package org.wso2.micro.gateway.enforcer.keymgt;

import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONObject;
import org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO;
import org.wso2.gateway.discovery.keymgt.KeyManagerConfig;
import org.wso2.micro.gateway.enforcer.config.ConfigHolder;
import org.wso2.micro.gateway.enforcer.config.dto.ExtendedTokenIssuerDto;
import org.wso2.micro.gateway.enforcer.constants.APIConstants;
import org.wso2.micro.gateway.enforcer.discovery.KeyManagerDiscoveryClient;
import org.wso2.micro.gateway.enforcer.util.TLSUtils;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/keymgt/KeyManagerHolder.class */
public class KeyManagerHolder {
    private static final Logger logger = LogManager.getLogger((Class<?>) ConfigHolder.class);
    private static final String X509 = "X.509";
    private static KeyManagerHolder instance;
    private Map<String, ExtendedTokenIssuerDto> tokenIssuerMap = ConfigHolder.getInstance().getConfig().getIssuersMap();

    private KeyManagerHolder() {
    }

    public static KeyManagerHolder getInstance() {
        if (instance == null) {
            instance = new KeyManagerHolder();
        }
        return instance;
    }

    public void init() {
        if (ConfigHolder.getInstance().getConfig().getEventHub().isEnabled()) {
            KeyManagerDiscoveryClient.getInstance().watchKeyManagers();
        }
    }

    public void populateKMIssuerConfiguration(List<KeyManagerConfig> list) {
        updateIssuerMap(getAllKmIssuers(list));
    }

    public Map<String, ExtendedTokenIssuerDto> getAllKmIssuers(List<KeyManagerConfig> list) {
        HashMap hashMap = new HashMap();
        for (KeyManagerConfig keyManagerConfig : list) {
            JSONObject jSONObject = new JSONObject(keyManagerConfig.getConfiguration());
            HashMap hashMap2 = new HashMap();
            Iterator<String> keys = jSONObject.keys();
            while (keys.hasNext()) {
                String next = keys.next();
                hashMap2.put(next, jSONObject.get(next));
            }
            if (keyManagerConfig.getEnabled()) {
                addKMTokenIssuers(keyManagerConfig.getName(), hashMap2, hashMap);
            }
        }
        return hashMap;
    }

    public void addKMTokenIssuers(String str, Map<String, Object> map, Map<String, ExtendedTokenIssuerDto> map2) {
        Object obj;
        Object obj2 = map.get(APIConstants.KeyManager.SELF_VALIDATE_JWT);
        if (obj2 == null || !((Boolean) obj2).booleanValue() || (obj = map.get(APIConstants.KeyManager.ISSUER)) == null) {
            return;
        }
        ExtendedTokenIssuerDto extendedTokenIssuerDto = new ExtendedTokenIssuerDto((String) obj);
        extendedTokenIssuerDto.setName(str);
        extendedTokenIssuerDto.setValidateSubscriptions(true);
        Object obj3 = map.get(APIConstants.KeyManager.CLAIM_MAPPING);
        if (obj3 instanceof JSONArray) {
            extendedTokenIssuerDto.addClaimMappings((ClaimMappingDto[]) new Gson().fromJson(obj3.toString(), ClaimMappingDto[].class));
        }
        Object obj4 = map.get(APIConstants.KeyManager.CONSUMER_KEY_CLAIM);
        if ((obj4 instanceof String) && StringUtils.isNotEmpty((String) obj4)) {
            extendedTokenIssuerDto.setConsumerKeyClaim((String) obj4);
        }
        Object obj5 = map.get(APIConstants.KeyManager.SCOPES_CLAIM);
        if ((obj5 instanceof String) && StringUtils.isNotEmpty((String) obj5)) {
            extendedTokenIssuerDto.setScopesClaim((String) obj5);
        }
        Object obj6 = map.get(APIConstants.KeyManager.JWKS_ENDPOINT);
        if (obj6 != null && StringUtils.isNotEmpty((String) obj6)) {
            JWKSConfigurationDTO jWKSConfigurationDTO = new JWKSConfigurationDTO();
            jWKSConfigurationDTO.setEnabled(true);
            jWKSConfigurationDTO.setUrl((String) obj6);
            extendedTokenIssuerDto.setJwksConfigurationDTO(jWKSConfigurationDTO);
        }
        Object obj7 = map.get(APIConstants.KeyManager.CERTIFICATE_TYPE);
        Object obj8 = map.get(APIConstants.KeyManager.CERTIFICATE_VALUE);
        if (obj7 != null && StringUtils.isNotEmpty((String) obj7) && obj8 != null && StringUtils.isNotEmpty((String) obj8)) {
            if (APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(obj7)) {
                JWKSConfigurationDTO jWKSConfigurationDTO2 = new JWKSConfigurationDTO();
                jWKSConfigurationDTO2.setEnabled(true);
                jWKSConfigurationDTO2.setUrl((String) obj8);
                extendedTokenIssuerDto.setJwksConfigurationDTO(jWKSConfigurationDTO2);
            } else {
                try {
                    extendedTokenIssuerDto.setCertificate(TLSUtils.convertCertificate(CertificateFactory.getInstance(X509).generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(obj8.toString())))));
                } catch (CertificateException e) {
                    logger.error("Error reading the certificate for issuer " + obj + ". Error cause: " + e.getMessage());
                }
            }
        }
        map2.put(extendedTokenIssuerDto.getIssuer(), extendedTokenIssuerDto);
    }

    public void updateIssuerMap(Map<String, ExtendedTokenIssuerDto> map) {
        Iterator<ExtendedTokenIssuerDto> it = ConfigHolder.getInstance().getConfigIssuerList().iterator();
        while (it.hasNext()) {
            ExtendedTokenIssuerDto next = it.next();
            if (map.containsKey(next.getIssuer())) {
                logger.warn("token issuer " + next.getIssuer() + " already exists in config map. Existing configurations will be replaced by external KeyManager configurations");
            } else {
                map.put(next.getIssuer(), next);
            }
        }
        this.tokenIssuerMap.clear();
        this.tokenIssuerMap.putAll(map);
    }
}
