package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound;

import java.util.Arrays;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
import org.wso2.carbon.identity.api.server.application.management.v1.WSTrustConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.security.SecurityConfigException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.2.227.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/WSTrustInboundFunctions.class */
public class WSTrustInboundFunctions {
    private static final String ERROR_CODE = "60504";
    private static final String ERROR_MESSAGE = "WS-Trust protocol is not supported.";
    private static final String ERROR_DESCRIPTION = "STS admin service is unavailable at the moment.";

    private WSTrustInboundFunctions() {
    }

    public static InboundAuthenticationRequestConfig putWSTrustConfiguration(ServiceProvider serviceProvider, WSTrustConfiguration wSTrustConfiguration) {
        String inboundAuthKey = InboundFunctions.getInboundAuthKey(serviceProvider, "wstrust");
        if (inboundAuthKey != null) {
            try {
                if (wsTrustAudienceChanged(wSTrustConfiguration, inboundAuthKey)) {
                    throw Utils.buildBadRequestError("Invalid audience value provided for update.");
                }
                if (ApplicationManagementServiceHolder.getStsAdminService() == null) {
                    throw Utils.buildNotFoundError(ERROR_CODE, ERROR_MESSAGE, ERROR_DESCRIPTION);
                }
                ApplicationManagementServiceHolder.getStsAdminService().removeTrustedService(inboundAuthKey);
            } catch (SecurityConfigException e) {
                throw Utils.buildServerError("Error while creating/updating WSTrust inbound of application: " + serviceProvider.getApplicationResourceId(), e);
            }
        }
        return createWsTrustInbound(wSTrustConfiguration);
    }

    private static boolean wsTrustAudienceChanged(WSTrustConfiguration wSTrustConfiguration, String str) {
        return !StringUtils.equals(str, wSTrustConfiguration.getAudience());
    }

    public static InboundAuthenticationRequestConfig createWsTrustInbound(WSTrustConfiguration wSTrustConfiguration) {
        try {
            if (ApplicationManagementServiceHolder.getStsAdminService() == null) {
                throw Utils.buildBadRequestError(ERROR_DESCRIPTION);
            }
            ApplicationManagementServiceHolder.getStsAdminService().addTrustedService(wSTrustConfiguration.getAudience(), wSTrustConfiguration.getCertificateAlias());
            InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
            inboundAuthenticationRequestConfig.setInboundAuthType("wstrust");
            inboundAuthenticationRequestConfig.setInboundAuthKey(wSTrustConfiguration.getAudience());
            return inboundAuthenticationRequestConfig;
        } catch (SecurityConfigException e) {
            throw Utils.buildServerError("Error while adding WSTrust configuration. " + e.getMessage(), e);
        }
    }

    public static WSTrustConfiguration getWSTrustConfiguration(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
        try {
            if (ApplicationManagementServiceHolder.getStsAdminService() != null) {
                return (WSTrustConfiguration) Arrays.stream(ApplicationManagementServiceHolder.getStsAdminService().getTrustedServices()).filter(trustedServiceData -> {
                    return StringUtils.equals(trustedServiceData.getServiceAddress(), inboundAuthKey);
                }).findAny().map(trustedServiceData2 -> {
                    return new WSTrustConfiguration().audience(trustedServiceData2.getServiceAddress()).certificateAlias(trustedServiceData2.getCertAlias());
                }).orElse(null);
            }
            throw Utils.buildNotFoundError(ERROR_CODE, ERROR_MESSAGE, ERROR_DESCRIPTION);
        } catch (SecurityConfigException e) {
            throw Utils.buildServerError("Error while retrieving WSTrust configuration for audience: " + inboundAuthKey, e);
        }
    }

    public static void deleteWSTrustConfiguration(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        try {
            String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
            if (ApplicationManagementServiceHolder.getStsAdminService() == null) {
                throw Utils.buildNotFoundError(ERROR_CODE, ERROR_MESSAGE, ERROR_DESCRIPTION);
            }
            ApplicationManagementServiceHolder.getStsAdminService().removeTrustedService(inboundAuthKey);
        } catch (SecurityConfigException e) {
            throw Utils.buildServerError("Error while trying to rollback WSTrust configuration. " + e.getMessage(), e);
        }
    }
}
