package org.wso2.carbon.apimgt.keymgt.token;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.KeyManager;
import org.wso2.carbon.apimgt.impl.dto.JWTConfigurationDto;
import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.token.ClaimsRetriever;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.MethodStats;
import org.wso2.carbon.apimgt.keymgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.keymgt.model.entity.Application;
import org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext;
import org.wso2.carbon.claim.mgt.ClaimManagementException;
import org.wso2.carbon.claim.mgt.ClaimManagerHandler;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

@MethodStats
/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/JWTGenerator.class */
public class JWTGenerator extends AbstractJWTGenerator {
    private static final Log log;
    private static final String OIDC_DIALECT_URI = "http://wso2.org/oidc/claim";
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/JWTGenerator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTGenerator.populateStandardClaims_aroundBody0((JWTGenerator) objArr2[0], (TokenValidationContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/JWTGenerator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTGenerator.populateCustomClaims_aroundBody2((JWTGenerator) objArr2[0], (TokenValidationContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/JWTGenerator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTGenerator.convertClaimMap_aroundBody4((JWTGenerator) objArr2[0], (Map) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(JWTGenerator.class);
    }

    @Override // org.wso2.carbon.apimgt.keymgt.token.AbstractJWTGenerator
    public Map<String, String> populateStandardClaims(TokenValidationContext tokenValidationContext) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, tokenValidationContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (Map) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, tokenValidationContext, makeJP}).linkClosureAndJoinPoint(69648)) : populateStandardClaims_aroundBody0(this, tokenValidationContext, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.keymgt.token.AbstractJWTGenerator
    public Map<String, String> populateCustomClaims(TokenValidationContext tokenValidationContext) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, tokenValidationContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (Map) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, tokenValidationContext, makeJP}).linkClosureAndJoinPoint(69648)) : populateCustomClaims_aroundBody2(this, tokenValidationContext, makeJP);
    }

    protected Map<String, String> convertClaimMap(Map<ClaimMapping, String> map, String str) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, map, str);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (Map) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, map, str, makeJP}).linkClosureAndJoinPoint(69648)) : convertClaimMap_aroundBody4(this, map, str, makeJP);
    }

    static final Map populateStandardClaims_aroundBody0(JWTGenerator jWTGenerator, TokenValidationContext tokenValidationContext, JoinPoint joinPoint) {
        long currentTimeMillis = System.currentTimeMillis();
        long ttl = currentTimeMillis + (jWTGenerator.getTTL() * 1000);
        ClaimsRetriever claimsRetriever = jWTGenerator.getClaimsRetriever();
        String dialectURI = claimsRetriever != null ? claimsRetriever.getDialectURI(tokenValidationContext.getValidationInfoDTO().getEndUserName()) : jWTGenerator.getDialectURI();
        String subscriber = tokenValidationContext.getValidationInfoDTO().getSubscriber();
        String applicationName = tokenValidationContext.getValidationInfoDTO().getApplicationName();
        String applicationId = tokenValidationContext.getValidationInfoDTO().getApplicationId();
        String tier = tokenValidationContext.getValidationInfoDTO().getTier();
        String endUserName = tokenValidationContext.getValidationInfoDTO().getEndUserName();
        String type = tokenValidationContext.getValidationInfoDTO().getType();
        String userType = tokenValidationContext.getValidationInfoDTO().getUserType();
        String applicationTier = tokenValidationContext.getValidationInfoDTO().getApplicationTier();
        String valueOf = String.valueOf(APIUtil.getTenantId(endUserName));
        String apiName = tokenValidationContext.getValidationInfoDTO().getApiName();
        Application applicationById = jWTGenerator.getApplicationById(tokenValidationContext.getValidationInfoDTO().getSubscriberTenantDomain(), Integer.parseInt(applicationId));
        String str = null;
        Map<String, String> map = null;
        if (applicationById != null) {
            map = applicationById.getAttributes();
            str = applicationById.getUUID();
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(endUserName);
        LinkedHashMap linkedHashMap = new LinkedHashMap(20);
        try {
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(tokenValidationContext.getValidationInfoDTO().getConsumerKey());
            if (appInformationByClientId != null && appInformationByClientId.getAudiences() != null) {
                linkedHashMap.put("aud", "[\"" + StringUtils.join(appInformationByClientId.getAudiences(), "\",\"") + "\"]");
            }
            linkedHashMap.put("iss", AbstractJWTGenerator.API_GATEWAY_ID);
            linkedHashMap.put("exp", String.valueOf(ttl));
            linkedHashMap.put("iat", String.valueOf(currentTimeMillis));
            linkedHashMap.put("sub", tenantAwareUsername);
            linkedHashMap.put(String.valueOf(dialectURI) + "/subscriber", subscriber);
            linkedHashMap.put(String.valueOf(dialectURI) + "/applicationid", applicationId);
            linkedHashMap.put(String.valueOf(dialectURI) + "/applicationname", applicationName);
            linkedHashMap.put(String.valueOf(dialectURI) + "/applicationtier", applicationTier);
            linkedHashMap.put(String.valueOf(dialectURI) + "/apiname", apiName);
            linkedHashMap.put(String.valueOf(dialectURI) + "/apicontext", tokenValidationContext.getContext());
            linkedHashMap.put(String.valueOf(dialectURI) + "/version", tokenValidationContext.getVersion());
            linkedHashMap.put(String.valueOf(dialectURI) + "/tier", tier);
            linkedHashMap.put(String.valueOf(dialectURI) + "/keytype", type);
            linkedHashMap.put(String.valueOf(dialectURI) + "/usertype", userType);
            linkedHashMap.put(String.valueOf(dialectURI) + "/enduser", APIUtil.getUserNameWithTenantSuffix(endUserName));
            linkedHashMap.put(String.valueOf(dialectURI) + "/enduserTenantId", valueOf);
            linkedHashMap.put(String.valueOf(dialectURI) + "/applicationUUId", str);
            if (map != null) {
                try {
                    if (!map.isEmpty()) {
                        linkedHashMap.put(String.valueOf(dialectURI) + "/applicationAttributes", new ObjectMapper().writeValueAsString(map));
                    }
                } catch (JsonProcessingException unused) {
                    log.error("Error in converting Map to String");
                }
            }
            return linkedHashMap;
        } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
            log.error("Error occurred while getting JWT Token client ID : " + tokenValidationContext.getValidationInfoDTO().getConsumerKey() + " when getting oAuth App information", e);
            throw new APIManagementException("Error occurred while getting JWT Token client ID : " + tokenValidationContext.getValidationInfoDTO().getConsumerKey(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v36, types: [java.util.Map] */
    static final Map populateCustomClaims_aroundBody2(JWTGenerator jWTGenerator, TokenValidationContext tokenValidationContext, JoinPoint joinPoint) {
        JWTConfigurationDto jwtConfigurationDto = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getJwtConfigurationDto();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        String endUserName = tokenValidationContext.getValidationInfoDTO().getEndUserName();
        int tenantId = APIUtil.getTenantId(endUserName);
        if (jwtConfigurationDto.isEnableUserClaims()) {
            String accessToken = tokenValidationContext.getAccessToken();
            if (accessToken != null) {
                hashMap2.put("accessToken", accessToken);
            }
            String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("ConsumerDialectURI");
            if (!StringUtils.isEmpty(firstProperty)) {
                hashMap2.put("dialect", firstProperty);
            }
            KeyManager keyManagerInstance = KeyManagerHolder.getKeyManagerInstance(APIUtil.getTenantDomainFromTenantId(tenantId), tokenValidationContext.getValidationInfoDTO().getKeyManager());
            if (keyManagerInstance != null) {
                hashMap = keyManagerInstance.getUserClaims(endUserName, hashMap2);
                if (log.isDebugEnabled()) {
                    log.debug("Retrieved claims :" + hashMap);
                }
            }
        }
        ClaimsRetriever claimsRetriever = jWTGenerator.getClaimsRetriever();
        if (claimsRetriever != null) {
            hashMap.putAll(claimsRetriever.getClaims(endUserName));
        }
        return hashMap;
    }

    static final Map convertClaimMap_aroundBody4(JWTGenerator jWTGenerator, Map map, String str, JoinPoint joinPoint) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry entry : map.entrySet()) {
            Claim localClaim = ((ClaimMapping) entry.getKey()).getLocalClaim();
            if (localClaim == null) {
                localClaim = ((ClaimMapping) entry.getKey()).getRemoteClaim();
            }
            hashMap.put(localClaim.getClaimUri(), (String) entry.getValue());
            hashMap2.put(localClaim.getClaimUri(), (String) entry.getValue());
        }
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("JWTConfiguration.ConvertClaimsToConsumerDialect");
        if (firstProperty != null && !Boolean.parseBoolean(firstProperty)) {
            return hashMap;
        }
        String tenantDomainFromTenantId = APIUtil.getTenantDomainFromTenantId(APIUtil.getTenantId(str));
        ClaimsRetriever claimsRetriever = jWTGenerator.getClaimsRetriever();
        String dialectURI = claimsRetriever != null ? claimsRetriever.getDialectURI(str) : jWTGenerator.getDialectURI();
        try {
            Map mappingsMapFromOtherDialectToCarbon = new ClaimMetadataHandler().getMappingsMapFromOtherDialectToCarbon(OIDC_DIALECT_URI, new HashSet(hashMap.keySet()), tenantDomainFromTenantId, true);
            Map mappingsMapFromCarbonDialectToOther = ClaimManagerHandler.getInstance().getMappingsMapFromCarbonDialectToOther(dialectURI, mappingsMapFromOtherDialectToCarbon.keySet(), tenantDomainFromTenantId);
            for (Map.Entry entry2 : hashMap.entrySet()) {
                for (Map.Entry entry3 : mappingsMapFromOtherDialectToCarbon.entrySet()) {
                    if (((String) entry2.getKey()).equals(entry3.getValue())) {
                        for (Map.Entry entry4 : mappingsMapFromCarbonDialectToOther.entrySet()) {
                            if (((String) entry4.getValue()).equals(entry3.getKey())) {
                                hashMap2.remove(entry2.getKey());
                                hashMap2.put((String) entry4.getKey(), (String) entry2.getValue());
                            }
                        }
                    }
                }
            }
            return hashMap2;
        } catch (ClaimMetadataException e) {
            throw new APIManagementException("Error while mapping claims from Carbon dialect to http://wso2.org/oidc/claim dialect", e);
        } catch (ClaimManagementException e2) {
            throw new APIManagementException("Error while mapping claims from configured dialect to Carbon dialect", e2);
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("JWTGenerator.java", JWTGenerator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "populateStandardClaims", "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator", "org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext", "validationContext", "org.wso2.carbon.apimgt.api.APIManagementException", "java.util.Map"), 64);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "populateCustomClaims", "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator", "org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext", "validationContext", "org.wso2.carbon.apimgt.api.APIManagementException", "java.util.Map"), 147);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "convertClaimMap", "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator", "java.util.Map:java.lang.String", "userAttributes:username", "org.wso2.carbon.apimgt.api.APIManagementException", "java.util.Map"), 186);
    }
}
