package com.wso2.openbanking.accelerator.identity.idtoken;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonConstants;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonHelper;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/idtoken/OBIDTokenBuilder.class */
public class OBIDTokenBuilder extends DefaultIDTokenBuilder {
    private static final Log log = LogFactory.getLog(OBIDTokenBuilder.class);
    Map<String, Object> identityConfigurations = IdentityExtensionsDataHolder.getInstance().getConfigurationMap();
    Object ppidProperty = this.identityConfigurations.get(IdentityCommonConstants.ENABLE_SUBJECT_AS_PPID);
    Object removeTenantDomainConfig = this.identityConfigurations.get(IdentityCommonConstants.REMOVE_TENANT_DOMAIN_FROM_SUBJECT);
    Boolean removeTenantDomain;
    Object removeUserStoreDomainConfig;
    Boolean removeUserStoreDomain;

    public OBIDTokenBuilder() throws IdentityOAuth2Exception {
        this.removeTenantDomain = Boolean.valueOf(this.removeTenantDomainConfig != null && Boolean.parseBoolean(this.removeTenantDomainConfig.toString()));
        this.removeUserStoreDomainConfig = this.identityConfigurations.get(IdentityCommonConstants.REMOVE_USER_STORE_DOMAIN_FROM_SUBJECT);
        this.removeUserStoreDomain = Boolean.valueOf(this.removeUserStoreDomainConfig != null && Boolean.parseBoolean(this.removeUserStoreDomainConfig.toString()));
    }

    protected String getSubjectClaim(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO, String str, String str2, AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        String callbackUrl = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getCallbackUrl();
        boolean z = false;
        if (this.ppidProperty != null) {
            z = Boolean.parseBoolean(this.ppidProperty.toString());
        }
        try {
            if (!IdentityCommonUtil.getRegulatoryFromSPMetaData(str)) {
                return super.getSubjectClaim(oAuthAuthzReqMessageContext, oAuth2AuthorizeRespDTO, str, str2, authenticatedUser);
            }
            String sectorIdentifierUri = getSectorIdentifierUri(str);
            if (!z) {
                if (this.removeTenantDomain.booleanValue() || this.removeUserStoreDomain.booleanValue()) {
                    return authenticatedUser.getUsernameAsSubjectIdentifier(!this.removeUserStoreDomain.booleanValue(), !this.removeTenantDomain.booleanValue());
                }
                return MultitenantUtils.getTenantAwareUsername(super.getSubjectClaim(oAuthAuthzReqMessageContext, oAuth2AuthorizeRespDTO, str, str2, authenticatedUser));
            }
            String subjectClaimValue = getSubjectClaimValue(sectorIdentifierUri, oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser() != null ? oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser().getUsernameAsSubjectIdentifier(false, false) : "", callbackUrl);
            if (StringUtils.isNotBlank(subjectClaimValue)) {
                return subjectClaimValue;
            }
            log.error("Subject claim cannot be empty");
            throw new IdentityOAuth2Exception("Subject claim cannot be empty");
        } catch (OpenBankingException e) {
            log.error("Error occurred while retrieving service provider data", e);
            throw new IdentityOAuth2Exception("Error occurred while retrieving service provider data");
        }
    }

    protected String getSubjectClaim(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO, String str, String str2, AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        String callbackURI = oAuth2AccessTokenRespDTO.getCallbackURI();
        boolean z = false;
        if (this.ppidProperty != null) {
            z = Boolean.parseBoolean(this.ppidProperty.toString());
        }
        try {
            if (!IdentityCommonUtil.getRegulatoryFromSPMetaData(str)) {
                return super.getSubjectClaim(oAuthTokenReqMessageContext, oAuth2AccessTokenRespDTO, str, str2, authenticatedUser);
            }
            String sectorIdentifierUri = getSectorIdentifierUri(str);
            if (!z) {
                if (this.removeTenantDomain.booleanValue() || this.removeUserStoreDomain.booleanValue()) {
                    return authenticatedUser.getUsernameAsSubjectIdentifier(!this.removeUserStoreDomain.booleanValue(), !this.removeTenantDomain.booleanValue());
                }
                return MultitenantUtils.getTenantAwareUsername(super.getSubjectClaim(oAuthTokenReqMessageContext, oAuth2AccessTokenRespDTO, str, str2, authenticatedUser));
            }
            String subjectClaimValue = getSubjectClaimValue(sectorIdentifierUri, oAuthTokenReqMessageContext.getAuthorizedUser() != null ? oAuthTokenReqMessageContext.getAuthorizedUser().getUsernameAsSubjectIdentifier(false, false) : "", callbackURI);
            if (StringUtils.isNotBlank(subjectClaimValue)) {
                return subjectClaimValue;
            }
            log.error("Subject claim cannot be empty");
            throw new IdentityOAuth2Exception("Subject claim cannot be empty");
        } catch (OpenBankingException e) {
            log.error("Error occurred while retrieving service provider data", e);
            throw new IdentityOAuth2Exception("Error occurred while retrieving service provider data");
        }
    }

    private String getSubjectFromCallBackUris(String str, String str2) {
        List<String> unwrapURIString = unwrapURIString(str);
        if (unwrapURIString.isEmpty()) {
            log.error("Redirect URIs cannot be empty");
            return "";
        }
        try {
            return UUID.nameUUIDFromBytes(new URI(unwrapURIString.get(0)).getHost().concat(str2).getBytes(StandardCharsets.UTF_8)).toString();
        } catch (URISyntaxException e) {
            log.error("Error while retrieving the host name of the redirect url ", e);
            return "";
        }
    }

    private String getSubjectFromSectorIdentifierUri(String str, String str2) {
        try {
            return UUID.nameUUIDFromBytes(new URI(str).getHost().concat(str2).getBytes(StandardCharsets.UTF_8)).toString();
        } catch (URISyntaxException e) {
            log.error("Error while retrieving the host name of the redirect url ", e);
            return "";
        }
    }

    private List<String> unwrapURIString(String str) {
        Pattern compile = Pattern.compile("regexp=\\((.*?)\\)");
        Pattern compile2 = Pattern.compile("\\^(.*?)\\$");
        Matcher matcher = compile.matcher(str);
        return matcher.find() ? (List) Arrays.stream(matcher.group(1).split("\\|")).map(str2 -> {
            Matcher matcher2 = compile2.matcher(str2);
            return matcher2.find() ? matcher2.group(1) : str2;
        }).collect(Collectors.toList()) : Collections.singletonList(str);
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    protected String getSectorIdentifierUri(String str) throws OpenBankingException {
        return new IdentityCommonHelper().getAppPropertyFromSPMetaData(str, "sector_identifier_uri");
    }

    private String getSubjectClaimValue(String str, String str2, String str3) {
        if (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
            log.debug("Calculating subject claim using sector identifier uri ");
            return getSubjectFromSectorIdentifierUri(str, str2);
        }
        if (!StringUtils.isNotBlank(str3) || !StringUtils.isNotBlank(str2)) {
            return "";
        }
        log.debug("Calculating subject claim using redirect uris ");
        return getSubjectFromCallBackUris(str3, str2);
    }
}
