package com.wso2.openbanking.accelerator.identity.authenticator;

import com.wso2.openbanking.accelerator.common.exception.OBThrottlerException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.app2app.App2AppAuthenticatorConstants;
import com.wso2.openbanking.accelerator.identity.authenticator.constants.IdentifierHandlerConstants;
import com.wso2.openbanking.accelerator.identity.authenticator.util.OBIdentifierAuthUtil;
import com.wso2.openbanking.accelerator.identity.dcr.validation.DCRCommonConstants;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import com.wso2.openbanking.accelerator.identity.util.HTTPClientUtils;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonHelper;
import com.wso2.openbanking.accelerator.throttler.service.OBThrottleService;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.json.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.SessionDataCache;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/authenticator/OBIdentifierAuthenticator.class */
public class OBIdentifierAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {
    private static final long serialVersionUID = 1819664539416029785L;
    private static final Log log = LogFactory.getLog(OBIdentifierAuthenticator.class);
    private static final String PROMPT_CONFIRMATION_WINDOW = "promptConfirmationWindow";
    private static final String CONTINUE = "continue";
    private static final String RESET = "reset";
    private static final String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
    private static final String USER_TENANT_DOMAIN_MISMATCH = "UserTenantDomainMismatch";
    private static final String OB_IDENTIFIER_AUTHENTICATOR = "OBIdentifierAuthenticator";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String REQUEST_URI = "request_uri";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) == null && httpServletRequest.getParameter("identifier_consent") == null) ? false : true;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL) != null) {
            AuthenticatedIdPData authenticatedIdPData = (AuthenticatedIdPData) authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL);
            if (authenticatedIdPData.getAuthenticators().size() > 0) {
                Iterator it = authenticatedIdPData.getAuthenticators().iterator();
                while (it.hasNext()) {
                    if (((AuthenticatorConfig) it.next()).getApplicationAuthenticator() instanceof BasicAuthenticator) {
                        if (!Boolean.parseBoolean((String) authenticationContext.getAuthenticatorParams(getName()).get(PROMPT_CONFIRMATION_WINDOW))) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        String parameter = httpServletRequest.getParameter("identifier_consent");
                        if (parameter != null && CONTINUE.equals(parameter)) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        if (parameter != null && RESET.equals(parameter)) {
                            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        }
                        if (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) != null) {
                            processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        try {
                            httpServletResponse.sendRedirect(ConfigurationFacade.getInstance().getIdentifierFirstConfirmationURL() + "?" + (authenticationContext.getContextIdIncludedQueryParams() + "&username=" + authenticatedIdPData.getUser().toFullQualifiedUsername()));
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        } catch (IOException e) {
                            throw new AuthenticationFailedException(e.getMessage(), e);
                        }
                    }
                }
            }
        } else if (httpServletRequest.getParameter("identifier_consent") != null) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        return super.process(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        int i = 3;
        int i2 = 180;
        String str = "";
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String authenticationEndpointRetryURL = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
        String contextIdIncludedQueryParams = authenticationContext.getContextIdIncludedQueryParams();
        OBThrottleService oBThrottleService = IdentityExtensionsDataHolder.getInstance().getOBThrottleService();
        Map parameterMap = getAuthenticatorConfig().getParameterMap();
        if (parameterMap != null) {
            i = Integer.parseInt((String) parameterMap.get("throttleLimit"));
            i2 = Integer.parseInt((String) parameterMap.get("throttleTimePeriod"));
            str = (String) parameterMap.get("showAuthFailureReason");
        }
        try {
            String str2 = "";
            if (authenticationContext.isRetrying()) {
                String clientIpAddress = IdentityUtil.getClientIpAddress(httpServletRequest);
                oBThrottleService.updateThrottleData(OB_IDENTIFIER_AUTHENTICATOR, clientIpAddress, i, i2);
                if (oBThrottleService.isThrottled(OB_IDENTIFIER_AUTHENTICATOR, clientIpAddress)) {
                    str2 = "&authFailure=true&authFailureMsg=Too.many.attempts";
                } else if (authenticationContext.getProperty(IdentifierHandlerConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME) == null || !((Boolean) authenticationContext.getProperty(IdentifierHandlerConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME)).booleanValue()) {
                    str2 = "&authFailure=true&authFailureMsg=Login.failed";
                } else {
                    str2 = "&authFailure=true&authFailureMsg=Login.failed";
                    authenticationContext.setProperty(IdentifierHandlerConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME, false);
                }
            }
            if (authenticationContext.getProperty(USER_TENANT_DOMAIN_MISMATCH) != null && ((Boolean) authenticationContext.getProperty(USER_TENANT_DOMAIN_MISMATCH)).booleanValue()) {
                str2 = "&authFailure=true&authFailureMsg=user.tenant.domain.mismatch.message";
                authenticationContext.setProperty(USER_TENANT_DOMAIN_MISMATCH, false);
            }
            IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
            IdentityUtil.clearIdentityErrorMsg();
            if (identityErrorMsg == null || identityErrorMsg.getErrorCode() == null) {
                log.debug("Identity error message context is null");
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str2);
            } else {
                log.debug("Identity error message context is not null");
                String errorCode = identityErrorMsg.getErrorCode();
                if (errorCode.equals("17005")) {
                    String parameter = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                    Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
                    if (obj != null) {
                        parameter = IdentityUtil.addDomainToName(parameter, obj.toString());
                    }
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(parameter, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + "&authFailure=true&authFailureMsg=account.confirmation.pending");
                } else if (DCRCommonConstants.DCR_REGISTRATION_PARAM_REQUIRED_TRUE.equals(str)) {
                    String str3 = null;
                    if (errorCode.contains(":")) {
                        String[] split = errorCode.split(":");
                        errorCode = split[0];
                        if (split.length > 1) {
                            str3 = split[1];
                        }
                    }
                    int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
                    if (log.isDebugEnabled()) {
                        log.debug("errorCode : " + errorCode);
                        log.debug("username : " + httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME));
                        log.debug("remainingAttempts : " + maximumLoginAttempts);
                    }
                    if (errorCode.equals("17002")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=" + maximumLoginAttempts));
                    } else if (errorCode.equals("17003")) {
                        httpServletResponse.sendRedirect(maximumLoginAttempts == 0 ? StringUtils.isBlank(str3) ? URLEncoder.encode(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0" : URLEncoder.encode(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str3 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0" : StringUtils.isBlank(str3) ? URLEncoder.encode(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) : URLEncoder.encode(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str3 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8));
                    } else {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                    }
                } else {
                    log.debug("Unknown identity error code.");
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str2);
                }
            }
        } catch (OBThrottlerException e) {
            throw new AuthenticationFailedException("Error occurred while deleting throttle data.", e);
        } catch (IOException e2) {
            throw new AuthenticationFailedException(e2.getMessage(), User.getUserFromUserName(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME)), e2);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        OBIdentifierAuthUtil.validateUsername(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), authenticationContext);
        OBThrottleService oBThrottleService = IdentityExtensionsDataHolder.getInstance().getOBThrottleService();
        String preprocessUsername = OBIdentifierAuthUtil.preprocessUsername(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), authenticationContext);
        Map properties = authenticationContext.getProperties();
        if (properties == null) {
            properties = new HashMap();
            authenticationContext.setProperties(properties);
        }
        String clientIpAddress = IdentityUtil.getClientIpAddress(httpServletRequest);
        try {
            if (oBThrottleService.isThrottled(OB_IDENTIFIER_AUTHENTICATOR, clientIpAddress)) {
                throw new AuthenticationFailedException("Too many attempts to log in.", User.getUserFromUserName(preprocessUsername));
            }
            if (getAuthenticatorConfig().getParameterMap() != null && Boolean.valueOf((String) getAuthenticatorConfig().getParameterMap().get("ValidateUsername")).booleanValue()) {
                try {
                    int tenantIdOfUser = IdentityTenantUtil.getTenantIdOfUser(preprocessUsername);
                    UserRealm tenantUserRealm = IdentityExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantIdOfUser);
                    if (tenantUserRealm == null) {
                        throw new AuthenticationFailedException("Cannot find the user realm for the given tenant: " + tenantIdOfUser, User.getUserFromUserName(preprocessUsername));
                    }
                    if (!tenantUserRealm.getUserStoreManager().isExistingUser(MultitenantUtils.getTenantAwareUsername(preprocessUsername))) {
                        log.debug("User does not exist.");
                        if (((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN) != null) {
                            preprocessUsername = IdentityUtil.addDomainToName(preprocessUsername, ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN).toString());
                        }
                        ((Map) IdentityUtil.threadLocalProperties.get()).remove(RE_CAPTCHA_USER_DOMAIN);
                        throw new InvalidCredentialsException("User does not exist.", User.getUserFromUserName(preprocessUsername));
                    }
                    properties.put("user-tenant-domain", MultitenantUtils.getTenantDomain(preprocessUsername));
                } catch (IdentityRuntimeException e) {
                    log.error("OBIdentifierAuthenticator failed while trying to get the tenant ID of the user " + preprocessUsername, e);
                    throw new AuthenticationFailedException(e.getMessage(), User.getUserFromUserName(preprocessUsername), e);
                } catch (UserStoreException e2) {
                    log.error("OBIdentifierAuthenticator failed while trying to authenticate", e2);
                    throw new AuthenticationFailedException(e2.getMessage(), User.getUserFromUserName(preprocessUsername), e2);
                }
            }
            String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(preprocessUsername);
            properties.put(IdentifierHandlerConstants.USER_NAME, prependUserStoreDomainToName);
            HashMap hashMap = new HashMap();
            hashMap.put(IdentifierHandlerConstants.USER_NAME, prependUserStoreDomainToName);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("common", hashMap);
            authenticationContext.getPreviousAuthenticatedIdPs().clear();
            authenticationContext.addAuthenticatorParams(hashMap2);
            authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(prependUserStoreDomainToName));
            if (authenticationContext.getParameters().containsKey(IdentifierHandlerConstants.USER_NAME)) {
                try {
                    oBThrottleService.deleteRecordOnSuccessAttempt(OB_IDENTIFIER_AUTHENTICATOR, clientIpAddress);
                } catch (OBThrottlerException e3) {
                    throw new AuthenticationFailedException("Error occurred while deleting throttle data.", e3);
                }
            }
        } catch (OBThrottlerException e4) {
            throw new AuthenticationFailedException("Error occurred while deleting throttle data.", e4);
        }
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(App2AppAuthenticatorConstants.SESSION_DATA_KEY);
    }

    public String getFriendlyName() {
        return IdentifierHandlerConstants.HANDLER_FRIENDLY_NAME;
    }

    public String getName() {
        return IdentifierHandlerConstants.HANDLER_NAME;
    }

    public String getSessionData(String str) throws OpenBankingException {
        BufferedReader bufferedReader = null;
        String str2 = null;
        Map parameterMap = getAuthenticatorConfig().getParameterMap();
        if (parameterMap != null) {
            str2 = (String) parameterMap.get(IdentifierHandlerConstants.AUTH_REQ_URL);
        }
        try {
            RealmConfiguration realmConfiguration = IdentityExtensionsDataHolder.getInstance().getRealmService().getBootstrapRealm().getUserStoreManager().getRealmConfiguration();
            String encodeToString = Base64.getEncoder().encodeToString((realmConfiguration.getAdminUserName() + ":" + String.valueOf(realmConfiguration.getAdminPassword().toCharArray())).getBytes(StandardCharsets.UTF_8));
            try {
                try {
                    CloseableHttpClient httpsClient = HTTPClientUtils.getHttpsClient();
                    Throwable th = null;
                    try {
                        try {
                            HttpGet httpGet = new HttpGet(str2 + str);
                            httpGet.addHeader(IdentifierHandlerConstants.ACCEPT_HEADER, IdentifierHandlerConstants.ACCEPT_HEADER_VALUE);
                            httpGet.addHeader(IdentifierHandlerConstants.AUTH_HEADER, "Basic " + encodeToString);
                            CloseableHttpResponse execute = httpsClient.execute(httpGet);
                            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(execute.getEntity().getContent(), IdentifierHandlerConstants.UTF_8));
                            StringBuffer stringBuffer = new StringBuffer();
                            while (true) {
                                String readLine = bufferedReader2.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                stringBuffer.append(readLine);
                            }
                            if (execute.getStatusLine().getStatusCode() != 200) {
                                if (httpsClient != null) {
                                    if (0 != 0) {
                                        try {
                                            httpsClient.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        httpsClient.close();
                                    }
                                }
                                if (bufferedReader2 != null) {
                                    try {
                                        bufferedReader2.close();
                                    } catch (IOException e) {
                                        log.error("Error while closing buffered reader", e);
                                    }
                                }
                                return null;
                            }
                            JSONObject jSONObject = new JSONObject(stringBuffer.toString());
                            appendRedirectUri(jSONObject);
                            String jSONObject2 = jSONObject.toString();
                            if (httpsClient != null) {
                                if (0 != 0) {
                                    try {
                                        httpsClient.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    httpsClient.close();
                                }
                            }
                            if (bufferedReader2 != null) {
                                try {
                                    bufferedReader2.close();
                                } catch (IOException e2) {
                                    log.error("Error while closing buffered reader", e2);
                                }
                            }
                            return jSONObject2;
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (httpsClient != null) {
                            if (th != null) {
                                try {
                                    httpsClient.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                httpsClient.close();
                            }
                        }
                        throw th4;
                    }
                } catch (Throwable th6) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                            log.error("Error while closing buffered reader", e3);
                        }
                    }
                    throw th6;
                }
            } catch (IOException e4) {
                throw new OpenBankingException("Error while retrieving session data", e4);
            }
        } catch (org.wso2.carbon.user.core.UserStoreException e5) {
            throw new OpenBankingException("Error while retrieving session data", e5);
        }
    }

    private void appendRedirectUri(JSONObject jSONObject) throws OpenBankingException {
        if (jSONObject.has("redirect_uri") || !jSONObject.has("request_uri")) {
            return;
        }
        JSONObject parRequestObject = getParRequestObject(jSONObject);
        if (parRequestObject.has("redirect_uri")) {
            jSONObject.put("redirect_uri", parRequestObject.get("redirect_uri"));
        } else {
            log.error("redirect_uri could not be found in the par request object.");
            throw new OpenBankingException("redirect_uri could not be found in the par request object.");
        }
    }

    @Generated(message = "Excluding from code coverage since it requires a valid cache entry")
    private JSONObject getParRequestObject(JSONObject jSONObject) throws OpenBankingException {
        byte[] decode;
        String[] split = jSONObject.get("request_uri").toString().split(":");
        SessionDataCacheEntry valueFromCache = SessionDataCache.getInstance().getValueFromCache(new SessionDataCacheKey(split[split.length - 1]));
        if (valueFromCache == null) {
            log.error("Could not able to fetch par request object from session data cache.");
            throw new OpenBankingException("Could not able to fetch par request object from session data cache.");
        }
        String essentialClaims = valueFromCache.getoAuth2Parameters().getEssentialClaims();
        try {
            decode = Base64.getDecoder().decode(essentialClaims.split("\\.")[1]);
        } catch (IllegalArgumentException e) {
            decode = Base64.getUrlDecoder().decode(essentialClaims.split("\\.")[1]);
        }
        return new JSONObject(new String(decode, StandardCharsets.UTF_8));
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    public String getSPProperty(String str, String str2) throws OpenBankingException {
        return new IdentityCommonHelper().getAppPropertyFromSPMetaData(str, str2);
    }
}
