package org.apache.synapse.endpoints.auth.oauth;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.NoConnectionReuseStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.endpoints.auth.AuthConstants;
import org.apache.synapse.endpoints.auth.AuthException;
import org.apache.synapse.transport.http.conn.SSLContextDetails;
import org.apache.synapse.transport.netty.BridgeConstants;
import org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder;
import org.apache.synapse.transport.nhttp.util.SecureVaultValueReader;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;

/* loaded from: input_file:WEB-INF/lib/synapse-core-2.1.7-wso2v289.jar:org/apache/synapse/endpoints/auth/oauth/OAuthClient.class */
public class OAuthClient {
    private static final Log log = LogFactory.getLog(OAuthClient.class);
    private static final String STORE_TYPE = "Type";
    private static final String STORE_LOCATION = "Location";
    private static final String STORE_PASSWORD = "Password";
    private static final String HTTP_CONNECTION = "http";
    private static final String HTTPS_CONNECTION = "https";
    private static final String ALL_HOSTS = "*";

    public static String generateToken(String str, String str2, String str3, MessageContext messageContext) throws AuthException, IOException {
        CloseableHttpClient secureClient = getSecureClient(str, messageContext);
        if (log.isDebugEnabled()) {
            log.debug("Initializing token generation request: [token-endpoint] " + str);
        }
        HttpPost httpPost = new HttpPost(str);
        httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        if (str3 != null) {
            httpPost.setHeader("Authorization", AuthConstants.BASIC + str3);
        }
        httpPost.setEntity(new StringEntity(str2));
        try {
            CloseableHttpResponse execute = secureClient.execute((HttpUriRequest) httpPost);
            Throwable th = null;
            try {
                try {
                    String extractToken = extractToken(execute);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    return extractToken;
                } finally {
                }
            } finally {
            }
        } finally {
            httpPost.releaseConnection();
        }
    }

    private static String extractToken(CloseableHttpResponse closeableHttpResponse) throws AuthException, IOException {
        int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
        HttpEntity entity = closeableHttpResponse.getEntity();
        Charset charset = ContentType.getOrDefault(entity).getCharset();
        if (charset == null) {
            charset = StandardCharsets.UTF_8;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent(), charset));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            sb.append(readLine);
        }
        if (log.isDebugEnabled()) {
            log.debug("Response: [status-code] " + statusCode + " [message] " + sb.toString());
        }
        if (statusCode != 200) {
            throw new AuthException("Error while accessing the Token URL. " + closeableHttpResponse.getStatusLine());
        }
        JsonObject jsonObject = (JsonObject) new JsonParser().parse(sb.toString());
        if (jsonObject.has(AuthConstants.ACCESS_TOKEN)) {
            return jsonObject.get(AuthConstants.ACCESS_TOKEN).getAsString();
        }
        throw new AuthException("Missing key [access_token] in the response from the OAuth server");
    }

    private static CloseableHttpClient getSecureClient(String str, MessageContext messageContext) throws AuthException {
        ConfigurationContext configurationContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getConfigurationContext();
        try {
            ClientConnFactoryBuilder parseSSL = new ClientConnFactoryBuilder(configurationContext.getAxisConfiguration().getTransportOut("https"), configurationContext).parseSSL();
            SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContextWithUrl(str, parseSSL.getSslByHostMap(), parseSSL.getSSLContextDetails()), NoopHostnameVerifier.INSTANCE);
            return HttpClients.custom().setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.create().register("https", sSLConnectionSocketFactory).register("http", new PlainConnectionSocketFactory()).build())).setSSLSocketFactory(sSLConnectionSocketFactory).build();
        } catch (AxisFault e) {
            throw new AuthException("Error while reading SSL configs. Using default Keystore and Truststore", e);
        }
    }

    private SSLContext getSSLContext(MessageContext messageContext) throws AuthException {
        ConfigurationContext configurationContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getConfigurationContext();
        Parameter parameter = configurationContext.getAxisConfiguration().getTransportOut("https").getParameter(BridgeConstants.KEY_STORE);
        Parameter parameter2 = configurationContext.getAxisConfiguration().getTransportOut("https").getParameter(BridgeConstants.TRUST_STORE);
        if (parameter == null || parameter2 == null) {
            throw new AuthException("Key Store and/or Trust Store parameters missing in Axis2 configuration");
        }
        OMElement firstElement = parameter.getParameterElement().getFirstElement();
        OMElement firstElement2 = parameter2.getParameterElement().getFirstElement();
        SecretResolver create = (configurationContext == null || configurationContext.getAxisConfiguration() == null) ? SecretResolverFactory.create(firstElement, false) : configurationContext.getAxisConfiguration().getSecretResolver();
        String secureVaultValue = SecureVaultValueReader.getSecureVaultValue(create, firstElement.getFirstChildWithName(new QName("Password")));
        try {
            return SSLContexts.custom().loadKeyMaterial(getStore(firstElement, create), secureVaultValue.toCharArray()).loadTrustMaterial(getStore(firstElement2, create)).build();
        } catch (GeneralSecurityException e) {
            throw new AuthException(e);
        }
    }

    private KeyStore getStore(OMElement oMElement, SecretResolver secretResolver) throws AuthException {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("Location"));
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(new QName("Type"));
        String secureVaultValue = SecureVaultValueReader.getSecureVaultValue(secretResolver, oMElement.getFirstChildWithName(new QName("Password")));
        if (firstChildWithName == null || firstChildWithName2 == null || secureVaultValue == null) {
            throw new AuthException("Missing parameters in the store");
        }
        String text = firstChildWithName.getText();
        String text2 = firstChildWithName2.getText();
        try {
            FileInputStream fileInputStream = new FileInputStream(text);
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(text2);
                    keyStore.load(fileInputStream, secureVaultValue.toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return keyStore;
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            throw new AuthException("Error opening Trust/Key store : " + text);
        } catch (GeneralSecurityException e2) {
            throw new AuthException("Error loading Trust/Key store : " + text);
        }
    }

    public CloseableHttpClient getDefaultHttpClient() {
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setConnectionReuseStrategy(new NoConnectionReuseStrategy());
        return create.build();
    }

    private static SSLContext getSSLContextWithUrl(String str, Map<String, SSLContext> map, SSLContextDetails sSLContextDetails) throws AuthException {
        try {
            URL url = new URL(str);
            SSLContext sSLContext = null;
            if (map != null) {
                sSLContext = map.get(url.getHost() + ":" + url.getPort());
                if (sSLContext == null) {
                    sSLContext = map.get("*");
                }
            }
            if (sSLContext != null) {
                return sSLContext;
            }
            if (sSLContextDetails != null) {
                return sSLContextDetails.getContext();
            }
            return null;
        } catch (MalformedURLException e) {
            throw new AuthException("OAuth token URL is invalid", e);
        }
    }
}
