package org.wso2.carbon.apimgt.rest.api.util.impl;

import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.util.DateUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Stream;
import net.minidev.json.JSONObject;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.message.Message;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.reflect.MethodSignature;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.MDC;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.OAuthTokenInfo;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo;
import org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto;
import org.wso2.carbon.apimgt.impl.jwt.JWTValidator;
import org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.common.APIMConfigUtil;
import org.wso2.carbon.apimgt.rest.api.common.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.common.utils.JWTUtil;
import org.wso2.carbon.apimgt.rest.api.util.MethodStats;
import org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger;
import org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl.class */
public class OAuthJwtAuthenticatorImpl extends AbstractOAuthAuthenticator {
    private static final Log log;
    private static final String SUPER_TENANT_SUFFIX = "@carbon.super";
    private static final String ORGANIZATION_HANDLE = "organization_handle";
    private boolean isRESTApiTokenCacheEnabled;
    private Map<String, TokenIssuerDto> tokenIssuers = getTokenIssuers();
    private Map<String, List<String>> audiencesMap = APIMConfigUtil.getRestApiJWTAuthAudiences();
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_5;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_6;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_7;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_8;

    static {
        ajc$preClinit();
        log = LogFactory.getLog(OAuthJwtAuthenticatorImpl.class);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator
    public boolean authenticate(Message message) throws APIManagementException {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, message);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(authenticate_aroundBody1$advice(this, message, makeJP, MethodTimeLogger.aspectOf(), makeJP)) : authenticate_aroundBody0(this, message, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean handleScopeValidation(Message message, SignedJWTInfo signedJWTInfo, String str) throws APIManagementException, ParseException {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, new Object[]{message, signedJWTInfo, str});
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(handleScopeValidation_aroundBody3$advice(this, message, signedJWTInfo, str, makeJP, MethodTimeLogger.aspectOf(), makeJP)) : handleScopeValidation_aroundBody2(this, message, signedJWTInfo, str, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @MethodStats
    private SignedJWTInfo getSignedJwt(String str) throws ParseException {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        return (MethodTimeLogger.isConfigEnabled() || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (SignedJWTInfo) getSignedJwt_aroundBody5$advice(this, str, makeJP, MethodTimeLogger.aspectOf(), makeJP) : getSignedJwt_aroundBody4(this, str, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @MethodStats
    private JWTValidationInfo validateJWTToken(SignedJWTInfo signedJWTInfo, String str, String str2, String str3, URL url) throws APIManagementException {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, new Object[]{signedJWTInfo, str, str2, str3, url});
        return (MethodTimeLogger.isConfigEnabled() || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (JWTValidationInfo) validateJWTToken_aroundBody7$advice(this, signedJWTInfo, str, str2, str3, url, makeJP, MethodTimeLogger.aspectOf(), makeJP) : validateJWTToken_aroundBody6(this, signedJWTInfo, str, str2, str3, url, makeJP);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: InlineMethods
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to process method for inline: org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl.getTokenIssuers_aroundBody8(org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl, org.aspectj.lang.JoinPoint):java.util.Map
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:74)
        	at jadx.core.dex.visitors.InlineMethods.visit(InlineMethods.java:49)
        Caused by: java.lang.IndexOutOfBoundsException: Index: 0
        	at java.base/java.util.Collections$EmptyList.get(Collections.java:4807)
        	at jadx.core.dex.nodes.InsnNode.getArg(InsnNode.java:103)
        	at jadx.core.dex.visitors.MarkMethodsForInline.isSyntheticAccessPattern(MarkMethodsForInline.java:117)
        	at jadx.core.dex.visitors.MarkMethodsForInline.inlineMth(MarkMethodsForInline.java:86)
        	at jadx.core.dex.visitors.MarkMethodsForInline.process(MarkMethodsForInline.java:53)
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:63)
        	... 1 more
        */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private java.util.Map<java.lang.String, org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto> getTokenIssuers() {
        /*
            r5 = this;
            org.aspectj.lang.JoinPoint$StaticPart r0 = org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl.ajc$tjp_4
            r1 = r5
            r2 = r5
            org.aspectj.lang.JoinPoint r0 = org.aspectj.runtime.reflect.Factory.makeJP(r0, r1, r2)
            r6 = r0
            r0 = r5
            if (r0 == 0) goto L20
            r0 = r5
            java.lang.Class r0 = r0.getClass()
            java.lang.Class<org.wso2.carbon.apimgt.rest.api.util.MethodStats> r1 = org.wso2.carbon.apimgt.rest.api.util.MethodStats.class
            boolean r0 = r0.isAnnotationPresent(r1)
            if (r0 == 0) goto L20
            boolean r0 = org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger.isConfigEnabled()
            if (r0 != 0) goto L2c
        L20:
            boolean r0 = org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger.isConfigEnabled()
            if (r0 == 0) goto L3c
            boolean r0 = org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger.pointCutAll()
            if (r0 == 0) goto L3c
        L2c:
            r0 = r5
            r1 = r6
            org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger r2 = org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger.aspectOf()
            r3 = r6
            org.aspectj.lang.ProceedingJoinPoint r3 = (org.aspectj.lang.ProceedingJoinPoint) r3
            java.lang.Object r0 = getTokenIssuers_aroundBody9$advice(r0, r1, r2, r3)
            java.util.Map r0 = (java.util.Map) r0
            return r0
        L3c:
            r0 = r5
            r1 = r6
            java.util.Map r0 = getTokenIssuers_aroundBody8(r0, r1)
            return r0
            throw r-1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl.getTokenIssuers():java.util.Map");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean checkTokenExpiration(Date date) {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, date);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(checkTokenExpiration_aroundBody11$advice(this, date, makeJP, MethodTimeLogger.aspectOf(), makeJP)) : checkTokenExpiration_aroundBody10(this, date, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String getJWTTokenIdentifier(SignedJWTInfo signedJWTInfo) {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this, signedJWTInfo);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) getJWTTokenIdentifier_aroundBody13$advice(this, signedJWTInfo, makeJP, MethodTimeLogger.aspectOf(), makeJP) : getJWTTokenIdentifier_aroundBody12(this, signedJWTInfo, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static String getOrgHandleFromJwt(SignedJWTInfo signedJWTInfo) {
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_7, (Object) null, (Object) null, signedJWTInfo);
        return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? (String) getOrgHandleFromJwt_aroundBody15$advice(signedJWTInfo, makeJP, MethodTimeLogger.aspectOf(), makeJP) : getOrgHandleFromJwt_aroundBody14(signedJWTInfo, makeJP);
    }

    private static final /* synthetic */ boolean authenticate_aroundBody0(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, JoinPoint joinPoint) {
        oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled = APIUtil.getRESTAPICacheConfig().isTokenCacheEnabled();
        String extractOAuthAccessTokenFromMessage = RestApiUtil.extractOAuthAccessTokenFromMessage(message, RestApiConstants.REGEX_BEARER_PATTERN, org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.AUTH_HEADER_NAME);
        if (StringUtils.countMatches(extractOAuthAccessTokenFromMessage, ".") != 2) {
            log.error("Invalid JWT token. The expected token format is <header.payload.signature>");
            return false;
        }
        try {
            SignedJWTInfo signedJwt = oAuthJwtAuthenticatorImpl.getSignedJwt(extractOAuthAccessTokenFromMessage);
            String jWTTokenIdentifier = oAuthJwtAuthenticatorImpl.getJWTTokenIdentifier(signedJwt);
            String obj = message.get("maskedToken").toString();
            URL url = new URL(message.get("http.base.path").toString());
            log.debug("Starting JWT token validation " + obj);
            JWTValidationInfo validateJWTToken = oAuthJwtAuthenticatorImpl.validateJWTToken(signedJwt, jWTTokenIdentifier, extractOAuthAccessTokenFromMessage, obj, url);
            if (validateJWTToken == null) {
                log.error("Invalid JWT token :" + obj);
                return false;
            }
            if (!validateJWTToken.isValid()) {
                log.error("Invalid JWT token :" + obj);
                return false;
            }
            if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().put(jWTTokenIdentifier, validateJWTToken);
            }
            return oAuthJwtAuthenticatorImpl.handleScopeValidation(message, signedJwt, extractOAuthAccessTokenFromMessage);
        } catch (MalformedURLException e) {
            log.error("Malformed URL found in request path.Reason: " + e.getMessage());
            return false;
        } catch (ParseException e2) {
            log.error("Not a JWT token. Failed to decode the token. Reason: " + e2.getMessage());
            return false;
        }
    }

    private static final /* synthetic */ Object authenticate_aroundBody1$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Object booleanObject = Conversions.booleanObject(authenticate_aroundBody0(oAuthJwtAuthenticatorImpl, message, proceedingJoinPoint));
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return booleanObject;
    }

    private static final /* synthetic */ boolean handleScopeValidation_aroundBody2(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, SignedJWTInfo signedJWTInfo, String str, JoinPoint joinPoint) {
        String obj = message.get("maskedToken").toString();
        OAuthTokenInfo oAuthTokenInfo = new OAuthTokenInfo();
        oAuthTokenInfo.setAccessToken(str);
        oAuthTokenInfo.setEndUserName(signedJWTInfo.getJwtClaimsSet().getSubject());
        oAuthTokenInfo.setConsumerKey(signedJWTInfo.getJwtClaimsSet().getStringClaim("azp"));
        String stringClaim = signedJWTInfo.getJwtClaimsSet().getStringClaim("scope");
        if (stringClaim == null) {
            log.error("scopes validation failed for the token" + obj);
            return false;
        }
        String resolveOrganization = RestApiUtil.resolveOrganization(message);
        if (resolveOrganization == null) {
            log.error("Organization is not present in the request");
            return false;
        }
        oAuthTokenInfo.setScopes(stringClaim.split(" "));
        String orgHandleFromJwt = getOrgHandleFromJwt(signedJWTInfo);
        if (orgHandleFromJwt != null) {
            message.put(ORGANIZATION_HANDLE, orgHandleFromJwt);
        }
        String orgIdFromJwt = JWTUtil.getOrgIdFromJwt(signedJWTInfo);
        if (orgIdFromJwt == null) {
            log.error("Unable to get organization claim from the jwt");
            return false;
        }
        if (!resolveOrganization.equals(orgIdFromJwt)) {
            log.error(String.format("Requested OrgId (%s) and the token's organization uuid (%s) mismatch!", resolveOrganization, orgIdFromJwt));
            return false;
        }
        if (!oAuthJwtAuthenticatorImpl.validateScopes(message, oAuthTokenInfo)) {
            log.error("scopes validation failed for the token" + obj);
            return false;
        }
        message.getExchange().put(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.USER_REST_API_SCOPES, oAuthTokenInfo.getScopes());
        String tenantDomain = MultitenantUtils.getTenantDomain(oAuthTokenInfo.getEndUserName());
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        try {
            String endUserName = oAuthTokenInfo.getEndUserName();
            if ("carbon.super".equals(tenantDomain)) {
                long count = endUserName.chars().filter(i -> {
                    ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_8, (Object) null, (Object) null, Conversions.intObject(i));
                    return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(lambda$0_aroundBody17$advice(i, makeJP, MethodTimeLogger.aspectOf(), makeJP)) : lambda$0_aroundBody16(i, makeJP);
                }).count();
                if (Boolean.parseBoolean(CarbonUtils.getServerConfiguration().getFirstProperty("EnableEmailUserName")) || (endUserName.endsWith(SUPER_TENANT_SUFFIX) && count <= 1)) {
                    endUserName = MultitenantUtils.getTenantAwareUsername(endUserName);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("username = " + endUserName + "masked token " + obj);
            }
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(endUserName);
            message.put("AUTH_TOKEN_INFO", oAuthTokenInfo);
            message.put("sub_organization", resolveOrganization);
            if (tenantDomain.equals("carbon.super")) {
                return true;
            }
            APIUtil.loadTenantConfigBlockingMode(tenantDomain);
            return true;
        } catch (UserStoreException e) {
            log.error("Error while retrieving tenant id for tenant domain: " + tenantDomain, e);
            log.debug("Scope validation success for the token " + obj);
            return true;
        }
    }

    private static final /* synthetic */ Object handleScopeValidation_aroundBody3$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Message message, SignedJWTInfo signedJWTInfo, String str, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Object booleanObject = Conversions.booleanObject(handleScopeValidation_aroundBody2(oAuthJwtAuthenticatorImpl, message, signedJWTInfo, str, proceedingJoinPoint));
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str2 = "";
            for (String str3 : parameterNames) {
                sb.append(str2);
                str2 = ", ";
                sb.append(str3);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str4 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str4)) {
                MDC.put("Correlation-ID", str4);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return booleanObject;
    }

    private static final /* synthetic */ SignedJWTInfo getSignedJwt_aroundBody4(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, String str, JoinPoint joinPoint) {
        SignedJWT parse = SignedJWT.parse(str);
        return new SignedJWTInfo(str, parse, parse.getJWTClaimsSet());
    }

    private static final /* synthetic */ Object getSignedJwt_aroundBody5$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, String str, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        SignedJWTInfo signedJwt_aroundBody4 = getSignedJwt_aroundBody4(oAuthJwtAuthenticatorImpl, str, proceedingJoinPoint);
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str2 = "";
            for (String str3 : parameterNames) {
                sb.append(str2);
                str2 = ", ";
                sb.append(str3);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str4 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str4)) {
                MDC.put("Correlation-ID", str4);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return signedJwt_aroundBody4;
    }

    private static final /* synthetic */ JWTValidationInfo validateJWTToken_aroundBody6(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, String str, String str2, String str3, URL url, JoinPoint joinPoint) {
        String issuer = signedJWTInfo.getJwtClaimsSet().getIssuer();
        if (!StringUtils.isNotEmpty(issuer)) {
            log.error("Issuer is not found in the token " + str3);
            return null;
        }
        List audience = signedJWTInfo.getJwtClaimsSet().getAudience();
        if (oAuthJwtAuthenticatorImpl.tokenIssuers == null || !oAuthJwtAuthenticatorImpl.tokenIssuers.containsKey(issuer)) {
            log.error("JWT token issuer validation failed. Reason: Issuer present in the JWT (" + issuer + ") does not match with the token issuer (" + oAuthJwtAuthenticatorImpl.tokenIssuers.keySet().toString() + ")");
            return null;
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap != null && oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()) != null) {
            Stream stream = audience.stream();
            List<String> list = oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath());
            list.getClass();
            if (stream.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                    JWTValidationInfo jWTValidationInfo = (JWTValidationInfo) oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().get(str);
                    if (jWTValidationInfo != null) {
                        if (Boolean.valueOf(oAuthJwtAuthenticatorImpl.checkTokenExpiration(new Date(jWTValidationInfo.getExpiryTime()))).booleanValue()) {
                            jWTValidationInfo.setValid(false);
                            oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().remove(str);
                            oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, jWTValidationInfo);
                            log.error("JWT token validation failed. Reason: Expired Token. " + str3);
                            return jWTValidationInfo;
                        }
                        if (jWTValidationInfo.getRawPayload().equals(str2)) {
                            return jWTValidationInfo;
                        }
                        jWTValidationInfo.setValid(false);
                        oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().remove(str);
                        oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, jWTValidationInfo);
                        log.error("JWT token validation failed. Reason: Invalid Token. " + str3);
                        return jWTValidationInfo;
                    }
                    if (oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().get(str) != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Token retrieved from the invalid token cache. Token: " + str3);
                        }
                        return (JWTValidationInfo) oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().get(str);
                    }
                }
                JWTValidationInfo validateToken = ((JWTValidator) APIMConfigUtil.getJWTValidatorMap().get(issuer)).validateToken(signedJWTInfo);
                if (!validateToken.isValid()) {
                    if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                        oAuthJwtAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(str, validateToken);
                    }
                    log.error("JWT token validation failed. Reason: Invalid Credentials. Make sure you have provided the correct security credentials in the token :" + str3);
                } else if (oAuthJwtAuthenticatorImpl.isRESTApiTokenCacheEnabled) {
                    oAuthJwtAuthenticatorImpl.getRESTAPITokenCache().put(str, validateToken);
                }
                return validateToken;
            }
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap == null) {
            log.error("JWT token audience validation failed. Reason: No audiences registered in the server");
            return null;
        }
        if (oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()) == null) {
            log.error("JWT token audience validation failed. Reason: No audiences registered in the server for the base path (" + url.getPath() + ")");
            return null;
        }
        log.error("JWT token audience validation failed. Reason: None of the aud present in the JWT (" + audience.toString() + ") matches the intended audience (" + oAuthJwtAuthenticatorImpl.audiencesMap.get(url.getPath()).toString() + ") for base path ( " + url.getPath() + " ).");
        return null;
    }

    private static final /* synthetic */ Object validateJWTToken_aroundBody7$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, String str, String str2, String str3, URL url, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        JWTValidationInfo validateJWTToken_aroundBody6 = validateJWTToken_aroundBody6(oAuthJwtAuthenticatorImpl, signedJWTInfo, str, str2, str3, url, proceedingJoinPoint);
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str4 = "";
            for (String str5 : parameterNames) {
                sb.append(str4);
                str4 = ", ";
                sb.append(str5);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str6 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str6)) {
                MDC.put("Correlation-ID", str6);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return validateJWTToken_aroundBody6;
    }

    private static final /* synthetic */ Map getTokenIssuers_aroundBody8(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, JoinPoint joinPoint) {
        return APIMConfigUtil.getTokenIssuerMap();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: InlineMethods
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to process method for inline: org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl.getTokenIssuers_aroundBody8(org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl, org.aspectj.lang.JoinPoint):java.util.Map
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:74)
        	at jadx.core.dex.visitors.InlineMethods.visit(InlineMethods.java:49)
        Caused by: java.lang.IndexOutOfBoundsException: Index: 0
        	at java.base/java.util.Collections$EmptyList.get(Collections.java:4807)
        	at jadx.core.dex.nodes.InsnNode.getArg(InsnNode.java:103)
        	at jadx.core.dex.visitors.MarkMethodsForInline.isSyntheticAccessPattern(MarkMethodsForInline.java:117)
        	at jadx.core.dex.visitors.MarkMethodsForInline.inlineMth(MarkMethodsForInline.java:86)
        	at jadx.core.dex.visitors.MarkMethodsForInline.process(MarkMethodsForInline.java:53)
        	at jadx.core.dex.visitors.InlineMethods.processInvokeInsn(InlineMethods.java:63)
        	... 1 more
        */
    private static final /* synthetic */ java.lang.Object getTokenIssuers_aroundBody9$advice(org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl r8, org.aspectj.lang.JoinPoint r9, org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger r10, org.aspectj.lang.ProceedingJoinPoint r11) {
        /*
            Method dump skipped, instructions count: 340
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl.getTokenIssuers_aroundBody9$advice(org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl, org.aspectj.lang.JoinPoint, org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger, org.aspectj.lang.ProceedingJoinPoint):java.lang.Object");
    }

    private static final /* synthetic */ boolean checkTokenExpiration_aroundBody10(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Date date, JoinPoint joinPoint) {
        return DateUtils.isBefore(date, new Date(), 0L);
    }

    private static final /* synthetic */ Object checkTokenExpiration_aroundBody11$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, Date date, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Object booleanObject = Conversions.booleanObject(checkTokenExpiration_aroundBody10(oAuthJwtAuthenticatorImpl, date, proceedingJoinPoint));
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return booleanObject;
    }

    private static final /* synthetic */ String getJWTTokenIdentifier_aroundBody12(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, JoinPoint joinPoint) {
        String jwtid = signedJWTInfo.getJwtClaimsSet().getJWTID();
        return StringUtils.isNotEmpty(jwtid) ? jwtid : signedJWTInfo.getSignedJWT().getSignature().toString();
    }

    private static final /* synthetic */ Object getJWTTokenIdentifier_aroundBody13$advice(OAuthJwtAuthenticatorImpl oAuthJwtAuthenticatorImpl, SignedJWTInfo signedJWTInfo, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        String jWTTokenIdentifier_aroundBody12 = getJWTTokenIdentifier_aroundBody12(oAuthJwtAuthenticatorImpl, signedJWTInfo, proceedingJoinPoint);
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return jWTTokenIdentifier_aroundBody12;
    }

    private static final /* synthetic */ String getOrgHandleFromJwt_aroundBody14(SignedJWTInfo signedJWTInfo, JoinPoint joinPoint) {
        try {
            JSONObject jSONObjectClaim = signedJWTInfo.getJwtClaimsSet().getJSONObjectClaim("organization");
            if (log.isDebugEnabled()) {
                log.debug("Retrieved organization handle claim from jwt: " + jSONObjectClaim);
            }
            if (jSONObjectClaim == null || !jSONObjectClaim.containsKey("handle")) {
                return null;
            }
            return jSONObjectClaim.getAsString("handle");
        } catch (ParseException e) {
            if (log.isDebugEnabled()) {
                log.error("Failed to parse organization handle claim from JWT claims", e);
                return null;
            }
            log.error("Failed to parse organization handle claim from JWT claims: " + e.getMessage());
            return null;
        }
    }

    private static final /* synthetic */ Object getOrgHandleFromJwt_aroundBody15$advice(SignedJWTInfo signedJWTInfo, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        String orgHandleFromJwt_aroundBody14 = getOrgHandleFromJwt_aroundBody14(signedJWTInfo, proceedingJoinPoint);
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return orgHandleFromJwt_aroundBody14;
    }

    private static final /* synthetic */ boolean lambda$0_aroundBody16(int i, JoinPoint joinPoint) {
        return i == 64;
    }

    private static final /* synthetic */ Object lambda$0_aroundBody17$advice(int i, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Object booleanObject = Conversions.booleanObject(lambda$0_aroundBody16(i, proceedingJoinPoint));
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        if (currentMessageContext != null && (map = (Map) currentMessageContext.getProperty("TRANSPORT_HEADERS")) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return booleanObject;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("OAuthJwtAuthenticatorImpl.java", OAuthJwtAuthenticatorImpl.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.apache.cxf.message.Message", "message", "org.wso2.carbon.apimgt.api.APIManagementException", "boolean"), 86);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "handleScopeValidation", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.apache.cxf.message.Message:org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo:java.lang.String", "message:signedJWTInfo:accessToken", "org.wso2.carbon.apimgt.api.APIManagementException:java.text.ParseException", "boolean"), 138);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getSignedJwt", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.lang.String", "accessToken", "java.text.ParseException", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo"), 222);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "validateJWTToken", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo:java.lang.String:java.lang.String:java.lang.String:java.net.URL", "signedJWTInfo:jti:accessToken:maskedToken:basePath", "org.wso2.carbon.apimgt.api.APIManagementException", "org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo"), 237);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getTokenIssuers", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "", "", "", "java.util.Map"), 329);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "checkTokenExpiration", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "java.util.Date", "tokenExp", "", "boolean"), 339);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getJWTTokenIdentifier", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo", "signedJWTInfo", "", "java.lang.String"), 350);
        ajc$tjp_7 = factory.makeSJP("method-execution", factory.makeMethodSig("9", "getOrgHandleFromJwt", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo", "jwtInfo", "", "java.lang.String"), 360);
        ajc$tjp_8 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$0", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl", "int", "ch", "", "boolean"), 181);
    }
}
