package org.wso2.carbon.identity.provider.cards;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import org.apache.axiom.om.util.Base64;
import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.IdentityClaimManager;
import org.wso2.carbon.identity.core.IdentityUserStore;
import org.wso2.carbon.identity.core.model.InfoCardDO;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.provider.IdentityProviderException;
import org.wso2.carbon.identity.provider.IdentityProviderService;
import org.wso2.carbon.identity.provider.cards.model.CardImage;
import org.wso2.carbon.identity.provider.cards.model.CardModelException;
import org.wso2.carbon.identity.provider.cards.model.Identity;
import org.wso2.carbon.identity.provider.cards.model.InformationCard;
import org.wso2.carbon.identity.provider.cards.model.InformationCardReference;
import org.wso2.carbon.identity.provider.cards.model.Metadata;
import org.wso2.carbon.identity.provider.cards.model.RequireAppliesTo;
import org.wso2.carbon.identity.provider.cards.model.SelfIssuedCredential;
import org.wso2.carbon.identity.provider.cards.model.SupportedClaimType;
import org.wso2.carbon.identity.provider.cards.model.SupportedClaimTypeList;
import org.wso2.carbon.identity.provider.cards.model.TokenService;
import org.wso2.carbon.identity.provider.cards.model.TokenServiceList;
import org.wso2.carbon.identity.provider.cards.model.UserCredential;
import org.wso2.carbon.identity.provider.cards.model.UsernamePasswordCredential;
import org.wso2.carbon.identity.provider.cards.model.X509V3Credential;
import org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent;
import org.wso2.carbon.user.core.Claim;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/identity/provider/cards/CardIssuer.class */
public class CardIssuer {
    private boolean isOpenIdInfoCard = false;
    private boolean isCardLogDebug;
    private static Log log = LogFactory.getLog(CardIssuer.class);
    private static Log cardIssuerLog = LogFactory.getLog("org.wso2.solutions.identity.card");
    private static CardIssuerConfig issuerConfig = null;

    public CardIssuer() throws IdentityProviderException {
        this.isCardLogDebug = false;
        issuerConfig = CardIssuerConfig.getInstance();
        this.isCardLogDebug = cardIssuerLog.isDebugEnabled();
    }

    public Element issueCardForUsername(String str, boolean z) throws IdentityProviderException {
        if (this.isCardLogDebug) {
            cardIssuerLog.debug("Issuing card for username/password credentials");
        }
        UsernamePasswordCredential usernamePasswordCredential = new UsernamePasswordCredential();
        usernamePasswordCredential.setUsername(str);
        return issueCard(new UserCredential(usernamePasswordCredential), z, str);
    }

    public Element issueCardForSelfIssuedCard(String str, boolean z) throws IdentityProviderException {
        if (this.isCardLogDebug) {
            cardIssuerLog.debug("");
        }
        SelfIssuedCredential selfIssuedCredential = new SelfIssuedCredential(str);
        try {
            String extractPrimaryUserName = new IdentityProviderService().extractPrimaryUserName(str);
            UserCredential userCredential = new UserCredential(selfIssuedCredential);
            return extractPrimaryUserName == null ? issueCard(userCredential, z, str) : issueCard(userCredential, z, extractPrimaryUserName);
        } catch (Exception e) {
            throw new IdentityProviderException(e.getMessage(), e);
        }
    }

    public Element issueCardForX509V3Certificate(String str, String str2, boolean z) throws IdentityProviderException {
        if (this.isCardLogDebug) {
            cardIssuerLog.debug("");
        }
        X509V3Credential x509V3Credential = new X509V3Credential();
        x509V3Credential.setBase64EncodedThumbprintValue("NQM0IBvuplAtETQvk+6gn8C13wE=");
        return issueCard(new UserCredential(x509V3Credential), z, str);
    }

    private Element issueCard(UserCredential userCredential, boolean z, String str) throws IdentityProviderException {
        ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
        try {
            FileInputStream fileInputStream = new FileInputStream(serverConfiguration.getFirstProperty("Security.KeyStore.Location"));
            KeyStore keyStore = KeyStore.getInstance(serverConfiguration.getFirstProperty("Security.KeyStore.Type"));
            keyStore.load(fileInputStream, serverConfiguration.getFirstProperty("Security.KeyStore.Password").toCharArray());
            Generator generator = new Generator();
            generator.setSignatureAlgorithm(issuerConfig.getSigAlgo());
            String firstProperty = serverConfiguration.getFirstProperty("Security.KeyStore.KeyAlias");
            generator.setCertChain(keyStore.getCertificateChain(firstProperty));
            generator.setPrivateKey((PrivateKey) keyStore.getKey(firstProperty, serverConfiguration.getFirstProperty("Security.KeyStore.KeyPassword").toCharArray()));
            Identity identity = new Identity();
            identity.setCertificate((X509Certificate) keyStore.getCertificate(firstProperty));
            InformationCard infoCard = getInfoCard(userCredential, identity, z, str);
            if (this.isCardLogDebug) {
                cardIssuerLog.debug("");
            }
            storeCard(infoCard, str);
            Element signCard = generator.signCard(infoCard);
            if (this.isCardLogDebug) {
                cardIssuerLog.debug("");
            }
            infoCard.getInformationCardReference().getCardId();
            return signCard;
        } catch (CardModelException e) {
            throw new IdentityProviderException("cardModelError", e);
        } catch (Exception e2) {
            throw new IdentityProviderException("", e2);
        }
    }

    private InformationCard getInfoCard(UserCredential userCredential, Identity identity, boolean z, String str) throws CardModelException, IdentityProviderException, IdentityException {
        InformationCard informationCard = new InformationCard();
        issuerConfig.init();
        informationCard.setInformationCardReference(new InformationCardReference("http://identity.wso2.org/" + UUIDGenerator.getUUID(), 1));
        informationCard.setIssuer(issuerConfig.getIssuer());
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        Date date = new Date(time.getTime() + (issuerConfig.getValidPeriod() * 1000 * 60 * 60 * 24));
        if (log.isDebugEnabled()) {
            new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            log.info("");
        }
        informationCard.setTimeIssued(time);
        informationCard.setTimeExpires(date);
        if (this.isOpenIdInfoCard) {
            informationCard.setCardName("WSO2 OpenID Information Card");
        } else {
            informationCard.setCardName(issuerConfig.getCardName());
        }
        informationCard.setCardImage(new CardImage("image/jpeg", Base64.encode(getCardImageBytes())));
        String serverURL = getServerURL(ServerConfiguration.getInstance().getFirstProperty("ServerURL"), ((HttpServletRequest) MessageContext.getCurrentMessageContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getContextPath());
        String str2 = serverURL;
        String str3 = serverURL;
        if (issuerConfig.isUseSymmetricBinding()) {
            if (userCredential.getCredential() instanceof UsernamePasswordCredential) {
                str2 = str2 + "sts-ut-symm";
                str3 = str3 + "mex-ut-symm/get";
            } else if (userCredential.getCredential() instanceof SelfIssuedCredential) {
                str2 = str2 + "sts-ic-symm";
                str3 = str3 + "mex-ic-symm/get";
            }
        } else if (userCredential.getCredential() instanceof UsernamePasswordCredential) {
            if (this.isOpenIdInfoCard) {
                str2 = str2 + "sts-openid-ut.sts-openid-utHttpsSoap12Endpoint/";
                str3 = str3 + "mex-openid-ut/get";
            } else {
                str2 = str2 + "sts-ut.sts-utHttpsSoap12Endpoint/";
                str3 = str3 + "mex-ut/get";
            }
        } else if (userCredential.getCredential() instanceof SelfIssuedCredential) {
            if (this.isOpenIdInfoCard) {
                str2 = str2 + "sts-openid-ic.sts-openid-icHttpsSoap12Endpoint/";
                str3 = str3 + "mex-openid-ic/get";
            } else {
                str2 = str2 + "sts-ic.sts-icHttpsSoap12Endpoint/";
                str3 = str3 + "mex-ic/get";
            }
        }
        EndpointReference endpointReference = new EndpointReference(str2);
        Metadata metadata = new Metadata(str3);
        endpointReference.addExtensibleElement(identity.serialize());
        endpointReference.addMetaData(metadata.serialize());
        TokenService tokenService = new TokenService(endpointReference, userCredential);
        TokenServiceList tokenServiceList = new TokenServiceList();
        tokenServiceList.addTokenService(tokenService);
        informationCard.setTokenServiceList(tokenServiceList);
        informationCard.setSupportedTokenTypeList(issuerConfig.getTokenTypeList());
        try {
            IdentityClaimManager identityClaimManager = IdentityClaimManager.getInstance();
            SupportedClaimTypeList supportedClaimTypeList = new SupportedClaimTypeList();
            Claim[] allSupportedClaims = this.isOpenIdInfoCard ? identityClaimManager.getAllSupportedClaims("http://axschema.org", str) : identityClaimManager.getAllSupportedClaims("http://schemas.xmlsoap.org/ws/2005/05/identity", str);
            for (int i = 0; i < allSupportedClaims.length; i++) {
                if (allSupportedClaims[i].isSupportedByDefault() && isValidClaim(str, allSupportedClaims[i])) {
                    SupportedClaimType supportedClaimType = new SupportedClaimType(allSupportedClaims[i].getClaimUri());
                    supportedClaimType.setDisplayTag(allSupportedClaims[i].getDisplayTag());
                    supportedClaimType.setDescription(allSupportedClaims[i].getDescription());
                    supportedClaimTypeList.addSupportedClaimType(supportedClaimType);
                }
            }
            if (this.isOpenIdInfoCard) {
                SupportedClaimType supportedClaimType2 = new SupportedClaimType("http://schema.openid.net/2007/05/claims/identifier");
                supportedClaimType2.setDisplayTag("OpenID");
                supportedClaimType2.setDescription("OpenID");
                supportedClaimTypeList.addSupportedClaimType(supportedClaimType2);
            }
            informationCard.setSupportedClaimTypeList(supportedClaimTypeList);
            RequireAppliesTo requireAppliesTo = new RequireAppliesTo();
            if (z) {
                informationCard.setRequireAppliesTo(requireAppliesTo);
            } else {
                requireAppliesTo.setOptional(true);
                informationCard.setRequireAppliesTo(requireAppliesTo);
            }
            return informationCard;
        } catch (IdentityException e) {
            throw new IdentityProviderException(e.getMessage(), e);
        }
    }

    private byte[] getCardImageBytes() throws CardModelException {
        try {
            FileInputStream fileInputStream = new FileInputStream(System.getProperty("carbon.home") + "/conf/card.jpg");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (fileInputStream.available() > 0) {
                byteArrayOutputStream.write(bArr, 0, fileInputStream.read(bArr));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new CardModelException(e.getMessage(), e);
        }
    }

    private void storeCard(InformationCard informationCard, String str) throws IdentityProviderException {
        try {
            IdentityPersistenceManager persistanceManager = IdentityPersistenceManager.getPersistanceManager(IdentityUtil.getRegistry());
            InfoCardDO infoCardDO = new InfoCardDO();
            infoCardDO.setCardId(informationCard.getInformationCardReference().getCardId());
            infoCardDO.setDateIssued(informationCard.getTimeIssued());
            infoCardDO.setUserId(str);
            infoCardDO.setDateExpires(informationCard.getTimeExpires());
            infoCardDO.setOpenIDInfoCard(this.isOpenIdInfoCard);
            try {
                infoCardDO.setInfoCard(informationCard.serialize());
                try {
                    persistanceManager.createInfoCard(infoCardDO);
                    log.info("Information card details stored for card id : " + informationCard.getInformationCardReference().getCardId());
                } catch (IdentityException e) {
                    throw new IdentityProviderException(e.getMessage(), e);
                }
            } catch (CardModelException e2) {
                throw new IdentityProviderException(e2.getMessage(), e2);
            }
        } catch (IdentityException e3) {
            throw new IdentityProviderException(e3.getMessage(), e3);
        }
    }

    private boolean isValidClaim(String str, Claim claim) throws IdentityProviderException {
        if ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier".equals(claim.getClaimUri())) {
            claim.setDisplayTag(IdentityConstants.PPID_DISPLAY_VALUE);
            return true;
        }
        try {
            return IdentityUserStore.getInstance().getClaimValue(str, (String) null, claim.getClaimUri()) != null;
        } catch (IdentityException e) {
            throw new IdentityProviderException(e.getMessage(), e);
        }
    }

    public void setIsOpenIdInfoCard(boolean z) {
        this.isOpenIdInfoCard = z;
    }

    private static String getServerURL(String str, String str2) {
        if (str.indexOf("${carbon.https.port}") != -1) {
            str = str.replace("${carbon.https.port}", CarbonUtils.getTransportPort(IdentityProviderServiceComponent.getConfigContext(), "https") + "");
        }
        if (str.indexOf("${carbon.context}") != -1) {
            if ("/".equals(str2)) {
                str2 = "";
            }
            str = str.replace("${carbon.context}", str2);
        }
        return str;
    }
}
