package com.wso2.openbanking.accelerator.identity.util;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.CertificateUtils;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.common.util.ServiceProviderUtils;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/util/IdentityCommonHelper.class */
public class IdentityCommonHelper {
    private static final Log log = LogFactory.getLog(IdentityCommonHelper.class);

    @Generated(message = "Excluding from code coverage since it requires a service call")
    public String getCertificateContent(String str) throws OpenBankingException {
        try {
            Optional ofNullable = Optional.ofNullable(IdentityExtensionsDataHolder.getInstance().getApplicationManagementService().getServiceProviderByClientId(str, "oauth2", ServiceProviderUtils.getSpTenantDomain(str)));
            return ofNullable.isPresent() ? ((ServiceProvider) ofNullable.get()).getCertificateContent() : "";
        } catch (IdentityApplicationManagementException e) {
            log.error(String.format("Error occurred while retrieving OAuth2 application data for clientId %s", str), e);
            throw new OpenBankingException("Error occurred while retrieving OAuth2 application data for clientId", e);
        }
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    public String getAppPropertyFromSPMetaData(String str, String str2) throws OpenBankingException {
        String str3 = null;
        if (!StringUtils.isNotEmpty(str)) {
            log.error(IdentityCommonConstants.CLIENT_ID_ERROR);
            throw new OpenBankingException(IdentityCommonConstants.CLIENT_ID_ERROR);
        }
        try {
            Optional ofNullable = Optional.ofNullable(IdentityExtensionsDataHolder.getInstance().getApplicationManagementService().getServiceProviderByClientId(str, "oauth2", ServiceProviderUtils.getSpTenantDomain(str)));
            if (ofNullable.isPresent()) {
                str3 = (String) ((Map) Arrays.stream(((ServiceProvider) ofNullable.get()).getSpProperties()).collect(Collectors.toMap((v0) -> {
                    return v0.getName();
                }, (v0) -> {
                    return v0.getValue();
                }))).get(str2);
            }
            return str3;
        } catch (IdentityApplicationManagementException e) {
            log.error(String.format("Error occurred while retrieving OAuth2 application data for clientId %s", str), e);
            throw new OpenBankingException("Error occurred while retrieving OAuth2 application data for clientId", e);
        }
    }

    public boolean isMTLSAuthentication(ServletRequest servletRequest) throws OpenBankingException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new OpenBankingException("Error occurred during request validation, passed request is not a HttpServletRequest");
        }
        String parameter = servletRequest.getParameter("client_id");
        String parameter2 = servletRequest.getParameter(IdentityCommonConstants.OAUTH_CLIENT_SECRET);
        String parameter3 = servletRequest.getParameter(IdentityCommonConstants.OAUTH_JWT_ASSERTION);
        String parameter4 = servletRequest.getParameter(IdentityCommonConstants.OAUTH_JWT_ASSERTION_TYPE);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader(IdentityCommonConstants.AUTHORIZATION_HEADER);
        String header2 = httpServletRequest.getHeader(IdentityCommonUtil.getMTLSAuthHeader());
        return StringUtils.isNotEmpty(parameter) && StringUtils.isEmpty(parameter2) && StringUtils.isEmpty(parameter3) && StringUtils.isEmpty(parameter4) && StringUtils.isEmpty(header) && header2 != null && CertificateUtils.parseCertificate(header2) != null;
    }

    public boolean isTransportCertAsHeaderEnabled() {
        return Optional.ofNullable(IdentityExtensionsDataHolder.getInstance().getConfigurationMap().get(IdentityCommonConstants.ENABLE_TRANSPORT_CERT_AS_HEADER)).filter(obj -> {
            return Boolean.parseBoolean(obj.toString());
        }).isPresent();
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    public List<ServiceProvider> getAllServiceProviders() throws IdentityApplicationManagementException, UserStoreException {
        ApplicationManagementService applicationManagementService = IdentityExtensionsDataHolder.getInstance().getApplicationManagementService();
        ArrayList arrayList = new ArrayList();
        if (applicationManagementService != null) {
            String adminUserName = IdentityExtensionsDataHolder.getInstance().getRealmService().getBootstrapRealm().getUserStoreManager().getRealmConfiguration().getAdminUserName();
            String tenantDomain = MultitenantUtils.getTenantDomain(adminUserName);
            ApplicationBasicInfo[] applicationBasicInfo = applicationManagementService.getApplicationBasicInfo(tenantDomain, adminUserName, 0, applicationManagementService.getCountOfAllApplications(tenantDomain, adminUserName));
            if (CarbonContext.getThreadLocalCarbonContext().getTenantDomain() == null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
            }
            if (applicationBasicInfo != null && applicationBasicInfo.length > 0) {
                for (ApplicationBasicInfo applicationBasicInfo2 : applicationBasicInfo) {
                    arrayList.add(applicationManagementService.getServiceProvider(applicationBasicInfo2.getApplicationId()));
                }
            }
        }
        return arrayList;
    }

    public String encodeCertificateContent(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            return null;
        }
        return IdentityCommonConstants.BEGIN_CERT + new String(Base64.getEncoder().encode(x509Certificate.getEncoded()), StandardCharsets.UTF_8) + IdentityCommonConstants.END_CERT;
    }

    @Generated(message = "Excluding from code coverage since it requires service calls")
    public void revokeAccessTokensByClientId(@Nullable String str) throws IdentityOAuth2Exception {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        Set activeTokensByConsumerKey = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getActiveTokensByConsumerKey(str);
        if (activeTokensByConsumerKey.isEmpty()) {
            return;
        }
        OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
        oAuthClientAuthnContext.setAuthenticated(true);
        oAuthClientAuthnContext.setClientId(str);
        OAuthRevocationRequestDTO oAuthRevocationRequestDTO = new OAuthRevocationRequestDTO();
        oAuthRevocationRequestDTO.setOauthClientAuthnContext(oAuthClientAuthnContext);
        oAuthRevocationRequestDTO.setConsumerKey(str);
        oAuthRevocationRequestDTO.setTokenType(GrantType.REFRESH_TOKEN.toString());
        Iterator it = activeTokensByConsumerKey.iterator();
        while (it.hasNext()) {
            oAuthRevocationRequestDTO.setToken((String) it.next());
            OAuthRevocationResponseDTO revokeTokenByOAuthClient = IdentityExtensionsDataHolder.getInstance().getOAuth2Service().revokeTokenByOAuthClient(oAuthRevocationRequestDTO);
            if (revokeTokenByOAuthClient.isError()) {
                throw new IdentityOAuth2Exception(String.format("Error occurred while revoking access tokens for clientId: %s. Caused by, %s", str, revokeTokenByOAuthClient.getErrorMsg()));
            }
        }
    }
}
