package org.wso2.carbon.identity.oauth;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.AbstractAdmin;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.AppInfoCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dao.OAuthConsumerDAO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO;
import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.ClientCredentialDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthAdminService.class */
public class OAuthAdminService extends AbstractAdmin {
    public static final String IMPLICIT = "implicit";
    public static final String AUTHORIZATION_CODE = "authorization_code";
    private static List<String> allowedGrants = null;
    protected Log log = LogFactory.getLog(OAuthAdminService.class);
    private AppInfoCache appInfoCache = AppInfoCache.getInstance();

    public String[] registerOAuthConsumer() throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (this.log.isDebugEnabled()) {
            this.log.debug("Adding a consumer secret for the logged in user " + username);
        }
        return new OAuthAppDAO().addOAuthConsumer(UserCoreUtil.removeDomainFromName(MultitenantUtils.getTenantAwareUsername(username)), CarbonContext.getThreadLocalCarbonContext().getTenantId(), IdentityUtil.extractDomainFromName(username));
    }

    public OAuthConsumerAppDTO[] getAllOAuthApplicationData() throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        OAuthConsumerAppDTO[] oAuthConsumerAppDTOArr = new OAuthConsumerAppDTO[0];
        if (username == null) {
            if (this.log.isErrorEnabled()) {
                this.log.debug("User not logged in");
            }
            throw new IdentityOAuthAdminException("User not logged in");
        }
        OAuthAppDO[] oAuthConsumerAppsOfUser = new OAuthAppDAO().getOAuthConsumerAppsOfUser(MultitenantUtils.getTenantAwareUsername(username), CarbonContext.getThreadLocalCarbonContext().getTenantId());
        if (oAuthConsumerAppsOfUser != null && oAuthConsumerAppsOfUser.length > 0) {
            oAuthConsumerAppDTOArr = new OAuthConsumerAppDTO[oAuthConsumerAppsOfUser.length];
            for (int i = 0; i < oAuthConsumerAppsOfUser.length; i++) {
                OAuthAppDO oAuthAppDO = oAuthConsumerAppsOfUser[i];
                OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
                oAuthConsumerAppDTO.setApplicationName(oAuthAppDO.getApplicationName());
                oAuthConsumerAppDTO.setCallbackUrl(oAuthAppDO.getCallbackUrl());
                oAuthConsumerAppDTO.setOauthConsumerKey(oAuthAppDO.getOauthConsumerKey());
                oAuthConsumerAppDTO.setOauthConsumerSecret(oAuthAppDO.getOauthConsumerSecret());
                oAuthConsumerAppDTO.setOAuthVersion(oAuthAppDO.getOauthVersion());
                oAuthConsumerAppDTO.setGrantTypes(oAuthAppDO.getGrantTypes());
                oAuthConsumerAppDTO.setUsername(oAuthAppDO.getUser().toString());
                oAuthConsumerAppDTO.setPkceMandatory(oAuthAppDO.isPkceMandatory());
                oAuthConsumerAppDTO.setPkceSupportPlain(oAuthAppDO.isPkceSupportPlain());
                oAuthConsumerAppDTOArr[i] = oAuthConsumerAppDTO;
            }
        }
        return oAuthConsumerAppDTOArr;
    }

    public OAuthConsumerAppDTO getOAuthApplicationData(String str) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        try {
            OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(str);
            if (appInformation != null) {
                oAuthConsumerAppDTO.setApplicationName(appInformation.getApplicationName());
                oAuthConsumerAppDTO.setCallbackUrl(appInformation.getCallbackUrl());
                oAuthConsumerAppDTO.setOauthConsumerKey(appInformation.getOauthConsumerKey());
                oAuthConsumerAppDTO.setOauthConsumerSecret(appInformation.getOauthConsumerSecret());
                oAuthConsumerAppDTO.setOAuthVersion(appInformation.getOauthVersion());
                oAuthConsumerAppDTO.setGrantTypes(appInformation.getGrantTypes());
                oAuthConsumerAppDTO.setPkceMandatory(appInformation.isPkceMandatory());
                oAuthConsumerAppDTO.setPkceSupportPlain(appInformation.isPkceSupportPlain());
            }
            return oAuthConsumerAppDTO;
        } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
            throw new IdentityOAuthAdminException("Error while retrieving the app information using consumer key", e);
        }
    }

    public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String str) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        try {
            OAuthAppDO appInformationByAppName = new OAuthAppDAO().getAppInformationByAppName(str);
            if (appInformationByAppName != null) {
                oAuthConsumerAppDTO.setApplicationName(appInformationByAppName.getApplicationName());
                oAuthConsumerAppDTO.setCallbackUrl(appInformationByAppName.getCallbackUrl());
                oAuthConsumerAppDTO.setOauthConsumerKey(appInformationByAppName.getOauthConsumerKey());
                oAuthConsumerAppDTO.setOauthConsumerSecret(appInformationByAppName.getOauthConsumerSecret());
                oAuthConsumerAppDTO.setOAuthVersion(appInformationByAppName.getOauthVersion());
                oAuthConsumerAppDTO.setGrantTypes(appInformationByAppName.getGrantTypes());
                oAuthConsumerAppDTO.setPkceMandatory(appInformationByAppName.isPkceMandatory());
                oAuthConsumerAppDTO.setPkceSupportPlain(appInformationByAppName.isPkceSupportPlain());
            }
            return oAuthConsumerAppDTO;
        } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
            throw new IdentityOAuthAdminException("Error while retrieving the app information by app name", e);
        }
    }

    public void registerOAuthApplicationData(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (username != null) {
            CarbonContext.getThreadLocalCarbonContext().getTenantId();
            String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
            OAuthAppDO oAuthAppDO = new OAuthAppDO();
            if (oAuthConsumerAppDTO != null) {
                oAuthAppDO.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
                if ((oAuthConsumerAppDTO.getGrantTypes().contains(AUTHORIZATION_CODE) || oAuthConsumerAppDTO.getGrantTypes().contains("implicit")) && StringUtils.isEmpty(oAuthConsumerAppDTO.getCallbackUrl())) {
                    throw new IdentityOAuthAdminException("Callback Url is required for Code or Implicit grant types");
                }
                oAuthAppDO.setCallbackUrl(oAuthConsumerAppDTO.getCallbackUrl());
                if (oAuthConsumerAppDTO.getOauthConsumerKey() == null) {
                    oAuthAppDO.setOauthConsumerKey(OAuthUtil.getRandomNumber());
                    oAuthAppDO.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
                } else {
                    oAuthAppDO.setOauthConsumerKey(oAuthConsumerAppDTO.getOauthConsumerKey());
                    oAuthAppDO.setOauthConsumerSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
                }
                AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(username));
                authenticatedUser.setTenantDomain(tenantDomain);
                authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(username));
                String username2 = oAuthConsumerAppDTO.getUsername();
                if (StringUtils.isNotBlank(username2)) {
                    try {
                        if (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().isExistingUser(username2)) {
                            authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(username2));
                            authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(username2));
                        } else {
                            this.log.warn("OAuth application registrant user name " + username2 + " does not exist in the user store. Using logged-in user name " + username + " as registrant name");
                        }
                    } catch (UserStoreException e) {
                        throw new IdentityOAuthAdminException("Error while retrieving the user store manager", e);
                    }
                }
                oAuthAppDO.setUser(authenticatedUser);
                if (oAuthConsumerAppDTO.getOAuthVersion() != null) {
                    oAuthAppDO.setOauthVersion(oAuthConsumerAppDTO.getOAuthVersion());
                } else {
                    oAuthAppDO.setOauthVersion(OAuthConstants.OAuthVersions.VERSION_2);
                }
                if (OAuthConstants.OAuthVersions.VERSION_2.equals(oAuthConsumerAppDTO.getOAuthVersion())) {
                    ArrayList arrayList = new ArrayList(Arrays.asList(getAllowedGrantTypes()));
                    for (String str : oAuthConsumerAppDTO.getGrantTypes().split("\\s")) {
                        if (!StringUtils.isBlank(str) && !arrayList.contains(str)) {
                            throw new IdentityOAuthAdminException(str + " not allowed");
                        }
                    }
                    oAuthAppDO.setGrantTypes(oAuthConsumerAppDTO.getGrantTypes());
                    oAuthAppDO.setPkceMandatory(oAuthConsumerAppDTO.getPkceMandatory());
                    oAuthAppDO.setPkceSupportPlain(oAuthConsumerAppDTO.getPkceSupportPlain());
                }
                oAuthAppDAO.addOAuthApplication(oAuthAppDO);
                if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                    this.appInfoCache.addToCache(oAuthAppDO.getOauthConsumerKey(), oAuthAppDO);
                }
            }
        }
    }

    public void updateConsumerApplication(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
        CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        OAuthAppDO oAuthAppDO = new OAuthAppDO();
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(tenantAwareUsername));
        authenticatedUser.setTenantDomain(tenantDomain);
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(username));
        oAuthAppDO.setUser(authenticatedUser);
        oAuthAppDO.setOauthConsumerKey(oAuthConsumerAppDTO.getOauthConsumerKey());
        oAuthAppDO.setOauthConsumerSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
        oAuthAppDO.setCallbackUrl(oAuthConsumerAppDTO.getCallbackUrl());
        oAuthAppDO.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
        oAuthAppDO.setPkceMandatory(oAuthConsumerAppDTO.getPkceMandatory());
        oAuthAppDO.setPkceSupportPlain(oAuthConsumerAppDTO.getPkceSupportPlain());
        if (OAuthConstants.OAuthVersions.VERSION_2.equals(oAuthConsumerAppDTO.getOAuthVersion())) {
            ArrayList arrayList = new ArrayList(Arrays.asList(getAllowedGrantTypes()));
            for (String str : oAuthConsumerAppDTO.getGrantTypes().split("\\s")) {
                if (!StringUtils.isBlank(str) && !arrayList.contains(str)) {
                    throw new IdentityOAuthAdminException(str + " not allowed");
                }
            }
            oAuthAppDO.setGrantTypes(oAuthConsumerAppDTO.getGrantTypes());
        }
        oAuthAppDAO.updateConsumerApplication(oAuthAppDO);
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            this.appInfoCache.addToCache(oAuthAppDO.getOauthConsumerKey(), oAuthAppDO);
        }
    }

    public String getOauthApplicationState(String str) throws IdentityOAuthAdminException {
        return new OAuthAppDAO().getConsumerAppState(str);
    }

    public void updateConsumerAppState(String str, String str2) throws IdentityOAuthAdminException {
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        try {
            if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                OAuthAppDO oAuthAppDO = (OAuthAppDO) this.appInfoCache.getValueFromCache(str);
                if (oAuthAppDO != null) {
                    oAuthAppDO.setState(str2);
                } else {
                    oAuthAppDO = oAuthAppDAO.getAppInformation(str);
                }
                this.appInfoCache.addToCache(str, oAuthAppDO);
                if (this.log.isDebugEnabled()) {
                    this.log.debug("App state is updated in the cache.");
                }
            }
            Properties properties = new Properties();
            properties.setProperty(OAuthConstants.OAUTH_APP_NEW_STATE, str2);
            properties.setProperty(OAuthConstants.ACTION_PROPERTY_KEY, OAuthConstants.ACTION_REVOKE);
            updateAppAndRevokeTokensAndAuthzCodes(str, properties);
        } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
            throw new IdentityOAuthAdminException("Error while updating consumer application state", e);
        }
    }

    public void updateOauthSecretKey(String str) throws IdentityOAuthAdminException {
        new OAuthConsumerDAO();
        String randomNumber = OAuthUtil.getRandomNumber();
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            OAuthCache.getInstance().addToCache(new OAuthCacheKey(str), new ClientCredentialDO(randomNumber));
            if (this.log.isDebugEnabled()) {
                this.log.debug("Client Secret is updated in the cache.");
            }
        }
        Properties properties = new Properties();
        properties.setProperty(OAuthConstants.OAUTH_APP_NEW_SECRET_KEY, randomNumber);
        properties.setProperty(OAuthConstants.ACTION_PROPERTY_KEY, OAuthConstants.ACTION_REGENERATE);
        updateAppAndRevokeTokensAndAuthzCodes(str, properties);
    }

    private void updateAppAndRevokeTokensAndAuthzCodes(String str, Properties properties) throws IdentityOAuthAdminException {
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        int i = 0;
        try {
            Set<AccessTokenDO> activeDetailedTokensForConsumerKey = tokenMgtDAO.getActiveDetailedTokensForConsumerKey(str);
            String[] strArr = new String[activeDetailedTokensForConsumerKey.size()];
            if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                OAuthCache oAuthCache = OAuthCache.getInstance();
                for (AccessTokenDO accessTokenDO : activeDetailedTokensForConsumerKey) {
                    String accessToken = accessTokenDO.getAccessToken();
                    strArr[i] = accessToken;
                    i++;
                    oAuthCache.clearCacheEntry(new OAuthCacheKey(accessToken));
                    String buildScopeString = OAuth2Util.buildScopeString(accessTokenDO.getScope());
                    String authenticatedUser = accessTokenDO.getAuthzUser().toString();
                    oAuthCache.clearCacheEntry(new OAuthCacheKey(IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser) ? str + ":" + authenticatedUser + ":" + buildScopeString : str + ":" + authenticatedUser.toLowerCase() + ":" + buildScopeString));
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Access tokens and token of users are removed from the cache.");
                }
            }
            Set<String> activeAuthorizationCodesForConsumerKey = tokenMgtDAO.getActiveAuthorizationCodesForConsumerKey(str);
            if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                OAuthCache oAuthCache2 = OAuthCache.getInstance();
                Iterator<String> it = activeAuthorizationCodesForConsumerKey.iterator();
                while (it.hasNext()) {
                    oAuthCache2.clearCacheEntry(new OAuthCacheKey(it.next()));
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Access tokens are removed from the cache.");
                }
            }
            tokenMgtDAO.updateAppAndRevokeTokensAndAuthzCodes(str, properties, (String[]) activeAuthorizationCodesForConsumerKey.toArray(new String[activeAuthorizationCodesForConsumerKey.size()]), strArr);
        } catch (IdentityOAuth2Exception | IdentityApplicationManagementException e) {
            throw new IdentityOAuthAdminException("Error in updating oauth app & revoking access tokens and authz codes.", e);
        }
    }

    public void removeOAuthApplicationData(String str) throws IdentityOAuthAdminException {
        new OAuthAppDAO().removeConsumerApplication(str);
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str));
            this.appInfoCache.clearCacheEntry(str);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Client credentials are removed from the cache.");
            }
        }
    }

    public OAuthConsumerAppDTO[] getAppsAuthorizedByUser() throws IdentityOAuthAdminException {
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(username));
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(username));
        authenticatedUser.setTenantDomain(tenantDomain);
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(username, tenantDomain);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str = OAuth2Util.getUserStoreDomainFromUserId(addTenantDomainToEntry);
            } catch (IdentityOAuth2Exception e) {
                String str2 = "Error occurred while getting user store domain for User ID : " + addTenantDomainToEntry;
                this.log.error(str2, e);
                throw new IdentityOAuthAdminException(str2, e);
            }
        }
        try {
            Set<String> allTimeAuthorizedClientIds = tokenMgtDAO.getAllTimeAuthorizedClientIds(authenticatedUser);
            HashSet hashSet = new HashSet();
            for (String str3 : allTimeAuthorizedClientIds) {
                try {
                    Set<AccessTokenDO> retrieveAccessTokens = tokenMgtDAO.retrieveAccessTokens(str3, authenticatedUser, str, true);
                    if (!retrieveAccessTokens.isEmpty()) {
                        HashSet hashSet2 = new HashSet();
                        Iterator<AccessTokenDO> it = retrieveAccessTokens.iterator();
                        while (it.hasNext()) {
                            String buildScopeString = OAuth2Util.buildScopeString(it.next().getScope());
                            try {
                                AccessTokenDO retrieveLatestAccessToken = tokenMgtDAO.retrieveLatestAccessToken(str3, authenticatedUser, str, buildScopeString, true);
                                if (retrieveLatestAccessToken != null && !hashSet2.contains(str3 + ":" + addTenantDomainToEntry)) {
                                    OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
                                    try {
                                        OAuthAppDO appInformation = oAuthAppDAO.getAppInformation(retrieveLatestAccessToken.getConsumerKey());
                                        oAuthConsumerAppDTO.setOauthConsumerKey(retrieveLatestAccessToken.getConsumerKey());
                                        oAuthConsumerAppDTO.setApplicationName(appInformation.getApplicationName());
                                        oAuthConsumerAppDTO.setUsername(appInformation.getUser().toString());
                                        oAuthConsumerAppDTO.setGrantTypes(appInformation.getGrantTypes());
                                        oAuthConsumerAppDTO.setPkceMandatory(appInformation.isPkceMandatory());
                                        oAuthConsumerAppDTO.setPkceSupportPlain(appInformation.isPkceSupportPlain());
                                        hashSet.add(oAuthConsumerAppDTO);
                                        hashSet2.add(str3 + ":" + addTenantDomainToEntry);
                                    } catch (InvalidOAuthClientException e2) {
                                        String str4 = "Invalid Client ID : " + retrieveLatestAccessToken.getConsumerKey();
                                        this.log.error(str4, e2);
                                        throw new IdentityOAuthAdminException(str4);
                                    } catch (IdentityOAuth2Exception e3) {
                                        String str5 = "Error occurred while retrieving app information for Client ID : " + retrieveLatestAccessToken.getConsumerKey();
                                        this.log.error(str5, e3);
                                        throw new IdentityOAuthAdminException(str5);
                                    }
                                }
                            } catch (IdentityOAuth2Exception e4) {
                                String str6 = "Error occurred while retrieving latest access token issued for Client ID : " + str3 + ", User ID : " + addTenantDomainToEntry + " and Scope : " + buildScopeString;
                                this.log.error(str6, e4);
                                throw new IdentityOAuthAdminException(str6, e4);
                            }
                        }
                    }
                } catch (IdentityOAuth2Exception e5) {
                    String str7 = "Error occurred while retrieving access tokens issued for Client ID : " + str3 + ", User ID : " + addTenantDomainToEntry;
                    this.log.error(str7, e5);
                    throw new IdentityOAuthAdminException(str7, e5);
                }
            }
            return (OAuthConsumerAppDTO[]) hashSet.toArray(new OAuthConsumerAppDTO[hashSet.size()]);
        } catch (IdentityOAuth2Exception e6) {
            String str8 = "Error occurred while retrieving apps authorized by User ID : " + addTenantDomainToEntry;
            this.log.error(str8, e6);
            throw new IdentityOAuthAdminException(str8, e6);
        }
    }

    public OAuthRevocationResponseDTO revokeAuthzForAppsByResoureOwner(OAuthRevocationRequestDTO oAuthRevocationRequestDTO) throws IdentityOAuthAdminException {
        triggerPreRevokeListeners(oAuthRevocationRequestDTO);
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        if (oAuthRevocationRequestDTO.getApps() == null || oAuthRevocationRequestDTO.getApps().length <= 0) {
            OAuthRevocationResponseDTO oAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
            oAuthRevocationResponseDTO.setError(true);
            oAuthRevocationResponseDTO.setErrorCode("invalid_request");
            oAuthRevocationResponseDTO.setErrorMsg("Invalid revocation request");
            triggerPostRevokeListeners(oAuthRevocationRequestDTO, oAuthRevocationResponseDTO, new AccessTokenDO[]{null});
            return oAuthRevocationResponseDTO;
        }
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(username));
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(username));
        authenticatedUser.setTenantDomain(tenantDomain);
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(username, tenantDomain);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str = OAuth2Util.getUserStoreDomainFromUserId(addTenantDomainToEntry);
            } catch (IdentityOAuth2Exception e) {
                throw new IdentityOAuthAdminException("Error occurred while getting user store domain from User ID : " + addTenantDomainToEntry, e);
            }
        }
        OAuthConsumerAppDTO[] appsAuthorizedByUser = getAppsAuthorizedByUser();
        for (String str2 : oAuthRevocationRequestDTO.getApps()) {
            for (OAuthConsumerAppDTO oAuthConsumerAppDTO : appsAuthorizedByUser) {
                if (oAuthConsumerAppDTO.getApplicationName().equals(str2)) {
                    try {
                        Set<AccessTokenDO> retrieveAccessTokens = tokenMgtDAO.retrieveAccessTokens(oAuthConsumerAppDTO.getOauthConsumerKey(), authenticatedUser, str, true);
                        for (AccessTokenDO accessTokenDO : retrieveAccessTokens) {
                            AuthenticatedUser authzUser = accessTokenDO.getAuthzUser();
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) authzUser, OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) authzUser);
                            OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
                            try {
                                AccessTokenDO retrieveLatestAccessToken = tokenMgtDAO.retrieveLatestAccessToken(oAuthConsumerAppDTO.getOauthConsumerKey(), authenticatedUser, str, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true);
                                if (retrieveLatestAccessToken != null) {
                                    try {
                                        tokenMgtDAO.revokeTokens(new String[]{retrieveLatestAccessToken.getAccessToken()});
                                        try {
                                            tokenMgtDAO.revokeOAuthConsentByApplicationAndUser(authzUser.getAuthenticatedSubjectIdentifier(), tenantDomain, str2);
                                        } catch (IdentityOAuth2Exception e2) {
                                            String str3 = "Error occurred while removing OAuth Consent of Application " + str2 + " of user " + addTenantDomainToEntry;
                                            this.log.error(str3, e2);
                                            throw new IdentityOAuthAdminException(str3, e2);
                                        }
                                    } catch (IdentityOAuth2Exception e3) {
                                        String str4 = "Error occurred while revoking Access Token : " + retrieveLatestAccessToken.getAccessToken();
                                        this.log.error(str4, e3);
                                        throw new IdentityOAuthAdminException(str4, e3);
                                    }
                                }
                                triggerPostRevokeListeners(oAuthRevocationRequestDTO, new OAuthRevocationResponseDTO(), (AccessTokenDO[]) retrieveAccessTokens.toArray(new AccessTokenDO[retrieveAccessTokens.size()]));
                            } catch (IdentityOAuth2Exception e4) {
                                String str5 = "Error occurred while retrieving latest access token issued for Client ID : " + oAuthConsumerAppDTO.getOauthConsumerKey() + ", User ID : " + addTenantDomainToEntry + " and Scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope());
                                this.log.error(str5, e4);
                                throw new IdentityOAuthAdminException(str5, e4);
                            }
                        }
                    } catch (IdentityOAuth2Exception e5) {
                        String str6 = "Error occurred while retrieving access tokens issued for Client ID : " + oAuthConsumerAppDTO.getOauthConsumerKey() + ", User ID : " + addTenantDomainToEntry;
                        this.log.error(str6, e5);
                        throw new IdentityOAuthAdminException(str6, e5);
                    }
                }
            }
        }
        return new OAuthRevocationResponseDTO();
    }

    public OAuthRevocationResponseDTO updateApproveAlwaysForAppConsentByResourceOwner(String str, String str2) throws IdentityOAuthAdminException {
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        OAuthRevocationResponseDTO oAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        try {
            tokenMgtDAO.updateApproveAlwaysForAppConsentByResourceOwner(username, tenantDomain, str, str2);
        } catch (IdentityOAuth2Exception e) {
            this.log.error("Error occurred while revoking OAuth Consent approve always of Application " + str + " of user " + username, e);
            oAuthRevocationResponseDTO.setError(true);
            oAuthRevocationResponseDTO.setErrorCode("invalid_request");
            oAuthRevocationResponseDTO.setErrorMsg("Invalid revocation request");
        }
        return oAuthRevocationResponseDTO;
    }

    private void triggerPreRevokeListeners(OAuthRevocationRequestDTO oAuthRevocationRequestDTO) throws IdentityOAuthAdminException {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPreTokenRevocationByResourceOwner(oAuthRevocationRequestDTO, new HashMap());
        } catch (IdentityOAuth2Exception e) {
            throw new IdentityOAuthAdminException("Error occurred with Oauth pre-revoke listener ", e);
        }
    }

    private void triggerPostRevokeListeners(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, OAuthRevocationResponseDTO oAuthRevocationResponseDTO, AccessTokenDO[] accessTokenDOArr) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        for (AccessTokenDO accessTokenDO : accessTokenDOArr) {
            if (oAuthEventInterceptorProxy != null && oAuthEventInterceptorProxy.isEnabled()) {
                try {
                    oAuthEventInterceptorProxy.onPostTokenRevocationByResourceOwner(oAuthRevocationRequestDTO, oAuthRevocationResponseDTO, accessTokenDO, new HashMap());
                } catch (IdentityOAuth2Exception e) {
                    this.log.error("Error occurred with post revocation listener ", e);
                }
            }
        }
    }

    public String[] getAllowedGrantTypes() {
        if (allowedGrants == null) {
            synchronized (OAuthAdminService.class) {
                if (allowedGrants == null) {
                    HashSet hashSet = new HashSet(OAuthServerConfiguration.getInstance().getSupportedGrantTypes().keySet());
                    if (OAuthServerConfiguration.getInstance().getSupportedResponseTypes().containsKey(OAuthConstants.GrantTypes.TOKEN)) {
                        hashSet.add("implicit");
                    }
                    allowedGrants = new ArrayList(hashSet);
                }
            }
        }
        return (String[]) allowedGrants.toArray(new String[allowedGrants.size()]);
    }

    public boolean isPKCESupportEnabled() {
        return OAuth2Util.isPKCESupportEnabled();
    }
}
