package com.wso2.openbanking.accelerator.gateway.util;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.util.Base64URL;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.identity.IdentityConstants;
import com.wso2.openbanking.accelerator.common.identity.retriever.ServerIdentityRetriever;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.executor.exception.OpenBankingExecutorException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.HashMap;
import java.util.Optional;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/util/GatewaySignatureHandlingUtils.class */
public class GatewaySignatureHandlingUtils {
    private static final String B64_CLAIM_KEY = "b64";

    public static JWSHeader constructJWSHeader(String str, HashMap<String, Object> hashMap, JWSAlgorithm jWSAlgorithm) {
        return new JWSHeader.Builder(jWSAlgorithm).keyID(str).type(JOSEObjectType.JOSE).criticalParams(hashMap.keySet()).customParams(hashMap).build();
    }

    public static JWSObject constructJWSObject(JWSHeader jWSHeader, String str) {
        return new JWSObject(jWSHeader, new Payload(str));
    }

    public static byte[] getSigningInput(JWSHeader jWSHeader, String str) throws UnsupportedEncodingException {
        return (jWSHeader.toBase64URL().toString() + "." + str).getBytes(StandardCharsets.UTF_8);
    }

    public static String createDetachedJws(JWSHeader jWSHeader, Base64URL base64URL) {
        return jWSHeader.toBase64URL().toString() + ".." + base64URL.toString();
    }

    @Generated(message = "Excluding from unit tests since there is a call to a method in Common Module")
    public static String getSigningKeyId() {
        return OpenBankingConfigParser.getInstance().getOBIdnRetrieverSigningCertificateKid();
    }

    @Generated(message = "Excluding from unit tests since there is a call to a method in Common Module")
    public static Optional<Key> getSigningKey() throws OpenBankingExecutorException {
        try {
            return ServerIdentityRetriever.getPrimaryCertificate(IdentityConstants.CertificateType.SIGNING);
        } catch (OpenBankingException e) {
            throw new OpenBankingExecutorException("Unable to load primary signing certificate", e);
        }
    }

    @Generated(message = "Excluding from unit tests since a signer is required to create a valid JWSObject")
    public static String createDetachedJws(String str) {
        String[] split = StringUtils.split(str, ".");
        return split[0] + ".." + split[2];
    }

    @Generated(message = "Excluding from unit tests since there is a call to a method in Common Module")
    public static JWSAlgorithm getSigningAlgorithm() {
        return JWSAlgorithm.parse(OpenBankingConfigParser.getInstance().getJwsResponseSigningAlgorithm());
    }

    public static boolean isB64HeaderVerifiable(JWSObject jWSObject) {
        Object customParam = jWSObject.getHeader().getCustomParam(B64_CLAIM_KEY);
        if (customParam != null) {
            return ((Boolean) customParam).booleanValue();
        }
        return true;
    }
}
