package org.wso2.carbon.dynamic.client.registration.impl;

import java.util.ArrayList;
import java.util.Arrays;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException;
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo;
import org.wso2.carbon.dynamic.client.registration.internal.DynamicClientRegistrationDataHolder;
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
import org.wso2.carbon.dynamic.client.registration.util.DCRConstants;
import org.wso2.carbon.dynamic.client.registration.util.DynamicClientRegistrationUtil;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationServiceImpl.class */
public class DynamicClientRegistrationServiceImpl implements DynamicClientRegistrationService {
    private static final String TOKEN_SCOPE = "tokenScope";
    private static final String MDM = "mdm";
    private static final String SAML_SSO = "samlsso";
    private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";
    private static final String BASIC = "basic";
    private static final String LOCAL = "local";
    private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
    private static final String AUTH_TYPE_OAUTH_2 = "oauth2";
    private static final String OAUTH_CONSUMER_SECRET = "oauthConsumerSecret";
    private static final int STEP_ORDER = 1;
    private static final String OAUTH_VERSION = "OAuth-2.0";
    private static final String APPLICATION_TYPE_WEBAPP = "webapp";
    private static final String APPLICATION_TYPE_DEVICE = "device";

    @Override // org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService
    public OAuthApplicationInfo registerOAuthApplication(RegistrationProfile registrationProfile) throws DynamicClientRegistrationException {
        OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
        String clientName = registrationProfile.getClientName();
        if (log.isDebugEnabled()) {
            log.debug("Trying to register OAuth application: '" + clientName + "'");
        }
        oAuthApplicationInfo.addParameter(TOKEN_SCOPE, Arrays.toString(new String[]{registrationProfile.getTokenScope()}));
        try {
            OAuthApplicationInfo createOAuthApplication = createOAuthApplication(registrationProfile);
            if (createOAuthApplication == null || createOAuthApplication.getJsonString() == null) {
                throw new DynamicClientRegistrationException("OAuth app does not contain required data: '" + clientName + "'");
            }
            oAuthApplicationInfo.setClientName(createOAuthApplication.getClientName());
            oAuthApplicationInfo.setClientId(createOAuthApplication.getClientId());
            oAuthApplicationInfo.setCallBackURL(createOAuthApplication.getCallBackURL());
            oAuthApplicationInfo.setClientSecret(createOAuthApplication.getClientSecret());
            try {
                JSONObject jSONObject = new JSONObject(createOAuthApplication.getJsonString());
                if (jSONObject.has(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
                    oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS, jSONObject.get(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS));
                }
                if (jSONObject.has(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
                    oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT, jSONObject.get(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT));
                }
                return oAuthApplicationInfo;
            } catch (JSONException e) {
                throw new DynamicClientRegistrationException("Can not retrieve information of the created OAuth application", (Exception) e);
            }
        } catch (DynamicClientRegistrationException | IdentityException e2) {
            throw new DynamicClientRegistrationException("Can not create OAuth application  : " + clientName, (Exception) e2);
        }
    }

    private OAuthApplicationInfo createOAuthApplication(RegistrationProfile registrationProfile) throws DynamicClientRegistrationException, IdentityException {
        String owner = registrationProfile.getOwner();
        String clientName = registrationProfile.getClientName();
        String grantType = registrationProfile.getGrantType();
        String callbackUrl = registrationProfile.getCallbackUrl();
        boolean isSaasApp = registrationProfile.isSaasApp();
        if (owner == null || owner.isEmpty()) {
            return null;
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(owner);
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(owner);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
        try {
            try {
                String str = replaceInvalidChars(tenantAwareUsername) + "_" + clientName;
                ServiceProvider serviceProvider = new ServiceProvider();
                serviceProvider.setApplicationName(str);
                User user = new User();
                user.setUserName(tenantAwareUsername);
                user.setTenantDomain(tenantDomain);
                serviceProvider.setOwner(user);
                serviceProvider.setDescription("Service Provider for application " + str);
                ApplicationManagementService applicationManagementService = DynamicClientRegistrationDataHolder.getInstance().getApplicationManagementService();
                if (applicationManagementService == null) {
                    throw new IllegalStateException("Error occurred while retrieving Application ManagementService");
                }
                ServiceProvider serviceProvider2 = applicationManagementService.getServiceProvider(str, tenantDomain);
                if (serviceProvider2 == null) {
                    applicationManagementService.createApplication(serviceProvider, tenantDomain, tenantAwareUsername);
                }
                ServiceProvider serviceProvider3 = applicationManagementService.getServiceProvider(str, tenantDomain);
                if (serviceProvider3 == null) {
                    throw new DynamicClientRegistrationException("Couldn't create Service Provider Application " + str);
                }
                serviceProvider3.setSaasApp(isSaasApp);
                OAuthAdminService oAuthAdminService = new OAuthAdminService();
                OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
                oAuthConsumerAppDTO.setApplicationName(str);
                oAuthConsumerAppDTO.setCallbackUrl(callbackUrl);
                oAuthConsumerAppDTO.setGrantTypes(grantType);
                oAuthConsumerAppDTO.setOAuthVersion(OAUTH_VERSION);
                if (log.isDebugEnabled()) {
                    log.debug("Creating OAuth App " + str);
                }
                if (serviceProvider2 == null || serviceProvider2.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs().length == 0) {
                    oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Created OAuth App " + str);
                }
                OAuthConsumerAppDTO oAuthApplicationDataByAppName = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO.getApplicationName());
                if (log.isDebugEnabled()) {
                    log.debug("Retrieved Details for OAuth App " + oAuthApplicationDataByAppName.getApplicationName());
                }
                InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
                ArrayList arrayList = new ArrayList();
                InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
                inboundAuthenticationRequestConfig.setInboundAuthKey(oAuthApplicationDataByAppName.getOauthConsumerKey());
                inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
                String oauthConsumerSecret = oAuthApplicationDataByAppName.getOauthConsumerSecret();
                if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
                    Property property = new Property();
                    property.setName(OAUTH_CONSUMER_SECRET);
                    property.setValue(oauthConsumerSecret);
                    inboundAuthenticationRequestConfig.setProperties(new Property[]{property});
                }
                if (APPLICATION_TYPE_WEBAPP.equals(registrationProfile.getApplicationType())) {
                    SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = new SAMLSSOServiceProviderDTO();
                    sAMLSSOServiceProviderDTO.setIssuer(str);
                    new SAMLSSOConfigAdmin(getConfigSystemRegistry()).addRelyingPartyServiceProvider(sAMLSSOServiceProviderDTO);
                    InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig2 = new InboundAuthenticationRequestConfig();
                    inboundAuthenticationRequestConfig2.setInboundAuthKey(str);
                    inboundAuthenticationRequestConfig2.setInboundAuthType(SAML_SSO);
                    arrayList.add(inboundAuthenticationRequestConfig2);
                }
                LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
                localAuthenticatorConfig.setName(BASIC_AUTHENTICATOR);
                localAuthenticatorConfig.setDisplayName(BASIC);
                localAuthenticatorConfig.setEnabled(true);
                AuthenticationStep authenticationStep = new AuthenticationStep();
                authenticationStep.setStepOrder(STEP_ORDER);
                authenticationStep.setSubjectStep(true);
                authenticationStep.setAttributeStep(true);
                authenticationStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuthenticatorConfig});
                LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
                localAndOutboundAuthenticationConfig.setAuthenticationType(LOCAL);
                localAndOutboundAuthenticationConfig.setAuthenticationSteps(new AuthenticationStep[]{authenticationStep});
                serviceProvider3.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
                arrayList.add(inboundAuthenticationRequestConfig);
                inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs((InboundAuthenticationRequestConfig[]) arrayList.toArray(new InboundAuthenticationRequestConfig[arrayList.size()]));
                serviceProvider3.setInboundAuthenticationConfig(inboundAuthenticationConfig);
                applicationManagementService.updateApplication(serviceProvider3, tenantDomain, tenantAwareUsername);
                OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
                oAuthApplicationInfo.setClientId(oAuthApplicationDataByAppName.getOauthConsumerKey());
                oAuthApplicationInfo.setCallBackURL(oAuthApplicationDataByAppName.getCallbackUrl());
                oAuthApplicationInfo.setClientSecret(oauthConsumerSecret);
                oAuthApplicationInfo.setClientName(oAuthApplicationDataByAppName.getApplicationName());
                oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS, oAuthApplicationDataByAppName.getCallbackUrl());
                oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT, oAuthApplicationDataByAppName.getGrantTypes());
                PrivilegedCarbonContext.endTenantFlow();
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
                return oAuthApplicationInfo;
            } catch (Exception e) {
                throw new DynamicClientRegistrationException("Error occurred while creating OAuthApp " + clientName, e);
            } catch (IdentityApplicationManagementException e2) {
                throw new DynamicClientRegistrationException("Error occurred while creating ServiceProvider for app " + clientName, (Exception) e2);
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
            throw th;
        }
    }

    protected Registry getConfigSystemRegistry() {
        return PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION);
    }

    @Override // org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService
    public boolean unregisterOAuthApplication(String str, String str2, String str3) throws DynamicClientRegistrationException {
        DynamicClientRegistrationUtil.validateUsername(str);
        DynamicClientRegistrationUtil.validateApplicationName(str2);
        DynamicClientRegistrationUtil.validateConsumerKey(str3);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
        try {
            OAuthAdminService oAuthAdminService = new OAuthAdminService();
            try {
                if (oAuthAdminService.getOAuthApplicationData(str3) == null) {
                    throw new DynamicClientRegistrationException("No OAuth Consumer Application is associated with the given consumer key: " + str3);
                }
                try {
                    try {
                        oAuthAdminService.removeOAuthApplicationData(str3);
                        ApplicationManagementService applicationManagementService = DynamicClientRegistrationDataHolder.getInstance().getApplicationManagementService();
                        if (applicationManagementService == null) {
                            throw new IllegalStateException("Error occurred while retrieving Application ManagementService");
                        }
                        if (applicationManagementService.getServiceProvider(str2, tenantDomain) == null) {
                            throw new DynamicClientRegistrationException("Couldn't retrieve Service Provider Application " + str2);
                        }
                        applicationManagementService.deleteApplication(str2, tenantDomain, tenantAwareUsername);
                        PrivilegedCarbonContext.endTenantFlow();
                        return true;
                    } catch (IdentityOAuthAdminException e) {
                        throw new DynamicClientRegistrationException("Error occurred while removing application '" + str2 + "'", (Exception) e);
                    }
                } catch (IdentityApplicationManagementException e2) {
                    throw new DynamicClientRegistrationException("Error occurred while removing ServiceProvider for application '" + str2 + "'", (Exception) e2);
                }
            } catch (Throwable th) {
                PrivilegedCarbonContext.endTenantFlow();
                throw th;
            }
        } catch (Exception e3) {
            throw new DynamicClientRegistrationException("Error occurred while retrieving application data", e3);
        }
    }

    @Override // org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService
    public boolean isOAuthApplicationAvailable(String str) throws DynamicClientRegistrationException {
        ApplicationManagementService applicationManagementService = DynamicClientRegistrationDataHolder.getInstance().getApplicationManagementService();
        if (applicationManagementService == null) {
            throw new IllegalStateException("Error occurred while retrieving Application ManagementService");
        }
        try {
            return applicationManagementService.getServiceProvider(str, CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) != null;
        } catch (IdentityApplicationManagementException e) {
            throw new DynamicClientRegistrationException("Error occurred while retrieving information of OAuthApp " + str, (Exception) e);
        }
    }

    private String replaceInvalidChars(String str) {
        return str.replaceAll("@", "_AT_");
    }
}
