package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.impl;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ValidationResponce;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.CertificateMgtAPIUtils;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.RequestValidationUtil;
import org.wso2.carbon.certificate.mgt.core.bean.Certificate;
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.scep.TenantedDeviceWrapper;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.certificate.mgt.core.service.PaginationResult;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;

@Path("/admin/certificates")
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.class */
public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
    private static Log log = LogFactory.getLog(CertificateManagementAdminServiceImpl.class);
    private static final String PROXY_AUTH_MUTUAL_HEADER = "proxy-mutual-auth-header";

    @Override // org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService
    @POST
    public Response addCertificate(EnrollmentCertificate[] enrollmentCertificateArr) {
        ArrayList arrayList = new ArrayList();
        CertificateManagementService certificateManagementService = CertificateMgtAPIUtils.getCertificateManagementService();
        try {
            for (EnrollmentCertificate enrollmentCertificate : enrollmentCertificateArr) {
                Certificate certificate = new Certificate();
                certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
                X509Certificate pemToX509Certificate = certificateManagementService.pemToX509Certificate(enrollmentCertificate.getPem());
                certificate.setSerial(pemToX509Certificate.getSerialNumber().toString());
                certificate.setCertificate(pemToX509Certificate);
                arrayList.add(certificate);
            }
            certificateManagementService.saveCertificate(arrayList);
            return Response.status(Response.Status.CREATED).entity("Added successfully.").build();
        } catch (KeystoreException e) {
            log.error("Error occurred while converting PEM file to X509Certificate.", e);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setCode(500L).setMessage("Error occurred while converting PEM file to X509Certificate.").build()).build();
        }
    }

    @Override // org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService
    @GET
    @Path("/{serialNumber}")
    public Response getCertificate(@PathParam("serialNumber") String str, @HeaderParam("If-Modified-Since") String str2) {
        RequestValidationUtil.validateSerialNumber(str);
        try {
            return Response.status(Response.Status.OK).entity(CertificateMgtAPIUtils.getCertificateManagementService().searchCertificates(str)).build();
        } catch (CertificateManagementException e) {
            log.error("Error occurred while converting PEM file to X509Certificate", e);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setCode(500L).setMessage("Error occurred while converting PEM file to X509Certificate").build()).build();
        }
    }

    @Override // org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService
    @GET
    public Response getAllCertificates(@QueryParam("offset") int i, @QueryParam("limit") int i2, @HeaderParam("If-Modified-Since") String str) {
        RequestValidationUtil.validatePaginationInfo(i, i2);
        try {
            PaginationResult allCertificates = CertificateMgtAPIUtils.getCertificateManagementService().getAllCertificates(i, i2);
            CertificateList certificateList = new CertificateList();
            certificateList.setCount(allCertificates.getRecordsTotal());
            certificateList.setList(allCertificates.getData());
            return Response.status(Response.Status.OK).entity(certificateList).build();
        } catch (CertificateManagementException e) {
            log.error("Error occurred while fetching all certificates.", e);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setMessage("Error occurred while fetching all certificates.").build()).build();
        }
    }

    @Override // org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService
    @Path("/{serialNumber}")
    @DELETE
    public Response removeCertificate(@PathParam("serialNumber") String str) {
        RequestValidationUtil.validateSerialNumber(str);
        try {
            return !CertificateMgtAPIUtils.getCertificateManagementService().removeCertificate(str) ? Response.status(Response.Status.NOT_FOUND).entity("No certificate is found with the given serial number '" + str + "'").build() : Response.status(Response.Status.OK).entity("Certificate that carries the serial number '" + str + "' has been removed").build();
        } catch (CertificateManagementException e) {
            log.error("Error occurred while converting PEM file to X509Certificate", e);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setMessage("Error occurred while converting PEM file to X509Certificate").build()).build();
        }
    }

    @Override // org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdminService
    @POST
    @Path("/verify/{type}")
    public Response verifyCertificate(@PathParam("type") String str, EnrollmentCertificate enrollmentCertificate) {
        String extractChallengeToken;
        try {
            CertificateManagementService certificateManagementService = CertificateMgtAPIUtils.getCertificateManagementService();
            if ("ios".equalsIgnoreCase(str) && (extractChallengeToken = certificateManagementService.extractChallengeToken(certificateManagementService.extractCertificateFromSignature(enrollmentCertificate.getPem()))) != null) {
                String trim = extractChallengeToken.substring(extractChallengeToken.indexOf("(") + 1).trim();
                SCEPManager sCEPManagerService = CertificateMgtAPIUtils.getSCEPManagerService();
                DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
                deviceIdentifier.setId(trim);
                deviceIdentifier.setType("ios");
                TenantedDeviceWrapper validatedDevice = sCEPManagerService.getValidatedDevice(deviceIdentifier);
                HashMap hashMap = new HashMap();
                hashMap.put("http://wso2.org/claims/enduserTenantId", String.valueOf(validatedDevice.getTenantId()));
                hashMap.put("http://wso2.org/claims/enduser", validatedDevice.getDevice().getEnrolmentInfo().getOwner());
                hashMap.put("http://wso2.org/claims/deviceIdentifier", validatedDevice.getDevice().getDeviceIdentifier());
                hashMap.put("http://wso2.org/claims/deviceIdType", validatedDevice.getDevice().getType());
                String jwtToken = CertificateMgtAPIUtils.getJwtClientManagerService().getJWTClient().getJwtToken(validatedDevice.getDevice().getEnrolmentInfo().getOwner(), hashMap);
                ValidationResponce validationResponce = new ValidationResponce();
                validationResponce.setDeviceId(trim);
                validationResponce.setDeviceType("ios");
                validationResponce.setJWTToken(jwtToken);
                validationResponce.setTenantId(validatedDevice.getTenantId());
                if (validatedDevice != null) {
                    return Response.status(Response.Status.OK).entity(validationResponce).build();
                }
            }
            if ("android".equalsIgnoreCase(str)) {
                CertificateResponse certificateResponse = null;
                if (enrollmentCertificate.getSerial().toLowerCase().contains(PROXY_AUTH_MUTUAL_HEADER)) {
                    certificateResponse = certificateManagementService.verifySubjectDN(enrollmentCertificate.getPem());
                } else {
                    X509Certificate pemToX509Certificate = certificateManagementService.pemToX509Certificate(enrollmentCertificate.getPem());
                    if (pemToX509Certificate != null) {
                        certificateResponse = certificateManagementService.verifyPEMSignature(pemToX509Certificate);
                    }
                }
                if (certificateResponse != null && certificateResponse.getCommonName() != null && !certificateResponse.getCommonName().isEmpty()) {
                    return Response.status(Response.Status.OK).entity("valid").build();
                }
            }
            return Response.status(Response.Status.OK).entity("invalid").build();
        } catch (JWTClientException e) {
            log.error("Error occurred while converting PEM file to X509Certificate.", e);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setCode(500L).setMessage("Error occurred while converting PEM file to X509Certificate.").build()).build();
        } catch (KeystoreException e2) {
            log.error("Error occurred while converting PEM file to X509Certificate.", e2);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setCode(500L).setMessage("Error occurred while converting PEM file to X509Certificate.").build()).build();
        } catch (SCEPException e3) {
            log.error("Error occurred while extracting information from certificate.", e3);
            return Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setCode(500L).setMessage("Error occurred while extracting information from certificate.").build()).build();
        }
    }
}
