package org.wso2.carbon.apimgt.keymgt.issuers;

import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.ApplicationDTO;
import org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO;
import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.MethodStats;
import org.wso2.carbon.apimgt.keymgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.keymgt.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext;
import org.wso2.carbon.apimgt.keymgt.token.APIMJWTGenerator;
import org.wso2.carbon.apimgt.keymgt.token.TokenGenerator;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtDataHolder;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/APIMTokenIssuer.class */
public class APIMTokenIssuer extends OauthTokenIssuerImpl {
    private static final Log log;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/APIMTokenIssuer$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return APIMTokenIssuer.accessToken_aroundBody0((APIMTokenIssuer) objArr2[0], (OAuthTokenReqMessageContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/APIMTokenIssuer$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.longObject(APIMTokenIssuer.getSecondsTillExpiry_aroundBody2((APIMTokenIssuer) objArr2[0], Conversions.longValue(objArr2[1]), (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/APIMTokenIssuer$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return APIMTokenIssuer.getAccessTokenHash_aroundBody4((APIMTokenIssuer) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/APIMTokenIssuer$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(APIMTokenIssuer.renewAccessTokenPerRequest_aroundBody6((APIMTokenIssuer) objArr2[0], (OAuthTokenReqMessageContext) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(APIMTokenIssuer.class);
    }

    public String accessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws OAuthSystemException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, oAuthTokenReqMessageContext);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, oAuthTokenReqMessageContext, makeJP}).linkClosureAndJoinPoint(69648)) : accessToken_aroundBody0(this, oAuthTokenReqMessageContext, makeJP);
    }

    private long getSecondsTillExpiry(long j) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, Conversions.longObject(j));
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.longValue(MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, Conversions.longObject(j), makeJP}).linkClosureAndJoinPoint(69648))) : getSecondsTillExpiry_aroundBody2(this, j, makeJP);
    }

    public String getAccessTokenHash(String str) throws OAuthSystemException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648)) : getAccessTokenHash_aroundBody4(this, str, makeJP);
    }

    public boolean renewAccessTokenPerRequest(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, oAuthTokenReqMessageContext);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, oAuthTokenReqMessageContext, makeJP}).linkClosureAndJoinPoint(69648))) : renewAccessTokenPerRequest_aroundBody6(this, oAuthTokenReqMessageContext, makeJP);
    }

    static final String accessToken_aroundBody0(APIMTokenIssuer aPIMTokenIssuer, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, JoinPoint joinPoint) {
        TokenGenerator tokenGenerator;
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        try {
            long nanoTime = log.isDebugEnabled() ? System.nanoTime() : 0L;
            Application applicationByClientId = APIUtil.getApplicationByClientId(clientId);
            if (log.isDebugEnabled()) {
                log.debug("Time taken to load the Application from database in milliseconds : " + ((System.nanoTime() - nanoTime) / 1000000));
            }
            if (applicationByClientId == null || !"JWT".equals(applicationByClientId.getTokenType())) {
                return super.accessToken(oAuthTokenReqMessageContext);
            }
            List asList = Arrays.asList(OAuth2Util.getAppInformationByClientId(clientId).getAudiences());
            String[] scope = oAuthTokenReqMessageContext.getScope();
            StringBuilder sb = new StringBuilder();
            for (String str : scope) {
                sb.append(str).append(" ");
            }
            ApplicationDTO applicationDTO = new ApplicationDTO();
            applicationDTO.setId(applicationByClientId.getId());
            applicationDTO.setName(applicationByClientId.getName());
            applicationDTO.setTier(applicationByClientId.getTier());
            applicationDTO.setOwner(applicationByClientId.getOwner());
            JwtTokenInfoDTO jwtTokenInfoDTO = APIUtil.getJwtTokenInfoDTO(applicationByClientId, oAuthTokenReqMessageContext.getAuthorizedUser().toFullQualifiedUsername(), oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain());
            jwtTokenInfoDTO.setScopes(sb.toString().trim());
            jwtTokenInfoDTO.setAudience(asList);
            jwtTokenInfoDTO.setExpirationTime(aPIMTokenIssuer.getSecondsTillExpiry(oAuthTokenReqMessageContext.getValidityPeriod()));
            jwtTokenInfoDTO.setApplication(applicationDTO);
            jwtTokenInfoDTO.setKeyType(applicationByClientId.getKeyType());
            jwtTokenInfoDTO.setConsumerKey(clientId);
            boolean parseBoolean = Boolean.parseBoolean(ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("JWTConfiguration.EnableJWTGeneration"));
            if (log.isDebugEnabled()) {
                log.debug("JWT Generation for backend enabled : " + parseBoolean);
            }
            if (parseBoolean && (tokenGenerator = APIKeyMgtDataHolder.getTokenGenerator()) != null) {
                TokenValidationContext tokenValidationContext = new TokenValidationContext();
                APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
                aPIKeyValidationInfoDTO.setEndUserName(oAuthTokenReqMessageContext.getAuthorizedUser().toFullQualifiedUsername());
                aPIKeyValidationInfoDTO.setSubscriber(applicationByClientId.getOwner());
                aPIKeyValidationInfoDTO.setApplicationName(applicationByClientId.getName());
                aPIKeyValidationInfoDTO.setApplicationId(String.valueOf(applicationByClientId.getId()));
                aPIKeyValidationInfoDTO.setType(applicationByClientId.getKeyType());
                aPIKeyValidationInfoDTO.setApplicationTier(applicationByClientId.getTier());
                tokenValidationContext.setValidationInfoDTO(aPIKeyValidationInfoDTO);
                jwtTokenInfoDTO.setBackendJwt(tokenGenerator.generateToken(tokenValidationContext));
            }
            String generateJWT = new APIMJWTGenerator().generateJWT(jwtTokenInfoDTO);
            if (log.isDebugEnabled()) {
                log.debug("Time taken to generate the JWG in milliseconds : " + ((System.nanoTime() - nanoTime) / 1000000));
            }
            return generateJWT;
        } catch (APIManagementException e) {
            log.error("Error occurred while getting JWT Token client ID : " + clientId, e);
            throw new OAuthSystemException("Error occurred while getting JWT Token client ID : " + clientId, e);
        } catch (InvalidOAuthClientException e2) {
            log.error("Error occurred while getting JWT Token client ID : " + clientId + " when getting oAuth App information", e2);
            throw new OAuthSystemException("Error occurred while getting JWT Token client ID : " + clientId, e2);
        } catch (IdentityOAuth2Exception e3) {
            log.error("Error occurred while getting JWT Token client ID : " + clientId + " when getting oAuth App information", e3);
            throw new OAuthSystemException("Error occurred while getting JWT Token client ID : " + clientId, e3);
        }
    }

    static final long getSecondsTillExpiry_aroundBody2(APIMTokenIssuer aPIMTokenIssuer, long j, JoinPoint joinPoint) {
        if (j == -1) {
            return Long.parseLong(KeyManagerHolder.getKeyManagerInstance().getKeyManagerConfiguration().getParameter("VALIDITY_PERIOD"));
        }
        if (j == -2) {
            return 2147483647L;
        }
        return j;
    }

    static final String getAccessTokenHash_aroundBody4(APIMTokenIssuer aPIMTokenIssuer, String str, JoinPoint joinPoint) {
        if (!StringUtils.isNotEmpty(str) || !str.contains(".")) {
            return str;
        }
        try {
            return JWTParser.parse(str).getJWTClaimsSet().getJWTID();
        } catch (ParseException e) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("AccessToken")) {
                log.debug("Error while getting JWTID from token: " + str);
            }
            throw new OAuthSystemException("Error while getting access token hash", e);
        }
    }

    static final boolean renewAccessTokenPerRequest_aroundBody6(APIMTokenIssuer aPIMTokenIssuer, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, JoinPoint joinPoint) {
        try {
            Application applicationByClientId = APIUtil.getApplicationByClientId(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
            if (applicationByClientId != null) {
                return "JWT".equals(applicationByClientId.getTokenType());
            }
            return false;
        } catch (APIManagementException e) {
            log.error("Error occurred while getting Token type.", e);
            return false;
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("APIMTokenIssuer.java", APIMTokenIssuer.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "accessToken", "org.wso2.carbon.apimgt.keymgt.issuers.APIMTokenIssuer", "org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext", "tokReqMsgCtx", "org.apache.oltu.oauth2.common.exception.OAuthSystemException", "java.lang.String"), 62);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getSecondsTillExpiry", "org.wso2.carbon.apimgt.keymgt.issuers.APIMTokenIssuer", "long", "validityPeriod", "org.wso2.carbon.apimgt.api.APIManagementException", "long"), 154);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getAccessTokenHash", "org.wso2.carbon.apimgt.keymgt.issuers.APIMTokenIssuer", "java.lang.String", "accessToken", "org.apache.oltu.oauth2.common.exception.OAuthSystemException", "java.lang.String"), 168);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "renewAccessTokenPerRequest", "org.wso2.carbon.apimgt.keymgt.issuers.APIMTokenIssuer", "org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext", "tokReqMsgCtx", "", "boolean"), 185);
    }
}
