package org.wso2.am.choreo.extensions.keymanager.asgardeo;

import feign.Feign;
import feign.Logger;
import feign.Response;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.slf4j.Slf4jLogger;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.am.choreo.extensions.core.AsgardeoSystemAppConfig;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dao.AsgardeoMgtDAO;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AsgardeoApiCreationRequest;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AsgardeoApiUpdateRequest;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AsgardeoApp;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AsgardeoAppOIDC;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AuthorizedApiCreationRequest;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.AuthorizedPermissionUpdateRequest;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.dto.Permission;
import org.wso2.am.choreo.extensions.keymanager.asgardeo.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.AccessTokenRequest;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.api.model.SubscribedAPI;
import org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient;
import org.wso2.carbon.apimgt.impl.kmclient.FormEncoder;
import org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException;
import org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;

/* loaded from: input_file:org/wso2/am/choreo/extensions/keymanager/asgardeo/AsgardeoKeyManager.class */
public class AsgardeoKeyManager extends AMDefaultKeyManagerImpl {
    private AsgardeoApplicationMgtClient appMgtClient;
    private AuthzClient authzClient;
    private TokenAPIClient tokenAPIClient;
    private KeyManagerConfiguration configuration;
    private static final Log log = LogFactory.getLog(AsgardeoKeyManager.class);

    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) {
        this.configuration = keyManagerConfiguration;
        String str = (String) keyManagerConfiguration.getParameter(AsgardeoKMConstants.APP_MGT_API_URL);
        String str2 = AsgardeoKMConstants.AUTHZ_ENDPOINT;
        String str3 = (String) keyManagerConfiguration.getParameter("token_endpoint");
        Feign.Builder logger = Feign.builder().client(new ApacheFeignHttpClient(AsgardeoKMUtils.getDefaultHttpsClient())).encoder(new GsonEncoder()).decoder(new GsonDecoder()).errorDecoder(new AsgardeoKMClientErrorDecoder()).logger(new Slf4jLogger());
        Feign.Builder logger2 = Feign.builder().client(new ApacheFeignHttpClient(AsgardeoKMUtils.getDefaultHttpsClient())).encoder(new GsonEncoder()).encoder(new FormEncoder()).decoder(new GsonDecoder()).errorDecoder(new AsgardeoKMClientErrorDecoder()).logger(new Slf4jLogger());
        Feign.Builder logger3 = Feign.builder().client(new ApacheFeignHttpClient(AsgardeoKMUtils.getDefaultHttpsClient())).encoder(new GsonEncoder()).decoder(new GsonDecoder()).errorDecoder(new AsgardeoKMClientErrorDecoder()).logger(new Slf4jLogger());
        AsgardeoSystemAppConfig asgardeoSystemAppConfig = ServiceReferenceHolder.getInstance().getChoreoExtensionConfiguration().getAsgardeoSystemAppConfig();
        if (asgardeoSystemAppConfig != null) {
            AsgardeoSystemAccessTokenGenerator asgardeoSystemAccessTokenGenerator = new AsgardeoSystemAccessTokenGenerator(asgardeoSystemAppConfig.getTokenEndpoint(), asgardeoSystemAppConfig.getClientId(), asgardeoSystemAppConfig.getClientSecret(), keyManagerConfiguration.getOrganization());
            str2 = asgardeoSystemAppConfig.getAuthzEndpoint();
            logger.requestInterceptor(new AddAuthHeaderInterceptor(asgardeoSystemAccessTokenGenerator));
            logger3.requestInterceptor(new AddAuthHeaderInterceptor(asgardeoSystemAccessTokenGenerator));
        } else {
            log.warn("Asgardeo system token generator is not configured");
        }
        if (log.isDebugEnabled()) {
            logger.logLevel(Logger.Level.BASIC);
            logger3.logLevel(Logger.Level.BASIC);
        }
        this.appMgtClient = (AsgardeoApplicationMgtClient) logger.target(AsgardeoApplicationMgtClient.class, str);
        this.authzClient = (AuthzClient) logger3.target(AuthzClient.class, str2);
        this.tokenAPIClient = (TokenAPIClient) logger2.target(TokenAPIClient.class, str3);
    }

    public KeyManagerConfiguration getKeyManagerConfiguration() {
        return this.configuration;
    }

    public OAuthApplicationInfo createApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        try {
            AsgardeoApp createAsgardeoApplication = createAsgardeoApplication(oAuthAppRequest);
            String id = createAsgardeoApplication.getId();
            AsgardeoAppOIDC applicationOIDC = this.appMgtClient.getApplicationOIDC(id);
            Application applicationByUUID = ApiMgtDAO.getInstance().getApplicationByUUID(oAuthAppRequest.getOAuthApplicationInfo().getApplicationUUID());
            applicationByUUID.getApplicationAttributes().put(AsgardeoKMConstants.ASGARDEO_APP_ID, id);
            ApiMgtDAO.getInstance().updateApplication(applicationByUUID);
            for (SubscribedAPI subscribedAPI : ApiMgtDAO.getInstance().getSubscribedAPIsByApplication(applicationByUUID)) {
                addAPISubscription(subscribedAPI.getUUID(), subscribedAPI.getApiId(), applicationByUUID);
            }
            return AsgardeoKMMappingUtil.buildDTOFromAsgardeoApp(createAsgardeoApplication, applicationOIDC);
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("error while creating asgardeo app", e);
        }
    }

    private AsgardeoApp createAsgardeoApplication(OAuthAppRequest oAuthAppRequest) throws KeyManagerClientException {
        Response createApplication = this.appMgtClient.createApplication(AsgardeoKMMappingUtil.createAsgardeoAppCreationRequest(oAuthAppRequest));
        if (log.isDebugEnabled()) {
            log.debug("Create application response: " + createApplication);
        }
        if (createApplication.status() != 201) {
            throw new KeyManagerClientException("Application creation failed. " + createApplication.toString());
        }
        Collection collection = (Collection) createApplication.headers().get(AsgardeoKMConstants.HEADER_LOCATION);
        String str = collection != null ? (String) collection.iterator().next() : null;
        if (str == null) {
            throw new KeyManagerClientException("Location header is missing in the Asgardeo application creation response");
        }
        Matcher matcher = AsgardeoKMConstants.ID_EXTRACT_PATTERN.matcher(str);
        if (!matcher.find()) {
            throw new KeyManagerClientException("Application id is not found in the location header: " + str);
        }
        String group = matcher.group(0);
        if (group != null) {
            return this.appMgtClient.getApplication(group);
        }
        throw new KeyManagerClientException("Cannot extract application id from location header: " + str);
    }

    public OAuthApplicationInfo retrieveApplication(String str) throws APIManagementException {
        String asgardeoAppIdFromConsumerKey = AsgardeoKMUtils.getAsgardeoAppIdFromConsumerKey(str);
        try {
            if (!StringUtils.isNotBlank(asgardeoAppIdFromConsumerKey)) {
                throw new APIManagementException("The property asgardeo_app_id is missing in the application with consumer key " + str);
            }
            return AsgardeoKMMappingUtil.buildDTOFromAsgardeoApp(this.appMgtClient.getApplication(asgardeoAppIdFromConsumerKey), this.appMgtClient.getApplicationOIDC(asgardeoAppIdFromConsumerKey));
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while fetching asgardeo app. Consumer key: " + str + ", asgardeo app id: " + asgardeoAppIdFromConsumerKey, e);
        }
    }

    public OAuthApplicationInfo updateApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        String asgardeoAppIdFromConsumerKey = AsgardeoKMUtils.getAsgardeoAppIdFromConsumerKey(oAuthAppRequest.getOAuthApplicationInfo().getClientId());
        try {
            this.appMgtClient.updateApplication(asgardeoAppIdFromConsumerKey, AsgardeoKMMappingUtil.updateAsgardeoAppFromAppInfo(oAuthAppRequest.getOAuthApplicationInfo(), this.appMgtClient.getApplicationOIDC(asgardeoAppIdFromConsumerKey)));
            return AsgardeoKMMappingUtil.buildDTOFromAsgardeoApp(this.appMgtClient.getApplication(asgardeoAppIdFromConsumerKey), this.appMgtClient.getApplicationOIDC(asgardeoAppIdFromConsumerKey));
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while updating asgardeo app. Consumer key: " + oAuthAppRequest.getOAuthApplicationInfo().getClientName() + ", asgardeo app id: " + asgardeoAppIdFromConsumerKey, e);
        }
    }

    public AccessTokenInfo getNewApplicationAccessToken(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        if (accessTokenRequest == null) {
            log.warn("No information available to generate Token.");
            return null;
        }
        try {
            TokenInfo generate = this.tokenAPIClient.generate(Base64.getEncoder().encodeToString((accessTokenRequest.getClientId() + ':' + accessTokenRequest.getClientSecret()).getBytes(StandardCharsets.UTF_8)), AsgardeoKMConstants.PARAM_CLIENT_CREDENTIALS_GRANT_TYPE, accessTokenRequest.getScope() != null ? String.join(" ", accessTokenRequest.getScope()) : "");
            AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
            if (StringUtils.isNotEmpty(generate.getScope())) {
                accessTokenInfo.setScope(generate.getScope().split(" "));
            } else {
                accessTokenInfo.setScope(new String[0]);
            }
            accessTokenInfo.setAccessToken(generate.getToken());
            accessTokenInfo.setValidityPeriod(generate.getExpiry());
            return accessTokenInfo;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error occurred while calling token endpoint - " + e.getReason(), e);
        }
    }

    public void deleteApplication(String str) throws APIManagementException {
        String asgardeoAppIdFromConsumerKey = AsgardeoKMUtils.getAsgardeoAppIdFromConsumerKey(str);
        if (!StringUtils.isNotBlank(asgardeoAppIdFromConsumerKey)) {
            throw new APIManagementException("The property asgardeo_app_id is missing in the application with consumer key " + str);
        }
        try {
            this.appMgtClient.deleteApplication(asgardeoAppIdFromConsumerKey);
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while deleting asgardeo app " + asgardeoAppIdFromConsumerKey, e);
        }
    }

    public boolean registerNewResource(API api, Map map) throws APIManagementException {
        AsgardeoApiCreationRequest asgardeoApiCreationRequest = new AsgardeoApiCreationRequest();
        asgardeoApiCreationRequest.setDisplayName(api.getId().getApiName());
        asgardeoApiCreationRequest.setGwName(AsgardeoKMConstants.GATEWAY);
        asgardeoApiCreationRequest.setIdentifier(api.getUuid());
        ArrayList arrayList = new ArrayList();
        for (Scope scope : api.getScopes()) {
            Permission permission = new Permission();
            permission.setDisplayName(scope.getName());
            permission.setName(scope.getKey());
            arrayList.add(permission);
        }
        asgardeoApiCreationRequest.setPermissions(arrayList);
        try {
            AsgardeoMgtDAO.getInstance().addApiUuidMapping(api.getUuid(), this.authzClient.createApiResource(api.getOrganization(), asgardeoApiCreationRequest).getUuid());
            return true;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while creating Asgardeo API", e);
        }
    }

    public boolean updateRegisteredResource(API api, Map map) throws APIManagementException {
        String str = (String) map.get("resourceId");
        String str2 = (String) map.get(AsgardeoKMConstants.PARAM_ORGANIZATION_ID);
        try {
            List<Permission> apiResoucePermissions = this.authzClient.getApiResoucePermissions(str2, str);
            ArrayList arrayList = new ArrayList();
            for (Scope scope : api.getScopes()) {
                Permission permission = new Permission();
                permission.setDisplayName(scope.getName());
                permission.setName(scope.getKey());
                arrayList.add(permission);
            }
            List<Permission> list = (List) arrayList.stream().filter(permission2 -> {
                return apiResoucePermissions.stream().noneMatch(permission2 -> {
                    return permission2.getName().equals(permission2.getName());
                });
            }).collect(Collectors.toList());
            List<String> list2 = (List) apiResoucePermissions.stream().filter(permission3 -> {
                return arrayList.stream().noneMatch(permission3 -> {
                    return permission3.getName().equals(permission3.getName());
                });
            }).map((v0) -> {
                return v0.getUuid();
            }).collect(Collectors.toList());
            AsgardeoApiUpdateRequest asgardeoApiUpdateRequest = new AsgardeoApiUpdateRequest();
            asgardeoApiUpdateRequest.setDisplayName(api.getId().getName());
            asgardeoApiUpdateRequest.setAddedPermissions(list);
            asgardeoApiUpdateRequest.setDeletedPermissions(list2);
            this.authzClient.updateApiResource(str2, str, asgardeoApiUpdateRequest);
            return true;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while updating Asgardeo API " + str, e);
        }
    }

    public Map getResourceByApiId(String str, String str2) throws APIManagementException {
        String asgardeoUuidByApiId = AsgardeoMgtDAO.getInstance().getAsgardeoUuidByApiId(str);
        if (asgardeoUuidByApiId == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.putIfAbsent("resourceId", asgardeoUuidByApiId);
        hashMap.putIfAbsent(AsgardeoKMConstants.PARAM_ORGANIZATION_ID, str2);
        return hashMap;
    }

    public void deleteRegisteredResourceByAPIId(String str, String str2) throws APIManagementException {
        String asgardeoUuidByApiId = AsgardeoMgtDAO.getInstance().getAsgardeoUuidByApiId(str);
        if (asgardeoUuidByApiId == null) {
            throw new APIManagementException("The choreo asgardeo api id mapping is missing in the table for choreo API: " + str + " in organization " + str2);
        }
        try {
            this.authzClient.deleteApiResource(str2, asgardeoUuidByApiId);
            AsgardeoMgtDAO.getInstance().removeApiUuidMapping(str);
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while deleting Asgardeo API " + asgardeoUuidByApiId, e);
        }
    }

    public void addAPISubscription(String str, APIIdentifier aPIIdentifier, Application application) throws APIManagementException {
        String str2 = (String) application.getApplicationAttributes().get(AsgardeoKMConstants.ASGARDEO_APP_ID);
        String organization = aPIIdentifier.getOrganization();
        String uuid = aPIIdentifier.getUUID();
        String asgardeoUuidByApiId = AsgardeoMgtDAO.getInstance().getAsgardeoUuidByApiId(uuid);
        Map aPIScopes = APIUtil.getAPIScopes(uuid, organization);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(aPIScopes.keySet());
        AuthorizedPermissionUpdateRequest authorizedPermissionUpdateRequest = new AuthorizedPermissionUpdateRequest();
        authorizedPermissionUpdateRequest.setAddedPermissions(arrayList);
        if (str2 == null) {
            log.debug("The app " + application.getUUID() + " is not registered in Asgardeo for organization " + organization);
            return;
        }
        if (asgardeoUuidByApiId == null) {
            throw new APIManagementException("The choreo asgardeo api id mapping is missing in the table for choreo API: " + uuid + " in organization " + organization);
        }
        AuthorizedApiCreationRequest authorizedApiCreationRequest = new AuthorizedApiCreationRequest();
        authorizedApiCreationRequest.setApiId(asgardeoUuidByApiId);
        try {
            AsgardeoMgtDAO.getInstance().addSubscriptionUuidMapping(str, this.authzClient.createApiSubscription(organization, str2, authorizedApiCreationRequest).getUuid());
            this.authzClient.updateAuthorizedPermissions(organization, str2, authorizedPermissionUpdateRequest);
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while creating the subscription in Asgardeo for Choreo API " + uuid, e);
        }
    }

    public void removeAPISubscription(String str, APIIdentifier aPIIdentifier, Application application) throws APIManagementException {
        String organization = aPIIdentifier.getOrganization();
        String str2 = (String) application.getApplicationAttributes().get(AsgardeoKMConstants.ASGARDEO_APP_ID);
        String asgardeoSubscriptionUuid = AsgardeoMgtDAO.getInstance().getAsgardeoSubscriptionUuid(str);
        String uuid = aPIIdentifier.getUUID();
        Map aPIScopes = APIUtil.getAPIScopes(uuid, organization);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(aPIScopes.keySet());
        AuthorizedPermissionUpdateRequest authorizedPermissionUpdateRequest = new AuthorizedPermissionUpdateRequest();
        authorizedPermissionUpdateRequest.setRemovedPermissions(arrayList);
        if (str2 == null) {
            log.debug("The app " + application.getUUID() + " is not registered in Asgardeo for organization " + organization);
            return;
        }
        if (asgardeoSubscriptionUuid == null) {
            throw new APIManagementException("The choreo asgardeo subscription id mapping is missing in the table for Choreo API: " + uuid + " in organization " + organization);
        }
        try {
            this.authzClient.deleteApiSubscription(organization, str2, asgardeoSubscriptionUuid);
            AsgardeoMgtDAO.getInstance().removeSubscriptionUuidMapping(str);
            this.authzClient.updateAuthorizedPermissions(organization, str2, authorizedPermissionUpdateRequest);
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error while removing the subscription in Asgardeo for Choreo API: " + uuid, e);
        }
    }
}
