package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client;

import feign.Client;
import feign.Feign;
import feign.FeignException;
import feign.Logger;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract;
import feign.slf4j.Slf4jLogger;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AccessTokenInfo;
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationKey;
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationRegistrationService;
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiRegistrationProfile;
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.TokenIssuerService;
import org.wso2.carbon.device.mgt.output.adapter.websocket.constants.WebsocketConstants;
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;

/* loaded from: input_file:org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.class */
public class OAuthRequestInterceptor implements RequestInterceptor {
    private AccessTokenInfo tokenInfo;
    private long refreshTimeOffset;
    private static final String API_APPLICATION_REGISTRATION_CONTEXT = "/api-application-registration";
    private static final String APPLICATION_NAME = "websocket-app";
    private static final String PASSWORD_GRANT_TYPE = "password";
    private static final String REFRESH_GRANT_TYPE = "refresh_token";
    private static final String REQUIRED_SCOPE = "perm:authorization:verify";
    private ApiApplicationRegistrationService apiApplicationRegistrationService;
    private TokenIssuerService tokenIssuerService;
    private ApiApplicationKey apiApplicationKey;
    private static final String CONNECTION_USERNAME = "username";
    private static final String CONNECTION_PASSWORD = "password";
    private static final String TOKEN_ENDPOINT = "tokenUrl";
    private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset";
    private static final String TOKEN_SCOPES = "scopes";
    private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl";
    private static final String TOKEN_ENDPOINT_CONTEXT = "tokenUrl";
    private static String username;
    private static String password;
    private static String tokenEndpoint;
    private static String deviceMgtServerUrl;
    private static String scopes;
    private static Map<String, String> globalProperties;
    private static final String[] DEVICE_MANAGEMENT_SERVICE_TAG = {"device_management"};
    private static Log log = LogFactory.getLog(OAuthRequestInterceptor.class);

    public OAuthRequestInterceptor(Map<String, String> map) {
        globalProperties = map;
        try {
            deviceMgtServerUrl = getDeviceMgtServerUrl(map);
            this.refreshTimeOffset = getRefreshTimeOffset(map) * 1000;
            username = getUsername(map);
            password = getPassword(map);
            tokenEndpoint = getTokenEndpoint(map);
            this.apiApplicationRegistrationService = (ApiApplicationRegistrationService) Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(username, password)).contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()).target(ApiApplicationRegistrationService.class, deviceMgtServerUrl + API_APPLICATION_REGISTRATION_CONTEXT);
        } catch (OutputEventAdapterException e) {
            log.error("Invalid url: deviceMgtServerUrl" + deviceMgtServerUrl + " or tokenEndpoint:" + tokenEndpoint, e);
        }
    }

    public void apply(RequestTemplate requestTemplate) {
        if (this.tokenInfo == null) {
            if (this.apiApplicationKey == null) {
                ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile();
                apiRegistrationProfile.setApplicationName(APPLICATION_NAME);
                apiRegistrationProfile.setIsAllowedToAllDomains(false);
                apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false);
                apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG);
                this.apiApplicationKey = this.apiApplicationRegistrationService.register(apiRegistrationProfile);
            }
            String consumerKey = this.apiApplicationKey.getConsumerKey();
            String consumerSecret = this.apiApplicationKey.getConsumerSecret();
            if (this.tokenIssuerService == null) {
                this.tokenIssuerService = (TokenIssuerService) Feign.builder().client(getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(consumerKey, consumerSecret)).contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()).target(TokenIssuerService.class, tokenEndpoint);
            }
            this.tokenInfo = this.tokenIssuerService.getToken(WebsocketConstants.PASSWORD, username, password, REQUIRED_SCOPE);
            this.tokenInfo.setExpires_in(System.currentTimeMillis() + (this.tokenInfo.getExpires_in() * 1000));
        }
        synchronized (this) {
            if (System.currentTimeMillis() + this.refreshTimeOffset > this.tokenInfo.getExpires_in()) {
                try {
                    this.tokenInfo = this.tokenIssuerService.getToken(REFRESH_GRANT_TYPE, this.tokenInfo.getRefresh_token());
                    this.tokenInfo.setExpires_in(System.currentTimeMillis() + this.tokenInfo.getExpires_in());
                } catch (FeignException e) {
                    this.tokenInfo = null;
                    apply(requestTemplate);
                }
            }
        }
        requestTemplate.header(HttpHeaders.AUTHORIZATION, new String[]{"Bearer " + this.tokenInfo.getAccess_token()});
    }

    private String getUsername(Map<String, String> map) {
        String str = map.get("username");
        if (str == null || str.isEmpty()) {
            log.error("username can't be empty ");
        }
        return str;
    }

    private String getPassword(Map<String, String> map) {
        String str = map.get(WebsocketConstants.PASSWORD);
        if (str == null || str.isEmpty()) {
            log.error("password can't be empty ");
        }
        return str;
    }

    private String getDeviceMgtServerUrl(Map<String, String> map) throws OutputEventAdapterException {
        String str = map.get(DEVICE_MGT_SERVER_URL);
        if (str == null || str.isEmpty()) {
            log.error("deviceMgtServerUrl can't be empty ");
        }
        return PropertyUtils.replaceProperty(str);
    }

    private String getTokenEndpoint(Map<String, String> map) throws OutputEventAdapterException {
        String str = map.get("tokenUrl");
        if (str.isEmpty()) {
            log.error("tokenEndpoint can't be empty ");
        }
        return PropertyUtils.replaceProperty(str);
    }

    private long getRefreshTimeOffset(Map<String, String> map) {
        long j = 100;
        try {
            j = Long.parseLong(map.get(TOKEN_REFRESH_TIME_OFFSET));
        } catch (NumberFormatException e) {
            log.error("refreshTimeOffset should be a number", e);
        }
        return j;
    }

    public static Client getSSLClient() {
        return Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")) ? new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { // from class: org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        }) : new Client.Default(getTrustedSSLSocketFactory(), (HostnameVerifier) null);
    }

    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
        try {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor.2
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            return null;
        }
    }

    private static SSLSocketFactory getTrustedSSLSocketFactory() {
        try {
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
            return initSSLConnection(loadKeyStore(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"), firstProperty, "JKS"), firstProperty, loadTrustStore(ServerConfiguration.getInstance().getFirstProperty("Security.TrustStore.Location"), ServerConfiguration.getInstance().getFirstProperty("Security.TrustStore.Password")));
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            log.error("Error while creating the SSL socket factory due to " + e.getMessage(), e);
            return null;
        }
    }

    private static SSLSocketFactory initSSLConnection(KeyStore keyStore, String str, KeyStore keyStore2) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, str.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore2);
        SSLContext sSLContext = SSLContext.getInstance("SSLv3");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        SSLContext.setDefault(sSLContext);
        return sSLContext.getSocketFactory();
    }

    private static KeyStore loadKeyStore(String str, String str2, String str3) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = null;
        try {
            char[] charArray = str2.toCharArray();
            KeyStore keyStore = KeyStore.getInstance(str3);
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, charArray);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private static KeyStore loadTrustStore(String str, String str2) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        return loadKeyStore(str, str2, "JKS");
    }
}
