package com.ibm.ws.security.openid20.client;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.security.openid20.util.MessageHelper;
import com.ibm.ws.security.openid20.util.OidUtil;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.openid4java.message.AuthRequest;

/* loaded from: input_file:com/ibm/ws/security/openid20/client/OpenIDClientConfig.class */
public class OpenIDClientConfig {
    private static final TraceComponent tc = Tr.register(OpenIDClientConfig.class, MessageHelper._TR_GROUP, MessageHelper._MSG_FILE);
    private String providerIdentifier;
    private ArrayList<String> effectiveUriList;
    private String[] mapAliasAsPrincipal;
    private List<UserInfo> userInfo;
    private int axAttributeCount;
    private ArrayList<String> basicAuthUriList;
    private boolean tryOpenIDIfBasicAuthFails;
    private ArrayList<String> excludedUriList;
    private boolean allowStateless;
    private int maxAssociationAttempts;
    private long nonceValidTime;
    private boolean httpsRequired;
    private boolean mapIdentityToRegistryUser;
    private boolean useClientIdentity;
    private String sessionEncryptionType;
    private String signatureAlgorithm;
    private long connectTimeout;
    private long socketTimeout;
    private boolean hostNameVerificationEnabled;
    private int maxDiscoveryCacheSize;
    private int maxDiscoverRetry;
    private String realmName;
    private String authenticationMode;
    private String characterEncoding;
    private long cacheCleanupFrequency;
    private String JNDICacheName;
    private String realmIdentifier;
    private String groupIdentifier;
    private boolean includeCustomCacheKeyInSubject;
    private boolean httpOnly;

    private OpenIDClientConfig() {
        this.providerIdentifier = null;
        this.effectiveUriList = null;
        this.mapAliasAsPrincipal = null;
        this.userInfo = new ArrayList();
        this.basicAuthUriList = null;
        this.tryOpenIDIfBasicAuthFails = true;
        this.excludedUriList = null;
        this.JNDICacheName = null;
        this.realmIdentifier = null;
        this.groupIdentifier = null;
        this.includeCustomCacheKeyInSubject = true;
        this.httpOnly = true;
    }

    public OpenIDClientConfig(Properties properties) throws OpenIDRelyingPartyException, WebTrustAssociationFailedException {
        this.providerIdentifier = null;
        this.effectiveUriList = null;
        this.mapAliasAsPrincipal = null;
        this.userInfo = new ArrayList();
        this.basicAuthUriList = null;
        this.tryOpenIDIfBasicAuthFails = true;
        this.excludedUriList = null;
        this.JNDICacheName = null;
        this.realmIdentifier = null;
        this.groupIdentifier = null;
        this.includeCustomCacheKeyInSubject = true;
        this.httpOnly = true;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "OpenIDClientConfig(properties[" + OidUtil.getObjState(properties) + "])");
        }
        this.providerIdentifier = OidUtil.getProperty(properties, OpenIDConstants.PROVIDER_IDENTIFIER, null);
        this.effectiveUriList = OidUtil.getUris(properties, OpenIDConstants.EFFECTIVE_URI_LIST, null);
        String optionalProperty = OidUtil.getOptionalProperty(properties, OpenIDConstants.MAP_ALIAS_AS_PRINCIPAL, false);
        if (optionalProperty != null) {
            this.mapAliasAsPrincipal = OidUtil.split(optionalProperty, ",");
        }
        this.excludedUriList = OidUtil.getUris(properties, OpenIDConstants.EXCLUDED_URI_LIST);
        this.basicAuthUriList = OidUtil.getUris(properties, OpenIDConstants.BASICAUTH_URI_LIST);
        this.tryOpenIDIfBasicAuthFails = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.TRY_OPENID_IF_BASICAUTH_FAILS, "true"));
        this.axAttributeCount = Integer.parseInt(OidUtil.getProperty(properties, OpenIDConstants.AX_ATTRIBUTE_COUNT, "1"));
        this.mapIdentityToRegistryUser = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.MAP_IDENTITY_TO_REGISTRY_USER, "false"));
        this.useClientIdentity = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.USE_CLIENT_IDENTITY, "false"));
        this.connectTimeout = Long.parseLong(OidUtil.getProperty(properties, OpenIDConstants.CONNECT_TIMEOUT, "60"));
        this.allowStateless = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.ALLOW_STATELESS, "true"));
        this.nonceValidTime = Long.parseLong(OidUtil.getProperty(properties, OpenIDConstants.NONCE_VALID_TIME, "300"));
        this.maxDiscoveryCacheSize = Integer.parseInt(OidUtil.getProperty(properties, OpenIDConstants.MAX_DISCOVERY_CACHE_SIZE, "10000"));
        this.maxDiscoverRetry = Integer.parseInt(OidUtil.getProperty(properties, OpenIDConstants.MAX_DISCOVER_RETRY, "2"));
        this.maxAssociationAttempts = Integer.parseInt(OidUtil.getProperty(properties, OpenIDConstants.MAX_ASSOCIATION_ATTEMPS, "4"));
        this.socketTimeout = Long.parseLong(OidUtil.getProperty(properties, OpenIDConstants.SOCKET_TIMEOUT, "60"));
        this.hostNameVerificationEnabled = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.HOST_NAME_VERIFICATION_ENABLED, "true"));
        this.httpsRequired = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.HTTPS_REQUIRED, "true"));
        this.authenticationMode = OidUtil.getProperty(properties, OpenIDConstants.AUTHENTICATION_MODE, AuthRequest.MODE_SETUP);
        this.realmName = OidUtil.getProperty(properties, OpenIDConstants.REALM_NAME, "OpenIDDefaultRealm");
        this.characterEncoding = OidUtil.getProperty(properties, OpenIDConstants.CHARACTER_ENCODING, "UTF-8");
        this.cacheCleanupFrequency = Long.parseLong(OidUtil.getProperty(properties, OpenIDConstants.CACHE_CLEANUP_FREQUENCY, "3600"));
        this.JNDICacheName = OidUtil.getOptionalProperty(properties, OpenIDConstants.JNDI_CACHE_NAME, false);
        this.realmIdentifier = OidUtil.getOptionalProperty(properties, OpenIDConstants.REALM_IDENTIFIER, false);
        this.groupIdentifier = OidUtil.getOptionalProperty(properties, OpenIDConstants.GROUP_IDENTIFIER, false);
        this.includeCustomCacheKeyInSubject = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.INCLUDE_CUSTOM_CACHE_KEY_IN_SUBJECT, "true"));
        this.httpOnly = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.HTTPONLY, "true"));
        boolean parseBoolean = Boolean.parseBoolean(OidUtil.getProperty(properties, OpenIDConstants.SHARED_KEY_ENCRYPTION_ENABLED, "true"));
        String property = OidUtil.getProperty(properties, OpenIDConstants.HASH_ALGORITHM, OpenIDConstants.HASH_ALG_SHA256);
        setSessionEncryptionType(Boolean.valueOf(parseBoolean), property);
        setSignatureAlgorithm(property);
        this.userInfo = getAxAttributeList(properties);
        if (tc.isDebugEnabled()) {
            Iterator<UserInfo> it = this.userInfo.iterator();
            while (it.hasNext()) {
                Tr.debug(tc, "userInfo: [" + it.next().toString() + "]");
            }
        }
        validateConfig();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "OpenIDClientConfig returns");
        }
    }

    private void setSessionEncryptionType(Boolean bool, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSessionEncryptionType(sharedKeyEnc[" + OidUtil.getObjState(bool) + "], hashAlgorithnValue[" + OidUtil.getObjState(str) + "])");
        }
        if (!bool.booleanValue()) {
            this.sessionEncryptionType = OpenIDConstants.ENCRYPTION_NO;
        } else if (OpenIDConstants.HASH_ALG_SHA1.equalsIgnoreCase(str)) {
            this.sessionEncryptionType = OpenIDConstants.ENCRYPTION_DH_SHA1;
        } else {
            this.sessionEncryptionType = OpenIDConstants.ENCRYPTION_DH_SHA256;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSessionEncryptionType returns");
        }
    }

    private void setSignatureAlgorithm(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSignatureAlgorithm(hashAlgorithmValue[" + OidUtil.getObjState(str) + "])");
        }
        if (OpenIDConstants.HASH_ALG_SHA1.equalsIgnoreCase(str)) {
            this.signatureAlgorithm = "HMAC-SHA1";
        } else {
            this.signatureAlgorithm = "HMAC-SHA256";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSignatureAlgorithm returns");
        }
    }

    private void validateConfig() throws WebTrustAssociationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateConfig");
        }
        try {
            new URL(this.providerIdentifier);
            if (!this.allowStateless && this.maxAssociationAttempts == 0) {
                this.maxAssociationAttempts = 4;
                Tr.warning(tc, "Defaulting to maxAssociation attempts as 4, since stateless mode is false and maxAssociationAttempts is 0");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateConfig returns");
            }
        } catch (MalformedURLException e) {
            String message = MessageHelper.getMessage("security.openid20.client.invalidprovideridentifier", OpenIDConstants.PROVIDER_IDENTIFIER);
            Tr.error(tc, message);
            throw new WebTrustAssociationFailedException(message);
        }
    }

    private List<UserInfo> getAxAttributeList(Properties properties) throws OpenIDRelyingPartyException, WebTrustAssociationFailedException {
        boolean z;
        String trim;
        String trim2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAxAttributeList(properties[" + OidUtil.getObjState(properties) + "])");
        }
        ArrayList arrayList = new ArrayList();
        int axAttributeCount = getAxAttributeCount();
        for (String str : properties.keySet()) {
            try {
                if (str.contains(OpenIDConstants.AX_REQUIRED_ATTRIBUTE)) {
                    z = true;
                } else if (str.contains(OpenIDConstants.AX_OPTIONAL_ATTRIBUTE)) {
                    z = false;
                } else {
                    continue;
                }
                new URL(trim2);
                arrayList.add(new UserInfo(trim, trim2, axAttributeCount, z));
            } catch (MalformedURLException e) {
                String message = MessageHelper.getMessage("security.openid20.client.invalidaxrequired", str);
                Tr.error(tc, message);
                throw new WebTrustAssociationFailedException(message);
            }
            String[] split = OidUtil.split(OidUtil.getProperty(properties, str, null), ",", 2);
            trim = split[0].trim();
            trim2 = split[1].trim();
        }
        if (arrayList.size() == 0) {
            String message2 = MessageHelper.getMessage("security.openid20.client.minaxrequired");
            Tr.error(tc, message2);
            throw new WebTrustAssociationFailedException(message2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAxAttributeList returns [" + OidUtil.getObjState(arrayList) + "]");
        }
        return arrayList;
    }

    public String[] getMapAliasAsPrincipal() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMapAliasAsPrincipal returns [" + this.mapAliasAsPrincipal + "]");
        }
        return this.mapAliasAsPrincipal;
    }

    public String getProviderIdentifier() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProviderIdentifier returns [" + this.providerIdentifier + "]");
        }
        return this.providerIdentifier;
    }

    public ArrayList<String> getEffectiveUriList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEffectiveUriList returns [" + OidUtil.getObjState(this.effectiveUriList) + "]");
        }
        return this.effectiveUriList;
    }

    public ArrayList<String> getExcludedUriList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getExcludedUriList returns [" + OidUtil.getObjState(this.excludedUriList) + "]");
        }
        return this.excludedUriList;
    }

    public ArrayList<String> getBasicAuthUriList() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getBasicAuthUriList returns [" + OidUtil.getObjState(this.basicAuthUriList) + "]");
        }
        return this.basicAuthUriList;
    }

    public boolean isTryOpenIDIfBasicAuthFails() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTryOpenIDIfBasicAuthFails returns [" + this.tryOpenIDIfBasicAuthFails + "]");
        }
        return this.tryOpenIDIfBasicAuthFails;
    }

    public boolean getAllowStateless() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAllowStateless returns [" + this.allowStateless + "]");
        }
        return this.allowStateless;
    }

    public long getNonceValidTime() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNonceValidTime returns [" + this.nonceValidTime + "]");
        }
        return this.nonceValidTime * 1000;
    }

    public int getMaxDiscoveryCacheSize() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMaxDiscoveryCacheSize returns [" + this.maxDiscoveryCacheSize + "]");
        }
        return this.maxDiscoveryCacheSize;
    }

    public int getMaxAssociationAttemps() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMaxAssociationAttemps returns [" + this.maxAssociationAttempts + "]");
        }
        return this.maxAssociationAttempts;
    }

    public String getSessionEncryptionType() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSessionEncryptionType returns [" + this.sessionEncryptionType + "]");
        }
        return this.sessionEncryptionType;
    }

    public String getSignatureAlgorithm() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignatureAlgorithm returns [" + this.signatureAlgorithm + "]");
        }
        return this.signatureAlgorithm;
    }

    public String getRealmName() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmName returns [" + this.realmName + "]");
        }
        return this.realmName;
    }

    public List<UserInfo> getUserInfo() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserInfo returns [" + OidUtil.getObjState(this.userInfo) + "]");
        }
        return this.userInfo;
    }

    public long getConnectTimeout() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConnectTimeout returns [" + this.connectTimeout + "]");
        }
        return this.connectTimeout * 1000;
    }

    public long getSocketTimeout() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSocketTimeout returns [" + this.socketTimeout + "]");
        }
        return this.socketTimeout * 1000;
    }

    public boolean isHostNameVerificationEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isHostNameVerificationEnabled returns [" + this.hostNameVerificationEnabled + "]");
        }
        return this.hostNameVerificationEnabled;
    }

    public boolean ishttpsRequired() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ishttpsRequired returns [" + this.httpsRequired + "]");
        }
        return this.httpsRequired;
    }

    public String getAuthenticationMode() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthenticationMode returns [" + this.authenticationMode + "]");
        }
        return this.authenticationMode;
    }

    public boolean isMapIdentityToRegistryUser() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isMapIdentityToRegistryUser returns [" + this.mapIdentityToRegistryUser + "]");
        }
        return this.mapIdentityToRegistryUser;
    }

    public boolean isUseClientIdentity() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUseClientIdentity returns [" + this.useClientIdentity + "]");
        }
        return this.useClientIdentity;
    }

    public int getMaxDiscoverRetry() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMaxDiscoverRetry returns [" + this.maxDiscoverRetry + "]");
        }
        return this.maxDiscoverRetry;
    }

    public String getCharacterEncoding() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCharacterEncoding returns [" + this.characterEncoding + "]");
        }
        return this.characterEncoding;
    }

    public long getCacheCleanupFrequency() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCacheCleanupFrequency returns [" + this.cacheCleanupFrequency + "]");
        }
        return this.cacheCleanupFrequency;
    }

    public int getAxAttributeCount() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAxAttributeCount returns [" + this.axAttributeCount + "]");
        }
        return this.axAttributeCount;
    }

    public String getJNDICacheName() {
        return this.JNDICacheName;
    }

    public String getRealmIdentifier() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmIdentifier returns [" + this.realmIdentifier + "]");
        }
        return this.realmIdentifier;
    }

    public String getGroupIdentifier() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupIdentifier returns [" + this.groupIdentifier + "]");
        }
        return this.groupIdentifier;
    }

    public boolean isIncludeCustomCacheKeyInSubject() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isIncludeCustomCacheKeyInSubject returns [" + this.includeCustomCacheKeyInSubject + "]");
        }
        return this.includeCustomCacheKeyInSubject;
    }

    public boolean httpOnly() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "httpOnly returns [" + this.httpOnly + "]");
        }
        return this.httpOnly;
    }
}
