package org.wso2.carbon.identity.client.attestation.mgt.services;

import com.nimbusds.jose.JWEObject;
import java.text.ParseException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.client.attestation.mgt.exceptions.ClientAttestationMgtException;
import org.wso2.carbon.identity.client.attestation.mgt.internal.ClientAttestationMgtDataHolder;
import org.wso2.carbon.identity.client.attestation.mgt.model.ClientAttestationContext;
import org.wso2.carbon.identity.client.attestation.mgt.utils.Constants;
import org.wso2.carbon.identity.client.attestation.mgt.validators.AndroidAttestationValidator;

/* loaded from: input_file:org/wso2/carbon/identity/client/attestation/mgt/services/ClientAttestationServiceImpl.class */
public class ClientAttestationServiceImpl implements ClientAttestationService {
    private static final Log LOG = LogFactory.getLog(ClientAttestationServiceImpl.class);

    @Override // org.wso2.carbon.identity.client.attestation.mgt.services.ClientAttestationService
    public ClientAttestationContext validateAttestation(String str, String str2, String str3) throws ClientAttestationMgtException {
        ClientAttestationContext clientAttestationContext = new ClientAttestationContext();
        clientAttestationContext.setApplicationResourceId(str2);
        clientAttestationContext.setTenantDomain(str3);
        ServiceProvider serviceProvider = getServiceProvider(str2, str3);
        if (serviceProvider.getClientAttestationMetaData() == null || !serviceProvider.getClientAttestationMetaData().isAttestationEnabled()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("App :" + serviceProvider.getApplicationResourceId() + " in tenant : " + str3 + " is not subscribed to Client Attestation Service.");
            }
            clientAttestationContext.setAttestationEnabled(false);
            clientAttestationContext.setAttested(true);
            return clientAttestationContext;
        }
        if (StringUtils.isEmpty(str)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("App :" + serviceProvider.getApplicationResourceId() + " in tenant : " + str3 + " is requested with empty attestation object.");
            }
            clientAttestationContext.setAttestationEnabled(true);
            clientAttestationContext.setAttested(false);
            clientAttestationContext.setValidationFailureMessage("App is configured to validate attestation but attestation object is empty.");
            return clientAttestationContext;
        }
        if (!isAndroidAttestation(str)) {
            handleInvalidAttestationObject(clientAttestationContext);
            return clientAttestationContext;
        }
        clientAttestationContext.setAttestationEnabled(true);
        clientAttestationContext.setClientType(Constants.ClientTypes.ANDROID);
        new AndroidAttestationValidator(str2, str3, serviceProvider.getClientAttestationMetaData()).validateAttestation(str, clientAttestationContext);
        return clientAttestationContext;
    }

    private void handleInvalidAttestationObject(ClientAttestationContext clientAttestationContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Requested attestation object is not in valid format.");
        }
        setErrorToContext("Requested attestation object is not in valid format.", clientAttestationContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void handleClientAttestationException(ClientAttestationMgtException clientAttestationMgtException, ClientAttestationContext clientAttestationContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Error while evaluating client attestation.", clientAttestationMgtException);
        }
        setErrorToContext(clientAttestationMgtException.getMessage(), clientAttestationContext);
    }

    private void setErrorToContext(String str, ClientAttestationContext clientAttestationContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Setting error to client attestation context : Error message : " + str);
        }
        clientAttestationContext.setAttested(false);
        clientAttestationContext.setValidationFailureMessage(str);
    }

    private boolean isAndroidAttestation(String str) {
        try {
            return JWEObject.parse(str).getState() == JWEObject.State.ENCRYPTED;
        } catch (ParseException e) {
            return false;
        }
    }

    private ServiceProvider getServiceProvider(String str, String str2) throws ClientAttestationMgtException {
        try {
            ServiceProvider applicationByResourceId = ClientAttestationMgtDataHolder.getInstance().getApplicationManagementService().getApplicationByResourceId(str, str2);
            if (applicationByResourceId == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Could not find an application for application id: " + str + ", tenant: " + str2);
                }
                throw new ClientAttestationMgtException("Service Provider not found.");
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Retrieved service provider: " + applicationByResourceId.getApplicationName() + " for client: " + str + ", scope: " + Constants.OAUTH2 + ", tenant: " + str2);
            }
            return applicationByResourceId;
        } catch (IdentityApplicationManagementException e) {
            throw new ClientAttestationMgtException("Error occurred while retrieving OAuth2 application data for application id " + str, (Throwable) e);
        }
    }
}
