package org.wso2.carbon.apimgt.rest.api.util.impl;

import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.util.DateUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.message.Message;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.OAuthTokenInfo;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo;
import org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto;
import org.wso2.carbon.apimgt.impl.jwt.JWTValidator;
import org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.common.APIMConfigUtil;
import org.wso2.carbon.apimgt.rest.api.common.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.MethodStats;
import org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger;
import org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl.class */
public class OAuthJwtAuthenticatorImpl extends AbstractOAuthAuthenticator {
    private static final Log log;
    private static final String SUPER_TENANT_SUFFIX = "@carbon.super";
    private boolean isRESTApiTokenCacheEnabled;
    private Map<String, TokenIssuerDto> tokenIssuers = getTokenIssuers();
    private Map<String, List<String>> audiencesMap = APIMConfigUtil.getRestApiJWTAuthAudiences();
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;
    private static final JoinPoint.StaticPart ajc$tjp_7 = null;
    private static final JoinPoint.StaticPart ajc$tjp_8 = null;
    private static final JoinPoint.StaticPart ajc$tjp_9 = null;
    private static final JoinPoint.StaticPart ajc$tjp_10 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthJwtAuthenticatorImpl.authenticate_aroundBody0((OAuthJwtAuthenticatorImpl) objArr2[0], (Message) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthJwtAuthenticatorImpl.checkTokenExpiration_aroundBody10((OAuthJwtAuthenticatorImpl) objArr2[0], (Date) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.getJWTTokenIdentifier_aroundBody12((OAuthJwtAuthenticatorImpl) objArr2[0], (SignedJWTInfo) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure15.class */
    public class AjcClosure15 extends AroundClosure {
        public AjcClosure15(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthJwtAuthenticatorImpl.lambda$0_aroundBody14((String) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure17.class */
    public class AjcClosure17 extends AroundClosure {
        public AjcClosure17(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.lambda$1_aroundBody16((String) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure19.class */
    public class AjcClosure19 extends AroundClosure {
        public AjcClosure19(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.lambda$2_aroundBody18(Conversions.intValue(objArr2[0]), (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure21.class */
    public class AjcClosure21 extends AroundClosure {
        public AjcClosure21(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthJwtAuthenticatorImpl.lambda$3_aroundBody20(Conversions.intValue(objArr2[0]), (JoinPoint) objArr2[1]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthJwtAuthenticatorImpl.handleScopeValidation_aroundBody2((OAuthJwtAuthenticatorImpl) objArr2[0], (Message) objArr2[1], (SignedJWTInfo) objArr2[2], (String) objArr2[3], (JoinPoint) objArr2[4]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.getSignedJwt_aroundBody4((OAuthJwtAuthenticatorImpl) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.validateJWTToken_aroundBody6((OAuthJwtAuthenticatorImpl) objArr2[0], (SignedJWTInfo) objArr2[1], (String) objArr2[2], (String) objArr2[3], (String) objArr2[4], (URL) objArr2[5], (JoinPoint) objArr2[6]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthJwtAuthenticatorImpl.getTokenIssuers_aroundBody8((OAuthJwtAuthenticatorImpl) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(OAuthJwtAuthenticatorImpl.class);
    }

    @Override // org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator
    public boolean authenticate(Message message) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, message);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, message, makeJP}).linkClosureAndJoinPoint(69648))) : authenticate_aroundBody0(this, message, makeJP);
    }

    private boolean handleScopeValidation(Message message, SignedJWTInfo signedJWTInfo, String str) throws APIManagementException, ParseException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, new Object[]{message, signedJWTInfo, str});
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, message, signedJWTInfo, str, makeJP}).linkClosureAndJoinPoint(69648))) : handleScopeValidation_aroundBody2(this, message, signedJWTInfo, str, makeJP);
    }

    @MethodStats
    private SignedJWTInfo getSignedJwt(String str) throws ParseException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        return (MethodTimeLogger.isConfigEnabled() || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (SignedJWTInfo) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648)) : getSignedJwt_aroundBody4(this, str, makeJP);
    }

    @MethodStats
    private JWTValidationInfo validateJWTToken(SignedJWTInfo signedJWTInfo, String str, String str2, String str3, URL url) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, new Object[]{signedJWTInfo, str, str2, str3, url});
        return (MethodTimeLogger.isConfigEnabled() || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (JWTValidationInfo) MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, signedJWTInfo, str, str2, str3, url, makeJP}).linkClosureAndJoinPoint(69648)) : validateJWTToken_aroundBody6(this, signedJWTInfo, str, str2, str3, url, makeJP);
    }

    private Map<String, TokenIssuerDto> getTokenIssuers() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Map) MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getTokenIssuers_aroundBody8(this, makeJP);
    }

    private boolean checkTokenExpiration(Date date) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, date);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{this, date, makeJP}).linkClosureAndJoinPoint(69648))) : checkTokenExpiration_aroundBody10(this, date, makeJP);
    }

    private String getJWTTokenIdentifier(SignedJWTInfo signedJWTInfo) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this, signedJWTInfo);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure13(new Object[]{this, signedJWTInfo, makeJP}).linkClosureAndJoinPoint(69648)) : getJWTTokenIdentifier_aroundBody12(this, signedJWTInfo, makeJP);
    }

    static final boolean authenticate_aroundBody0(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, JoinPoint joinPoint) {
        oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled = APIUtil.getRESTAPICacheConfig().isTokenCacheEnabled();
        String extractOAuthAccessTokenFromMessage = RestApiUtil.extractOAuthAccessTokenFromMessage(message, RestApiConstants.REGEX_BEARER_PATTERN, org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.AUTH_HEADER_NAME);
        if (StringUtils.countMatches(extractOAuthAccessTokenFromMessage, ".") != 2) {
            log.error("Invalid JWT token. The expected token format is <header.payload.signature>");
            return false;
        }
        try {
            SignedJWTInfo signedJwt = oAuthJwtAuthenticatorImpl.getSignedJwt(extractOAuthAccessTokenFromMessage);
            String jWTTokenIdentifier = oAuthJwtAuthenticatorImpl.getJWTTokenIdentifier(signedJwt);
            String obj = message.get("maskedToken").toString();
            URL url = new URL(message.get("http.base.path").toString());
            log.debug("Starting JWT token validation " + obj);
            JWTValidationInfo validateJWTToken = oAuthJwtAuthenticatorImpl.validateJWTToken(signedJwt, jWTTokenIdentifier, extractOAuthAccessTokenFromMessage, obj, url);
            if (validateJWTToken == null) {
                log.error("Invalid JWT token :" + obj);
                return false;
            }
            if (!validateJWTToken.isValid()) {
                log.error("Invalid JWT token :" + obj);
                return false;
            }
            if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().put(jWTTokenIdentifier, validateJWTToken);
            }
            return oAuthJwtAuthenticatorImpl.handleScopeValidation(message, signedJwt, extractOAuthAccessTokenFromMessage);
        } catch (MalformedURLException e) {
            log.error("Malformed URL found in request path.Reason: " + e.getMessage());
            return false;
        } catch (ParseException e2) {
            log.error("Not a JWT token. Failed to decode the token. Reason: " + e2.getMessage());
            return false;
        }
    }

    static final boolean handleScopeValidation_aroundBody2(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, SignedJWTInfo signedJWTInfo, String str, JoinPoint joinPoint) {
        String obj = message.get("maskedToken").toString();
        OAuthTokenInfo oAuthTokenInfo = new OAuthTokenInfo();
        oAuthTokenInfo.setAccessToken(str);
        oAuthTokenInfo.setEndUserName(signedJWTInfo.getJwtClaimsSet().getSubject());
        String stringClaim = signedJWTInfo.getJwtClaimsSet().getStringClaim("scope");
        if (stringClaim == null) {
            log.error("scopes validation failed for the token" + obj);
            return false;
        }
        String resolveOrganization = RestApiUtil.resolveOrganization(message);
        oAuthTokenInfo.setScopes((String[]) Arrays.stream(stringClaim.split(" ")).filter(str2 -> {
            JoinPoint makeJP = Factory.makeJP(ajc$tjp_7, (Object) null, (Object) null, resolveOrganization, str2);
            return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure15(new Object[]{resolveOrganization, str2, makeJP}).linkClosureAndJoinPoint(65536))) : lambda$0_aroundBody14(resolveOrganization, str2, makeJP);
        }).map(str3 -> {
            JoinPoint makeJP = Factory.makeJP(ajc$tjp_8, (Object) null, (Object) null, resolveOrganization, str3);
            return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure17(new Object[]{resolveOrganization, str3, makeJP}).linkClosureAndJoinPoint(65536)) : lambda$1_aroundBody16(resolveOrganization, str3, makeJP);
        }).toArray(i -> {
            JoinPoint makeJP = Factory.makeJP(ajc$tjp_9, (Object) null, (Object) null, Conversions.intObject(i));
            return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? (String[]) MethodTimeLogger.aspectOf().log(new AjcClosure19(new Object[]{Conversions.intObject(i), makeJP}).linkClosureAndJoinPoint(65536)) : lambda$2_aroundBody18(i, makeJP);
        }));
        if (!oAuthJwtAuthenticatorImpl.validateScopes(message, oAuthTokenInfo)) {
            log.error("scopes validation failed for the token" + obj);
            return false;
        }
        message.getExchange().put(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.USER_REST_API_SCOPES, oAuthTokenInfo.getScopes());
        String tenantDomain = MultitenantUtils.getTenantDomain(oAuthTokenInfo.getEndUserName());
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        try {
            String endUserName = oAuthTokenInfo.getEndUserName();
            if ("carbon.super".equals(tenantDomain)) {
                long count = endUserName.chars().filter(i2 -> {
                    JoinPoint makeJP = Factory.makeJP(ajc$tjp_10, (Object) null, (Object) null, Conversions.intObject(i2));
                    return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure21(new Object[]{Conversions.intObject(i2), makeJP}).linkClosureAndJoinPoint(65536))) : lambda$3_aroundBody20(i2, makeJP);
                }).count();
                if (Boolean.parseBoolean(CarbonUtils.getServerConfiguration().getFirstProperty("EnableEmailUserName")) || (endUserName.endsWith(SUPER_TENANT_SUFFIX) && count <= 1)) {
                    endUserName = MultitenantUtils.getTenantAwareUsername(endUserName);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("username = " + endUserName + "masked token " + obj);
            }
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(endUserName);
            message.put("sub_organization", resolveOrganization);
            if (tenantDomain.equals("carbon.super")) {
                return true;
            }
            APIUtil.loadTenantConfigBlockingMode(tenantDomain);
            return true;
        } catch (UserStoreException e) {
            log.error("Error while retrieving tenant id for tenant domain: " + tenantDomain, e);
            log.debug("Scope validation success for the token " + obj);
            return true;
        }
    }

    static final SignedJWTInfo getSignedJwt_aroundBody4(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, String str, JoinPoint joinPoint) {
        SignedJWT parse = SignedJWT.parse(str);
        return new SignedJWTInfo(str, parse, parse.getJWTClaimsSet());
    }

    static final JWTValidationInfo validateJWTToken_aroundBody6(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, String str, String str2, String str3, URL url, JoinPoint joinPoint) {
        String issuer = signedJWTInfo.getJwtClaimsSet().getIssuer();
        if (!StringUtils.isNotEmpty(issuer)) {
            log.error("Issuer is not found in the token " + str3);
            return null;
        }
        List audience = signedJWTInfo.getJwtClaimsSet().getAudience();
        if (oAuthJwtAuthenticatorImpl.tokenIssuers == null || !oAuthJwtAuthenticatorImpl.tokenIssuers.containsKey(issuer)) {
            log.error("JWT token issuer validation failed. Reason: Issuer present in the JWT (" + issuer + ") does not match with the token issuer (" + oAuthJwtAuthenticatorImpl.tokenIssuers.keySet().toString() + ")");
            return null;
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap != null && oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()) != null) {
            Stream stream = audience.stream();
            List<String> list = oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath());
            if (stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                    JWTValidationInfo jWTValidationInfo = (JWTValidationInfo) oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().get(str);
                    if (jWTValidationInfo != null) {
                        if (Boolean.valueOf(oAuthJwtAuthenticatorImpl.checkTokenExpiration(new Date(jWTValidationInfo.getExpiryTime()))).booleanValue()) {
                            jWTValidationInfo.setValid(false);
                            oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().remove(str);
                            oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, jWTValidationInfo);
                            log.error("JWT token validation failed. Reason: Expired Token. " + str3);
                            return jWTValidationInfo;
                        }
                        if (jWTValidationInfo.getRawPayload().equals(str2)) {
                            return jWTValidationInfo;
                        }
                        jWTValidationInfo.setValid(false);
                        oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().remove(str);
                        oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, jWTValidationInfo);
                        log.error("JWT token validation failed. Reason: Invalid Token. " + str3);
                        return jWTValidationInfo;
                    }
                    if (oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().get(str) != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Token retrieved from the invalid token cache. Token: " + str3);
                        }
                        return (JWTValidationInfo) oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().get(str);
                    }
                }
                JWTValidationInfo validateToken = ((JWTValidator) APIMConfigUtil.getJWTValidatorMap().get(issuer)).validateToken(signedJWTInfo);
                if (!validateToken.isValid()) {
                    if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                        oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, validateToken);
                    }
                    log.error("JWT token validation failed. Reason: Invalid Credentials. Make sure you have provided the correct security credentials in the token :" + str3);
                } else if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                    oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().put(str, validateToken);
                }
                return validateToken;
            }
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap == null) {
            log.error("JWT token audience validation failed. Reason: No audiences registered in the server");
            return null;
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()) == null) {
            log.error("JWT token audience validation failed. Reason: No audiences registered in the server for the base path (" + url.getPath() + ")");
            return null;
        }
        log.error("JWT token audience validation failed. Reason: None of the aud present in the JWT (" + audience.toString() + ") matches the intended audience (" + oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()).toString() + ") for base path ( " + url.getPath() + " ).");
        return null;
    }

    static final Map getTokenIssuers_aroundBody8(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, JoinPoint joinPoint) {
        return APIMConfigUtil.getTokenIssuerMap();
    }

    static final boolean checkTokenExpiration_aroundBody10(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Date date, JoinPoint joinPoint) {
        return DateUtils.isBefore(date, new Date(), 0L);
    }

    static final String getJWTTokenIdentifier_aroundBody12(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, JoinPoint joinPoint) {
        String jwtid = signedJWTInfo.getJwtClaimsSet().getJWTID();
        return StringUtils.isNotEmpty(jwtid) ? jwtid : signedJWTInfo.getSignedJWT().getSignature().toString();
    }

    static final boolean lambda$0_aroundBody14(String str, String str2, JoinPoint joinPoint) {
        return str2.contains(str);
    }

    static final String lambda$1_aroundBody16(String str, String str2, JoinPoint joinPoint) {
        return str2.replace("urn:choreo:" + str + ":", "");
    }

    static final String[] lambda$2_aroundBody18(int i, JoinPoint joinPoint) {
        return new String[i];
    }

    static final boolean lambda$3_aroundBody20(int i, JoinPoint joinPoint) {
        return i == 64;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("OAuthJwtAuthenticatorImpl.java", OAuthJwtAuthenticatorImpl.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.apache.cxf.message.Message", "message", "org.wso2.carbon.apimgt.api.APIManagementException", "boolean"), 81);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "handleScopeValidation", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.apache.cxf.message.Message:org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo:java.lang.String", "message:signedJWTInfo:accessToken", "org.wso2.carbon.apimgt.api.APIManagementException:java.text.ParseException", "boolean"), 133);
        ajc$tjp_10 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$3", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "int", "ch", "", "boolean"), 161);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getSignedJwt", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.lang.String", "accessToken", "java.text.ParseException", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo"), 201);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "validateJWTToken", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo:java.lang.String:java.lang.String:java.lang.String:java.net.URL", "signedJWTInfo:jti:accessToken:maskedToken:basePath", "org.wso2.carbon.apimgt.api.APIManagementException", "org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo"), 216);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getTokenIssuers", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "", "", "", "java.util.Map"), 308);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "checkTokenExpiration", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.util.Date", "tokenExp", "", "boolean"), 318);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getJWTTokenIdentifier", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo", "signedJWTInfo", "", "java.lang.String"), 329);
        ajc$tjp_7 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$0", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.lang.String:java.lang.String", "arg0:s", "", "boolean"), 144);
        ajc$tjp_8 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$1", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.lang.String:java.lang.String", "arg0:s", "", "java.lang.String"), 145);
        ajc$tjp_9 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$2", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "int", "size", "", "[Ljava.lang.String;"), 146);
    }
}
