package org.wso2.extension.siddhi.device.client;

import feign.Feign;
import feign.Logger;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.extension.siddhi.device.client.configs.SiddhiExtensionConfigReader;
import org.wso2.extension.siddhi.device.client.dto.OAuthApplication;
import org.wso2.extension.siddhi.device.client.dto.RegistrationProfile;
import org.wso2.extension.siddhi.device.client.exception.APIMClientOAuthException;
import org.wso2.extension.siddhi.device.client.services.DCRService;
import org.wso2.extension.siddhi.device.utils.ClientUtils;
import org.wso2.extension.siddhi.device.utils.DeviceUtils;

/* loaded from: input_file:org/wso2/extension/siddhi/device/client/OAuthRequestInterceptor.class */
public class OAuthRequestInterceptor implements RequestInterceptor {
    private static final String APPLICATION_NAME = "siddhi_extension_client";
    private static final String REQUIRED_SCOPES = "perm:devices:operations";
    private DCRService dcrService = (DCRService) Feign.builder().client(new OkHttpClient(ClientUtils.getSSLClient())).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(SiddhiExtensionConfigReader.getInstance().getConfig().getUsername(), SiddhiExtensionConfigReader.getInstance().getConfig().getPassword())).contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()).target(DCRService.class, ClientUtils.replaceProperties(SiddhiExtensionConfigReader.getInstance().getConfig().getDcrEndpoint()));
    private static OAuthApplication oAuthApplication;
    private static final String[] API_TAGS = {"device_management"};
    private static final Log log = LogFactory.getLog(OAuthRequestInterceptor.class);

    public void apply(RequestTemplate requestTemplate) {
        if (oAuthApplication == null) {
            RegistrationProfile registrationProfile = new RegistrationProfile();
            registrationProfile.setApiApplicationName(APPLICATION_NAME);
            registrationProfile.setIsAllowedToAllDomains(true);
            registrationProfile.setTags(API_TAGS);
            oAuthApplication = this.dcrService.register(registrationProfile);
        }
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        try {
            String adminUserName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName();
            if (!tenantDomain.equals("carbon.super")) {
                adminUserName = adminUserName + "@" + tenantDomain;
            }
            AccessTokenInfo accessToken = DeviceUtils.getJWTClientManagerService().getJWTClient().getAccessToken(oAuthApplication.getClientId(), oAuthApplication.getClientSecret(), adminUserName, REQUIRED_SCOPES);
            if (accessToken.getAccessToken() != null) {
                requestTemplate.header(HttpHeaders.AUTHORIZATION, new String[]{"Bearer " + accessToken.getAccessToken()});
            }
        } catch (JWTClientException e) {
            log.error("Failed to retrieve oauth token using jwt", e);
            throw new APIMClientOAuthException("Failed to retrieve oauth token using jwt", e);
        } catch (UserStoreException e2) {
            String str = "Unable to retrieve realm config for tenant " + tenantDomain;
            log.error(str, e2);
            throw new APIMClientOAuthException(str, e2);
        }
    }
}
