package com.wso2.openbanking.accelerator.identity.claims;

import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.identity.push.auth.extension.request.validator.constants.PushAuthRequestConstants;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonConstants;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.text.ParseException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.SessionDataCache;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/claims/OBDefaultClaimProvider.class */
public class OBDefaultClaimProvider extends OBClaimProvider {
    private static final Log log = LogFactory.getLog(OBDefaultClaimProvider.class);

    @Override // com.wso2.openbanking.accelerator.identity.claims.OBClaimProvider
    public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO) throws IdentityOAuth2Exception {
        HashMap hashMap = new HashMap();
        String[] strArr = null;
        String sessionDataKey = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getSessionDataKey();
        if (StringUtils.isNotBlank(sessionDataKey)) {
            strArr = (String[]) SessionDataCache.getInstance().getValueFromCache(new SessionDataCacheKey(sessionDataKey)).getParamMap().get("request");
        }
        if (strArr != null && strArr[0].split("\\.").length != 5) {
            String asString = getRequestBodyFromCache(strArr).getAsString("state");
            if (StringUtils.isNotEmpty(asString)) {
                hashMap.put(IdentityCommonConstants.S_HASH, IdentityCommonUtil.getHashValue(asString, null));
            } else {
                removeStateFromCache(sessionDataKey);
            }
        }
        avoidSettingATHash(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getResponseType(), oAuth2AuthorizeRespDTO, hashMap);
        return hashMap;
    }

    @Override // com.wso2.openbanking.accelerator.identity.claims.OBClaimProvider
    public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO) throws IdentityOAuth2Exception {
        return new HashMap();
    }

    private void avoidSettingATHash(String str, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO, Map<String, Object> map) {
        if (StringUtils.isNotBlank(str)) {
            List asList = Arrays.asList(str.trim().split("\\s+"));
            if (asList.contains(IdentityCommonConstants.CODE) && asList.contains("id_token") && asList.contains("token")) {
                return;
            }
            if (StringUtils.isNotBlank(oAuth2AuthorizeRespDTO.getAccessToken())) {
                oAuth2AuthorizeRespDTO.setAccessToken((String) null);
            }
            map.put("at_hash", null);
        }
    }

    private JSONObject getRequestBodyFromCache(String[] strArr) {
        try {
            if (strArr.length > 0) {
                return JWTUtils.decodeRequestJWT(strArr[0], PushAuthRequestConstants.BODY);
            }
        } catch (ParseException e) {
            log.error("Exception occurred when decoding request. Caused by, ", e);
        }
        return new JSONObject();
    }

    private void removeStateFromCache(String str) {
        SessionDataCacheKey sessionDataCacheKey = new SessionDataCacheKey(str);
        SessionDataCacheEntry valueFromCache = SessionDataCache.getInstance().getValueFromCache(sessionDataCacheKey);
        if (valueFromCache != null) {
            valueFromCache.getoAuth2Parameters().setState((String) null);
            valueFromCache.getParamMap().put("state", new String[0]);
            SessionDataCache.getInstance().addToCache(sessionDataCacheKey, valueFromCache);
        }
    }
}
