package org.wso2.carbon.apimgt.hostobjects.oidc;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.script.ScriptException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.AuthClient;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.AuthenticationToken;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.OIDCConstants;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.ServerConfiguration;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.SessionInfo;
import org.wso2.carbon.apimgt.hostobjects.oidc.internal.Util;

/* loaded from: input_file:org/wso2/carbon/apimgt/hostobjects/oidc/OIDCRelyingPartyObject.class */
public class OIDCRelyingPartyObject extends ScriptableObject {
    private Properties oidcConfigProperties = new Properties();
    private static final Log log = LogFactory.getLog(OIDCRelyingPartyObject.class);
    private static Map<String, OIDCRelyingPartyObject> oidcRelyingPartyObjectMap = new HashMap();
    private static Map<String, SessionInfo> sessionIdMap = new ConcurrentHashMap();

    public String getClassName() {
        return "OIDCRelyingParty";
    }

    public static Scriptable jsConstructor(Context context, Object[] objArr, Function function, boolean z) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid arguments!, IssuerId is missing in parameters.");
        }
        OIDCRelyingPartyObject oIDCRelyingPartyObject = oidcRelyingPartyObjectMap.get((String) objArr[0]);
        if (oIDCRelyingPartyObject == null) {
            oIDCRelyingPartyObject = new OIDCRelyingPartyObject();
            oIDCRelyingPartyObject.setOIDCProperty(OIDCConstants.ISSUER_ID, (String) objArr[0]);
            oidcRelyingPartyObjectMap.put((String) objArr[0], oIDCRelyingPartyObject);
        }
        return oIDCRelyingPartyObject;
    }

    public static String jsFunction_buildAuthRequestUrl(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 2 || !(objArr[0] instanceof String) || !(objArr[1] instanceof String)) {
            throw new ScriptException("Invalid argument. Nonce or State not set properly");
        }
        String str = (String) objArr[0];
        String str2 = (String) objArr[1];
        OIDCRelyingPartyObject oIDCRelyingPartyObject = (OIDCRelyingPartyObject) scriptable;
        try {
            log.debug(" Building auth request Url");
            URIBuilder uRIBuilder = new URIBuilder(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.AUTHORIZATION_ENDPOINT_URI));
            uRIBuilder.addParameter(OIDCConstants.RESPONSE_TYPE, oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.RESPONSE_TYPE));
            uRIBuilder.addParameter(OIDCConstants.CLIENT_ID, oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.CLIENT_ID));
            uRIBuilder.addParameter(OIDCConstants.SCOPE, oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.SCOPE));
            uRIBuilder.addParameter(OIDCConstants.REDIRECT_URI, oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.REDIRECT_URI));
            uRIBuilder.addParameter(OIDCConstants.NONCE, str);
            uRIBuilder.addParameter(OIDCConstants.STATE, str2);
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            log.error("Build Auth Request Failed", e);
            throw new Exception("Build Auth Request Failed", e);
        }
    }

    public static boolean jsFunction_validateOIDCSignature(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        log.debug("Validating OIDC signature");
        OIDCRelyingPartyObject oIDCRelyingPartyObject = (OIDCRelyingPartyObject) scriptable;
        ServerConfiguration serverConfiguration = getServerConfiguration(oIDCRelyingPartyObject);
        AuthClient clientConfiguration = getClientConfiguration(oIDCRelyingPartyObject);
        if (objArr.length != 3 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Authorization Code, Nonce value or session ID is missing.");
        }
        String str = (String) objArr[0];
        String str2 = (String) objArr[1];
        AuthenticationToken authenticationToken = getAuthenticationToken(getTokenFromTokenEP(serverConfiguration, clientConfiguration, str));
        String userName = getUserName(authenticationToken, serverConfiguration);
        if (userName == null || userName.equals("")) {
            log.error("Authentication Request is rejected. User Name is Null");
            return false;
        }
        boolean validateSignature = validateSignature(serverConfiguration, clientConfiguration, authenticationToken, str2);
        SessionInfo sessionInfo = new SessionInfo((String) objArr[2]);
        sessionInfo.setLoggedInUser(userName);
        oIDCRelyingPartyObject.addSessionInfo(sessionInfo);
        return validateSignature;
    }

    private static ServerConfiguration getServerConfiguration(OIDCRelyingPartyObject oIDCRelyingPartyObject) {
        ServerConfiguration serverConfiguration = new ServerConfiguration();
        serverConfiguration.setIssuer(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.IDP_URL));
        serverConfiguration.setJwksUri(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.JWKS_URI));
        serverConfiguration.setUserInfoUri(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.USER_INFO_URI));
        serverConfiguration.setTokenEndpointUri(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.TOKEN_ENDPOINT_URI));
        return serverConfiguration;
    }

    private static AuthClient getClientConfiguration(OIDCRelyingPartyObject oIDCRelyingPartyObject) {
        AuthClient authClient = new AuthClient();
        authClient.setClientId(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.CLIENT_ID));
        authClient.setClientSecret(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.CLIENT_SECRET));
        authClient.setAuthorizationType(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.AUTHORIZATION_TYPE));
        authClient.setRedirectURI(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.REDIRECT_URI));
        authClient.setClientAlgorithm(oIDCRelyingPartyObject.getOIDCProperty(OIDCConstants.CLIENT_ALGORITHM));
        return authClient;
    }

    private static String getTokenFromTokenEP(ServerConfiguration serverConfiguration, AuthClient authClient, String str) throws IOException {
        String clientId = authClient.getClientId();
        String clientSecret = authClient.getClientSecret();
        String authorizationType = authClient.getAuthorizationType();
        String redirectURI = authClient.getRedirectURI();
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpPost httpPost = new HttpPost(serverConfiguration.getTokenEndpointUri());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", authorizationType));
        arrayList.add(new BasicNameValuePair("code", str));
        arrayList.add(new BasicNameValuePair(OIDCConstants.REDIRECT_URI, redirectURI));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
        httpPost.setHeader("Authorization", String.format("Basic %s", Base64.encode(String.format("%s:%s", clientId, clientSecret))).trim());
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(defaultHttpClient.execute(httpPost).getEntity().getContent()));
        String str2 = "";
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return str2;
            }
            str2 = str2 + readLine;
            log.debug("Response from Token Endpoint : " + str2);
        }
    }

    private static AuthenticationToken getAuthenticationToken(String str) throws Exception {
        JsonElement parse = new JsonParser().parse(str);
        if (!parse.isJsonObject()) {
            throw new Exception("Token Endpoint did not return a JSON object: " + parse);
        }
        JsonObject asJsonObject = parse.getAsJsonObject();
        if (asJsonObject.get("error") != null) {
            String asString = asJsonObject.get("error").getAsString();
            log.error("Token Endpoint returned: " + asString);
            throw new Exception("Unable to obtain Access Token.  Token Endpoint returned: " + asString);
        }
        String str2 = null;
        if (!asJsonObject.has("access_token")) {
            throw new Exception("Token Endpoint did not return an access_token: " + str);
        }
        String asString2 = asJsonObject.get("access_token").getAsString();
        if (!asJsonObject.has("id_token")) {
            log.error("Token Endpoint did not return an id_token");
            throw new Exception("Token Endpoint did not return an id_token");
        }
        String asString3 = asJsonObject.get("id_token").getAsString();
        if (asJsonObject.has("refresh_token")) {
            str2 = asJsonObject.get("refresh_token").getAsString();
        }
        return new AuthenticationToken(asString3, asString2, str2);
    }

    private static String getUserName(AuthenticationToken authenticationToken, ServerConfiguration serverConfiguration) throws Exception {
        JsonElement parse = new JsonParser().parse(Util.getUserInfo(serverConfiguration, authenticationToken));
        if (!parse.isJsonObject()) {
            log.error("User Info Json did not return a JSON object: " + parse);
            throw new Exception("User Info Json did not return a JSON object: " + parse);
        }
        JsonObject asJsonObject = parse.getAsJsonObject();
        if (!asJsonObject.has("preferred_username")) {
            throw new Exception("User Info JSON did not return an preferred_username");
        }
        String asString = asJsonObject.get("preferred_username").getAsString();
        log.debug("User name taken from user info endpoint : " + asString);
        return asString;
    }

    private static boolean validateSignature(ServerConfiguration serverConfiguration, AuthClient authClient, AuthenticationToken authenticationToken, String str) throws Exception {
        SignedJWT parse = JWTParser.parse(authenticationToken.getIdTokenValue());
        ReadOnlyJWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        if (parse instanceof SignedJWT) {
            return Util.verifySignature(parse, serverConfiguration) && Util.validateIdClaims(serverConfiguration, authClient, parse, str, jWTClaimsSet);
        }
        if (parse instanceof PlainJWT) {
            log.error("Plain JWT not supported");
            throw new Exception("Plain JWT not supported");
        }
        log.error("JWT type not supported");
        throw new Exception("JWT type not supported");
    }

    public static String jsFunction_createNonce(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        return new BigInteger(50, new SecureRandom()).toString(16);
    }

    public static String jsFunction_createState(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        return new BigInteger(50, new SecureRandom()).toString(16);
    }

    public static String jsFunction_getLoggedInUser(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session id is missing.");
        }
        SessionInfo sessionInfo = ((OIDCRelyingPartyObject) scriptable).getSessionInfo((String) objArr[0]);
        String str = null;
        if (sessionInfo != null && sessionInfo.getLoggedInUser() != null) {
            str = sessionInfo.getLoggedInUser();
        }
        return str;
    }

    public static boolean jsFunction_isSessionAuthenticated(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return ((OIDCRelyingPartyObject) scriptable).isSessionIdExists((String) objArr[0]);
        }
        throw new ScriptException("Invalid argument. Session id is missing.");
    }

    private void addSessionInfo(SessionInfo sessionInfo) {
        sessionIdMap.put(sessionInfo.getSessionId(), sessionInfo);
    }

    private SessionInfo getSessionInfo(String str) {
        return sessionIdMap.get(str);
    }

    private boolean isSessionIdExists(String str) {
        return sessionIdMap.containsKey(str);
    }

    public static void jsFunction_invalidateSessionBySessionId(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session id is missing.");
        }
        ((OIDCRelyingPartyObject) scriptable).invalidateSessionBySessionId((String) objArr[0]);
        invalidateRelyingPartyObject("API_STORE");
    }

    private void invalidateSessionBySessionId(String str) {
        sessionIdMap.remove(str);
    }

    private static void invalidateRelyingPartyObject(String str) {
        oidcRelyingPartyObjectMap.remove(str);
    }

    public static void jsFunction_logoutUser(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
    }

    public static void jsFunction_setProperty(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 2 || !(objArr[0] instanceof String) || !(objArr[1] instanceof String)) {
            throw new ScriptException("Invalid arguments when setting OIDC configuration values.");
        }
        if (log.isDebugEnabled()) {
            log.debug("OIDC key values pair properties that set on relying party object is " + objArr[0] + " " + objArr[1]);
        }
        ((OIDCRelyingPartyObject) scriptable).setOIDCProperty((String) objArr[0], (String) objArr[1]);
    }

    private String getOIDCProperty(String str) {
        return this.oidcConfigProperties.getProperty(str);
    }

    private void setOIDCProperty(String str, String str2) {
        this.oidcConfigProperties.put(str, str2);
    }
}
