package org.wso2.carbon.identity.auth.service.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler;
import org.wso2.carbon.identity.auth.service.internal.AuthenticationServiceHolder;
import org.wso2.carbon.identity.auth.service.module.ResourceConfig;
import org.wso2.carbon.identity.auth.service.module.ResourceConfigKey;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;

/* loaded from: input_file:org/wso2/carbon/identity/auth/service/util/AuthConfigurationUtil.class */
public class AuthConfigurationUtil {
    private static final String SECRET_ALIAS = "secretAlias";
    private static final String SECRET_ALIAS_NAMESPACE_URI = "http://org.wso2.securevault/configuration";
    private static final String SECRET_ALIAS_PREFIX = "svns";
    private String defaultAccess;
    private static AuthConfigurationUtil authConfigurationUtil = new AuthConfigurationUtil();
    private static final Log log = LogFactory.getLog(AuthConfigurationUtil.class);
    private Map<ResourceConfigKey, ResourceConfig> resourceConfigMap = new LinkedHashMap();
    private Map<String, String> applicationConfigMap = new HashMap();
    private List<String> intermediateCertCNList = new ArrayList();
    private List<String> exemptedContextList = new ArrayList();
    private boolean isIntermediateCertValidationEnabled = false;
    private boolean isScopeValidationEnabled = true;

    private AuthConfigurationUtil() {
    }

    public static AuthConfigurationUtil getInstance() {
        return authConfigurationUtil;
    }

    public ResourceConfig getSecuredConfig(ResourceConfigKey resourceConfigKey) {
        ResourceConfig resourceConfig = null;
        Iterator<Map.Entry<ResourceConfigKey, ResourceConfig>> it = this.resourceConfigMap.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<ResourceConfigKey, ResourceConfig> next = it.next();
            if (next.getKey().equals(resourceConfigKey)) {
                resourceConfig = next.getValue();
                break;
            }
        }
        return resourceConfig;
    }

    public void buildResourceAccessControlData() {
        OMElement configElement = IdentityConfigParser.getInstance().getConfigElement(Constants.RESOURCE_ACCESS_CONTROL_ELE);
        if (configElement != null) {
            this.defaultAccess = configElement.getAttributeValue(new QName(Constants.RESOURCE_DEFAULT_ACCESS));
            this.isScopeValidationEnabled = !Boolean.parseBoolean(configElement.getAttributeValue(new QName(Constants.RESOURCE_DISABLE_SCOPE_VALIDATION)));
            Iterator childrenWithName = configElement.getChildrenWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.RESOURCE_ELE));
            if (childrenWithName != null) {
                while (childrenWithName.hasNext()) {
                    OMElement oMElement = (OMElement) childrenWithName.next();
                    ResourceConfig resourceConfig = new ResourceConfig();
                    String attributeValue = oMElement.getAttributeValue(new QName(Constants.RESOURCE_HTTP_METHOD_ATTR));
                    String attributeValue2 = oMElement.getAttributeValue(new QName(Constants.RESOURCE_CONTEXT_ATTR));
                    String attributeValue3 = oMElement.getAttributeValue(new QName(Constants.RESOURCE_SECURED_ATTR));
                    String attributeValue4 = oMElement.getAttributeValue(new QName(Constants.RESOURCE_CROSS_TENANT_ATTR));
                    String attributeValue5 = oMElement.getAttributeValue(new QName(Constants.RESOURCE_ALLOWED_AUTH_HANDLERS));
                    StringBuilder sb = new StringBuilder();
                    Iterator childrenWithName2 = oMElement.getChildrenWithName(new QName(Constants.RESOURCE_PERMISSION_ELE));
                    if (childrenWithName2 != null) {
                        while (childrenWithName2.hasNext()) {
                            String text = ((OMElement) childrenWithName2.next()).getText();
                            if (StringUtils.isNotEmpty(sb.toString()) && StringUtils.isNotEmpty(text)) {
                                sb.append(",");
                            }
                            if (StringUtils.isNotEmpty(text)) {
                                sb.append(text);
                            }
                        }
                    }
                    ArrayList arrayList = new ArrayList();
                    Iterator childrenWithName3 = oMElement.getChildrenWithName(new QName(Constants.RESOURCE_SCOPE_ELE));
                    if (childrenWithName3 != null) {
                        while (childrenWithName3.hasNext()) {
                            arrayList.add(((OMElement) childrenWithName3.next()).getText());
                        }
                    }
                    resourceConfig.setContext(attributeValue2);
                    resourceConfig.setHttpMethod(attributeValue);
                    if (StringUtils.isNotEmpty(attributeValue3) && (Boolean.TRUE.toString().equals(attributeValue3) || Boolean.FALSE.toString().equals(attributeValue3))) {
                        resourceConfig.setIsSecured(Boolean.parseBoolean(attributeValue3));
                    }
                    String attributeValue6 = oMElement.getAttributeValue(new QName(Constants.RESOURCE_CROSS_ACCESS_ALLOWED_TENANTS));
                    if (StringUtils.isNotEmpty(attributeValue4) && (Boolean.TRUE.toString().equals(attributeValue4) || Boolean.FALSE.toString().equals(attributeValue4))) {
                        resourceConfig.setIsCrossTenantAllowed(Boolean.parseBoolean(attributeValue4));
                        if (resourceConfig.isCrossTenantAllowed() && StringUtils.isNotEmpty(attributeValue6)) {
                            resourceConfig.setCrossAccessAllowedTenants(buildCrossAccessAllowedTenants(attributeValue6));
                        }
                    }
                    if (StringUtils.isBlank(attributeValue5)) {
                        attributeValue5 = Constants.RESOURCE_ALLOWED_AUTH_HANDLERS_ALL;
                    }
                    resourceConfig.setAllowedAuthHandlers(attributeValue5);
                    resourceConfig.setPermissions(sb.toString());
                    resourceConfig.setScopes(arrayList);
                    ResourceConfigKey resourceConfigKey = new ResourceConfigKey(attributeValue2, attributeValue);
                    if (!this.resourceConfigMap.containsKey(resourceConfigKey)) {
                        this.resourceConfigMap.put(resourceConfigKey, resourceConfig);
                    }
                }
            }
        }
    }

    public List<String> buildAllowedAuthenticationHandlers(String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.equals(str, Constants.RESOURCE_ALLOWED_AUTH_HANDLERS_ALL)) {
            Iterator<AuthenticationHandler> it = AuthenticationServiceHolder.getInstance().getAuthenticationHandlers().iterator();
            while (it.hasNext()) {
                String name = it.next().getName();
                if (!Constants.BASIC_CLIENT_AUTH_HANDLER.equals(name)) {
                    arrayList.add(name);
                }
            }
        } else {
            arrayList.addAll(Arrays.asList(str.split("\\s*,\\s*")));
        }
        return arrayList;
    }

    public void buildClientAuthenticationHandlerControlData() {
        Iterator childrenWithName;
        OMElement configElement = IdentityConfigParser.getInstance().getConfigElement(Constants.CLIENT_APP_AUTHENTICATION_ELE);
        if (configElement == null || (childrenWithName = configElement.getChildrenWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.APPLICATION_ELE))) == null) {
            return;
        }
        while (childrenWithName.hasNext()) {
            OMElement oMElement = (OMElement) childrenWithName.next();
            SecretResolver create = SecretResolverFactory.create(oMElement, true);
            String attributeValue = oMElement.getAttributeValue(new QName(Constants.APPLICATION_NAME_ATTR));
            String attributeValue2 = oMElement.getAttributeValue(new QName(Constants.APPLICATION_HASH_ATTR));
            String attributeValue3 = oMElement.getAttributeValue(new QName(SECRET_ALIAS_NAMESPACE_URI, SECRET_ALIAS, SECRET_ALIAS_PREFIX));
            this.applicationConfigMap.put(attributeValue, StringUtils.isNotBlank(attributeValue3) ? MiscellaneousUtil.resolve(attributeValue3, create) : MiscellaneousUtil.resolve(attributeValue2, create));
        }
    }

    public void buildIntermediateCertValidationConfigData() {
        OMElement configElement = IdentityConfigParser.getInstance().getConfigElement(Constants.INTERMEDIATE_CERT_VALIDATION_ELE);
        if (configElement != null) {
            this.isIntermediateCertValidationEnabled = Boolean.parseBoolean(configElement.getAttributeValue(new QName(Constants.CERT_AUTHENTICATION_ENABLE_ATTR)));
            if (this.isIntermediateCertValidationEnabled) {
                Iterator childrenWithName = configElement.getFirstChildWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.INTERMEDIATE_CERTS_ELE)).getChildrenWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.CERT_CN_ELE));
                if (childrenWithName != null) {
                    while (childrenWithName.hasNext()) {
                        this.intermediateCertCNList.add(((OMElement) childrenWithName.next()).getText());
                    }
                }
                Iterator childrenWithName2 = configElement.getFirstChildWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.EXEMPT_CONTEXT_ELE)).getChildrenWithName(new QName("http://wso2.org/projects/carbon/carbon.xml", Constants.CONTEXT_ELE));
                if (childrenWithName2 != null) {
                    while (childrenWithName2.hasNext()) {
                        this.exemptedContextList.add(((OMElement) childrenWithName2.next()).getText());
                    }
                }
            }
        }
    }

    private List<String> buildCrossAccessAllowedTenants(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(str.split("\\s*,\\s*")));
        return arrayList;
    }

    public String getClientAuthenticationHash(String str) {
        return this.applicationConfigMap.get(str);
    }

    public boolean isIntermediateCertValidationEnabled() {
        return this.isIntermediateCertValidationEnabled;
    }

    public List<String> getIntermediateCertCNList() {
        return this.intermediateCertCNList;
    }

    public List<String> getExemptedContextList() {
        return this.exemptedContextList;
    }

    public String getDefaultAccess() {
        return this.defaultAccess;
    }

    public boolean isScopeValidationEnabled() {
        if (log.isDebugEnabled()) {
            if (this.isScopeValidationEnabled) {
                log.debug("Scope validation for internal resources is enabled.");
            } else {
                log.debug("Scope validation for internal resources is disabled.");
            }
        }
        return this.isScopeValidationEnabled;
    }

    public static boolean isAuthHeaderMatch(MessageContext messageContext, String str) {
        if (!(messageContext instanceof AuthenticationContext)) {
            return false;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext;
        if (authenticationContext.getAuthenticationRequest() == null) {
            return false;
        }
        String header = authenticationContext.getAuthenticationRequest().getHeader("Authorization");
        if (StringUtils.isBlank(header)) {
            return false;
        }
        String[] split = header.split(" ");
        return split.length > 0 && StringUtils.isNotEmpty(split[0]) && str.equals(split[0]);
    }
}
