package com.wso2.openbanking.accelerator.identity.util;

import com.google.common.base.Charsets;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingRuntimeException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.cache.IdentityCache;
import com.wso2.openbanking.accelerator.identity.cache.IdentityCacheKey;
import com.wso2.openbanking.accelerator.identity.dcr.validation.DCRCommonConstants;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.json.JSONObject;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.SessionDataCache;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/util/IdentityCommonUtil.class */
public class IdentityCommonUtil {
    private static final Log log = LogFactory.getLog(IdentityCommonUtil.class);
    private static IdentityCache identityCache;

    public static String getMTLSAuthHeader() {
        return (String) Optional.ofNullable(IdentityUtil.getProperty(IdentityCommonConstants.MTLS_AUTH_HEADER)).orElse("CONFIG_NOT_FOUND");
    }

    public static String[] removeInternalScopes(String[] strArr) {
        String obj = IdentityExtensionsDataHolder.getInstance().getConfigurationMap().get(IdentityCommonConstants.CONSENT_ID_CLAIM_NAME).toString();
        if (strArr == null || strArr.length <= 0) {
            return strArr;
        }
        LinkedList linkedList = new LinkedList(Arrays.asList(strArr));
        linkedList.removeIf(str -> {
            return str.startsWith(obj);
        });
        linkedList.removeIf(str2 -> {
            return str2.startsWith(IdentityCommonConstants.OB_PREFIX);
        });
        linkedList.removeIf(str3 -> {
            return str3.startsWith(IdentityCommonConstants.TIME_PREFIX);
        });
        linkedList.removeIf(str4 -> {
            return str4.startsWith(IdentityCommonConstants.CERT_PREFIX);
        });
        return (String[]) linkedList.toArray(new String[linkedList.size()]);
    }

    @Generated(message = "Excluding from code coverage since it requires a cache initialization/service call")
    public static synchronized boolean getRegulatoryFromSPMetaData(String str) throws OpenBankingException {
        if (!StringUtils.isNotEmpty(str)) {
            throw new OpenBankingException(IdentityCommonConstants.CLIENT_ID_ERROR);
        }
        if (str.equalsIgnoreCase("CONSOLE") || str.equalsIgnoreCase("MY_ACCOUNT")) {
            return false;
        }
        if (identityCache == null) {
            log.debug("Creating new Identity cache");
            identityCache = new IdentityCache();
        }
        Object fromCacheOrRetrieve = identityCache.getFromCacheOrRetrieve(IdentityCacheKey.of(str.concat("_").concat(IdentityCommonConstants.REGULATORY_COMPLIANCE)), () -> {
            return new IdentityCommonHelper().getAppPropertyFromSPMetaData(str, IdentityCommonConstants.REGULATORY_COMPLIANCE);
        });
        if (fromCacheOrRetrieve != null) {
            return Boolean.parseBoolean(fromCacheOrRetrieve.toString());
        }
        throw new OpenBankingException("Unable to retrieve regulatory property from sp metadata");
    }

    public static ServiceProviderProperty getServiceProviderProperty(String str, String str2) {
        ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty();
        serviceProviderProperty.setValue(str2);
        serviceProviderProperty.setName(str);
        serviceProviderProperty.setDisplayName(str);
        return serviceProviderProperty;
    }

    public static String signJWTWithDefaultKey(String str) throws Exception {
        return generateJWT(str, KeyStoreManager.getInstance(-1234).getDefaultPrivateKey());
    }

    public static boolean validateJWTSignatureWithPublicKey(String str, String str2) throws OpenBankingException {
        try {
            Certificate certificate = getTrustStore().getCertificate(str2);
            if (certificate == null) {
                throw new OpenBankingException("Certificate not found for provided alias");
            }
            try {
                return SignedJWT.parse(str).verify(new RSASSAVerifier((RSAPublicKey) certificate.getPublicKey()));
            } catch (JOSEException | ParseException e) {
                throw new OpenBankingException("Error occurred while validating JWT signature");
            }
        } catch (Exception e2) {
            throw new OpenBankingException("Error while retrieving certificate from truststore");
        }
    }

    public static KeyStore getTrustStore() throws Exception {
        if (IdentityExtensionsDataHolder.getInstance().getTrustStore() == null) {
            String property = System.getProperty("javax.net.ssl.trustStore");
            String property2 = System.getProperty("javax.net.ssl.trustStorePassword");
            String property3 = System.getProperty("javax.net.ssl.trustStoreType");
            if (property == null || property2 == null || property3 == null) {
                throw new Exception("Trust store config not available");
            }
            try {
                FileInputStream fileInputStream = new FileInputStream(property);
                Throwable th = null;
                try {
                    KeyStore keyStore = KeyStore.getInstance(property3);
                    keyStore.load(fileInputStream, property2.toCharArray());
                    IdentityExtensionsDataHolder.getInstance().setTrustStore(keyStore);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new Exception("Error while loading truststore.", e);
            }
        }
        return IdentityExtensionsDataHolder.getInstance().getTrustStore();
    }

    public static String generateJWT(String str, Key key) {
        if (key == null || str == null) {
            log.debug("Null value passed for payload or key. Cannot generate JWT");
            throw new OpenBankingRuntimeException("Payload and key cannot be null");
        }
        if (!(key instanceof RSAPrivateKey)) {
            throw new OpenBankingRuntimeException("Private key should be an instance of RSAPrivateKey");
        }
        RSASSASigner rSASSASigner = new RSASSASigner((RSAPrivateKey) key);
        try {
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).build(), JWTClaimsSet.parse(str));
            signedJWT.sign(rSASSASigner);
            return signedJWT.serialize();
        } catch (ParseException | JOSEException e) {
            throw new OpenBankingRuntimeException("Error occurred while signing JWT");
        }
    }

    public static Map<String, Object> getSpMetaData(ServiceProvider serviceProvider) {
        Map map = (Map) Arrays.stream(serviceProvider.getSpProperties()).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getValue();
        }));
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : map.entrySet()) {
            if (((String) entry.getValue()).contains(DCRCommonConstants.ARRAY_ELEMENT_SEPERATOR)) {
                hashMap.put(entry.getKey(), new ArrayList(Arrays.asList(((String) entry.getValue()).split(DCRCommonConstants.ARRAY_ELEMENT_SEPERATOR))));
            } else {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    public static String getHashValue(String str, String str2) throws IdentityOAuth2Exception {
        if (str2 == null) {
            str2 = OAuth2Util.mapDigestAlgorithm(OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getIdTokenSignatureAlgorithm()));
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str2);
            messageDigest.update(str.getBytes(Charsets.UTF_8));
            byte[] digest = messageDigest.digest();
            int length = digest.length / 2;
            byte[] bArr = new byte[length];
            System.arraycopy(digest, 0, bArr, 0, length);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr).replace("\n", "").replace("\r", "");
        } catch (NoSuchAlgorithmException e) {
            throw new IdentityOAuth2Exception("Error creating the hash value. Invalid Digest Algorithm: " + str2);
        }
    }

    public static boolean getConsentJWTPayloadValidatorConfigEnabled() {
        return Boolean.parseBoolean(String.valueOf(IdentityExtensionsDataHolder.getInstance().getConfigurationMap().getOrDefault(IdentityCommonConstants.CONSENT_JWT_PAYLOAD_VALIDATION, true)));
    }

    public static String getJWKURITransportCert() {
        return String.valueOf(IdentityExtensionsDataHolder.getInstance().getConfigurationMap().getOrDefault(IdentityCommonConstants.TLS_CERT_JWKS, IdentityCommonConstants.DEFAULT_JWKS_URI));
    }

    public static String getDCRScope() {
        return String.valueOf(IdentityExtensionsDataHolder.getInstance().getConfigurationMap().getOrDefault(IdentityCommonConstants.DCR_SCOPE, IdentityCommonConstants.DCR_INTERNAL_SCOPE));
    }

    public static Boolean getDCRModifyResponseConfig() {
        return Boolean.valueOf(Boolean.parseBoolean(String.valueOf(IdentityExtensionsDataHolder.getInstance().getConfigurationMap().getOrDefault(IdentityCommonConstants.DCR_MODIFY_RESPONSE, "false"))));
    }

    public static X509Certificate getCertificateFromAttribute(Object obj) {
        if (obj instanceof X509Certificate[]) {
            return ((X509Certificate[]) obj)[0];
        }
        if (obj instanceof X509Certificate) {
            return (X509Certificate) obj;
        }
        return null;
    }

    public static String decodeRequestObjectAndGetKey(HttpServletRequest httpServletRequest, String str) throws OAuthProblemException {
        byte[] decode;
        if (!httpServletRequest.getParameterMap().containsKey("request_uri") || httpServletRequest.getParameter("request_uri") == null) {
            return null;
        }
        String[] split = httpServletRequest.getParameter("request_uri").split(":");
        SessionDataCacheEntry valueFromCache = SessionDataCache.getInstance().getValueFromCache(new SessionDataCacheKey(split[split.length - 1]));
        if (valueFromCache == null) {
            throw OAuthProblemException.error("invalid_request_uri").description("Provided request URI is not valid");
        }
        String essentialClaims = valueFromCache.getoAuth2Parameters().getEssentialClaims();
        if (essentialClaims == null) {
            return null;
        }
        String str2 = essentialClaims.split(":")[0].split("\\.")[1];
        try {
            decode = Base64.getDecoder().decode(str2);
        } catch (IllegalArgumentException e) {
            decode = Base64.getUrlDecoder().decode(str2);
        }
        JSONObject jSONObject = new JSONObject(new String(decode, StandardCharsets.UTF_8));
        if (jSONObject.has(str)) {
            return jSONObject.getString(str);
        }
        return null;
    }

    public static OAuthProblemException handleOAuthProblemException(String str, String str2, String str3) {
        return OAuthProblemException.error(str).description(str2).state(str3);
    }
}
