package com.ibm.ws.security.oauth20.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.oauth.core.api.oauth20.client.OAuth20Client;
import com.ibm.oauth.core.api.oauth20.token.OAuth20Token;
import com.ibm.ws.security.oauth20.api.OAuth20EnhancedClientProvider;
import com.ibm.ws.security.oauth20.api.OAuth20EnhancedTokenCache;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.util.JSONUtil;
import com.ibm.ws.security.oauth20.util.MessageDigestUtil;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WebSphereOauth20SPWeb.war:WEB-INF/lib/oauth20.web.jar:com/ibm/ws/security/oauth20/web/AuthorizationManager.class */
public class AuthorizationManager extends BaseManager implements Serializable {
    private static final long serialVersionUID = 822235744502146870L;
    private static TraceComponent tc = Tr.register(AuthorizationManager.class, "OAuth20Provider", "com.ibm.ws.security.oauth20.resources.ProviderMsgs");
    private static final String ATTR_ID = "id";
    private static final String ATTR_COMPONENT_ID = "componentId";
    private static final String ATTR_CREATED_AT = "createdAt";
    private static final String ATTR_CLIENT_ID = "clientId";
    private static final String ATTR_CLIENT_DISPLAYNAME = "clientDisplayName";
    private static final String ATTR_SCOPE = "scope";
    private static final String ATTR_USERNAME = "username";
    private static final String ATTR_LIFETIME_SECONDS = "lifetimeSeconds";
    private static final String ATTR_TYPE = "type";
    private static final String ATTR_SUB_TYPE = "subType";
    private static final String ATTR_STATE_ID = "stateId";
    private static final String ATTR_REDIRECT_URI = "redirectUri";
    private static final String ATTR_AUTO_AUTHZ_CAPABLE = "autoAuthzCapable";
    private Set<String> authAuthzClients = new HashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WebSphereOauth20SPWeb.war:WEB-INF/lib/oauth20.web.jar:com/ibm/ws/security/oauth20/web/AuthorizationManager$Authorization.class */
    public static class Authorization {
        OAuth20Token token;
        OAuth20Client client;

        Authorization(OAuth20Token oAuth20Token, OAuth20Client oAuth20Client) {
            this.token = oAuth20Token;
            this.client = oAuth20Client;
        }

        OAuth20Token getToken() {
            return this.token;
        }

        OAuth20Client getClient() {
            return this.client;
        }
    }

    @Override // com.ibm.ws.security.oauth20.web.BaseManager
    public BaseResponse doGet(BaseRequest baseRequest) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doGet");
        }
        BaseResponse baseResponse = null;
        AuthorizationManagerRequest authorizationManagerRequest = (AuthorizationManagerRequest) baseRequest;
        StringBuilder sb = null;
        if (validateRequest(authorizationManagerRequest)) {
            this.authAuthzClients = getAutoAuthzClients(getProvider(authorizationManagerRequest));
            OAuth20EnhancedTokenCache tokenCache = getTokenCache(authorizationManagerRequest);
            OAuth20EnhancedClientProvider clientProvider = getClientProvider(authorizationManagerRequest);
            String lookupKey = authorizationManagerRequest.getLookupKey();
            String client = authorizationManagerRequest.getClient();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "lookupKey: " + lookupKey + ", client: " + client + ", component: ");
            }
            if (client != null && client.length() > 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "return all authorizations for client: " + client + ".");
                }
                Collection<OAuth20Token> allUserTokens = tokenCache.getAllUserTokens(authorizationManagerRequest.getUsername());
                ArrayList arrayList = new ArrayList();
                for (OAuth20Token oAuth20Token : allUserTokens) {
                    if (client.equals(oAuth20Token.getClientId())) {
                        arrayList.add(new Authorization(oAuth20Token, clientProvider.get(oAuth20Token.getClientId())));
                    }
                }
                sb = getJSON(arrayList);
            } else if (lookupKey == null || lookupKey.length() == 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "lookupKey is not specified, return all authorizations.");
                }
                Collection<OAuth20Token> allUserTokens2 = tokenCache.getAllUserTokens(authorizationManagerRequest.getUsername());
                ArrayList arrayList2 = new ArrayList();
                for (OAuth20Token oAuth20Token2 : allUserTokens2) {
                    arrayList2.add(new Authorization(oAuth20Token2, clientProvider.get(oAuth20Token2.getClientId())));
                }
                sb = getJSON(arrayList2);
            } else {
                OAuth20Token byHash = tokenCache.getByHash(lookupKey);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "found token: " + byHash);
                }
                if (byHash == null || !byHash.getUsername().equals(authorizationManagerRequest.getUsername())) {
                    baseResponse = new BaseResponse(404);
                } else {
                    sb = getJSON(new Authorization(byHash, clientProvider.get(byHash.getClientId())));
                }
            }
        } else {
            baseResponse = new BaseResponse(404);
        }
        if (baseResponse == null) {
            baseResponse = new BaseResponse(200, BaseResponse.CONTENT_TYPE_APPLICATION_JSON, sb == null ? null : sb.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doGet", baseResponse);
        }
        return baseResponse;
    }

    @Override // com.ibm.ws.security.oauth20.web.BaseManager
    public BaseResponse doDelete(BaseRequest baseRequest) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doDelete");
        }
        BaseResponse baseResponse = null;
        AuthorizationManagerRequest authorizationManagerRequest = (AuthorizationManagerRequest) baseRequest;
        if (validateRequest(authorizationManagerRequest)) {
            OAuth20EnhancedTokenCache tokenCache = getTokenCache(authorizationManagerRequest);
            String lookupKey = authorizationManagerRequest.getLookupKey();
            String client = authorizationManagerRequest.getClient();
            String username = authorizationManagerRequest.getUsername();
            if (client != null) {
                for (OAuth20Token oAuth20Token : tokenCache.getAllUserTokens(username)) {
                    if (client.equals(oAuth20Token.getClientId())) {
                        tokenCache.remove(oAuth20Token.getId());
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "removed token for user: " + username + ", token: " + oAuth20Token);
                        }
                    }
                }
            } else if (lookupKey == null || lookupKey.length() == 0) {
                baseResponse = new BaseResponse(400);
            } else {
                OAuth20Token byHash = tokenCache.getByHash(lookupKey);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "found token: " + byHash);
                }
                if (byHash == null || !byHash.getUsername().equals(username)) {
                    baseResponse = new BaseResponse(404);
                } else {
                    tokenCache.removeByHash(lookupKey);
                }
            }
        } else {
            baseResponse = new BaseResponse(404);
        }
        if (baseResponse == null) {
            baseResponse = new BaseResponse(204);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doDelete", baseResponse);
        }
        return baseResponse;
    }

    private Map<String, Object> asMap(Authorization authorization) {
        if (authorization == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        OAuth20Token token = authorization.getToken();
        OAuth20Client client = authorization.getClient();
        hashMap.put(ATTR_ID, MessageDigestUtil.getDigest(token.getId()));
        hashMap.put(ATTR_COMPONENT_ID, token.getComponentId());
        hashMap.put("clientId", token.getClientId());
        hashMap.put("clientDisplayName", client.getDisplayName());
        hashMap.put("scope", token.getScope());
        hashMap.put(ATTR_CREATED_AT, Long.valueOf(token.getCreatedAt()));
        hashMap.put(ATTR_USERNAME, token.getUsername());
        hashMap.put(ATTR_STATE_ID, token.getStateId());
        hashMap.put(ATTR_TYPE, token.getType());
        hashMap.put(ATTR_LIFETIME_SECONDS, Integer.valueOf(token.getLifetimeSeconds()));
        hashMap.put(ATTR_SUB_TYPE, token.getSubType());
        hashMap.put("redirectUri", token.getRedirectUri());
        hashMap.put(ATTR_AUTO_AUTHZ_CAPABLE, Boolean.valueOf(this.authAuthzClients.contains(token.getClientId())));
        return hashMap;
    }

    protected Set<String> getAutoAuthzClients(OAuth20Provider oAuth20Provider) {
        String[] configPropertyValues = oAuth20Provider.getConfiguration().getConfigPropertyValues("oauth20.autoauthorize.clients");
        HashSet hashSet = new HashSet();
        if (configPropertyValues != null) {
            for (String str : configPropertyValues) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    private StringBuilder getJSON(Authorization authorization) {
        return JSONUtil.getJSON(asMap(authorization));
    }

    private StringBuilder getJSON(Collection<Authorization> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Authorization> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(asMap(it.next()));
        }
        return JSONUtil.getJSON(arrayList.toArray(new Map[0]));
    }
}
