package org.wso2.carbon.identity.oidc.session.util;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.interfaces.RSAPrivateKey;
import java.text.ParseException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.SameSiteCookie;
import org.wso2.carbon.core.ServletCookie;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oidc.session.DefaultOIDCSessionStateManager;
import org.wso2.carbon.identity.oidc.session.OIDCSessionConstants;
import org.wso2.carbon.identity.oidc.session.OIDCSessionManager;
import org.wso2.carbon.identity.oidc.session.OIDCSessionStateManager;
import org.wso2.carbon.identity.oidc.session.config.OIDCSessionManagementConfiguration;

/* loaded from: input_file:org/wso2/carbon/identity/oidc/session/util/OIDCSessionManagementUtil.class */
public class OIDCSessionManagementUtil {
    private static final String RANDOM_ALG_SHA1 = "SHA1PRNG";
    private static final String DIGEST_ALG_SHA256 = "SHA-256";
    private static final String OIDC_SESSION_STATE_MANAGER_CONFIG = "OAuth.OIDCSessionStateManager";
    private static OIDCSessionStateManager oidcSessionStateManager;
    private static final OIDCSessionManager sessionManager = new OIDCSessionManager();
    private static final Log log = LogFactory.getLog(OIDCSessionManagementUtil.class);

    private OIDCSessionManagementUtil() {
    }

    public static OIDCSessionManager getSessionManager() {
        return sessionManager;
    }

    public static String getSessionStateParam(String str, String str2, String str3) {
        return getOIDCessionStateManager().getSessionStateParam(str, str2, str3);
    }

    public static String addSessionStateToURL(String str, String str2, String str3) {
        return (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) ? (OAuth2Util.isImplicitResponseType(str3) || OAuth2Util.isHybridResponseType(str3)) ? str.indexOf(35) > 0 ? str + "&" + OIDCSessionConstants.OIDC_SESSION_STATE_PARAM + "=" + str2 : str + "#" + OIDCSessionConstants.OIDC_SESSION_STATE_PARAM + "=" + str2 : str.indexOf(63) > 0 ? str + "&" + OIDCSessionConstants.OIDC_SESSION_STATE_PARAM + "=" + str2 : str + "?" + OIDCSessionConstants.OIDC_SESSION_STATE_PARAM + "=" + str2 : str;
    }

    public static String addSessionStateToURL(String str, String str2, String str3, Cookie cookie, String str4) {
        return addSessionStateToURL(str, getSessionStateParam(str2, str3, cookie == null ? null : cookie.getValue()), str4);
    }

    public static Cookie getOPBrowserStateCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie != null && cookie.getName().equals(OIDCSessionConstants.OPBS_COOKIE_ID)) {
                return cookie;
            }
        }
        return null;
    }

    public static Cookie addOPBrowserStateCookie(HttpServletResponse httpServletResponse) {
        return getOIDCessionStateManager().addOPBrowserStateCookie(httpServletResponse);
    }

    public static Cookie removeOPBrowserStateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(OIDCSessionConstants.OPBS_COOKIE_ID)) {
                ServletCookie servletCookie = new ServletCookie(cookie.getName(), cookie.getValue());
                servletCookie.setMaxAge(0);
                servletCookie.setSecure(true);
                servletCookie.setPath("/");
                servletCookie.setSameSite(SameSiteCookie.NONE);
                httpServletResponse.addCookie(servletCookie);
                return cookie;
            }
        }
        return null;
    }

    public static String getOrigin(String str) {
        try {
            URI uri = new URI(str);
            return uri.getScheme() + "://" + uri.getAuthority();
        } catch (URISyntaxException e) {
            log.error("Error while parsing URL origin of " + str + ". URL seems to be malformed.");
            return null;
        }
    }

    public static String getOIDCLogoutConsentURL() {
        return OAuth2Util.buildServiceUrl("/authenticationendpoint/oauth2_logout_consent.do", OIDCSessionManagementConfiguration.getInstance().getOIDCLogoutConsentPageUrl());
    }

    public static String getOIDCLogoutURL() {
        return OAuth2Util.buildServiceUrl("/authenticationendpoint/oauth2_logout.do", OIDCSessionManagementConfiguration.getInstance().getOIDCLogoutPageUrl());
    }

    public static String getErrorPageURL(String str, String str2) {
        String oAuth2ErrorPageUrl = OAuth2Util.OAuthURL.getOAuth2ErrorPageUrl();
        try {
            oAuth2ErrorPageUrl = oAuth2ErrorPageUrl + "?oauthErrorCode=" + URLEncoder.encode(str, "UTF-8") + "&oauthErrorMsg=" + URLEncoder.encode(str2, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while encoding the error page url", e);
            }
        }
        return oAuth2ErrorPageUrl;
    }

    public static boolean getOpenIDConnectSkipeUserConsent() {
        return OAuthServerConfiguration.getInstance().getOpenIDConnectSkipeUserConsentConfig();
    }

    public static OIDCSessionStateManager getOIDCessionStateManager() {
        if (oidcSessionStateManager == null) {
            synchronized (OIDCSessionManagementUtil.class) {
                if (oidcSessionStateManager == null) {
                    initOIDCSessionStateManager();
                }
            }
        }
        return oidcSessionStateManager;
    }

    private static void initOIDCSessionStateManager() {
        String property = IdentityUtil.getProperty(OIDC_SESSION_STATE_MANAGER_CONFIG);
        if (!StringUtils.isNotBlank(property)) {
            oidcSessionStateManager = new DefaultOIDCSessionStateManager();
            return;
        }
        try {
            oidcSessionStateManager = (OIDCSessionStateManager) Thread.currentThread().getContextClassLoader().loadClass(property).newInstance();
            if (log.isDebugEnabled()) {
                log.debug("An instance of " + property + " is created for OIDCSessionManagementUtil.");
            }
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            log.error("Error when instantiating the OIDCSessionStateManager : " + property + ". Defaulting to DefaultOIDCSessionStateManager", e);
            oidcSessionStateManager = new DefaultOIDCSessionStateManager();
        }
    }

    public static boolean handleAlreadyLoggedOutSessionsGracefully() {
        return OIDCSessionManagementConfiguration.getInstance().handleAlreadyLoggedOutSessionsGracefully();
    }

    public static JWT decryptWithRSA(String str, String str2) throws IdentityOAuth2Exception {
        RSAPrivateKey rSAPrivateKey;
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(IdentityTenantUtil.getTenantId(str));
        try {
            if (str.equals("carbon.super")) {
                rSAPrivateKey = (RSAPrivateKey) keyStoreManager.getDefaultPrivateKey();
            } else {
                rSAPrivateKey = (RSAPrivateKey) keyStoreManager.getPrivateKey(str.trim().replace(".", "-") + ".jks", str);
            }
            EncryptedJWT parse = EncryptedJWT.parse(str2);
            parse.decrypt(new RSADecrypter(rSAPrivateKey));
            return parse;
        } catch (ParseException | JOSEException e) {
            throw new IdentityOAuth2Exception("Error occurred while decrypting the JWE.", e);
        } catch (Exception e2) {
            throw new IdentityOAuth2Exception("Error occurred while retrieving private key for decryption.", e2);
        }
    }

    public static String extractClientIDFromDecryptedIDToken(JWT jwt) throws ParseException {
        String str = (String) jwt.getJWTClaimsSet().getClaims().get(OIDCSessionConstants.OIDC_ID_TOKEN_AZP_CLAIM);
        if (StringUtils.isBlank(str)) {
            str = (String) jwt.getJWTClaimsSet().getAudience().get(0);
            log.info("Provided ID Token does not contain azp claim with client ID. Hence client ID is extracted from the aud claim in the ID Token.");
        }
        return str;
    }

    public static boolean isIDTokenEncrypted(String str) {
        return StringUtils.countMatches(str, ".") == 4;
    }
}
