package org.wso2.carbon.apimgt.rest.api.admin.v1.impl;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import feign.Feign;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.stream.Stream;
import javax.ws.rs.core.Response;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.ExceptionCodes;
import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.impl.APIAdminImpl;
import org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient;
import org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder;
import org.wso2.carbon.apimgt.impl.kmclient.model.OpenIDConnectDiscoveryClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService;
import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.ClaimMappingEntryDTO;
import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO;
import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO;
import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO;
import org.wso2.carbon.apimgt.rest.api.admin.v1.utils.mappings.KeyManagerMappingUtil;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.IdentityProviderProperty;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.class */
public class KeyManagersApiServiceImpl implements KeyManagersApiService {
    private static final Log log = LogFactory.getLog(KeyManagersApiServiceImpl.class);

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersDiscoverPost(String str, String str2, MessageContext messageContext) throws APIManagementException {
        if (StringUtils.isNotEmpty(str)) {
            Gson create = new GsonBuilder().serializeNulls().create();
            OpenIdConnectConfiguration openIdConnectConfiguration = ((OpenIDConnectDiscoveryClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(str))).encoder(new GsonEncoder(create)).decoder(new GsonDecoder(create)).errorDecoder(new KMClientErrorDecoder()).target(OpenIDConnectDiscoveryClient.class, str)).getOpenIdConnectConfiguration();
            if (openIdConnectConfiguration != null) {
                KeyManagerWellKnownResponseDTO fromOpenIdConnectConfigurationToKeyManagerConfiguration = KeyManagerMappingUtil.fromOpenIdConnectConfigurationToKeyManagerConfiguration(openIdConnectConfiguration);
                fromOpenIdConnectConfigurationToKeyManagerConfiguration.getValue().setWellKnownEndpoint(str);
                fromOpenIdConnectConfigurationToKeyManagerConfiguration.getValue().setType(str2);
                return Response.ok().entity(fromOpenIdConnectConfigurationToKeyManagerConfiguration).build();
            }
        }
        return Response.ok(new KeyManagerWellKnownResponseDTO()).build();
    }

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersGet(MessageContext messageContext) throws APIManagementException {
        String organization = RestApiUtil.getOrganization(messageContext);
        List<KeyManagerConfigurationDTO> keyManagerConfigurationsByOrganization = new APIAdminImpl().getKeyManagerConfigurationsByOrganization(organization);
        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurationsByOrganization) {
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType())) {
                try {
                    if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                        IdentityProvider idPByResourceId = IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), APIUtil.getTenantDomainFromTenantId(APIUtil.getInternalOrganizationId(organization)), Boolean.FALSE.booleanValue());
                        keyManagerConfigurationDTO.setDescription(idPByResourceId.getIdentityProviderDescription());
                        keyManagerConfigurationDTO.setEnabled(idPByResourceId.isEnable());
                    }
                } catch (IdentityProviderManagementException e) {
                    throw new APIManagementException("IdP retrieval failed. " + e.getMessage(), e, ExceptionCodes.IDP_RETRIEVAL_FAILED);
                }
            }
        }
        return Response.ok().entity(KeyManagerMappingUtil.toKeyManagerListDTO(keyManagerConfigurationsByOrganization)).build();
    }

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersKeyManagerIdDelete(String str, MessageContext messageContext) throws APIManagementException {
        String organization = RestApiUtil.getOrganization(messageContext);
        APIAdminImpl aPIAdminImpl = new APIAdminImpl();
        KeyManagerConfigurationDTO keyManagerConfigurationById = aPIAdminImpl.getKeyManagerConfigurationById(organization, str);
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationById.getTokenType())) {
            try {
                if (keyManagerConfigurationById.getExternalReferenceId() != null) {
                    IdentityProviderManager.getInstance().deleteIdPByResourceId(keyManagerConfigurationById.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(organization));
                }
            } catch (IdentityProviderManagementException e) {
                throw new APIManagementException("IdP deletion failed. " + e.getMessage(), e, ExceptionCodes.IDP_DELETION_FAILED);
            }
        }
        aPIAdminImpl.deleteKeyManagerConfigurationById(organization, str);
        return Response.ok().build();
    }

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersKeyManagerIdGet(String str, MessageContext messageContext) throws APIManagementException {
        String organization = RestApiUtil.getOrganization(messageContext);
        KeyManagerConfigurationDTO keyManagerConfigurationById = new APIAdminImpl().getKeyManagerConfigurationById(organization, str);
        if (keyManagerConfigurationById == null) {
            RestApiUtil.handleResourceNotFoundError("key manager", str, log);
            return null;
        }
        KeyManagerDTO keyManagerDTO = KeyManagerMappingUtil.toKeyManagerDTO(keyManagerConfigurationById);
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationById.getTokenType())) {
            try {
                if (keyManagerConfigurationById.getExternalReferenceId() != null) {
                    mergeIdpWithKeyManagerConfiguration(IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationById.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(organization), Boolean.FALSE.booleanValue()), keyManagerDTO);
                }
            } catch (IdentityProviderManagementException e) {
                throw new APIManagementException("IdP retrieval failed. " + e.getMessage(), e, ExceptionCodes.IDP_RETRIEVAL_FAILED);
            }
        }
        return Response.ok(keyManagerDTO).build();
    }

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersKeyManagerIdPut(String str, KeyManagerDTO keyManagerDTO, MessageContext messageContext) throws APIManagementException {
        String organization = RestApiUtil.getOrganization(messageContext);
        APIAdminImpl aPIAdminImpl = new APIAdminImpl();
        try {
            KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, keyManagerDTO);
            validateIdpTypeFromTokenType(keyManagerConfigurationDTO);
            keyManagerConfigurationDTO.setUuid(str);
            KeyManagerConfigurationDTO keyManagerConfigurationById = aPIAdminImpl.getKeyManagerConfigurationById(organization, str);
            if (keyManagerConfigurationById == null) {
                RestApiUtil.handleResourceNotFoundError("key manager", str, log);
                return null;
            }
            if (!keyManagerConfigurationById.getName().equals(keyManagerConfigurationDTO.getName())) {
                RestApiUtil.handleBadRequest("Key Manager name couldn't able to change", log);
            }
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerDTO.getTokenType().toString())) {
                keyManagerConfigurationDTO.setExternalReferenceId(IdentityProviderManager.getInstance().updateIdPByResourceId(keyManagerConfigurationById.getExternalReferenceId(), createIdp(keyManagerConfigurationDTO, keyManagerDTO, organization), APIUtil.getInternalOrganizationDomain(organization)).getResourceId());
            }
            return Response.ok(KeyManagerMappingUtil.toKeyManagerDTO(aPIAdminImpl.updateKeyManagerConfiguration(keyManagerConfigurationDTO))).build();
        } catch (IdentityProviderManagementException e) {
            throw new APIManagementException("IdP adding failed. " + e.getMessage(), e, ExceptionCodes.IDP_ADDING_FAILED);
        } catch (APIManagementException e2) {
            RestApiUtil.handleInternalServerError("Error while Retrieving Key Manager configuration for " + str + " in organization " + organization, e2, log);
            return null;
        }
    }

    @Override // org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService
    public Response keyManagersPost(KeyManagerDTO keyManagerDTO, MessageContext messageContext) throws APIManagementException {
        String organization = RestApiUtil.getOrganization(messageContext);
        APIAdminImpl aPIAdminImpl = new APIAdminImpl();
        try {
            KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, keyManagerDTO);
            validateIdpTypeFromTokenType(keyManagerConfigurationDTO);
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerDTO.getTokenType().toString())) {
                keyManagerConfigurationDTO.setUuid(UUID.randomUUID().toString());
                keyManagerConfigurationDTO.setExternalReferenceId(IdentityProviderManager.getInstance().addIdPWithResourceId(createIdp(keyManagerConfigurationDTO, keyManagerDTO, organization), APIUtil.getInternalOrganizationDomain(organization)).getResourceId());
            }
            KeyManagerConfigurationDTO addKeyManagerConfiguration = aPIAdminImpl.addKeyManagerConfiguration(keyManagerConfigurationDTO);
            return Response.created(new URI("/key-managers/" + addKeyManagerConfiguration.getUuid())).entity(KeyManagerMappingUtil.toKeyManagerDTO(addKeyManagerConfiguration)).build();
        } catch (IdentityProviderManagementException e) {
            throw new APIManagementException("IdP adding failed. " + e.getMessage(), e, ExceptionCodes.IDP_ADDING_FAILED);
        } catch (URISyntaxException e2) {
            RestApiUtil.handleInternalServerError("Error while Creating Key Manager configuration in organization " + organization, e2, log);
            return null;
        }
    }

    private void validateIdpTypeFromTokenType(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        String tokenType = keyManagerConfigurationDTO.getTokenType();
        String type = keyManagerConfigurationDTO.getType();
        if (!StringUtils.equalsIgnoreCase(tokenType, KeyManagerConfiguration.TokenType.EXCHANGED.toString()) || Stream.of((Object[]) KeyManagerConfiguration.IdpTypeOfExchangedTokens.values()).anyMatch(idpTypeOfExchangedTokens -> {
            return StringUtils.equalsIgnoreCase(idpTypeOfExchangedTokens.toString(), type);
        })) {
            return;
        }
        String str = "Identity Provider type: " + type + " not allowed for the token type " + KeyManagerConfiguration.TokenType.EXCHANGED + ". Should be a value from " + Arrays.asList(KeyManagerConfiguration.IdpTypeOfExchangedTokens.values());
        throw new APIManagementException(str, ExceptionCodes.from(ExceptionCodes.INVALID_IDP_TYPE, new String[]{str}));
    }

    private IdentityProvider createIdp(KeyManagerConfigurationDTO keyManagerConfigurationDTO, KeyManagerDTO keyManagerDTO, String str) {
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setIdentityProviderName(sanitizeName(getSubstringOfTen(keyManagerConfigurationDTO.getName()) + "_" + str + "_" + keyManagerConfigurationDTO.getUuid()));
        identityProvider.setDisplayName(keyManagerConfigurationDTO.getDisplayName());
        identityProvider.setPrimary(Boolean.FALSE.booleanValue());
        identityProvider.setIdentityProviderDescription(keyManagerConfigurationDTO.getDescription());
        identityProvider.setAlias(keyManagerConfigurationDTO.getAlias());
        KeyManagerCertificatesDTO certificates = keyManagerDTO.getCertificates();
        ArrayList arrayList = new ArrayList();
        if (certificates != null) {
            if (certificates.getType().equals(KeyManagerCertificatesDTO.TypeEnum.JWKS)) {
                String value = certificates.getValue();
                if (StringUtils.isNotBlank(value)) {
                    IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
                    identityProviderProperty.setName("jwksUri");
                    identityProviderProperty.setValue(value);
                    arrayList.add(identityProviderProperty);
                }
            } else if (certificates.getType().equals(KeyManagerCertificatesDTO.TypeEnum.PEM)) {
                identityProvider.setCertificate(StringUtils.join(new String[]{certificates.getValue(), ""}));
            }
        }
        if (StringUtils.isNotBlank(keyManagerDTO.getIssuer())) {
            IdentityProviderProperty identityProviderProperty2 = new IdentityProviderProperty();
            identityProviderProperty2.setName("idpIssuerName");
            identityProviderProperty2.setValue(keyManagerDTO.getIssuer());
            arrayList.add(identityProviderProperty2);
        }
        if (arrayList.size() > 0) {
            identityProvider.setIdpProperties((IdentityProviderProperty[]) arrayList.toArray(new IdentityProviderProperty[0]));
        }
        identityProvider.setEnable(keyManagerConfigurationDTO.isEnabled());
        updateClaims(identityProvider, keyManagerDTO.getClaimMapping());
        return identityProvider;
    }

    private void updateClaims(IdentityProvider identityProvider, List<ClaimMappingEntryDTO> list) {
        if (list != null) {
            ClaimConfig claimConfig = new ClaimConfig();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (CollectionUtils.isNotEmpty(list)) {
                claimConfig.setLocalClaimDialect(false);
                for (ClaimMappingEntryDTO claimMappingEntryDTO : list) {
                    String remoteClaim = claimMappingEntryDTO.getRemoteClaim();
                    String localClaim = claimMappingEntryDTO.getLocalClaim();
                    ClaimMapping claimMapping = new ClaimMapping();
                    Claim claim = new Claim();
                    claim.setClaimUri(remoteClaim);
                    Claim claim2 = new Claim();
                    claim2.setClaimUri(localClaim);
                    claimMapping.setRemoteClaim(claim);
                    claimMapping.setLocalClaim(claim2);
                    arrayList.add(claimMapping);
                    arrayList2.add(claim);
                }
            } else {
                claimConfig.setLocalClaimDialect(true);
            }
            claimConfig.setClaimMappings((ClaimMapping[]) arrayList.toArray(new ClaimMapping[0]));
            claimConfig.setIdpClaims((Claim[]) arrayList2.toArray(new Claim[0]));
            identityProvider.setClaimConfig(claimConfig);
        }
    }

    private void mergeIdpWithKeyManagerConfiguration(IdentityProvider identityProvider, KeyManagerDTO keyManagerDTO) {
        keyManagerDTO.setDisplayName(identityProvider.getDisplayName());
        keyManagerDTO.setDescription(identityProvider.getIdentityProviderDescription());
        IdentityProviderProperty[] idpProperties = identityProvider.getIdpProperties();
        KeyManagerCertificatesDTO keyManagerCertificatesDTO = new KeyManagerCertificatesDTO();
        if (idpProperties.length > 0) {
            for (IdentityProviderProperty identityProviderProperty : idpProperties) {
                if (StringUtils.equals(identityProviderProperty.getName(), "jwksUri")) {
                    keyManagerCertificatesDTO.setType(KeyManagerCertificatesDTO.TypeEnum.JWKS);
                    keyManagerCertificatesDTO.setValue(identityProviderProperty.getValue());
                    keyManagerDTO.setCertificates(keyManagerCertificatesDTO);
                }
                if (StringUtils.equals(identityProviderProperty.getName(), "idpIssuerName")) {
                    keyManagerDTO.setIssuer(identityProviderProperty.getValue());
                }
            }
        } else if (StringUtils.isNotBlank(identityProvider.getCertificate())) {
            keyManagerCertificatesDTO.setType(KeyManagerCertificatesDTO.TypeEnum.PEM);
            keyManagerCertificatesDTO.setValue(identityProvider.getCertificate());
            keyManagerDTO.setCertificates(keyManagerCertificatesDTO);
        }
        keyManagerDTO.setEnabled(Boolean.valueOf(identityProvider.isEnable()));
        keyManagerDTO.setAlias(identityProvider.getAlias());
        ClaimConfig claimConfig = identityProvider.getClaimConfig();
        claimConfig.getIdpClaims();
        ArrayList arrayList = new ArrayList();
        for (ClaimMapping claimMapping : claimConfig.getClaimMappings()) {
            ClaimMappingEntryDTO claimMappingEntryDTO = new ClaimMappingEntryDTO();
            claimMappingEntryDTO.setLocalClaim(claimMapping.getLocalClaim().getClaimUri());
            claimMappingEntryDTO.setRemoteClaim(claimMapping.getRemoteClaim().getClaimUri());
            arrayList.add(claimMappingEntryDTO);
        }
        keyManagerDTO.setClaimMapping(arrayList);
    }

    private String sanitizeName(String str) {
        return str.replaceAll("[^a-zA-Z0-9-_\\.]", "_");
    }

    private String getSubstringOfTen(String str) {
        return str.length() < 10 ? str : str.substring(0, 10);
    }
}
