package org.wso2.carbon.apimgt.rest.api.dcr.web.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil;
import org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService;
import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.FaultResponse;
import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.RegistrationProfile;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.config.RealmConfigXMLProcessor;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

@Produces({"application/json"})
@Consumes({"application/json"})
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/dcr/web/impl/RegistrationServiceImpl.class */
public class RegistrationServiceImpl implements RegistrationService {
    private static final Log log = LogFactory.getLog(RegistrationServiceImpl.class);
    private static final String APP_DISPLAY_NAME = "DisplayName";

    @Context
    MessageContext securityContext;

    @Override // org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService
    @POST
    @Path("/register")
    public Response register(RegistrationProfile registrationProfile) {
        Response build;
        String str = null;
        try {
            OAuthAppRequest oAuthAppRequest = new OAuthAppRequest();
            OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
            String owner = registrationProfile.getOwner();
            String loggedInUsername = RestApiCommonUtil.getLoggedInUsername();
            if (owner != null && loggedInUsername != null) {
                int indexOf = loggedInUsername.indexOf(UserCoreConstants.DOMAIN_SEPARATOR);
                int indexOf2 = owner.indexOf(UserCoreConstants.DOMAIN_SEPARATOR);
                if (indexOf > 0 && indexOf2 < 0 && !"PRIMARY".equalsIgnoreCase(loggedInUsername.substring(0, indexOf)) && owner.equals(loggedInUsername.substring(indexOf + 1))) {
                    if (log.isDebugEnabled()) {
                        log.debug("Update profile user name :" + owner + " with " + loggedInUsername);
                    }
                    owner = loggedInUsername;
                    registrationProfile.setOwner(owner);
                }
            }
            if (loggedInUsername == null || !(loggedInUsername.equals(owner) || isUserSuperAdmin(loggedInUsername))) {
                build = Response.status(Response.Status.BAD_REQUEST).entity(RestApiUtil.getErrorDTO("Bad Request", 400L, "Logged in user '" + loggedInUsername + "' and application owner '" + owner + "' should be same.")).build();
            } else {
                String grantType = registrationProfile.getGrantType();
                oAuthApplicationInfo.setClientName(registrationProfile.getClientName());
                if (StringUtils.isNotBlank(registrationProfile.getCallbackUrl())) {
                    oAuthApplicationInfo.setCallBackURL(registrationProfile.getCallbackUrl());
                } else {
                    for (String str2 : grantType.split(" ")) {
                        if (str2.equalsIgnoreCase("authorization_code") || str2.equalsIgnoreCase("implicit")) {
                            grantType = grantType.replace(str2, "");
                        }
                    }
                }
                String tokenType = registrationProfile.getTokenType();
                String str3 = StringUtils.isNotEmpty(tokenType) ? tokenType : "DEFAULT";
                oAuthApplicationInfo.addParameter("username", owner);
                oAuthApplicationInfo.setClientId("");
                oAuthApplicationInfo.setClientSecret("");
                oAuthApplicationInfo.setIsSaasApplication(registrationProfile.isSaasApp());
                oAuthApplicationInfo.setTokenType(str3);
                oAuthAppRequest.setOAuthApplicationInfo(oAuthApplicationInfo);
                String tenantDomain = !loggedInUsername.equals(owner) ? MultitenantUtils.getTenantDomain(owner) : RestApiCommonUtil.getLoggedInUserTenantDomain();
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername((String) oAuthApplicationInfo.getParameter("username"));
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(tenantAwareUsername);
                if (extractDomainFromName != null && !extractDomainFromName.isEmpty() && !"PRIMARY".equals(extractDomainFromName)) {
                    tenantAwareUsername.replace(UserCoreConstants.DOMAIN_SEPARATOR, "_");
                }
                str = registrationProfile.getClientName();
                ServiceProvider serviceProvider = null;
                try {
                    serviceProvider = ApplicationManagementService.getInstance().getApplicationExcludingFileBasedSPs(str, tenantDomain);
                } catch (IdentityApplicationManagementException e) {
                    log.error("Error occurred while checking the existence of the application " + str, e);
                }
                OAuthApplicationInfo existingApp = serviceProvider != null ? getExistingApp(str, serviceProvider.isSaasApp()) : createApplication(str, oAuthAppRequest, grantType);
                if (existingApp == null) {
                    String str4 = "OAuth app '" + registrationProfile.getClientName() + "' creation or updating failed. Dynamic Client Registration Service not available.";
                    log.error(str4);
                    build = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(RestApiUtil.getErrorDTO("Bad Request", 500L, str4)).build();
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("OAuth app " + registrationProfile.getClientName() + " creation successful.");
                    }
                    build = Response.status(Response.Status.OK).entity(existingApp).build();
                }
            }
        } catch (APIManagementException e2) {
            String str5 = "Error occurred while trying to create the client application " + str;
            log.error(str5, e2);
            build = Response.status(Response.Status.BAD_REQUEST).entity(RestApiUtil.getErrorDTO("Bad Request", 500L, str5)).build();
        }
        return build;
    }

    @Override // org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService
    @DELETE
    public Response unRegister(@QueryParam("applicationName") String str, @QueryParam("userId") String str2, @QueryParam("consumerKey") String str3) {
        Response build;
        try {
            build = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Dynamic Client Registration Service's resource deletion not implemented.").build();
        } catch (Exception e) {
            String str4 = "Error occurred while un-registering client '" + str + "'";
            log.error(str4, e);
            build = Response.serverError().entity(new FaultResponse(RegistrationService.ErrorCode.INVALID_CLIENT_METADATA, str4)).build();
        }
        return build;
    }

    private OAuthApplicationInfo getExistingApp(String str, boolean z) {
        OAuthApplicationInfo oAuthApplicationInfo = null;
        try {
            OAuthConsumerAppDTO oAuthApplicationDataByAppName = new OAuthAdminService().getOAuthApplicationDataByAppName(str);
            HashMap hashMap = new HashMap();
            hashMap.put("grant_types", oAuthApplicationDataByAppName.getGrantTypes());
            oAuthApplicationInfo = fromAppDTOToApplicationInfo(oAuthApplicationDataByAppName.getOauthConsumerKey(), oAuthApplicationDataByAppName.getApplicationName(), oAuthApplicationDataByAppName.getCallbackUrl(), oAuthApplicationDataByAppName.getOauthConsumerSecret(), z, null, oAuthApplicationDataByAppName.getTokenType(), hashMap);
        } catch (IdentityOAuthAdminException e) {
            log.error("error occurred while trying to get OAuth Application data", e);
        }
        return oAuthApplicationInfo;
    }

    private OAuthApplicationInfo createApplication(String str, OAuthAppRequest oAuthAppRequest, String str2) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String clientName = oAuthApplicationInfo.getClientName();
        String str3 = (String) oAuthApplicationInfo.getParameter("username");
        boolean z = false;
        if (str3 == null || str3.isEmpty()) {
            return null;
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str3);
        String tenantDomain = MultitenantUtils.getTenantDomain(str3);
        try {
            if (tenantDomain != null) {
                try {
                    if (!"carbon.super".equals(tenantDomain)) {
                        z = true;
                        PrivilegedCarbonContext.startTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
                    }
                } catch (IdentityApplicationManagementException e) {
                    log.error("Error occurred while creating the client application " + clientName, e);
                    if (0 == 0) {
                        return null;
                    }
                    PrivilegedCarbonContext.getThreadLocalCarbonContext();
                    PrivilegedCarbonContext.endTenantFlow();
                    return null;
                }
            }
            ServiceProvider serviceProvider = new ServiceProvider();
            serviceProvider.setApplicationName(str);
            serviceProvider.setDescription("Service Provider for application " + clientName);
            serviceProvider.setSaasApp(oAuthApplicationInfo.getIsSaasApplication());
            ArrayList arrayList = new ArrayList();
            ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty();
            serviceProviderProperty.setName(APP_DISPLAY_NAME);
            serviceProviderProperty.setValue(str);
            arrayList.add(serviceProviderProperty);
            ServiceProviderProperty serviceProviderProperty2 = new ServiceProviderProperty();
            serviceProviderProperty2.setName("TokenType");
            serviceProviderProperty2.setValue(oAuthApplicationInfo.getTokenType());
            arrayList.add(serviceProviderProperty2);
            ServiceProviderProperty serviceProviderProperty3 = new ServiceProviderProperty();
            serviceProviderProperty3.setDisplayName("Skip Consent");
            serviceProviderProperty3.setName("skipConsent");
            serviceProviderProperty3.setValue("true");
            arrayList.add(serviceProviderProperty3);
            ServiceProviderProperty serviceProviderProperty4 = new ServiceProviderProperty();
            serviceProviderProperty4.setDisplayName("Skip Logout Consent");
            serviceProviderProperty4.setName("skipLogoutConsent");
            serviceProviderProperty4.setValue("true");
            arrayList.add(serviceProviderProperty4);
            String str4 = null;
            try {
                str4 = RestApiUtil.getValidatedOrganization(this.securityContext);
            } catch (APIManagementException e2) {
                log.debug("Could not extract orgId from the request. Reason:" + e2.getMessage());
            }
            if (StringUtils.isNotBlank(str4)) {
                ServiceProviderProperty serviceProviderProperty5 = new ServiceProviderProperty();
                serviceProviderProperty5.setDisplayName("Organization ID");
                serviceProviderProperty5.setName("orgId");
                serviceProviderProperty5.setValue(str4);
                arrayList.add(serviceProviderProperty5);
            }
            ServiceProviderProperty[] serviceProviderPropertyArr = (ServiceProviderProperty[]) arrayList.toArray(new ServiceProviderProperty[0]);
            serviceProvider.setSpProperties(serviceProviderPropertyArr);
            ApplicationManagementService applicationManagementService = ApplicationManagementService.getInstance();
            applicationManagementService.createApplication(serviceProvider, tenantDomain, tenantAwareUsername);
            ServiceProvider applicationExcludingFileBasedSPs = applicationManagementService.getApplicationExcludingFileBasedSPs(str, tenantDomain);
            if (applicationExcludingFileBasedSPs == null) {
                throw new APIManagementException("Error occurred while creating Service Provider Application" + clientName);
            }
            OAuthConsumerAppDTO createOAuthApp = createOAuthApp(str, oAuthApplicationInfo, str2, tenantAwareUsername);
            InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
            InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigArr = new InboundAuthenticationRequestConfig[1];
            InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
            inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
            inboundAuthenticationRequestConfig.setInboundAuthKey(createOAuthApp.getOauthConsumerKey());
            String oauthConsumerSecret = createOAuthApp.getOauthConsumerSecret();
            if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
                Property property = new Property();
                property.setName("oauthConsumerSecret");
                property.setValue(oauthConsumerSecret);
                inboundAuthenticationRequestConfig.setProperties(new Property[]{property});
            }
            inboundAuthenticationRequestConfigArr[0] = inboundAuthenticationRequestConfig;
            inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigArr);
            applicationExcludingFileBasedSPs.setInboundAuthenticationConfig(inboundAuthenticationConfig);
            applicationExcludingFileBasedSPs.setSaasApp(oAuthApplicationInfo.getIsSaasApplication());
            applicationExcludingFileBasedSPs.setSpProperties(serviceProviderPropertyArr);
            applicationManagementService.updateApplication(applicationExcludingFileBasedSPs, tenantDomain, tenantAwareUsername);
            HashMap hashMap = new HashMap();
            hashMap.put("redirect_uris", createOAuthApp.getCallbackUrl());
            hashMap.put("client_name", createOAuthApp.getApplicationName());
            hashMap.put("grant_types", createOAuthApp.getGrantTypes());
            OAuthApplicationInfo fromAppDTOToApplicationInfo = fromAppDTOToApplicationInfo(createOAuthApp.getOauthConsumerKey(), str, createOAuthApp.getCallbackUrl(), createOAuthApp.getOauthConsumerSecret(), applicationExcludingFileBasedSPs.isSaasApp(), str3, createOAuthApp.getTokenType(), hashMap);
            if (z) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext();
                PrivilegedCarbonContext.endTenantFlow();
            }
            return fromAppDTOToApplicationInfo;
        } catch (Throwable th) {
            if (0 != 0) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext();
                PrivilegedCarbonContext.endTenantFlow();
            }
            throw th;
        }
    }

    private OAuthConsumerAppDTO createOAuthApp(String str, OAuthApplicationInfo oAuthApplicationInfo, String str2, String str3) {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = null;
        OAuthAdminService oAuthAdminService = new OAuthAdminService();
        OAuthConsumerAppDTO oAuthConsumerAppDTO2 = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO2.setApplicationName(str);
        if (StringUtils.isNotBlank(oAuthApplicationInfo.getCallBackURL())) {
            oAuthConsumerAppDTO2.setCallbackUrl(oAuthApplicationInfo.getCallBackURL());
        }
        oAuthConsumerAppDTO2.setUsername(str3);
        oAuthConsumerAppDTO2.setOAuthVersion("OAuth-2.0");
        oAuthConsumerAppDTO2.setGrantTypes(str2.trim());
        oAuthConsumerAppDTO2.setTokenType(oAuthApplicationInfo.getTokenType());
        try {
            if (OAuth2Util.isHashDisabled()) {
                oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO2);
                oAuthConsumerAppDTO = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO2.getApplicationName());
            } else {
                oAuthConsumerAppDTO = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO2);
            }
        } catch (IdentityOAuthAdminException e) {
            log.error("Error occurred while creating the OAuth app", e);
        }
        if (log.isDebugEnabled()) {
            log.debug("Created OAuth App " + str);
        }
        return oAuthConsumerAppDTO;
    }

    private OAuthApplicationInfo fromAppDTOToApplicationInfo(String str, String str2, String str3, String str4, boolean z, String str5, String str6, Map<String, String> map) {
        OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
        oAuthApplicationInfo.setClientId(str);
        oAuthApplicationInfo.setClientName(str2);
        oAuthApplicationInfo.setCallBackURL(str3);
        oAuthApplicationInfo.setClientSecret(str4);
        oAuthApplicationInfo.setIsSaasApplication(z);
        oAuthApplicationInfo.setAppOwner(str5);
        oAuthApplicationInfo.setTokenType(str6);
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            oAuthApplicationInfo.addParameter(next.getKey(), next.getValue());
            it.remove();
        }
        return oAuthApplicationInfo;
    }

    private boolean isUserSuperAdmin(String str) {
        try {
            return new RealmConfigXMLProcessor().buildRealmConfigurationFromFile().getAdminUserName().equalsIgnoreCase(str);
        } catch (UserStoreException e) {
            log.error("Error while retrieving super admin username", e);
            return false;
        }
    }
}
