package org.apache.synapse.endpoints.oauth;

import java.util.Map;
import javax.ws.rs.core.MediaType;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.util.UIDGenerator;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.commons.json.JsonUtil;
import org.apache.synapse.commons.resolvers.ResolverFactory;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.apache.synapse.endpoints.OAuthConfiguredHTTPEndpoint;

/* loaded from: input_file:WEB-INF/lib/synapse-core-2.1.7-wso2v208.jar:org/apache/synapse/endpoints/oauth/OAuthUtils.class */
public class OAuthUtils {
    private static final Log log = LogFactory.getLog(OAuthUtils.class);

    public static OAuthHandler getOAuthHandler(OMElement oMElement) throws OAuthException {
        OMElement firstChildWithName;
        OMElement firstChildWithName2;
        if (oMElement == null || (firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", OAuthConstants.AUTHENTICATION))) == null || (firstChildWithName2 = firstChildWithName.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", OAuthConstants.OAUTH))) == null) {
            return null;
        }
        OAuthHandler specificOAuthHandler = getSpecificOAuthHandler(firstChildWithName2);
        if (specificOAuthHandler != null) {
            return specificOAuthHandler;
        }
        throw new OAuthException("Invalid OAuth configuration");
    }

    private static OAuthHandler getSpecificOAuthHandler(OMElement oMElement) {
        OAuthHandler oAuthHandler = null;
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", OAuthConstants.AUTHORIZATION_CODE));
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", OAuthConstants.CLIENT_CREDENTIALS));
        if (firstChildWithName != null && firstChildWithName2 != null) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.error("Invalid OAuth configuration: AuthorizationCode and ClientCredentials grants are not allowed together");
            return null;
        }
        if (firstChildWithName != null) {
            oAuthHandler = getAuthorizationCodeHandler(firstChildWithName);
        }
        if (firstChildWithName2 != null) {
            oAuthHandler = getClientCredentialsHandler(firstChildWithName2);
        }
        return oAuthHandler;
    }

    private static AuthorizationCodeHandler getAuthorizationCodeHandler(OMElement oMElement) {
        String childValue = getChildValue(oMElement, OAuthConstants.OAUTH_CLIENT_ID);
        String childValue2 = getChildValue(oMElement, OAuthConstants.OAUTH_CLIENT_SECRET);
        String childValue3 = getChildValue(oMElement, OAuthConstants.OAUTH_REFRESH_TOKEN);
        String childValue4 = getChildValue(oMElement, OAuthConstants.TOKEN_API_URL);
        if (childValue != null && childValue2 != null && childValue3 != null && childValue4 != null) {
            return new AuthorizationCodeHandler(childValue4, childValue, childValue2, childValue3);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.error("Invalid AuthorizationCode configuration");
        return null;
    }

    private static ClientCredentialsHandler getClientCredentialsHandler(OMElement oMElement) {
        String childValue = getChildValue(oMElement, OAuthConstants.OAUTH_CLIENT_ID);
        String childValue2 = getChildValue(oMElement, OAuthConstants.OAUTH_CLIENT_SECRET);
        String childValue3 = getChildValue(oMElement, OAuthConstants.TOKEN_API_URL);
        if (childValue != null && childValue2 != null && childValue3 != null) {
            return new ClientCredentialsHandler(childValue3, childValue, childValue2);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.error("Invalid ClientCredentials configuration");
        return null;
    }

    private static String getChildValue(OMElement oMElement, String str) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", str));
        if (hasANonEmptyValue(firstChildWithName)) {
            return ResolverFactory.getInstance().getResolver(firstChildWithName.getText().trim()).resolve();
        }
        return null;
    }

    private static boolean hasANonEmptyValue(OMElement oMElement) {
        return oMElement != null && StringUtils.isNotBlank(oMElement.getText());
    }

    public static String getRandomOAuthHandlerID() {
        return OAuthConstants.OAUTH_PREFIX + UIDGenerator.generateUID();
    }

    public static boolean retryOnOAuthFailure(OAuthConfiguredHTTPEndpoint oAuthConfiguredHTTPEndpoint, MessageContext messageContext, MessageContext messageContext2) {
        org.apache.axis2.context.MessageContext axis2MessageContext;
        Object property;
        Boolean bool = (Boolean) messageContext2.getProperty(OAuthConstants.RETRIED_ON_OAUTH_FAILURE);
        if ((bool != null && bool.booleanValue()) || (property = (axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext()).getProperty("HTTP_SC")) == null) {
            return false;
        }
        try {
            return Integer.parseInt(axis2MessageContext.getProperty("HTTP_SC").toString()) == 401;
        } catch (NumberFormatException e) {
            log.warn("Unable to set the HTTP status code from the property HTTP_SC with value: " + property);
            return false;
        }
    }

    public static void sendOAuthFault(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        JsonUtil.removeJsonPayload(axis2MessageContext);
        axis2MessageContext.setProperty("HTTP_SC", 500);
        String str = (String) ((Map) axis2MessageContext.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS)).get("Accept");
        if (acceptHeaderIsAvailable(str)) {
            axis2MessageContext.setProperty("messageType", str);
        }
        messageContext.setResponse(true);
        messageContext.setTo(null);
        Axis2Sender.sendBack(messageContext);
    }

    private static boolean acceptHeaderIsAvailable(String str) {
        return StringUtils.isNotBlank(str) && !str.equals(MediaType.WILDCARD);
    }
}
