package com.wso2.openbanking.accelerator.identity.claims;

import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.CertificateUtils;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonConstants;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.HttpRequestHeader;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.openidconnect.DefaultOIDCClaimsCallbackHandler;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/claims/OBDefaultOIDCClaimsCallbackHandler.class */
public class OBDefaultOIDCClaimsCallbackHandler extends DefaultOIDCClaimsCallbackHandler {
    private static Log log = LogFactory.getLog(OBDefaultOIDCClaimsCallbackHandler.class);
    Map<String, Object> identityConfigurations = IdentityExtensionsDataHolder.getInstance().getConfigurationMap();

    public JWTClaimsSet handleCustomClaims(JWTClaimsSet.Builder builder, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        try {
            if (!IdentityCommonUtil.getRegulatoryFromSPMetaData(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId()) || oAuthTokenReqMessageContext.getProperty("accessToken") != null) {
                return super.handleCustomClaims(builder, oAuthTokenReqMessageContext);
            }
            HashMap hashMap = new HashMap();
            JWTClaimsSet jwtClaimsFromSuperClass = getJwtClaimsFromSuperClass(builder, oAuthTokenReqMessageContext);
            if (jwtClaimsFromSuperClass != null) {
                for (Map.Entry entry : jwtClaimsFromSuperClass.getClaims().entrySet()) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
            addCnfClaimToOIDCDialect(oAuthTokenReqMessageContext, hashMap);
            addConsentIDClaimToOIDCDialect(oAuthTokenReqMessageContext, hashMap);
            updateSubClaim(oAuthTokenReqMessageContext, hashMap);
            for (Map.Entry entry2 : hashMap.entrySet()) {
                if ("scope".equals(entry2.getKey())) {
                    builder.claim("scope", StringUtils.join(IdentityCommonUtil.removeInternalScopes(entry2.getValue().toString().split(IdentityCommonConstants.SPACE_SEPARATOR)), IdentityCommonConstants.SPACE_SEPARATOR));
                } else {
                    builder.claim((String) entry2.getKey(), entry2.getValue());
                }
            }
            return builder.build();
        } catch (OpenBankingException e) {
            throw new IdentityOAuth2Exception(e.getMessage(), e);
        }
    }

    @Generated(message = "Excluding from code coverage since it makes is used to return claims from the super class")
    public JWTClaimsSet getJwtClaimsFromSuperClass(JWTClaimsSet.Builder builder, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        return super.handleCustomClaims(builder, oAuthTokenReqMessageContext);
    }

    private void addCnfClaimToOIDCDialect(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, Map<String, Object> map) {
        String mTLSAuthHeader = IdentityCommonUtil.getMTLSAuthHeader();
        Optional findFirst = Arrays.stream(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getHttpRequestHeaders()).filter(httpRequestHeader -> {
            return mTLSAuthHeader.equals(httpRequestHeader.getName());
        }).findFirst();
        if (findFirst.isPresent()) {
            try {
                map.put("cnf", Collections.singletonMap("x5t#S256", X509CertUtils.computeSHA256Thumbprint(CertificateUtils.parseCertificate(((HttpRequestHeader) findFirst.get()).getValue()[0]))));
            } catch (OpenBankingException e) {
                log.error("Error while extracting the certificate", e);
            }
        }
    }

    private void addConsentIDClaimToOIDCDialect(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, Map<String, Object> map) {
        String obj = this.identityConfigurations.get(IdentityCommonConstants.CONSENT_ID_CLAIM_NAME).toString();
        String str = (String) Arrays.stream(oAuthTokenReqMessageContext.getScope()).filter(str2 -> {
            return str2.contains(IdentityCommonConstants.OB_PREFIX);
        }).findFirst().orElse(null);
        String replaceAll = StringUtils.isEmpty(str) ? ((String) Arrays.stream(oAuthTokenReqMessageContext.getScope()).filter(str3 -> {
            return str3.contains(obj);
        }).findFirst().orElse("")).replaceAll(obj, "") : str.replace(IdentityCommonConstants.OB_PREFIX, "");
        if (StringUtils.isNotEmpty(replaceAll)) {
            map.put(obj, replaceAll);
        }
    }

    private void updateSubClaim(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, Map<String, Object> map) {
        Object obj = this.identityConfigurations.get(IdentityCommonConstants.REMOVE_TENANT_DOMAIN_FROM_SUBJECT);
        Boolean valueOf = Boolean.valueOf(obj != null && Boolean.parseBoolean(obj.toString()));
        Object obj2 = this.identityConfigurations.get(IdentityCommonConstants.REMOVE_USER_STORE_DOMAIN_FROM_SUBJECT);
        Boolean valueOf2 = Boolean.valueOf(obj2 != null && Boolean.parseBoolean(obj2.toString()));
        if (valueOf.booleanValue() || valueOf2.booleanValue()) {
            map.put("sub", oAuthTokenReqMessageContext.getAuthorizedUser().getUsernameAsSubjectIdentifier(!valueOf2.booleanValue(), !valueOf.booleanValue()));
        }
    }
}
