package org.wso2.pingfederate.client;

import com.google.gson.Gson;
import feign.Feign;
import feign.Response;
import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.slf4j.Slf4jLogger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.AccessTokenRequest;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.impl.AbstractKeyManager;
import org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient;
import org.wso2.carbon.apimgt.impl.kmclient.FormEncoder;
import org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder;
import org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException;
import org.wso2.carbon.apimgt.impl.kmclient.model.AuthClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.pingfederate.model.ClientInfo;
import org.wso2.pingfederate.model.ClientInfoList;
import org.wso2.pingfederate.model.IntrospectClient;
import org.wso2.pingfederate.model.IntrospectInfo;
import org.wso2.pingfederate.model.PingFederateDCRClient;

/* loaded from: input_file:org/wso2/pingfederate/client/PingFederatKeyManagerClient.class */
public class PingFederatKeyManagerClient extends AbstractKeyManager {
    private static final Log log = LogFactory.getLog(PingFederatKeyManagerClient.class);
    private PingFederateDCRClient pingFederateDCRClient;
    private IntrospectClient introspectionClient;
    private AuthClient authClient;

    public OAuthApplicationInfo createApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        ClientInfo fromOauthAppRequestToClientInfo = fromOauthAppRequestToClientInfo(oAuthAppRequest);
        if (this.pingFederateDCRClient.createApplication(toClientInfoList(fromOauthAppRequestToClientInfo)).status() != 200) {
            throw new APIManagementException("Error while creating Oauth Application in PingFederate Server");
        }
        log.debug("Application created in PINGFederate");
        return fromClientInfoToOauthApplicationInfo(fromOauthAppRequestToClientInfo);
    }

    private OAuthApplicationInfo fromClientInfoToOauthApplicationInfo(ClientInfo clientInfo) {
        OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
        oAuthApplicationInfo.setClientName(clientInfo.getName());
        oAuthApplicationInfo.setClientId(clientInfo.getClientId());
        oAuthApplicationInfo.setClientSecret(clientInfo.getSecret());
        if (clientInfo.getRedirectUris() != null) {
            oAuthApplicationInfo.setCallBackURL(String.join(",", clientInfo.getRedirectUris()));
        }
        if (clientInfo.getGrantTypes() != null) {
            oAuthApplicationInfo.addParameter("grant_types", String.join(" ", clientInfo.getGrantTypes()));
        }
        if (StringUtils.isNotEmpty(clientInfo.getName())) {
            oAuthApplicationInfo.addParameter("client_name", clientInfo.getName());
        }
        if (StringUtils.isNotEmpty(clientInfo.getClientId())) {
            oAuthApplicationInfo.addParameter("client_id", clientInfo.getClientId());
        }
        if (StringUtils.isNotEmpty(clientInfo.getSecret())) {
            oAuthApplicationInfo.addParameter(PingFederateConstants.TOKEN_VALIDATION_CLIENT_SECRET, clientInfo.getSecret());
        }
        oAuthApplicationInfo.addParameter("additionalProperties", new Gson().fromJson(new Gson().toJson(clientInfo), Map.class));
        return oAuthApplicationInfo;
    }

    private ClientInfoList toClientInfoList(ClientInfo clientInfo) {
        ClientInfoList clientInfoList = new ClientInfoList();
        clientInfoList.getClients().add(clientInfo);
        return clientInfoList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v63, types: [java.util.Map] */
    private ClientInfo fromOauthAppRequestToClientInfo(OAuthAppRequest oAuthAppRequest) {
        ClientInfo clientInfo = new ClientInfo();
        clientInfo.setClientAuthnType("SECRET");
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername((String) oAuthApplicationInfo.getParameter(PingFederateConstants.USERNAME));
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(tenantAwareUsername);
        if (extractDomainFromName != null && !extractDomainFromName.isEmpty() && !"PRIMARY".equals(extractDomainFromName)) {
            tenantAwareUsername = tenantAwareUsername.replace(UserCoreConstants.DOMAIN_SEPARATOR, "_");
        }
        String clientName = oAuthApplicationInfo.getClientName();
        String str = (String) oAuthApplicationInfo.getParameter("key_type");
        String callBackURL = oAuthApplicationInfo.getCallBackURL();
        if (str != null) {
            clientName = tenantAwareUsername.concat(clientName).concat("_").concat(str);
        }
        List<String> arrayList = new ArrayList();
        if (oAuthApplicationInfo.getParameter("grant_types") != null) {
            arrayList = Arrays.asList(((String) oAuthApplicationInfo.getParameter("grant_types")).split(","));
        }
        Object parameter = oAuthApplicationInfo.getParameter("additionalProperties");
        HashMap hashMap = new HashMap();
        if (parameter instanceof String) {
            hashMap = (Map) new Gson().fromJson((String) parameter, Map.class);
        }
        clientInfo.setName(clientName);
        if (!arrayList.isEmpty()) {
            clientInfo.setGrantTypes(arrayList);
        }
        if (StringUtils.isNotEmpty(callBackURL)) {
            clientInfo.setRedirectUris(Arrays.asList(callBackURL.split(",")));
        }
        if (hashMap.containsKey("client_id")) {
            clientInfo.setClientId((String) hashMap.get("client_id"));
        } else if (StringUtils.isNotEmpty(oAuthApplicationInfo.getClientId())) {
            clientInfo.setClientId(oAuthApplicationInfo.getClientId());
        } else {
            clientInfo.setClientId(UUID.randomUUID().toString());
        }
        if (hashMap.containsKey(PingFederateConstants.TOKEN_VALIDATION_CLIENT_SECRET)) {
            clientInfo.setClientId((String) hashMap.get(PingFederateConstants.TOKEN_VALIDATION_CLIENT_SECRET));
        } else if (StringUtils.isNotEmpty(oAuthApplicationInfo.getClientSecret())) {
            clientInfo.setSecret(oAuthApplicationInfo.getClientSecret());
        } else {
            clientInfo.setSecret(UUID.randomUUID().toString());
        }
        if (hashMap.containsKey(PingFederateConstants.BYPASS_APPROVAL_PAGES)) {
            clientInfo.setBypassApprovalPage(Boolean.parseBoolean((String) hashMap.get(PingFederateConstants.BYPASS_APPROVAL_PAGES)));
        }
        if (hashMap.containsKey(PingFederateConstants.RESTRICT_RESPONSE_TYPES)) {
            clientInfo.setBypassApprovalPage(Boolean.parseBoolean((String) hashMap.get(PingFederateConstants.BYPASS_APPROVAL_PAGES)));
        }
        clientInfo.setDescription(clientInfo.getName());
        return clientInfo;
    }

    public OAuthApplicationInfo updateApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        if (oAuthAppRequest.getOAuthApplicationInfo() == null) {
            return null;
        }
        ClientInfo fromOauthAppRequestToClientInfo = fromOauthAppRequestToClientInfo(oAuthAppRequest);
        Response updateApplication = this.pingFederateDCRClient.updateApplication(toClientInfoList(fromOauthAppRequestToClientInfo));
        if (updateApplication.status() == 200) {
            return fromClientInfoToOauthApplicationInfo(fromOauthAppRequestToClientInfo);
        }
        throw new APIManagementException("Error while updating application. Response status code:" + updateApplication.status());
    }

    public void deleteApplication(String str) throws APIManagementException {
        if (this.pingFederateDCRClient.deleteApplication(str).status() != 200) {
            throw new APIManagementException("Error while Deleting Client Application from PingFederate Server");
        }
        log.debug("Oauth Client Related to " + str + " Deleted successfully from PingFederate Server");
    }

    public OAuthApplicationInfo retrieveApplication(String str) throws APIManagementException {
        ClientInfo application = this.pingFederateDCRClient.getApplication(str);
        if (application != null) {
            return fromClientInfoToOauthApplicationInfo(application);
        }
        return null;
    }

    public AccessTokenInfo getNewApplicationAccessToken(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        if (accessTokenRequest == null) {
            log.warn("No information available to generate Token.");
            return null;
        }
        String str = null;
        if (accessTokenRequest.getScope() != null) {
            str = String.join(" ", accessTokenRequest.getScope());
        }
        try {
            TokenInfo generate = this.authClient.generate(accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret(), "client_credentials", str);
            AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
            if (StringUtils.isNotEmpty(generate.getScope())) {
                accessTokenInfo.setScope(generate.getScope().split(" "));
            } else {
                accessTokenInfo.setScope(new String[0]);
            }
            accessTokenInfo.setAccessToken(generate.getToken());
            accessTokenInfo.setValidityPeriod(generate.getExpiry());
            return accessTokenInfo;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error occurred while calling token endpoint!", e);
        }
    }

    public String getNewApplicationConsumerSecret(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        ClientInfo application = this.pingFederateDCRClient.getApplication(accessTokenRequest.getClientId());
        application.setSecret(UUID.randomUUID().toString());
        application.setForceSecretChange(true);
        this.pingFederateDCRClient.updateApplication(toClientInfoList(application));
        return null;
    }

    public AccessTokenInfo getTokenMetaData(String str) throws APIManagementException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Getting access token metadata from authorization server. Access token %s", str));
        }
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        IntrospectInfo introspect = this.introspectionClient.introspect(str);
        accessTokenInfo.setTokenValid(introspect.isActive());
        if (!accessTokenInfo.isTokenValid()) {
            return null;
        }
        accessTokenInfo.addParameter("exp", Long.valueOf(introspect.getExpiry()));
        if (StringUtils.isNotEmpty(introspect.getScope())) {
            accessTokenInfo.setScope(introspect.getScope().split("\\s+"));
        }
        accessTokenInfo.setConsumerKey(introspect.getClientId());
        accessTokenInfo.setEndUserName(introspect.getUsername());
        return accessTokenInfo;
    }

    public KeyManagerConfiguration getKeyManagerConfiguration() throws APIManagementException {
        return this.configuration;
    }

    public OAuthApplicationInfo mapOAuthApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        ClientInfo application;
        if (oAuthAppRequest.getOAuthApplicationInfo() == null || (application = this.pingFederateDCRClient.getApplication(oAuthAppRequest.getOAuthApplicationInfo().getClientId())) == null) {
            return null;
        }
        return fromClientInfoToOauthApplicationInfo(application);
    }

    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        this.configuration = keyManagerConfiguration;
        String str = (String) this.configuration.getParameter("client_registration_endpoint");
        String str2 = (String) this.configuration.getParameter("introspection_endpoint");
        String str3 = (String) this.configuration.getParameter(PingFederateConstants.USERNAME);
        String str4 = (String) this.configuration.getParameter(PingFederateConstants.PASSWORD);
        String str5 = (String) this.configuration.getParameter("client_id");
        String str6 = (String) this.configuration.getParameter(PingFederateConstants.TOKEN_VALIDATION_CLIENT_SECRET);
        String str7 = (String) this.configuration.getParameter("token_endpoint");
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str3) && StringUtils.isNotEmpty(str4)) {
            this.pingFederateDCRClient = (PingFederateDCRClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(str))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str3, str4)).target(PingFederateDCRClient.class, str);
        }
        if (StringUtils.isNotEmpty(str2) && StringUtils.isNotEmpty(str5) && StringUtils.isNotEmpty(str6)) {
            this.introspectionClient = (IntrospectClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(str2))).encoder(new FormEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str5, str6)).target(IntrospectClient.class, str2);
        }
        if (StringUtils.isNotEmpty(str7)) {
            this.authClient = (AuthClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(str7))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).errorDecoder(new KMClientErrorDecoder()).encoder(new FormEncoder()).target(AuthClient.class, str7);
        }
    }

    public boolean registerNewResource(API api, Map map) throws APIManagementException {
        return false;
    }

    public Map getResourceByApiId(String str) throws APIManagementException {
        return null;
    }

    public boolean updateRegisteredResource(API api, Map map) throws APIManagementException {
        return false;
    }

    public void deleteRegisteredResourceByAPIId(String str) throws APIManagementException {
    }

    public void deleteMappedApplication(String str) throws APIManagementException {
    }

    public Set<String> getActiveTokensByConsumerKey(String str) throws APIManagementException {
        return null;
    }

    public AccessTokenInfo getAccessTokenByConsumerKey(String str) throws APIManagementException {
        return null;
    }

    public Map<String, Set<Scope>> getScopesForAPIS(String str) throws APIManagementException {
        return null;
    }

    public void registerScope(Scope scope) throws APIManagementException {
    }

    public Scope getScopeByName(String str) throws APIManagementException {
        return null;
    }

    public Map<String, Scope> getAllScopes() throws APIManagementException {
        return null;
    }

    public void deleteScope(String str) throws APIManagementException {
    }

    public void updateScope(Scope scope) throws APIManagementException {
    }

    public boolean isScopeExists(String str) throws APIManagementException {
        return false;
    }

    public String getType() {
        return "PingFederate";
    }
}
