package org.wso2.carbon.apimgt.authenticator;

import com.google.gson.Gson;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.authenticator.constants.AuthenticatorConstants;
import org.wso2.carbon.apimgt.authenticator.utils.AuthUtil;
import org.wso2.carbon.apimgt.authenticator.utils.bean.AuthResponseBean;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.KeyManagementException;
import org.wso2.carbon.apimgt.core.impl.APIDefinitionFromSwagger20;
import org.wso2.carbon.apimgt.core.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.core.models.AccessTokenInfo;
import org.wso2.carbon.apimgt.core.models.OAuthAppRequest;
import org.wso2.carbon.apimgt.core.models.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.rest.api.common.util.RestApiUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/authenticator/LoginTokenService.class */
public class LoginTokenService {
    private static final Logger log = LoggerFactory.getLogger(LoginTokenService.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/apimgt/authenticator/LoginTokenService$JWTTokenPayload.class */
    public class JWTTokenPayload {
        private String sub;
        private String iss;
        private String exp;
        private String iat;
        private String[] aud;

        private JWTTokenPayload() {
        }

        public String getSub() {
            return this.sub;
        }

        public String getIss() {
            return this.iss;
        }

        public String getExp() {
            return this.exp;
        }

        public String getIat() {
            return this.iat;
        }

        public String[] getAud() {
            return this.aud;
        }
    }

    public AuthResponseBean setAccessTokenData(AuthResponseBean authResponseBean, AccessTokenInfo accessTokenInfo) throws KeyManagementException {
        authResponseBean.setTokenValid(true);
        if (accessTokenInfo.getIdToken() != null) {
            authResponseBean.setAuthUser(getUsernameFromJWT(accessTokenInfo.getIdToken()));
        }
        authResponseBean.setScopes(accessTokenInfo.getScopes());
        authResponseBean.setType("Bearer");
        authResponseBean.setValidityPeriod(accessTokenInfo.getValidityPeriod());
        authResponseBean.setIdToken(accessTokenInfo.getIdToken());
        return authResponseBean;
    }

    public String getTokens(AuthResponseBean authResponseBean, String str, String str2, String str3, String str4, String str5, long j) throws KeyManagementException {
        try {
            String publisherRestAPIResource = RestApiUtil.getPublisherRestAPIResource();
            String storeRestAPIResource = RestApiUtil.getStoreRestAPIResource();
            String adminRestAPIResource = RestApiUtil.getAdminRestAPIResource();
            APIDefinitionFromSwagger20 aPIDefinitionFromSwagger20 = new APIDefinitionFromSwagger20();
            Map scopes = aPIDefinitionFromSwagger20.getScopes(publisherRestAPIResource);
            Map scopes2 = aPIDefinitionFromSwagger20.getScopes(storeRestAPIResource);
            Map scopes3 = aPIDefinitionFromSwagger20.getScopes(adminRestAPIResource);
            StringBuffer stringBuffer = new StringBuffer();
            scopes.keySet().forEach(str6 -> {
                stringBuffer.append(str6).append(" ");
            });
            scopes2.keySet().forEach(str7 -> {
                stringBuffer.append(str7).append(" ");
            });
            scopes3.keySet().forEach(str8 -> {
                stringBuffer.append(str8).append(" ");
            });
            String stringBuffer2 = stringBuffer.toString();
            String str9 = StringUtils.isEmpty(stringBuffer2) ? "openid" : stringBuffer2 + "openid";
            Map<String, String> consumerKeySecret = getConsumerKeySecret(str);
            AccessTokenInfo newAccessToken = APIManagerFactory.getInstance().getKeyManager().getNewAccessToken(AuthUtil.createAccessTokenRequest(str2, str3, str4, str5, null, j, str9, consumerKeySecret.get("CONSUMER_KEY"), consumerKeySecret.get("CONSUMER_SECRET")));
            setAccessTokenData(authResponseBean, newAccessToken);
            return newAccessToken.getAccessToken() + ":" + newAccessToken.getRefreshToken();
        } catch (APIManagementException e) {
            log.error("Error while reading scopes from swagger definition", e);
            throw new KeyManagementException("Error while reading scopes from swagger definition", e);
        }
    }

    public void revokeAccessToken(String str, String str2) throws KeyManagementException {
        Map<String, String> consumerKeySecret = getConsumerKeySecret(str);
        APIManagerFactory.getInstance().getKeyManager().revokeAccessToken(str2, consumerKeySecret.get("CONSUMER_KEY"), consumerKeySecret.get("CONSUMER_SECRET"));
    }

    private Map<String, String> getConsumerKeySecret(String str) throws KeyManagementException {
        if (AuthUtil.getConsumerKeySecretMap().containsKey(str)) {
            return AuthUtil.getConsumerKeySecretMap().get(str);
        }
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        arrayList.add(AuthenticatorConstants.PASSWORD_GRANT);
        arrayList.add(AuthenticatorConstants.REFRESH_GRANT);
        OAuthApplicationInfo createApplication = APIManagerFactory.getInstance().getKeyManager().createApplication(new OAuthAppRequest(str, "http://temporary.callback/url", "Application", arrayList));
        hashMap.put("CONSUMER_KEY", createApplication.getClientId());
        hashMap.put("CONSUMER_SECRET", createApplication.getClientSecret());
        AuthUtil.getConsumerKeySecretMap().put(str, hashMap);
        return hashMap;
    }

    private String getUsernameFromJWT(String str) throws KeyManagementException {
        if (str == null || !str.contains(".")) {
            log.error("JWT Parsing failed. Invalid JWT: " + str);
            throw new KeyManagementException("JWT Parsing failed. Invalid JWT.");
        }
        return ((JWTTokenPayload) new Gson().fromJson(new String(Base64.getDecoder().decode(str.split("\\.")[1]), StandardCharsets.UTF_8), JWTTokenPayload.class)).getSub().replace("@carbon.super", "");
    }
}
