package org.wso2.carbon.identity.application.authentication.endpoint.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.wso2.carbon.identity.application.authentication.endpoint.util.Constants;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/endpoint/util/EndpointConfigManager.class */
public class EndpointConfigManager {
    private static final String PROTECTED_TOKENS = "protectedTokens";
    private static final String DEFAULT_CALLBACK_HANDLER = "org.wso2.carbon.securevault.DefaultSecretCallbackHandler";
    private static final String SECRET_PROVIDER = "secretProvider";
    private static Properties prop;
    private static String serverOrigin;
    private static final Log log = LogFactory.getLog(EndpointConfigManager.class);
    private static String appName = null;
    private static char[] appPassword = null;
    private static boolean isHostnameVerificationEnabled = false;
    private static boolean initialized = false;
    private static String googleOneTapRestrictedBrowsers = "";

    public static void init() {
        JSONArray jSONArray;
        InputStream inputStream = null;
        try {
            try {
                if (!initialized) {
                    prop = new Properties();
                    File file = new File(buildFilePath(Constants.TenantConstants.CONFIG_RELATIVE_PATH));
                    if (file.exists()) {
                        log.info("EndpointConfig.properties file loaded from ./repository/conf/identity/EndpointConfig.properties");
                        inputStream = new FileInputStream(file);
                        prop.load(inputStream);
                        resolveSecrets(prop);
                    } else {
                        inputStream = EndpointConfigManager.class.getClassLoader().getResourceAsStream(Constants.TenantConstants.CONFIG_FILE_NAME);
                        if (inputStream != null) {
                            prop.load(inputStream);
                            if (log.isDebugEnabled()) {
                                log.debug("EndpointConfig.properties file loaded from authentication endpoint webapp");
                            }
                        } else if (log.isDebugEnabled()) {
                            log.debug("EndpointConfig.properties could not be located in ./repository/conf/identity/EndpointConfig.properties or authentication endpoint webapp");
                        }
                    }
                    appName = getPropertyValue(Constants.CONFIG_APP_NAME);
                    appPassword = getPropertyValue(Constants.CONFIG_APP_PASSWORD).toCharArray();
                    serverOrigin = getPropertyValue(Constants.CONFIG_SERVER_ORIGIN);
                    isHostnameVerificationEnabled = Boolean.parseBoolean(getPropertyValue("hostname.verification.enabled"));
                    if (StringUtils.isNotBlank(serverOrigin)) {
                        serverOrigin = IdentityUtil.fillURLPlaceholders(serverOrigin);
                    }
                    initialized = true;
                    String property = prop.getProperty(Constants.CONFIG_GOOGLE_ONETAP_RESTRICTED_BROWSERS);
                    if (StringUtils.isNotBlank(property) && (jSONArray = new JSONArray(property)) != null && jSONArray.length() > 0) {
                        googleOneTapRestrictedBrowsers = property;
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        log.error("Error occurred while closing file input stream.", e);
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        log.error("Error occurred while closing file input stream.", e2);
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            log.error("Initialization failed : ", e3);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    log.error("Error occurred while closing file input stream.", e4);
                }
            }
        }
    }

    public static String getAppName() {
        return appName;
    }

    public static char[] getAppPassword() {
        return appPassword;
    }

    public static String getServerOrigin() {
        return serverOrigin;
    }

    public static String getGoogleOneTapRestrictedBrowsers() {
        return googleOneTapRestrictedBrowsers;
    }

    public static boolean isHostnameVerificationEnabled() {
        return isHostnameVerificationEnabled;
    }

    private static String buildFilePath(String str) throws IOException {
        if (StringUtils.isNotEmpty(str) && str.startsWith(Constants.TenantConstants.RELATIVE_PATH_START_CHAR)) {
            str = new File(new File(Constants.TenantConstants.RELATIVE_PATH_START_CHAR).getAbsolutePath()).getCanonicalPath() + File.separator + str;
        }
        if (log.isDebugEnabled()) {
            log.debug("File path for KeyStore/TrustStore : " + str);
        }
        return str;
    }

    private static String getPropertyValue(String str) {
        return (!Constants.SERVICES_URL.equals(str) || prop.containsKey(Constants.SERVICES_URL)) ? prop.getProperty(str) : IdentityUtil.getServerURL(IdentityUtil.getServicePath(), true, true);
    }

    private static boolean isSecuredPropertyAvailable(Properties properties) {
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            if (PROTECTED_TOKENS.equals(str) && StringUtils.isNotBlank(properties.getProperty(str))) {
                return true;
            }
        }
        return false;
    }

    private static void resolveSecrets(Properties properties) {
        if (StringUtils.isBlank((String) properties.get(SECRET_PROVIDER))) {
            properties.put(SECRET_PROVIDER, DEFAULT_CALLBACK_HANDLER);
        }
        SecretResolver create = SecretResolverFactory.create(properties);
        if (create != null && create.isInitialized()) {
            for (Map.Entry entry : properties.entrySet()) {
                String obj = entry.getKey().toString();
                String obj2 = entry.getValue().toString();
                if (obj2 != null) {
                    obj2 = MiscellaneousUtil.resolve(obj2, create);
                }
                properties.put(obj, obj2);
            }
        }
        if (!isSecuredPropertyAvailable(properties)) {
            if (log.isDebugEnabled()) {
                log.debug("Secure vault encryption ignored since no protected tokens available");
                return;
            }
            return;
        }
        SecretResolver create2 = SecretResolverFactory.create(properties, "");
        StringTokenizer stringTokenizer = new StringTokenizer((String) properties.get(PROTECTED_TOKENS), ",");
        while (stringTokenizer.hasMoreElements()) {
            String trim = stringTokenizer.nextElement().toString().trim();
            if (create2.isTokenProtected(trim)) {
                if (log.isDebugEnabled()) {
                    log.debug("Resolving and replacing secret for " + trim);
                }
                properties.put(trim, create2.resolve(trim));
            } else if (log.isDebugEnabled()) {
                log.debug("No encryption done for value with key :" + trim);
            }
        }
    }
}
