package org.wso2.carbon.analytics.idp.client.external;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import feign.Response;
import feign.gson.GsonDecoder;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.analytics.idp.client.core.api.IdPClient;
import org.wso2.carbon.analytics.idp.client.core.exception.AuthenticationException;
import org.wso2.carbon.analytics.idp.client.core.exception.IdPClientException;
import org.wso2.carbon.analytics.idp.client.core.models.Role;
import org.wso2.carbon.analytics.idp.client.core.models.User;
import org.wso2.carbon.analytics.idp.client.core.utils.IdPClientConstants;
import org.wso2.carbon.analytics.idp.client.external.dao.OAuthAppDAO;
import org.wso2.carbon.analytics.idp.client.external.dto.DCRClientInfo;
import org.wso2.carbon.analytics.idp.client.external.dto.DCRError;
import org.wso2.carbon.analytics.idp.client.external.dto.OAuth2IntrospectionResponse;
import org.wso2.carbon.analytics.idp.client.external.dto.OAuth2TokenInfo;
import org.wso2.carbon.analytics.idp.client.external.dto.SCIMGroupList;
import org.wso2.carbon.analytics.idp.client.external.impl.DCRMServiceStub;
import org.wso2.carbon.analytics.idp.client.external.impl.OAuth2ServiceStubs;
import org.wso2.carbon.analytics.idp.client.external.impl.SCIM2ServiceStub;
import org.wso2.carbon.analytics.idp.client.external.models.ExternalSession;
import org.wso2.carbon.analytics.idp.client.external.models.OAuthApplicationInfo;

/* loaded from: input_file:org/wso2/carbon/analytics/idp/client/external/ExternalIdPClient.class */
public class ExternalIdPClient implements IdPClient {
    private static final Logger LOG = LoggerFactory.getLogger(ExternalIdPClient.class);
    private DCRMServiceStub dcrmServiceStub;
    private OAuth2ServiceStubs oAuth2ServiceStubs;
    private SCIM2ServiceStub scimServiceStub;
    private String baseUrl;
    private String authorizeEndpoint;
    private String grantType;
    private String signingAlgo;
    private String adminRoleDisplayName;
    private OAuthAppDAO oAuthAppDAO;
    private String defaultUserStore;
    private Cache<String, ExternalSession> tokenCache;
    private boolean isSSOEnabled;
    private String ssoLogoutURL;
    private Map<String, OAuthApplicationInfo> oAuthAppInfoMap;

    public ExternalIdPClient(String str, String str2, String str3, String str4, String str5, Map<String, OAuthApplicationInfo> map, int i, OAuthAppDAO oAuthAppDAO, DCRMServiceStub dCRMServiceStub, OAuth2ServiceStubs oAuth2ServiceStubs, SCIM2ServiceStub sCIM2ServiceStub, String str6, boolean z, String str7) {
        this.baseUrl = str;
        this.authorizeEndpoint = str2;
        this.grantType = str3;
        this.signingAlgo = str4;
        this.oAuthAppInfoMap = map;
        this.adminRoleDisplayName = str5.contains(ExternalIdPClientConstants.FORWARD_SLASH) ? str5 : str6 + ExternalIdPClientConstants.FORWARD_SLASH + str5;
        this.oAuthAppDAO = oAuthAppDAO;
        this.dcrmServiceStub = dCRMServiceStub;
        this.oAuth2ServiceStubs = oAuth2ServiceStubs;
        this.scimServiceStub = sCIM2ServiceStub;
        this.tokenCache = CacheBuilder.newBuilder().expireAfterWrite(i, TimeUnit.SECONDS).build();
        this.defaultUserStore = str6;
        this.isSSOEnabled = z;
        this.ssoLogoutURL = str7;
    }

    private static String removeCRLFCharacters(String str) {
        if (str != null) {
            str = str.replace('\n', '_').replace('\r', '_');
        }
        return str;
    }

    public void init(String str) throws IdPClientException {
        this.oAuthAppDAO.init();
        if (!this.oAuthAppDAO.tableExists()) {
            this.oAuthAppDAO.createTable();
        }
        for (Map.Entry<String, OAuthApplicationInfo> entry : this.oAuthAppInfoMap.entrySet()) {
            String key = entry.getKey();
            OAuthApplicationInfo value = entry.getValue();
            String clientId = value.getClientId();
            String clientSecret = value.getClientSecret();
            String clientName = value.getClientName();
            OAuthApplicationInfo oAuthApp = this.oAuthAppDAO.getOAuthApp(clientName);
            if (oAuthApp != null) {
                if (clientId != null || clientSecret != null) {
                    if (clientId != null) {
                        oAuthApp.setClientId(clientId);
                    }
                    if (clientSecret != null) {
                        oAuthApp.setClientSecret(clientSecret);
                    }
                    this.oAuthAppDAO.updateOAuthApp(oAuthApp);
                }
                this.oAuthAppInfoMap.replace(key, oAuthApp);
            } else if (clientId == null || clientSecret == null) {
                registerApplication(key, clientName, str);
            } else {
                OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo(clientName, clientId, clientSecret);
                this.oAuthAppDAO.addOAuthApp(oAuthApplicationInfo);
                this.oAuthAppInfoMap.replace(key, oAuthApplicationInfo);
            }
        }
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getAllRoles() throws IdPClientException {
        Response allGroups = this.scimServiceStub.getAllGroups();
        if (allGroups == null) {
            LOG.error("Error occurred while retrieving all groups. Error : Response is null.");
            throw new IdPClientException("Error occurred while retrieving all groups. Error : Response is null.");
        }
        if (allGroups.status() != 200) {
            String str = "Error occurred while retrieving groups. HTTP error code: '" + allGroups.status() + "'. Error Response: '" + allGroups.body().toString() + "'.";
            LOG.error(str);
            throw new IdPClientException(str);
        }
        try {
            List<SCIMGroupList.SCIMGroupResources> resources = ((SCIMGroupList) new GsonDecoder().decode(allGroups, SCIMGroupList.class)).getResources();
            return resources != null ? (List) resources.stream().map(sCIMGroupResources -> {
                return new Role(sCIMGroupResources.getId(), sCIMGroupResources.getDisplayName());
            }).collect(Collectors.toList()) : new ArrayList();
        } catch (IOException e) {
            String str2 = "Error occurred while parsing the response when retrieving groups. Response: '" + allGroups.body().toString();
            LOG.error(str2, e);
            throw new IdPClientException(str2, e);
        }
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getAllRolesOfTenant(String str) throws IdPClientException {
        return getAllRoles();
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Role getAdminRole() throws IdPClientException {
        Response allGroups = this.scimServiceStub.getAllGroups();
        if (allGroups == null) {
            String str = "Error occurred while retrieving admin group '" + this.adminRoleDisplayName + "'. Error : Response is null.";
            LOG.error(str);
            throw new IdPClientException(str);
        }
        if (allGroups.status() != 200) {
            String str2 = "Error occurred while retrieving admin group '" + this.adminRoleDisplayName + "'. HTTP error code: " + allGroups.status() + " Error Response: " + allGroups.body().toString();
            LOG.error(str2);
            throw new IdPClientException(str2);
        }
        try {
            List<SCIMGroupList.SCIMGroupResources> resources = ((SCIMGroupList) new GsonDecoder().decode(allGroups, SCIMGroupList.class)).getResources();
            if (resources != null) {
                for (SCIMGroupList.SCIMGroupResources sCIMGroupResources : resources) {
                    if (sCIMGroupResources.getDisplayName().equalsIgnoreCase(this.adminRoleDisplayName)) {
                        return new Role(sCIMGroupResources.getId(), sCIMGroupResources.getDisplayName());
                    }
                }
            }
            String str3 = "Error occurred while retrieving admin group '" + this.adminRoleDisplayName + "'. Admin role not found in the user store.";
            LOG.error(str3);
            throw new IdPClientException(str3);
        } catch (IOException e) {
            String str4 = "Error occurred while parsing the response when retrieving admin group '" + this.adminRoleDisplayName + "'. Response: '" + allGroups.body().toString();
            LOG.error(str4, e);
            throw new IdPClientException(str4, e);
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public User getUser(String str) throws IdPClientException {
        JsonArray asJsonArray;
        Response searchUser = this.scimServiceStub.searchUser(ExternalIdPClientConstants.FILTER_PREFIX_USER + str);
        if (searchUser == null) {
            String str2 = "Error occurred while retrieving user, '" + str + "'. Error : Response is null.";
            LOG.error(str2);
            throw new IdPClientException(str2);
        }
        JsonParser jsonParser = new JsonParser();
        if (searchUser.status() != 200) {
            String str3 = "Error occurred while retrieving user, '" + str + "'. HTTP error code: " + searchUser.status() + " Error Response: " + searchUser.body().toString();
            LOG.error(str3);
            throw new IdPClientException(str3);
        }
        try {
            InputStream asInputStream = searchUser.body().asInputStream();
            Throwable th = null;
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(asInputStream, "UTF-8"));
                Throwable th2 = null;
                try {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        if (asInputStream != null) {
                            if (0 != 0) {
                                try {
                                    asInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                asInputStream.close();
                            }
                        }
                        JsonArray asJsonArray2 = jsonParser.parse(readLine).getAsJsonObject().get(ExternalIdPClientConstants.RESOURCES).getAsJsonArray();
                        if (asJsonArray2 == null) {
                            return null;
                        }
                        JsonObject asJsonObject = asJsonArray2.get(0).getAsJsonObject();
                        JsonElement jsonElement = asJsonObject.get(ExternalIdPClientConstants.SCIM2_GROUPS);
                        if (jsonElement != null) {
                            asJsonArray = jsonElement.getAsJsonArray();
                        } else {
                            asJsonObject = jsonParser.parse(this.scimServiceStub.getUserByID(asJsonObject.get(ExternalIdPClientConstants.SCIM2_ID).getAsString()).body().toString()).getAsJsonObject();
                            asJsonArray = asJsonObject.get(ExternalIdPClientConstants.SCIM2_GROUPS).getAsJsonArray();
                        }
                        List<Role> allRoles = getAllRoles();
                        ArrayList arrayList = new ArrayList();
                        asJsonArray.forEach(jsonElement2 -> {
                            String asString = jsonElement2.getAsJsonObject().get(ExternalIdPClientConstants.SCIM2_DISPLAY).getAsString();
                            if (!asString.contains(ExternalIdPClientConstants.FORWARD_SLASH)) {
                                asString = this.defaultUserStore + ExternalIdPClientConstants.FORWARD_SLASH + asString;
                            }
                            arrayList.add(asString);
                        });
                        List list = (List) allRoles.stream().filter(role -> {
                            return arrayList.contains(role.getDisplayName());
                        }).collect(Collectors.toList());
                        HashMap hashMap = new HashMap();
                        for (Map.Entry entry : asJsonObject.entrySet()) {
                            if (!((String) entry.getKey()).equals(ExternalIdPClientConstants.SCIM2_USERNAME) || !((String) entry.getKey()).equals(ExternalIdPClientConstants.SCIM2_GROUPS)) {
                                hashMap.put(entry.getKey(), ((JsonElement) entry.getValue()).toString());
                            }
                        }
                        return new User(str, hashMap, list);
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (bufferedReader != null) {
                        if (th2 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                if (asInputStream != null) {
                    if (0 != 0) {
                        try {
                            asInputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        asInputStream.close();
                    }
                }
                throw th7;
            }
        } catch (IOException e) {
            throw new IdPClientException("Error occurred while converting response from the scim2 endpoint for user " + str + ".", e);
        }
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getUserRoles(String str) throws IdPClientException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Retrieving user roles by retrieving user '" + str + "'.");
        }
        User user = getUser(str);
        return user != null ? user.getRoles() : new ArrayList();
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Map<String, String> login(Map<String, String> map) throws IdPClientException {
        HashMap hashMap = new HashMap();
        String orDefault = map.getOrDefault(IdPClientConstants.GRANT_TYPE, this.grantType);
        String str = map.get(IdPClientConstants.APP_NAME);
        if (!this.oAuthAppInfoMap.keySet().contains(str)) {
            str = "sp";
        }
        String str2 = map.get(IdPClientConstants.USERNAME);
        if (IdPClientConstants.AUTHORIZATION_CODE_GRANT_TYPE.equals(orDefault)) {
            String str3 = map.get("Callback_Url");
            hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_REDIRECTION);
            hashMap.put("Client_Id", this.oAuthAppInfoMap.get(str).getClientId());
            hashMap.put("Redirect_Url", this.authorizeEndpoint);
            hashMap.put("Callback_Url", this.baseUrl + ExternalIdPClientConstants.CALLBACK_URL + str3);
            return hashMap;
        }
        Response generatePasswordGrantAccessToken = IdPClientConstants.PASSWORD_GRANT_TYPE.equals(orDefault) ? this.oAuth2ServiceStubs.getTokenServiceStub().generatePasswordGrantAccessToken(str2, map.get(IdPClientConstants.PASSWORD), map.get(IdPClientConstants.APP_ID), this.oAuthAppInfoMap.get(str).getClientId(), this.oAuthAppInfoMap.get(str).getClientSecret()) : this.oAuth2ServiceStubs.getTokenServiceStub().generateRefreshGrantAccessToken(map.get(IdPClientConstants.REFRESH_TOKEN), null, this.oAuthAppInfoMap.get(str).getClientId(), this.oAuthAppInfoMap.get(str).getClientSecret());
        if (generatePasswordGrantAccessToken == null) {
            String str4 = "Error occurred while generating an access token for grant type '" + removeCRLFCharacters(orDefault) + "'. Response is null.";
            LOG.error(str4);
            throw new IdPClientException(str4);
        }
        if (generatePasswordGrantAccessToken.status() != 200) {
            if (generatePasswordGrantAccessToken.status() != 401) {
                String str5 = "Token generation request failed. HTTP error code: '" + generatePasswordGrantAccessToken.status() + "'. Error Response: '" + generatePasswordGrantAccessToken.body().toString() + "'.";
                LOG.error(str5);
                throw new IdPClientException(str5);
            }
            String str6 = "Unable to get access token for the request with grant type : '" + orDefault + "', for the user '" + str2 + "'.";
            LOG.error(str6);
            hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
            hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
            hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, str6);
            return hashMap;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("A new access token is successfully generated.");
        }
        try {
            OAuth2TokenInfo oAuth2TokenInfo = (OAuth2TokenInfo) new GsonDecoder().decode(generatePasswordGrantAccessToken, OAuth2TokenInfo.class);
            hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_SUCCESS);
            hashMap.put(IdPClientConstants.USERNAME, str2);
            hashMap.put(IdPClientConstants.ACCESS_TOKEN, oAuth2TokenInfo.getAccessToken());
            hashMap.put(IdPClientConstants.REFRESH_TOKEN, oAuth2TokenInfo.getRefreshToken());
            hashMap.put(IdPClientConstants.VALIDITY_PERIOD, Long.toString(oAuth2TokenInfo.getExpiresIn()));
            if (IdPClientConstants.PASSWORD_GRANT_TYPE.equals(orDefault)) {
                this.tokenCache.put(oAuth2TokenInfo.getAccessToken(), new ExternalSession(str2, oAuth2TokenInfo.getAccessToken()));
            }
            return hashMap;
        } catch (IOException e) {
            String str7 = "Error occurred while parsing token response for user. Response: '" + generatePasswordGrantAccessToken.body().toString() + "'.";
            LOG.error(str7, e);
            throw new IdPClientException(str7, e);
        }
    }

    public Map<String, String> authCodeLogin(String str, String str2) throws IdPClientException {
        HashMap hashMap = new HashMap();
        String str3 = str.split("/\\|?")[0];
        if (!this.oAuthAppInfoMap.keySet().contains(str3)) {
            str3 = "sp";
        }
        OAuthApplicationInfo oAuthApplicationInfo = this.oAuthAppInfoMap.get(str3);
        Response generateAuthCodeGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateAuthCodeGrantAccessToken(str2, this.baseUrl + ExternalIdPClientConstants.CALLBACK_URL + str3, null, oAuthApplicationInfo.getClientId(), oAuthApplicationInfo.getClientSecret());
        if (generateAuthCodeGrantAccessToken == null) {
            String str4 = "Error occurred while generating an access token from code '" + str2 + "'. Response is null.";
            LOG.error(str4);
            throw new IdPClientException(str4);
        }
        if (generateAuthCodeGrantAccessToken.status() != 200) {
            if (generateAuthCodeGrantAccessToken.status() != 401) {
                String str5 = "Token generation request failed. HTTP error code: '" + generateAuthCodeGrantAccessToken.status() + "'. Error Response Body: '" + generateAuthCodeGrantAccessToken.body().toString() + "'.";
                LOG.error(str5);
                throw new IdPClientException(str5);
            }
            hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
            hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
            hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, "Unauthorized user for accessing token form code '" + str2 + "'. for the app context, '" + str + "'");
            return hashMap;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("A new access token from code is successfully generated for the code '" + str2 + "'.");
        }
        try {
            OAuth2TokenInfo oAuth2TokenInfo = (OAuth2TokenInfo) new GsonDecoder().decode(generateAuthCodeGrantAccessToken, OAuth2TokenInfo.class);
            hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_SUCCESS);
            hashMap.put(IdPClientConstants.ACCESS_TOKEN, oAuth2TokenInfo.getAccessToken());
            hashMap.put(IdPClientConstants.REFRESH_TOKEN, oAuth2TokenInfo.getRefreshToken());
            hashMap.put(IdPClientConstants.ID_TOKEN_KEY, oAuth2TokenInfo.getIdToken());
            hashMap.put(IdPClientConstants.VALIDITY_PERIOD, Long.toString(oAuth2TokenInfo.getExpiresIn()));
            hashMap.put("Redirect_Url", this.baseUrl + (this.baseUrl.endsWith(ExternalIdPClientConstants.FORWARD_SLASH) ? str : ExternalIdPClientConstants.FORWARD_SLASH + str));
            Response introspectAccessToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectAccessToken(oAuth2TokenInfo.getAccessToken());
            String str6 = null;
            if (introspectAccessToken.status() == 200) {
                str6 = ((OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectAccessToken, OAuth2IntrospectionResponse.class)).getUsername();
                hashMap.put(IdPClientConstants.USERNAME, str6);
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to get the username from introspection of the token '" + oAuth2TokenInfo.getAccessToken() + "'. Response : '" + introspectAccessToken.toString());
            }
            if (str6 != null) {
                this.tokenCache.put(oAuth2TokenInfo.getAccessToken(), new ExternalSession(str6, oAuth2TokenInfo.getAccessToken()));
            }
            return hashMap;
        } catch (IOException e) {
            String str7 = "Error occurred while parsing token response. Response : '" + generateAuthCodeGrantAccessToken.body().toString() + "'";
            LOG.error(str7, e);
            throw new IdPClientException(str7, e);
        }
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Map<String, String> logout(Map<String, String> map) throws IdPClientException {
        String str = map.get(IdPClientConstants.ACCESS_TOKEN);
        String orDefault = map.getOrDefault(IdPClientConstants.APP_NAME, "sp");
        if (!this.oAuthAppInfoMap.keySet().contains(orDefault)) {
            orDefault = "sp";
        }
        this.tokenCache.invalidate(str);
        this.oAuth2ServiceStubs.getRevokeServiceStub().revokeAccessToken(str, this.oAuthAppInfoMap.get(orDefault).getClientId(), this.oAuthAppInfoMap.get(orDefault).getClientSecret());
        HashMap hashMap = new HashMap();
        String orDefault2 = map.getOrDefault(IdPClientConstants.ID_TOKEN_KEY, null);
        if (!this.isSSOEnabled || orDefault2 == null) {
            hashMap.put(IdPClientConstants.RETURN_LOGOUT_PROPERTIES, "false");
        } else {
            hashMap.put(IdPClientConstants.RETURN_LOGOUT_PROPERTIES, "true");
            hashMap.put(ExternalIdPClientConstants.EXTERNAL_SSO_LOGOUT_URL, this.ssoLogoutURL.concat(ExternalIdPClientConstants.SSO_LOGING_ID_TOKEN_TAIL).concat(orDefault2));
        }
        return hashMap;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public String authenticate(String str) throws AuthenticationException, IdPClientException {
        ExternalSession externalSession = (ExternalSession) this.tokenCache.getIfPresent(str);
        if (externalSession != null) {
            return externalSession.getUserName();
        }
        Response introspectAccessToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectAccessToken(str);
        if (introspectAccessToken == null) {
            String str2 = "Error occurred while authenticating token '" + str + "'. Response is null.";
            LOG.error(str2);
            throw new IdPClientException(str2);
        }
        try {
            if (introspectAccessToken.status() == 200) {
                OAuth2IntrospectionResponse oAuth2IntrospectionResponse = (OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectAccessToken, OAuth2IntrospectionResponse.class);
                if (!oAuth2IntrospectionResponse.isActive()) {
                    throw new AuthenticationException("The token is not active");
                }
                String username = oAuth2IntrospectionResponse.getUsername();
                this.tokenCache.put(username, new ExternalSession(username, str));
                return username;
            }
            if (introspectAccessToken.status() != 400) {
                throw new IdPClientException("Error occurred while authenticating. Error: '" + introspectAccessToken.body().toString() + "'. Status Code: '" + introspectAccessToken.status() + "'.");
            }
            try {
                DCRError dCRError = (DCRError) new GsonDecoder().decode(introspectAccessToken, DCRError.class);
                throw new IdPClientException("Error occurred while introspecting the token. Error: " + dCRError.getError() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + introspectAccessToken.status());
            } catch (IOException e) {
                throw new IdPClientException("Error occurred while parsing the Introspection error message.", e);
            }
        } catch (IOException e2) {
            throw new IdPClientException("Error occurred while parsing the authentication response.", e2);
        }
    }

    private void registerApplication(String str, String str2, String str3) throws IdPClientException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(IdPClientConstants.PASSWORD_GRANT_TYPE);
        arrayList.add(IdPClientConstants.AUTHORIZATION_CODE_GRANT_TYPE);
        arrayList.add(IdPClientConstants.REFRESH_GRANT_TYPE);
        String str4 = str2.equals("sp") ? ExternalIdPClientConstants.REGEX_BASE_START + this.baseUrl + ExternalIdPClientConstants.CALLBACK_URL + ExternalIdPClientConstants.REGEX_BASE_END : ExternalIdPClientConstants.REGEX_BASE_START + this.baseUrl + ExternalIdPClientConstants.CALLBACK_URL + str + ExternalIdPClientConstants.REGEX_BASE_END;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating OAuth2 application of name '" + str2 + "'.");
        }
        DCRClientInfo dCRClientInfo = new DCRClientInfo();
        dCRClientInfo.setClientName(str2);
        dCRClientInfo.setGrantTypes(arrayList);
        dCRClientInfo.addCallbackUrl(str4);
        dCRClientInfo.setUserinfoSignedResponseAlg(this.signingAlgo);
        dCRClientInfo.setExtParamOwner(str3);
        Response registerApplication = this.dcrmServiceStub.registerApplication(new Gson().toJson(dCRClientInfo));
        if (registerApplication == null) {
            String str5 = "Error occurred while DCR application '" + dCRClientInfo + "' creation. Response is null.";
            LOG.error(str5);
            throw new IdPClientException(str5);
        }
        if (registerApplication.status() == 201) {
            try {
                DCRClientInfo dCRClientInfo2 = (DCRClientInfo) new GsonDecoder().decode(registerApplication, DCRClientInfo.class);
                OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo(str2, dCRClientInfo2.getClientId(), dCRClientInfo2.getClientSecret());
                this.oAuthAppInfoMap.replace(str, oAuthApplicationInfo);
                this.oAuthAppDAO.addOAuthApp(oAuthApplicationInfo);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("OAuth2 application created: " + oAuthApplicationInfo.toString());
                }
                return;
            } catch (IOException e) {
                String str6 = "Error occurred while parsing the DCR application creation response message. Response: '" + registerApplication.body().toString() + "'.";
                LOG.error(str6, e);
                throw new IdPClientException(str6, e);
            }
        }
        if (registerApplication.status() != 400) {
            String str7 = "Error occurred while DCR application creation. Error: '" + registerApplication.body().toString() + "'. Status Code: '" + registerApplication.status() + "'.";
            LOG.error(str7);
            throw new IdPClientException(str7);
        }
        try {
            DCRError dCRError = (DCRError) new GsonDecoder().decode(registerApplication, DCRError.class);
            String str8 = "Error occurred while DCR application creation. Error: " + dCRError.getError() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + registerApplication.status();
            LOG.error(str8);
            throw new IdPClientException(str8);
        } catch (IOException e2) {
            String str9 = "Error occurred while parsing the DCR error message. Error: '" + registerApplication.body().toString() + "'.";
            LOG.error(str9, e2);
            throw new IdPClientException(str9, e2);
        }
    }
}
