package org.wso2.analytics.apim.idp.client;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.gson.Gson;
import feign.Response;
import feign.gson.GsonDecoder;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.analytics.apim.idp.client.dao.OAuthAppDAO;
import org.wso2.analytics.apim.idp.client.dto.CustomUrlInfo;
import org.wso2.analytics.apim.idp.client.dto.DCRClientInfo;
import org.wso2.analytics.apim.idp.client.dto.DCRClientResponse;
import org.wso2.analytics.apim.idp.client.dto.DCRError;
import org.wso2.analytics.apim.idp.client.token.TokenData;
import org.wso2.analytics.apim.idp.client.token.TokenDataHolder;
import org.wso2.carbon.analytics.idp.client.core.exception.AuthenticationException;
import org.wso2.carbon.analytics.idp.client.core.exception.IdPClientException;
import org.wso2.carbon.analytics.idp.client.core.models.Role;
import org.wso2.carbon.analytics.idp.client.core.models.User;
import org.wso2.carbon.analytics.idp.client.external.ExternalIdPClient;
import org.wso2.carbon.analytics.idp.client.external.dto.OAuth2IntrospectionResponse;
import org.wso2.carbon.analytics.idp.client.external.dto.OAuth2TokenInfo;
import org.wso2.carbon.analytics.idp.client.external.impl.DCRMServiceStub;
import org.wso2.carbon.analytics.idp.client.external.impl.OAuth2ServiceStubs;
import org.wso2.carbon.analytics.idp.client.external.impl.SCIM2ServiceStub;
import org.wso2.carbon.analytics.idp.client.external.models.ExternalSession;
import org.wso2.carbon.analytics.idp.client.external.models.OAuthApplicationInfo;

/* loaded from: input_file:org/wso2/analytics/apim/idp/client/ApimIdPClient.class */
public class ApimIdPClient extends ExternalIdPClient {
    private static final Logger LOG = LoggerFactory.getLogger(ApimIdPClient.class);
    private static final Object OAuthAppCreationLock = new Object();
    private final String portalAppContext;
    private final String brAppContext;
    private Map<String, CustomUrlInfo> customUrlInfoMap;
    private DCRMServiceStub dcrmServiceStub;
    private OAuth2ServiceStubs oAuth2ServiceStubs;
    private String kmUserName;
    private String authorizeEndpoint;
    private String grantType;
    private String adminServiceUsername;
    private String baseUrl;
    private String adminScopeName;
    private String allScopes;
    private OAuthAppDAO oAuthAppDAO;
    private Cache<String, ExternalSession> tokenCache;
    private boolean isSSOEnabled;
    private String ssoLogoutURL;
    private boolean isHostnameVerifierEnabled;
    private ApimAdminApiClient apimAdminApiClient;
    private Map<String, OAuthApplicationInfo> oAuthAppInfoMap;

    public ApimIdPClient(String str, String str2, OAuthAppDAO oAuthAppDAO, String str3, String str4, String str5, String str6, Map<String, OAuthApplicationInfo> map, int i, String str7, DCRMServiceStub dCRMServiceStub, OAuth2ServiceStubs oAuth2ServiceStubs, boolean z, String str8, boolean z2, ApimAdminApiClient apimAdminApiClient, String str9, String str10) {
        super(str2, str3, str4, (String) null, str5, map, i, (org.wso2.carbon.analytics.idp.client.external.dao.OAuthAppDAO) null, dCRMServiceStub, oAuth2ServiceStubs, (SCIM2ServiceStub) null, (String) null, z, str8);
        this.customUrlInfoMap = new HashMap();
        this.adminServiceUsername = str;
        this.baseUrl = str2;
        this.authorizeEndpoint = str3;
        this.grantType = str4;
        this.oAuthAppInfoMap = map;
        this.adminScopeName = str5;
        this.allScopes = str6;
        this.kmUserName = str7;
        this.oAuthAppDAO = oAuthAppDAO;
        this.dcrmServiceStub = dCRMServiceStub;
        this.oAuth2ServiceStubs = oAuth2ServiceStubs;
        this.tokenCache = CacheBuilder.newBuilder().expireAfterWrite(i, TimeUnit.SECONDS).build();
        this.isSSOEnabled = z;
        this.ssoLogoutURL = str8;
        this.isHostnameVerifierEnabled = z2;
        this.apimAdminApiClient = apimAdminApiClient;
        this.portalAppContext = str9;
        this.brAppContext = str10;
    }

    public void init(String str, CustomUrlInfo customUrlInfo, String str2) throws IdPClientException {
        if (!this.isHostnameVerifierEnabled) {
            System.setProperty("httpclient.hostnameVerifier", "AllowAll");
        }
        this.oAuthAppDAO.init();
        if (!this.oAuthAppDAO.systemAppsTableExists()) {
            String str3 = "AM_SYSTEM_APPS does not exists in the " + this.oAuthAppDAO.getDatabaseName() + " database.";
            LOG.error(str3);
            throw new IdPClientException(str3);
        }
        String clientName = getClientName(str2);
        String str4 = ApimIdPClientConstants.SUPER_TENANT_DOMAIN;
        String str5 = str;
        boolean z = customUrlInfo.isEnabled() && clientName.equals(ApimIdPClientConstants.PORTAL_APP_NAME);
        if (z) {
            str4 = customUrlInfo.getTenantDomain();
            str5 = customUrlInfo.getTenantAdminUsername();
        }
        OAuthApplicationInfo oAuthApp = this.oAuthAppDAO.getOAuthApp(clientName, str4);
        if (oAuthApp != null) {
            if (z) {
                str2 = str2 + ApimIdPClientConstants.UNDERSCORE + customUrlInfo.getTenantDomain();
            }
            this.oAuthAppInfoMap.put(str2, oAuthApp);
            this.customUrlInfoMap.put(customUrlInfo.getTenantDomain(), customUrlInfo);
            return;
        }
        synchronized (OAuthAppCreationLock) {
            OAuthApplicationInfo oAuthApp2 = this.oAuthAppDAO.getOAuthApp(clientName, str4);
            if (LOG.isDebugEnabled()) {
                LOG.debug("System app not found in database for client name: " + clientName + " tenant : " + str4 + ". Hence creating service provider via DCR.");
            }
            if (oAuthApp2 == null) {
                registerApplication(str2, clientName, str5, customUrlInfo);
            }
        }
    }

    private String getClientName(String str) {
        return this.portalAppContext.equals(str) ? ApimIdPClientConstants.PORTAL_APP_NAME : this.brAppContext.equals(str) ? ApimIdPClientConstants.BR_DB_APP_NAME : "sp";
    }

    public List<Role> getAllRolesOfTenant(String str) throws IdPClientException {
        String extractTenantDomainFromUserName = extractTenantDomainFromUserName(str);
        String[] split = this.allScopes.split(ApimIdPClientConstants.SPACE);
        ArrayList arrayList = new ArrayList();
        for (String str2 : split) {
            if (!str2.equalsIgnoreCase(ApimIdPClientConstants.OPEN_ID_SCOPE) && !str2.equalsIgnoreCase(ApimIdPClientConstants.API_VIEW_SCOPE) && !str2.equalsIgnoreCase(ApimIdPClientConstants.SUBSCRIBE_SCOPE)) {
                arrayList.add(str2 + ApimIdPClientConstants.ANY_TENANT_DOMAIN_SCOPE_POSTFIX);
                arrayList.add(str2 + ApimIdPClientConstants.UNDERSCORE + extractTenantDomainFromUserName);
            }
        }
        return getRolesFromArray((String[]) arrayList.toArray(new String[0]));
    }

    public List<Role> getAllRoles() throws IdPClientException {
        return getAllRolesOfTenant(this.adminServiceUsername + ApimIdPClientConstants.AT + ApimIdPClientConstants.SUPER_TENANT_DOMAIN);
    }

    public Role getAdminRole() throws IdPClientException {
        if (this.adminScopeName != null) {
            return new Role(this.adminScopeName, this.adminScopeName);
        }
        LOG.error("Error occurred while getting the admin scope name.");
        throw new IdPClientException("Error occurred while getting the admin scope name.");
    }

    public User getUser(String str) throws IdPClientException {
        ArrayList<Role> rolesFromArray;
        String extractTenantDomainFromUserName = extractTenantDomainFromUserName(str);
        TokenData tokenData = TokenDataHolder.getInstance().getTokenMap().get(str);
        HashMap hashMap = new HashMap();
        if (tokenData == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Cannot find the token data for the user: " + str + " in the token data map. Hence, cannot retrieve user scopes. Empty array returned for roles.");
            }
            rolesFromArray = new ArrayList<>();
        } else {
            String[] split = tokenData.getScopes().split(ApimIdPClientConstants.SPACE);
            ArrayList arrayList = new ArrayList();
            for (String str2 : split) {
                if (!str2.equalsIgnoreCase(ApimIdPClientConstants.OPEN_ID_SCOPE) && !str2.equalsIgnoreCase(ApimIdPClientConstants.API_VIEW_SCOPE) && !str2.equalsIgnoreCase(ApimIdPClientConstants.SUBSCRIBE_SCOPE)) {
                    arrayList.add(str2 + ApimIdPClientConstants.ANY_TENANT_DOMAIN_SCOPE_POSTFIX);
                    arrayList.add(str2 + ApimIdPClientConstants.UNDERSCORE + extractTenantDomainFromUserName);
                }
            }
            rolesFromArray = getRolesFromArray((String[]) arrayList.toArray(new String[0]));
        }
        return new User(str, hashMap, rolesFromArray);
    }

    private String extractTenantDomainFromUserName(String str) throws IdPClientException {
        if (str == null || str.isEmpty()) {
            LOG.error("Username cannot be empty.");
            throw new IdPClientException("Username cannot be empty.");
        }
        String[] split = str.split(ApimIdPClientConstants.AT);
        String str2 = split[split.length - 1];
        if (str2 != null) {
            return str2;
        }
        String str3 = "Cannot get the tenant domain from the given username: " + str;
        LOG.error(str3);
        throw new IdPClientException(str3);
    }

    private ArrayList<Role> getRolesFromArray(String[] strArr) throws IdPClientException {
        if (strArr.length == 0) {
            LOG.error("Cannot get roles from the list as the scope list is empty.");
            throw new IdPClientException("Cannot get roles from the list as the scope list is empty.");
        }
        ArrayList<Role> arrayList = new ArrayList<>();
        for (String str : strArr) {
            arrayList.add(new Role(str, str));
        }
        return arrayList;
    }

    public Map<String, String> login(Map<String, String> map) throws IdPClientException {
        HashMap hashMap = new HashMap();
        CustomUrlInfo customUrlInfo = getCustomUrlInfo(map.getOrDefault("Domain", ApimIdPClientConstants.SUPER_TENANT_DOMAIN));
        if (customUrlInfo == null) {
            throw new IdPClientException("Unable to retrieve custom url info from APIM Admin API");
        }
        String orDefault = map.getOrDefault("Grant_Type", this.grantType);
        String str = map.get("App_Name");
        if (!"refresh_token".equals(orDefault)) {
            init(this.kmUserName, customUrlInfo, str);
        }
        if (!this.oAuthAppInfoMap.containsKey(str)) {
            str = "sp";
        }
        boolean z = customUrlInfo.isEnabled() && str.equals(this.portalAppContext);
        String str2 = this.baseUrl;
        String str3 = this.authorizeEndpoint;
        if (z) {
            str2 = customUrlInfo.getDevPortalUrlDTO().getUrl();
            str = str + ApimIdPClientConstants.UNDERSCORE + customUrlInfo.getTenantDomain();
            str3 = str2 + ApimIdPClientConstants.OAUTH2_POSTFIX + ApimIdPClientConstants.AUTHORIZE_POSTFIX;
        }
        String str4 = map.get("Username");
        if ("authorization_code".equals(orDefault)) {
            String str5 = map.get("Callback_Url");
            hashMap.put("Status", "redirection");
            hashMap.put(ApimIdPClientConstants.REDIRECT_URL, str3);
            hashMap.put("Callback_Url", str2 + ApimIdPClientConstants.CALLBACK_URL + str5 + ApimIdPClientConstants.CALLBACK_URL_SUFFIX);
            hashMap.put("Client_Id", this.oAuthAppInfoMap.get(str).getClientId());
            hashMap.put("Scope", this.allScopes);
            return hashMap;
        }
        Response generateRefreshGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateRefreshGrantAccessToken(map.get("Refresh_Token"), (String) null, this.oAuthAppInfoMap.get(str).getClientId(), this.oAuthAppInfoMap.get(str).getClientSecret());
        if (generateRefreshGrantAccessToken == null) {
            String str6 = "Error occurred while generating an access token for grant type '" + removeCRLFCharacters(orDefault) + "'. Response is null.";
            LOG.error(str6);
            throw new IdPClientException(str6);
        }
        if (generateRefreshGrantAccessToken.status() != 200) {
            if (generateRefreshGrantAccessToken.status() != 401) {
                String str7 = "Token generation request failed. HTTP error code: '" + generateRefreshGrantAccessToken.status() + "'. Error Response: '" + generateRefreshGrantAccessToken.body().toString() + "'.";
                LOG.error(str7);
                throw new IdPClientException(str7);
            }
            String str8 = "Unable to get access token for the request with grant type : '" + orDefault + "', for the user '" + str4 + "'.";
            LOG.error(str8);
            hashMap.put("Status", "failure");
            hashMap.put("Error", "Invalid_Credentials");
            hashMap.put("Error_Description", str8);
            return hashMap;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("A new access token is successfully generated.");
        }
        try {
            OAuth2TokenInfo oAuth2TokenInfo = (OAuth2TokenInfo) new GsonDecoder().decode(generateRefreshGrantAccessToken, OAuth2TokenInfo.class);
            long currentTimeMillis = (System.currentTimeMillis() / 1000) + oAuth2TokenInfo.getExpiresIn();
            hashMap.put("Status", "success");
            hashMap.put("Access_Token", oAuth2TokenInfo.getAccessToken());
            hashMap.put("Refresh_Token", oAuth2TokenInfo.getRefreshToken());
            hashMap.put("Validity_Period", Long.toString(oAuth2TokenInfo.getExpiresIn()));
            if ("refresh_token".equals(orDefault)) {
                hashMap.put("ID_Token", oAuth2TokenInfo.getIdToken());
                Response introspectAccessToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectAccessToken(oAuth2TokenInfo.getAccessToken());
                if (introspectAccessToken.status() == 200) {
                    str4 = ((OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectAccessToken, OAuth2IntrospectionResponse.class)).getUsername();
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("Unable to get the username from introspection of the token '" + oAuth2TokenInfo.getAccessToken() + "'. Response : '" + introspectAccessToken.toString());
                }
            }
            hashMap.put("Username", str4);
            TokenDataHolder.getInstance().addTokenDataToMap(str4, new TokenData(oAuth2TokenInfo.getAccessToken(), oAuth2TokenInfo.getScope(), currentTimeMillis));
            this.tokenCache.put(oAuth2TokenInfo.getAccessToken(), new ExternalSession(str4, oAuth2TokenInfo.getAccessToken()));
            return hashMap;
        } catch (IOException e) {
            String str9 = "Error occurred while parsing token response for user. Response: '" + generateRefreshGrantAccessToken.body().toString() + "'.";
            LOG.error(str9, e);
            throw new IdPClientException(str9, e);
        }
    }

    public Map<String, String> logout(Map<String, String> map) throws IdPClientException {
        String username;
        String orDefault = map.getOrDefault("Domain", "");
        String str = map.get("Access_Token");
        String orDefault2 = map.getOrDefault("App_Name", "sp");
        if (!this.oAuthAppInfoMap.containsKey(orDefault2)) {
            orDefault2 = "sp";
        }
        ExternalSession externalSession = (ExternalSession) this.tokenCache.getIfPresent(str);
        if (externalSession == null) {
            try {
                username = getIntrospectResponse(str).getUsername();
            } catch (AuthenticationException e) {
                String str2 = "Error occurred while introspecting the token '" + str + "'. " + e.getMessage();
                LOG.error(str2, e);
                throw new IdPClientException(str2, e);
            }
        } else {
            username = externalSession.getUserName();
        }
        TokenDataHolder.getInstance().removeTokenDataFromMap(username);
        this.tokenCache.invalidate(str);
        CustomUrlInfo customUrlInfo = this.customUrlInfoMap.get(orDefault);
        String str3 = this.baseUrl;
        String str4 = this.ssoLogoutURL;
        boolean z = customUrlInfo != null && customUrlInfo.isEnabled() && orDefault2.equals(this.portalAppContext);
        String str5 = orDefault2;
        if (z) {
            orDefault2 = orDefault2 + ApimIdPClientConstants.UNDERSCORE + customUrlInfo.getTenantDomain();
            str3 = customUrlInfo.getDevPortalUrlDTO().getUrl();
            str4 = str3 + ApimIdPClientConstants.OIDC_LOGOUT_POSTFIX;
        }
        this.oAuth2ServiceStubs.getRevokeServiceStub().revokeAccessToken(str, this.oAuthAppInfoMap.get(orDefault2).getClientId(), this.oAuthAppInfoMap.get(orDefault2).getClientSecret());
        HashMap hashMap = new HashMap();
        String orDefault3 = map.getOrDefault("ID_Token", null);
        if (!this.isSSOEnabled || orDefault3 == null) {
            hashMap.put("returnLogoutProperties", "false");
        } else {
            String str6 = str3 + ApimIdPClientConstants.FORWARD_SLASH + str5;
            hashMap.put("returnLogoutProperties", "true");
            hashMap.put(ApimIdPClientConstants.EXTERNAL_SSO_LOGOUT_URL, str4.concat(ApimIdPClientConstants.SSO_LOGING_ID_TOKEN_TAIL).concat(orDefault3).concat(ApimIdPClientConstants.POST_LOGOUT_REDIRECT_URI_PHRASE).concat(str6));
        }
        return hashMap;
    }

    public Map<String, String> authCodeLogin(String str, String str2) throws IdPClientException {
        return authCodeLogin(str, str2, new HashMap());
    }

    public Map<String, String> authCodeLogin(String str, String str2, Map<String, String> map) throws IdPClientException {
        OAuthApplicationInfo oAuthApplicationInfo;
        String str3;
        HashMap hashMap = new HashMap();
        String str4 = str.split("/\\|?")[0];
        if (!this.oAuthAppInfoMap.containsKey(str4)) {
            str4 = "sp";
        }
        String orDefault = map.getOrDefault("Domain", ApimIdPClientConstants.SUPER_TENANT_DOMAIN);
        CustomUrlInfo customUrlInfo = this.customUrlInfoMap.get(orDefault);
        if (customUrlInfo != null && customUrlInfo.isEnabled() && str4.equals(this.portalAppContext)) {
            oAuthApplicationInfo = this.oAuthAppInfoMap.get(str4 + ApimIdPClientConstants.UNDERSCORE + orDefault);
            str3 = customUrlInfo.getDevPortalUrlDTO().getUrl();
        } else {
            oAuthApplicationInfo = this.oAuthAppInfoMap.get(str4);
            str3 = this.baseUrl;
        }
        Response generateAuthCodeGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateAuthCodeGrantAccessToken(str2, str3 + ApimIdPClientConstants.CALLBACK_URL + str4 + ApimIdPClientConstants.CALLBACK_URL_SUFFIX, (String) null, oAuthApplicationInfo.getClientId(), oAuthApplicationInfo.getClientSecret());
        if (generateAuthCodeGrantAccessToken == null) {
            String str5 = "Error occurred while generating an access token from code '" + str2 + "'. Response is null.";
            LOG.error(str5);
            throw new IdPClientException(str5);
        }
        if (generateAuthCodeGrantAccessToken.status() != 200) {
            if (generateAuthCodeGrantAccessToken.status() != 401) {
                String str6 = "Token generation request failed. HTTP error code: '" + generateAuthCodeGrantAccessToken.status() + "'. Error Response Body: '" + generateAuthCodeGrantAccessToken.body().toString() + "'.";
                LOG.error(str6);
                throw new IdPClientException(str6);
            }
            hashMap.put("Status", "failure");
            hashMap.put("Error", "Invalid_Credentials");
            hashMap.put("Error_Description", "Unauthorized user for accessing token form code '" + str2 + "'. for the app context, '" + str + "'");
            return hashMap;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("A new access token from code is successfully generated for the code '" + str2 + "'.");
        }
        try {
            OAuth2TokenInfo oAuth2TokenInfo = (OAuth2TokenInfo) new GsonDecoder().decode(generateAuthCodeGrantAccessToken, OAuth2TokenInfo.class);
            long currentTimeMillis = (System.currentTimeMillis() / 1000) + oAuth2TokenInfo.getExpiresIn();
            hashMap.put("Status", "success");
            hashMap.put("Access_Token", oAuth2TokenInfo.getAccessToken());
            hashMap.put("Refresh_Token", oAuth2TokenInfo.getRefreshToken());
            hashMap.put("ID_Token", oAuth2TokenInfo.getIdToken());
            hashMap.put("Validity_Period", Long.toString(oAuth2TokenInfo.getExpiresIn()));
            hashMap.put(ApimIdPClientConstants.REDIRECT_URL, str3 + (str3.endsWith(ApimIdPClientConstants.FORWARD_SLASH) ? str : ApimIdPClientConstants.FORWARD_SLASH + str));
            Response introspectAccessToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectAccessToken(oAuth2TokenInfo.getAccessToken());
            String str7 = null;
            if (introspectAccessToken.status() == 200) {
                str7 = ((OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectAccessToken, OAuth2IntrospectionResponse.class)).getUsername();
                hashMap.put("Username", str7);
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to get the username from introspection of the token '" + oAuth2TokenInfo.getAccessToken() + "'. Response : '" + introspectAccessToken.toString());
            }
            if (str7 != null) {
                this.tokenCache.put(oAuth2TokenInfo.getAccessToken(), new ExternalSession(str7, oAuth2TokenInfo.getAccessToken()));
                TokenDataHolder.getInstance().addTokenDataToMap(str7, new TokenData(oAuth2TokenInfo.getAccessToken(), oAuth2TokenInfo.getScope(), currentTimeMillis));
            }
            return hashMap;
        } catch (IOException e) {
            String str8 = "Error occurred while parsing token response. Response : '" + generateAuthCodeGrantAccessToken.body().toString() + "'";
            LOG.error(str8, e);
            throw new IdPClientException(str8, e);
        }
    }

    public String authenticate(String str) throws AuthenticationException, IdPClientException {
        ExternalSession externalSession = (ExternalSession) this.tokenCache.getIfPresent(str);
        if (externalSession != null) {
            return externalSession.getUserName();
        }
        OAuth2IntrospectionResponse introspectResponse = getIntrospectResponse(str);
        String username = introspectResponse.getUsername();
        this.tokenCache.put(str, new ExternalSession(username, str));
        TokenDataHolder.getInstance().addTokenDataToMap(username, new TokenData(str, introspectResponse.getScope(), introspectResponse.getExp()));
        return username;
    }

    private OAuth2IntrospectionResponse getIntrospectResponse(String str) throws IdPClientException, AuthenticationException {
        Response introspectAccessToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectAccessToken(str);
        if (introspectAccessToken == null) {
            String str2 = "Error occurred while authenticating token '" + str + "'. Response is null.";
            LOG.error(str2);
            throw new IdPClientException(str2);
        }
        try {
            if (introspectAccessToken.status() == 200) {
                OAuth2IntrospectionResponse oAuth2IntrospectionResponse = (OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectAccessToken, OAuth2IntrospectionResponse.class);
                if (oAuth2IntrospectionResponse.isActive()) {
                    return oAuth2IntrospectionResponse;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("The token is not active. Response: " + oAuth2IntrospectionResponse.toString());
                }
                throw new AuthenticationException("The token is not active.");
            }
            if (introspectAccessToken.status() != 400) {
                String str3 = "Error occurred while authenticating. Error: '" + introspectAccessToken.body().toString() + "'. Status Code: '" + introspectAccessToken.status() + "'.";
                LOG.error(str3);
                throw new IdPClientException(str3);
            }
            try {
                DCRError dCRError = (DCRError) new GsonDecoder().decode(introspectAccessToken, DCRError.class);
                String str4 = "Error occurred while introspecting the token. Error: " + dCRError.getErrorCode() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + introspectAccessToken.status();
                LOG.error(str4);
                throw new IdPClientException(str4);
            } catch (IOException e) {
                LOG.error("Error occurred while parsing the Introspection error message.", e);
                throw new IdPClientException("Error occurred while parsing the Introspection error message.", e);
            }
        } catch (IOException e2) {
            LOG.error("Error occurred while parsing the authentication response.", e2);
            throw new IdPClientException("Error occurred while parsing the authentication response.", e2);
        }
    }

    private void registerApplication(String str, String str2, String str3, CustomUrlInfo customUrlInfo) throws IdPClientException {
        String str4 = this.baseUrl + ApimIdPClientConstants.FORWARD_SLASH + str;
        boolean z = str2.equals(ApimIdPClientConstants.PORTAL_APP_NAME) && customUrlInfo.isEnabled();
        String str5 = str2.equals("sp") ? ApimIdPClientConstants.REGEX_BASE_START + this.baseUrl + ApimIdPClientConstants.CALLBACK_URL + ApimIdPClientConstants.REGEX_BASE + str4 + ApimIdPClientConstants.REGEX_BASE_END : z ? ApimIdPClientConstants.REGEX_BASE_START + customUrlInfo.getDevPortalUrlDTO().getUrl() + ApimIdPClientConstants.CALLBACK_URL + str + ApimIdPClientConstants.CALLBACK_URL_SUFFIX + ApimIdPClientConstants.REGEX_BASE + (customUrlInfo.getDevPortalUrlDTO().getUrl() + ApimIdPClientConstants.FORWARD_SLASH + str) + ApimIdPClientConstants.REGEX_BASE_END : ApimIdPClientConstants.REGEX_BASE_START + this.baseUrl + ApimIdPClientConstants.CALLBACK_URL + str + ApimIdPClientConstants.CALLBACK_URL_SUFFIX + ApimIdPClientConstants.REGEX_BASE + str4 + ApimIdPClientConstants.REGEX_BASE_END;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating OAuth2 application of name '" + str2 + "'.");
        }
        DCRClientInfo dCRClientInfo = new DCRClientInfo();
        dCRClientInfo.setClientName(str2);
        dCRClientInfo.setGrantType("password authorization_code refresh_token");
        dCRClientInfo.setCallbackUrl(str5);
        dCRClientInfo.setSaasApp(true);
        dCRClientInfo.setOwner(str3);
        Response registerApplication = this.dcrmServiceStub.registerApplication(new Gson().toJson(dCRClientInfo));
        if (registerApplication == null) {
            String str6 = "Error occurred while DCR application '" + dCRClientInfo + "' creation. Response is null.";
            LOG.error(str6);
            throw new IdPClientException(str6);
        }
        if (registerApplication.status() != 200) {
            if (registerApplication.status() != 400) {
                String str7 = "Error occurred while DCR application creation. Error: '" + registerApplication.body().toString() + "'. Status Code: '" + registerApplication.status() + "'.";
                LOG.error(str7);
                throw new IdPClientException(str7);
            }
            try {
                DCRError dCRError = (DCRError) new GsonDecoder().decode(registerApplication, DCRError.class);
                String str8 = "Error occurred while DCR application creation. Error: " + dCRError.getErrorCode() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + registerApplication.status();
                LOG.error(str8);
                throw new IdPClientException(str8);
            } catch (IOException e) {
                String str9 = "Error occurred while parsing the DCR error message. Error: '" + registerApplication.body().toString() + "'.";
                LOG.error(str9, e);
                throw new IdPClientException(str9, e);
            }
        }
        try {
            DCRClientResponse dCRClientResponse = (DCRClientResponse) new GsonDecoder().decode(registerApplication, DCRClientResponse.class);
            OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo(str2, dCRClientResponse.getClientId(), dCRClientResponse.getClientSecret());
            String str10 = ApimIdPClientConstants.SUPER_TENANT_DOMAIN;
            if (z) {
                str = str + ApimIdPClientConstants.UNDERSCORE + customUrlInfo.getTenantDomain();
                str10 = customUrlInfo.getTenantDomain();
            }
            this.oAuthAppInfoMap.put(str, oAuthApplicationInfo);
            this.customUrlInfoMap.put(customUrlInfo.getTenantDomain(), customUrlInfo);
            if (LOG.isDebugEnabled()) {
                LOG.debug("OAuth2 application created: " + oAuthApplicationInfo.toString());
            }
            this.oAuthAppDAO.insertSystemApp(dCRClientResponse, str2, str10);
            if (LOG.isDebugEnabled()) {
                LOG.debug("System app created: " + oAuthApplicationInfo.toString());
            }
        } catch (IOException e2) {
            String str11 = "Error occurred while parsing the DCR application creation response message. Response: '" + registerApplication.body().toString() + "'.";
            LOG.error(str11, e2);
            throw new IdPClientException(str11, e2);
        }
    }

    private static String removeCRLFCharacters(String str) {
        if (str != null) {
            str = str.replace('\n', '_').replace('\r', '_');
        }
        return str;
    }

    private CustomUrlInfo getCustomUrlInfo(String str) throws IdPClientException {
        Response customUrlInfo = this.apimAdminApiClient.getCustomUrlInfo(str);
        if (customUrlInfo == null) {
            String str2 = "Error occurred while fetching custom url info for tenant :" + str;
            LOG.error(str2);
            throw new IdPClientException(str2);
        }
        if (customUrlInfo.status() != 200) {
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully fetched custom url info for tenant :" + str);
        }
        try {
            CustomUrlInfo customUrlInfo2 = (CustomUrlInfo) new GsonDecoder().decode(customUrlInfo, CustomUrlInfo.class);
            if (LOG.isDebugEnabled()) {
                LOG.debug(customUrlInfo2.toString());
            }
            return customUrlInfo2;
        } catch (IOException e) {
            String str3 = "Error occurred while parsing the Custom Url info response for tenant :" + str + ". message. Response: '" + customUrlInfo.body().toString() + "'.";
            LOG.error(str3, e);
            throw new IdPClientException(str3, e);
        }
    }
}
