package org.wso2.carbon.identity.application.authentication.endpoint.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.wso2.carbon.identity.application.authentication.endpoint.util.Constants;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;
import org.xml.sax.InputSource;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.application.authentication.endpoint.util-5.15.45.jar:org/wso2/carbon/identity/application/authentication/endpoint/util/TenantDataManager.class */
public class TenantDataManager {
    private static final String PROTECTED_TOKENS = "protectedTokens";
    private static final String DEFAULT_CALLBACK_HANDLER = "org.wso2.carbon.securevault.DefaultSecretCallbackHandler";
    private static final String SECRET_PROVIDER = "secretProvider";
    private static Properties prop;
    private static String serviceURL;
    private static final Log log = LogFactory.getLog(TenantDataManager.class);
    private static String carbonLogin = "";
    private static String usernameHeaderName = "";
    private static List<String> tenantDomainList = new ArrayList();
    private static boolean initialized = false;
    private static boolean initAttempted = false;

    private TenantDataManager() {
    }

    public static synchronized void init() {
        InputStream inputStream = null;
        initAttempted = true;
        try {
            try {
                if (!initialized) {
                    prop = new Properties();
                    File file = new File(buildFilePath(Constants.TenantConstants.CONFIG_RELATIVE_PATH));
                    if (file.exists()) {
                        log.info("EndpointConfig.properties file loaded from ./repository/conf/identity/EndpointConfig.properties");
                        inputStream = new FileInputStream(file);
                        prop.load(inputStream);
                        if (Boolean.parseBoolean(getPropertyValue(Constants.TenantConstants.TENANT_LIST_ENABLED))) {
                            resolveSecrets(prop);
                        }
                    } else {
                        inputStream = TenantDataManager.class.getClassLoader().getResourceAsStream(Constants.TenantConstants.CONFIG_FILE_NAME);
                        if (inputStream != null) {
                            prop.load(inputStream);
                            log.debug("EndpointConfig.properties file loaded from authentication endpoint webapp");
                        } else if (log.isDebugEnabled()) {
                            log.debug("Input stream is null while loading authentication endpoint from webapp");
                        }
                    }
                    if (Boolean.parseBoolean(getPropertyValue(Constants.TenantConstants.TENANT_LIST_ENABLED))) {
                        usernameHeaderName = getPropertyValue(Constants.TenantConstants.USERNAME_HEADER);
                        carbonLogin = getPropertyValue(Constants.TenantConstants.USERNAME);
                        carbonLogin = Base64.encode(carbonLogin.getBytes("UTF-8"));
                        String buildFilePath = buildFilePath(getPropertyValue(Constants.TenantConstants.CLIENT_KEY_STORE));
                        String buildFilePath2 = buildFilePath(getPropertyValue(Constants.TenantConstants.CLIENT_TRUST_STORE));
                        if (StringUtils.isNotEmpty(getPropertyValue(Constants.TenantConstants.TLS_PROTOCOL))) {
                            TenantMgtAdminServiceClient.setProtocol(getPropertyValue(Constants.TenantConstants.TLS_PROTOCOL));
                        }
                        if (StringUtils.isNotEmpty(getPropertyValue(Constants.TenantConstants.KEY_MANAGER_TYPE))) {
                            TenantMgtAdminServiceClient.setKeyManagerType(getPropertyValue(Constants.TenantConstants.KEY_MANAGER_TYPE));
                        }
                        if (StringUtils.isNotEmpty(getPropertyValue(Constants.TenantConstants.TRUST_MANAGER_TYPE))) {
                            TenantMgtAdminServiceClient.setTrustManagerType(getPropertyValue(Constants.TenantConstants.TRUST_MANAGER_TYPE));
                        }
                        TenantMgtAdminServiceClient.loadKeyStore(buildFilePath, getPropertyValue(Constants.TenantConstants.CLIENT_KEY_STORE_PASSWORD));
                        TenantMgtAdminServiceClient.loadTrustStore(buildFilePath2, getPropertyValue(Constants.TenantConstants.CLIENT_TRUST_STORE_PASSWORD));
                        TenantMgtAdminServiceClient.initMutualSSLConnection(Boolean.parseBoolean(getPropertyValue(Constants.TenantConstants.HOSTNAME_VERIFICATION_ENABLED)));
                        serviceURL = getPropertyValue(Constants.SERVICES_URL) + Constants.TenantConstants.TENANT_MGT_ADMIN_SERVICE_URL;
                        initialized = true;
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        log.error("Failed to close the FileInputStream, file : EndpointConfig.properties", e);
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        log.error("Failed to close the FileInputStream, file : EndpointConfig.properties", e2);
                    }
                }
                throw th;
            }
        } catch (IOException | AuthenticationException e3) {
            log.error("Initialization failed : ", e3);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    log.error("Failed to close the FileInputStream, file : EndpointConfig.properties", e4);
                }
            }
        }
    }

    private static String buildFilePath(String str) throws IOException {
        if (StringUtils.isNotEmpty(str) && str.startsWith(".")) {
            str = new File(new File(".").getAbsolutePath()).getCanonicalPath() + File.separator + str;
        }
        if (log.isDebugEnabled()) {
            log.debug("File path for KeyStore/TrustStore : " + str);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getPropertyValue(String str) {
        return (!Constants.SERVICES_URL.equals(str) || prop.containsKey(Constants.SERVICES_URL)) ? prop.getProperty(str) : IdentityUtil.getServerURL(IdentityUtil.getServicePath(), true, true);
    }

    private static String getServiceResponse(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(usernameHeaderName, carbonLogin);
        return TenantMgtAdminServiceClient.sendPostRequest(str, null, hashMap);
    }

    public static List<String> getAllActiveTenantDomains() {
        if (initialized && tenantDomainList.isEmpty()) {
            refreshActiveTenantDomainsList();
        }
        return tenantDomainList;
    }

    public static void resetTenantDataList() {
        if (!initialized) {
            if (log.isDebugEnabled()) {
                log.debug("Tenant domains list not set as TenantDataManager is not initialized.");
            }
        } else {
            synchronized (tenantDomainList) {
                tenantDomainList.clear();
                refreshActiveTenantDomainsList();
            }
        }
    }

    private static void refreshActiveTenantDomainsList() {
        try {
            String serviceResponse = getServiceResponse(serviceURL);
            if (StringUtils.isNotEmpty(serviceResponse)) {
                NodeList nodeList = (NodeList) XPathFactory.newInstance().newXPath().compile("/*[local-name() = 'retrieveTenantsResponse']/*[local-name() = 'return']").evaluate(IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder().parse(new InputSource(new StringReader(serviceResponse))), XPathConstants.NODESET);
                tenantDomainList.clear();
                for (int i = 0; i < nodeList.getLength(); i++) {
                    Node item = nodeList.item(i);
                    if (item != null && item.getNodeType() == 1) {
                        NodeList childNodes = ((Element) item).getChildNodes();
                        boolean z = false;
                        boolean z2 = false;
                        boolean z3 = false;
                        String str = null;
                        int i2 = 0;
                        while (true) {
                            if (i2 < childNodes.getLength()) {
                                Node item2 = childNodes.item(i2);
                                String localName = item2.getLocalName();
                                if ("active".equals(localName)) {
                                    z = true;
                                    if (Boolean.parseBoolean(item2.getTextContent())) {
                                        z3 = true;
                                    }
                                }
                                if (Constants.TenantConstants.TENANT_DOMAIN.equals(localName)) {
                                    z2 = true;
                                    str = item2.getTextContent();
                                }
                                if (!z || !z2) {
                                    i2++;
                                } else if (z3) {
                                    tenantDomainList.add(str);
                                    if (log.isDebugEnabled()) {
                                        log.debug(str + " is active and added to the dropdown list");
                                    }
                                } else if (log.isDebugEnabled()) {
                                    log.debug(str + " is inactive and not added to the dropdown list");
                                }
                            }
                        }
                    }
                }
                Collections.sort(tenantDomainList);
            }
        } catch (Exception e) {
            log.error("Retrieving list of active tenant domains failed. Ignore this if there are no tenants : ", e);
        }
    }

    public static boolean isTenantListEnabled() {
        if (!initAttempted && !initialized) {
            init();
        }
        return Boolean.parseBoolean(getPropertyValue(Constants.TenantConstants.TENANT_LIST_ENABLED));
    }

    private static void resolveSecrets(Properties properties) {
        if (StringUtils.isBlank((String) properties.get(SECRET_PROVIDER))) {
            properties.put(SECRET_PROVIDER, DEFAULT_CALLBACK_HANDLER);
        }
        SecretResolver create = SecretResolverFactory.create(properties);
        if (create != null && create.isInitialized()) {
            for (Map.Entry entry : properties.entrySet()) {
                String obj = entry.getKey().toString();
                String obj2 = entry.getValue().toString();
                if (obj2 != null) {
                    obj2 = MiscellaneousUtil.resolve(obj2, create);
                }
                properties.put(obj, obj2);
            }
        }
        if (!isSecuredPropertyAvailable(properties)) {
            if (log.isDebugEnabled()) {
                log.debug("Secure vault encryption ignored since no protected tokens available");
                return;
            }
            return;
        }
        SecretResolver create2 = SecretResolverFactory.create(properties, "");
        StringTokenizer stringTokenizer = new StringTokenizer((String) properties.get(PROTECTED_TOKENS), ",");
        while (stringTokenizer.hasMoreElements()) {
            String trim = stringTokenizer.nextElement().toString().trim();
            if (create2.isTokenProtected(trim)) {
                if (log.isDebugEnabled()) {
                    log.debug("Resolving and replacing secret for " + trim);
                }
                properties.put(trim, create2.resolve(trim));
            } else if (log.isDebugEnabled()) {
                log.debug("No encryption done for value with key :" + trim);
            }
        }
    }

    private static boolean isSecuredPropertyAvailable(Properties properties) {
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            if (PROTECTED_TOKENS.equals(str) && StringUtils.isNotBlank(properties.getProperty(str))) {
                return true;
            }
        }
        return false;
    }
}
