package org.wso2.is.notification;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.event.AbstractOAuthEventInterceptor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.is.notification.event.TokenRevocationEvent;
import org.wso2.is.notification.internal.ServiceReferenceHolder;

/* loaded from: input_file:org/wso2/is/notification/ApimOauthEventInterceptor.class */
public class ApimOauthEventInterceptor extends AbstractOAuthEventInterceptor {
    String notificationEndpoint;
    Map<String, String> headerMap = new HashMap();
    boolean enabled;
    String username;
    char[] password;
    private EventSender eventSender;
    private static final String JWT = "JWT";
    private static final Log log = LogFactory.getLog(ApimOauthEventInterceptor.class);

    public ApimOauthEventInterceptor() {
        super.init(this.initConfig);
        String property = this.properties.getProperty(NotificationConstants.NOTIFICATION_ENDPOINT);
        String property2 = this.properties.getProperty(NotificationConstants.USERNAME);
        String property3 = this.properties.getProperty(NotificationConstants.PASSWORD);
        if (StringUtils.isNotEmpty(property)) {
            this.enabled = true;
            this.notificationEndpoint = NotificationUtil.replaceSystemProperty(property);
            this.headerMap.putAll(NotificationUtil.extractHeadersMapFromProperties(this.properties));
            if (!StringUtils.isNotEmpty(property2) || !StringUtils.isNotEmpty(property3)) {
                this.eventSender = new EventSender(this.notificationEndpoint, this.headerMap);
                return;
            }
            this.username = NotificationUtil.replaceSystemProperty(property2);
            this.password = NotificationUtil.replaceSystemProperty(property3).toCharArray();
            this.eventSender = new EventSender(this.notificationEndpoint, this.username, String.valueOf(this.password), this.headerMap);
        }
    }

    public void onPostTokenRevocationByClient(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, OAuthRevocationResponseDTO oAuthRevocationResponseDTO, AccessTokenDO accessTokenDO, RefreshTokenValidationDataDO refreshTokenValidationDataDO, Map<String, Object> map) throws IdentityOAuth2Exception {
        if (!this.enabled || accessTokenDO == null) {
            return;
        }
        try {
            publishEvent(toTokenRevocationEvent(accessTokenDO));
        } catch (InvalidOAuthClientException e) {
            log.error("Error while retrieving token type", e);
        } catch (UserStoreException e2) {
            log.error("Error while resolving tenantDomain", e2);
        }
    }

    private TokenRevocationEvent toTokenRevocationEvent(AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception, InvalidOAuthClientException, UserStoreException {
        long time = accessTokenDO.getIssuedTime().getTime() + accessTokenDO.getValidityPeriodInMillis();
        String accessToken = accessTokenDO.getAccessToken();
        String userName = accessTokenDO.getAuthzUser().getUserName();
        int tenantID = accessTokenDO.getTenantID();
        String domain = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getDomain(tenantID);
        OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(accessTokenDO.getConsumerKey());
        TokenRevocationEvent tokenRevocationEvent = new TokenRevocationEvent(getJWTid(accessToken, appInformationByClientId), time, userName, accessTokenDO.getConsumerKey(), appInformationByClientId.getTokenType());
        tokenRevocationEvent.setTenantId(tenantID);
        tokenRevocationEvent.setTenantDomain(domain);
        return tokenRevocationEvent;
    }

    private String getJWTid(String str, OAuthAppDO oAuthAppDO) {
        if (JWT.equalsIgnoreCase(oAuthAppDO.getTokenType()) && StringUtils.countMatches(str, NotificationConstants.DOT) == 2) {
            try {
                SignedJWT parse = SignedJWT.parse(str);
                JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
                str = jWTClaimsSet.getJWTID() != null ? jWTClaimsSet.getJWTID() : parse.getSignature().toString();
            } catch (ParseException e) {
                log.error("Error while extracting the JTI from JWT token, for token revocation", e);
            }
        }
        return str;
    }

    public void onPostTokenRevocationByResourceOwner(org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO oAuthRevocationRequestDTO, org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO oAuthRevocationResponseDTO, AccessTokenDO accessTokenDO, Map<String, Object> map) throws IdentityOAuth2Exception {
        if (!this.enabled || accessTokenDO == null) {
            return;
        }
        try {
            long time = accessTokenDO.getIssuedTime().getTime() + accessTokenDO.getValidityPeriodInMillis();
            String accessToken = accessTokenDO.getAccessToken();
            String userName = accessTokenDO.getAuthzUser().getUserName();
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(accessTokenDO.getConsumerKey());
            publishEvent(new TokenRevocationEvent(getJWTid(accessToken, appInformationByClientId), time, userName, accessTokenDO.getConsumerKey(), appInformationByClientId.getTokenType()));
        } catch (InvalidOAuthClientException e) {
            log.error("Error while retrieving token type", e);
        }
    }

    public void onPreTokenRevocationBySystem(AccessTokenDO accessTokenDO, Map<String, Object> map) throws IdentityOAuth2Exception {
    }

    public void onPostTokenRevocationBySystem(AccessTokenDO accessTokenDO, Map<String, Object> map) throws IdentityOAuth2Exception {
        if (!this.enabled || accessTokenDO == null) {
            return;
        }
        try {
            publishEvent(toTokenRevocationEvent(accessTokenDO));
        } catch (UserStoreException e) {
            log.error("Error while resolving tenantDomain", e);
        } catch (InvalidOAuthClientException e2) {
            log.error("Error while retrieving token type", e2);
        }
    }

    public void onPostTokenRenewal(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, Map<String, Object> map) throws IdentityOAuth2Exception {
        if (oAuthTokenReqMessageContext.getProperty("previousAccessToken") == null || oAuthTokenReqMessageContext.getProperty("OAuthAppDO") == null) {
            return;
        }
        RefreshTokenValidationDataDO refreshTokenValidationDataDO = (RefreshTokenValidationDataDO) oAuthTokenReqMessageContext.getProperty("previousAccessToken");
        OAuthAppDO oAuthAppDO = (OAuthAppDO) oAuthTokenReqMessageContext.getProperty("OAuthAppDO");
        TokenRevocationEvent tokenRevocationEvent = new TokenRevocationEvent(getJWTid(refreshTokenValidationDataDO.getAccessToken(), oAuthAppDO), refreshTokenValidationDataDO.getAccessTokenIssuedTime().getTime() + refreshTokenValidationDataDO.getAccessTokenValidityInMillis(), refreshTokenValidationDataDO.getAuthorizedUser().getUserName(), oAuthAppDO.getOauthConsumerKey(), oAuthAppDO.getTokenType());
        String tenantDomain = refreshTokenValidationDataDO.getAuthorizedUser().getTenantDomain();
        tokenRevocationEvent.setTenantDomain(tenantDomain);
        try {
            tokenRevocationEvent.setTenantId(ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain));
        } catch (UserStoreException e) {
            log.error("Error while finding tenant id", e);
        }
        publishEvent(tokenRevocationEvent);
    }

    private void publishEvent(TokenRevocationEvent tokenRevocationEvent) {
        if (isEnabled() && StringUtils.isNotEmpty(this.notificationEndpoint)) {
            this.eventSender.publishEvent(tokenRevocationEvent);
        }
    }
}
