package com.wso2.openbanking.accelerator.identity.clientauth;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonHelper;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext;
import org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnException;
import org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls.MutualTLSClientAuthenticator;
import org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls.utils.MutualTLSUtil;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/clientauth/OBMutualTLSClientAuthenticator.class */
public class OBMutualTLSClientAuthenticator extends MutualTLSClientAuthenticator {
    private static Log log = LogFactory.getLog(OBMutualTLSClientAuthenticator.class);

    public boolean canAuthenticate(HttpServletRequest httpServletRequest, Map<String, List> map, OAuthClientAuthnContext oAuthClientAuthnContext) {
        try {
            String clientId = oAuthClientAuthnContext.getClientId();
            if (StringUtils.isEmpty(clientId)) {
                clientId = (super.getClientId(httpServletRequest, map, oAuthClientAuthnContext) != null || httpServletRequest.getParameter("client_id") == null) ? super.getClientId(httpServletRequest, map, oAuthClientAuthnContext) : httpServletRequest.getParameter("client_id");
            }
            if (!IdentityCommonUtil.getRegulatoryFromSPMetaData(clientId)) {
                return super.canAuthenticate(httpServletRequest, map, oAuthClientAuthnContext);
            }
            if (new IdentityCommonHelper().isMTLSAuthentication(httpServletRequest)) {
                log.debug("Client ID and a valid certificate was found in the request attribute hence returning true.");
                return true;
            }
            log.debug("Mutual TLS authenticator cannot handle this request. Client id is not available in body params or valid certificate not found in request attributes.");
            return false;
        } catch (OpenBankingException | OAuthClientAuthnException e) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Mutual TLS authenticator cannot handle this request. " + e.getMessage());
            return false;
        }
    }

    public URL getJWKSEndpointOfSP(ServiceProvider serviceProvider, String str) throws OAuthClientAuthnException {
        String propertyValue = MutualTLSUtil.getPropertyValue(serviceProvider, IdentityCommonUtil.getJWKURITransportCert());
        if (StringUtils.isEmpty(propertyValue)) {
            throw new OAuthClientAuthnException("jwks endpoint not configured for the service provider for client ID: " + str, "server_error");
        }
        try {
            URL url = new URL(propertyValue);
            if (log.isDebugEnabled()) {
                log.debug("Configured JWKS URI found: " + propertyValue);
            }
            return url;
        } catch (MalformedURLException e) {
            throw new OAuthClientAuthnException("URL might be malformed " + str, "server_error", e);
        }
    }
}
