boolean z3 = false;
        String headerValue = getHeaderValue("If-Match", httpServletRequest);
        if (headerValue == null || headerValue.length() == 0) {
            headerValue = getHeaderValue("If-None-Match", httpServletRequest);
            obj = "If-None-Match";
        } else {
            z3 = true;
            obj = "If-Match";
        }
        if (headerValue == null || headerValue.length() == 0) {
            return null;
        }
        boolean z4 = false;
        String[] split = headerValue.split(",");
        for (String str2 : split) {
            String trim = str2.trim();
            if (trim.equals("*")) {
                if (split.length != 1) {
                    throw new OidcServerException(String.format("The value \"%s\" for \"%s\" header \"*\" is not valid because it must be the only token in the value.", headerValue, obj), "invalid_request", 400);
                }
                if (z3) {
                    if (z2) {
                        return null;
                    }
                    return new OidcServerException("If-Match header specified in request and it did not match.", "invalid_request", 412);
                }
                if (z2) {
                    return z ? new OidcServerException(null, null, 304) : new OidcServerException("No If-Match header specified in request.", "invalid_request", 412);
                }
                return null;
            }
            if (trim.charAt(0) != '\"' || trim.charAt(trim.length() - 1) != '\"') {
                throw new OidcServerException(String.format("The entity tag \"%s\" in \"%s\" header is not valid because it must be a quoted string.", trim, obj), "invalid_request", 400);
            }
            String substring = trim.substring(1, trim.length() - 1);
            if (str != null && str.equals(substring)) {
                z4 = true;
            }
        }
        if (z3 && !z4) {
            return new OidcServerException("If-Match header specified in request and it did not match.", "invalid_request", 412);
        }
        if (z3 || !z4) {
            return null;
        }
        return z ? new OidcServerException(null, null, 304) : new OidcServerException("No If-Match header specified in request.", "invalid_request", 412);
    }

    private static OidcServerException checkModifiedConditions(HttpServletRequest httpServletRequest, Date date) throws OidcServerException {
        Timestamp parseTimeRFC2616;
        boolean z = false;
        String headerValue = getHeaderValue("If-Modified-Since", httpServletRequest);
        if (headerValue == null || headerValue.length() == 0) {
            headerValue = getHeaderValue("If-Unmodified-Since", httpServletRequest);
        } else {
            z = true;
        }
        if (headerValue == null || headerValue.length() == 0 || (parseTimeRFC2616 = DateUtil.parseTimeRFC2616(headerValue)) == null) {
            return null;
        }
        if (z && !date.after(parseTimeRFC2616)) {
            return new OidcServerException(null, null, 304);
        }
        if (z || !date.after(parseTimeRFC2616)) {
            return null;
        }
        return new OidcServerException("Resource modified.", "invalid_request", 412);
    }
}
