package org.wso2.carbon.apimgt.rest.api.util.impl;

import java.util.Hashtable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.message.Message;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.OAuthTokenInfo;
import org.wso2.carbon.apimgt.impl.RESTAPICacheConfiguration;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.common.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.MethodStats;
import org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger;
import org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl.class */
public class OAuthOpaqueAuthenticatorImpl extends AbstractOAuthAuthenticator {
    private static final Log log;
    private static final String SUPER_TENANT_SUFFIX = "@carbon.super";
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthOpaqueAuthenticatorImpl.authenticate_aroundBody0((OAuthOpaqueAuthenticatorImpl) objArr2[0], (Message) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthOpaqueAuthenticatorImpl.lambda$0_aroundBody10(Conversions.intValue(objArr2[0]), (JoinPoint) objArr2[1]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(OAuthOpaqueAuthenticatorImpl.isAccessTokenExpired_aroundBody2((OAuthOpaqueAuthenticatorImpl) objArr2[0], (OAuthTokenInfo) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthOpaqueAuthenticatorImpl.getTokenMetaData_aroundBody4((OAuthOpaqueAuthenticatorImpl) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthOpaqueAuthenticatorImpl.findOAuthConsumerIfTokenIsValid_aroundBody6((OAuthOpaqueAuthenticatorImpl) objArr2[0], (OAuth2TokenValidationRequestDTO) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/impl/OAuthOpaqueAuthenticatorImpl$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OAuthOpaqueAuthenticatorImpl.getConfigurationElementValue_aroundBody8((OAuthOpaqueAuthenticatorImpl) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(OAuthOpaqueAuthenticatorImpl.class);
    }

    @Override // org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator
    public boolean authenticate(Message message) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, message);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, message, makeJP}).linkClosureAndJoinPoint(69648))) : authenticate_aroundBody0(this, message, makeJP);
    }

    private boolean isAccessTokenExpired(OAuthTokenInfo oAuthTokenInfo) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, oAuthTokenInfo);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, oAuthTokenInfo, makeJP}).linkClosureAndJoinPoint(69648))) : isAccessTokenExpired_aroundBody2(this, oAuthTokenInfo, makeJP);
    }

    @MethodStats
    public OAuthTokenInfo getTokenMetaData(String str) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || MethodTimeLogger.isConfigEnabled()) ? (OAuthTokenInfo) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648)) : getTokenMetaData_aroundBody4(this, str, makeJP);
    }

    @MethodStats
    protected OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, oAuth2TokenValidationRequestDTO);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || MethodTimeLogger.isConfigEnabled()) ? (OAuth2ClientApplicationDTO) MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, oAuth2TokenValidationRequestDTO, makeJP}).linkClosureAndJoinPoint(69648)) : findOAuthConsumerIfTokenIsValid_aroundBody6(this, oAuth2TokenValidationRequestDTO, makeJP);
    }

    protected String getConfigurationElementValue(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, str);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648)) : getConfigurationElementValue_aroundBody8(this, str, makeJP);
    }

    static final boolean authenticate_aroundBody0(OAuthOpaqueAuthenticatorImpl oAuthOpaqueAuthenticatorImpl, Message message, JoinPoint joinPoint) {
        boolean z = false;
        boolean z2 = false;
        String extractOAuthAccessTokenFromMessage = RestApiUtil.extractOAuthAccessTokenFromMessage(message, RestApiConstants.REGEX_BEARER_PATTERN, org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.AUTH_HEADER_NAME);
        OAuthTokenInfo oAuthTokenInfo = null;
        RESTAPICacheConfiguration rESTAPICacheConfig = APIUtil.getRESTAPICacheConfig();
        if (rESTAPICacheConfig.isTokenCacheEnabled()) {
            oAuthTokenInfo = (OAuthTokenInfo) oAuthOpaqueAuthenticatorImpl.getRESTAPITokenCache().get(extractOAuthAccessTokenFromMessage);
            if (oAuthTokenInfo == null) {
                oAuthTokenInfo = (OAuthTokenInfo) oAuthOpaqueAuthenticatorImpl.getRESTAPIInvalidTokenCache().get(extractOAuthAccessTokenFromMessage);
                if (oAuthTokenInfo != null) {
                    z = true;
                }
            } else {
                if (oAuthOpaqueAuthenticatorImpl.isAccessTokenExpired(oAuthTokenInfo)) {
                    oAuthTokenInfo.setTokenValid(false);
                    oAuthOpaqueAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(extractOAuthAccessTokenFromMessage, oAuthTokenInfo);
                    oAuthOpaqueAuthenticatorImpl.getRESTAPITokenCache().remove(extractOAuthAccessTokenFromMessage);
                    log.error(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.ERROR_TOKEN_EXPIRED);
                    return false;
                }
                z2 = true;
            }
        }
        if (oAuthTokenInfo == null) {
            try {
                oAuthTokenInfo = oAuthOpaqueAuthenticatorImpl.getTokenMetaData(extractOAuthAccessTokenFromMessage);
            } catch (APIManagementException e) {
                log.error("Error while retrieving token information for token: " + extractOAuthAccessTokenFromMessage, e);
            }
        }
        if (oAuthTokenInfo == null || !oAuthTokenInfo.isTokenValid()) {
            log.error(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.ERROR_TOKEN_INVALID);
            if (!rESTAPICacheConfig.isTokenCacheEnabled() || z) {
                return false;
            }
            oAuthOpaqueAuthenticatorImpl.getRESTAPIInvalidTokenCache().put(extractOAuthAccessTokenFromMessage, oAuthTokenInfo);
            return false;
        }
        if (rESTAPICacheConfig.isTokenCacheEnabled() && !z2) {
            oAuthOpaqueAuthenticatorImpl.getRESTAPITokenCache().put(extractOAuthAccessTokenFromMessage, oAuthTokenInfo);
        }
        if (!oAuthOpaqueAuthenticatorImpl.validateScopes(message, oAuthTokenInfo)) {
            log.error(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.ERROR_SCOPE_VALIDATION_FAILED);
            return false;
        }
        message.getExchange().put(org.wso2.carbon.apimgt.rest.api.util.RestApiConstants.USER_REST_API_SCOPES, oAuthTokenInfo.getScopes());
        String tenantDomain = MultitenantUtils.getTenantDomain(oAuthTokenInfo.getEndUserName());
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        try {
            String endUserName = oAuthTokenInfo.getEndUserName();
            if ("carbon.super".equals(tenantDomain)) {
                long count = endUserName.chars().filter(i -> {
                    JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, (Object) null, (Object) null, Conversions.intObject(i));
                    return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{Conversions.intObject(i), makeJP}).linkClosureAndJoinPoint(65536))) : lambda$0_aroundBody10(i, makeJP);
                }).count();
                if (Boolean.parseBoolean(CarbonUtils.getServerConfiguration().getFirstProperty("EnableEmailUserName")) || (endUserName.endsWith(SUPER_TENANT_SUFFIX) && count <= 1)) {
                    endUserName = MultitenantUtils.getTenantAwareUsername(endUserName);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("username = " + endUserName);
            }
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(endUserName);
            message.put("sub_organization", tenantDomain);
            if (tenantDomain.equals("carbon.super")) {
                return true;
            }
            APIUtil.loadTenantConfigBlockingMode(tenantDomain);
            return true;
        } catch (UserStoreException e2) {
            log.error("Error while retrieving tenant id for tenant domain: " + tenantDomain, e2);
            return false;
        }
    }

    static final boolean isAccessTokenExpired_aroundBody2(OAuthOpaqueAuthenticatorImpl oAuthOpaqueAuthenticatorImpl, OAuthTokenInfo oAuthTokenInfo, JoinPoint joinPoint) {
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
        aPIKeyValidationInfoDTO.setValidityPeriod(oAuthTokenInfo.getValidityPeriod());
        aPIKeyValidationInfoDTO.setIssuedTime(oAuthTokenInfo.getIssuedTime());
        return APIUtil.isAccessTokenExpired(aPIKeyValidationInfoDTO);
    }

    static final OAuthTokenInfo getTokenMetaData_aroundBody4(OAuthOpaqueAuthenticatorImpl oAuthOpaqueAuthenticatorImpl, String str, JoinPoint joinPoint) {
        OAuthTokenInfo oAuthTokenInfo = new OAuthTokenInfo();
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setIdentifier(str);
        oAuth2AccessToken.setTokenType("bearer");
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        oAuth2TokenValidationRequestDTO.setContext(new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1]);
        OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid = oAuthOpaqueAuthenticatorImpl.findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO);
        OAuth2TokenValidationResponseDTO accessTokenValidationResponse = findOAuthConsumerIfTokenIsValid.getAccessTokenValidationResponse();
        if (!accessTokenValidationResponse.isValid()) {
            oAuthTokenInfo.setTokenValid(accessTokenValidationResponse.isValid());
            log.error("Invalid OAuth Token : " + accessTokenValidationResponse.getErrorMsg());
            return oAuthTokenInfo;
        }
        oAuthTokenInfo.setTokenValid(accessTokenValidationResponse.isValid());
        oAuthTokenInfo.setEndUserName(accessTokenValidationResponse.getAuthorizedUser());
        oAuthTokenInfo.setConsumerKey(findOAuthConsumerIfTokenIsValid.getConsumerKey());
        if (accessTokenValidationResponse.getExpiryTime() == Long.MAX_VALUE) {
            oAuthTokenInfo.setValidityPeriod(Long.MAX_VALUE);
        } else {
            oAuthTokenInfo.setValidityPeriod(accessTokenValidationResponse.getExpiryTime() * 1000);
        }
        oAuthTokenInfo.setIssuedTime(System.currentTimeMillis());
        oAuthTokenInfo.setScopes(accessTokenValidationResponse.getScope());
        return oAuthTokenInfo;
    }

    static final OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid_aroundBody6(OAuthOpaqueAuthenticatorImpl oAuthOpaqueAuthenticatorImpl, OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO, JoinPoint joinPoint) {
        return new OAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO);
    }

    static final String getConfigurationElementValue_aroundBody8(OAuthOpaqueAuthenticatorImpl oAuthOpaqueAuthenticatorImpl, String str, JoinPoint joinPoint) {
        return ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty(str);
    }

    static final boolean lambda$0_aroundBody10(int i, JoinPoint joinPoint) {
        return i == 64;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("OAuthOpaqueAuthenticatorImpl.java", OAuthOpaqueAuthenticatorImpl.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "org.apache.cxf.message.Message", "message", "org.wso2.carbon.apimgt.api.APIManagementException", "boolean"), 61);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "isAccessTokenExpired", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "org.wso2.carbon.apimgt.api.OAuthTokenInfo", "accessTokenInfo", "", "boolean"), 159);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getTokenMetaData", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "java.lang.String", "accessToken", "org.wso2.carbon.apimgt.api.APIManagementException", "org.wso2.carbon.apimgt.api.OAuthTokenInfo"), 167);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "findOAuthConsumerIfTokenIsValid", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO", "requestDTO", "", "org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO"), 213);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "getConfigurationElementValue", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "java.lang.String", "property", "", "java.lang.String"), 223);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("100a", "lambda$0", "org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl", "int", "ch", "", "boolean"), 124);
    }
}
