package org.wso2.carbon.identity.oauth;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.AppInfoCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthIDTokenAlgorithmDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthTokenExpiryTimeDTO;
import org.wso2.carbon.identity.oauth.dto.ScopeDTO;
import org.wso2.carbon.identity.oauth.dto.TokenBindingMetaDataDTO;
import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.OAuth2Service;
import org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.class */
public class OAuthAdminServiceImpl {
    public static final String IMPLICIT = "implicit";
    public static final String AUTHORIZATION_CODE = "authorization_code";
    static final String RESPONSE_TYPE_TOKEN = "token";
    static final String RESPONSE_TYPE_ID_TOKEN = "id_token";
    static List<String> allowedGrants = null;
    static String[] allowedScopeValidators = null;
    protected static final Log LOG = LogFactory.getLog(OAuthAdminServiceImpl.class);

    public String[] registerOAuthConsumer() throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Adding a consumer secret for the logged in user:" + username);
        }
        return new OAuthAppDAO().addOAuthConsumer(UserCoreUtil.removeDomainFromName(MultitenantUtils.getTenantAwareUsername(username)), CarbonContext.getThreadLocalCarbonContext().getTenantId(), IdentityUtil.extractDomainFromName(username));
    }

    public OAuthConsumerAppDTO[] getAllOAuthApplicationData() throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        OAuthConsumerAppDTO[] oAuthConsumerAppDTOArr = new OAuthConsumerAppDTO[0];
        if (username == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("User not logged in to get all registered OAuth Applications.");
            }
            throw handleClientError(Error.AUTHENTICATED_USER_NOT_FOUND, "User not logged in to get all registered OAuth Applications.");
        }
        OAuthAppDO[] oAuthConsumerAppsOfUser = new OAuthAppDAO().getOAuthConsumerAppsOfUser(username, CarbonContext.getThreadLocalCarbonContext().getTenantId());
        if (oAuthConsumerAppsOfUser != null && oAuthConsumerAppsOfUser.length > 0) {
            oAuthConsumerAppDTOArr = new OAuthConsumerAppDTO[oAuthConsumerAppsOfUser.length];
            for (int i = 0; i < oAuthConsumerAppsOfUser.length; i++) {
                oAuthConsumerAppDTOArr[i] = OAuthUtil.buildConsumerAppDTO(oAuthConsumerAppsOfUser[i]);
            }
        }
        return oAuthConsumerAppDTOArr;
    }

    public OAuthConsumerAppDTO getOAuthApplicationData(String str) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO;
        try {
            OAuthAppDO oAuthApp = getOAuthApp(str);
            if (oAuthApp != null) {
                oAuthConsumerAppDTO = OAuthUtil.buildConsumerAppDTO(oAuthApp);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Found App :" + oAuthConsumerAppDTO.getApplicationName() + " for consumerKey: " + str);
                }
            } else {
                oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
            }
            return oAuthConsumerAppDTO;
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while retrieving the app information using consumerKey: " + str, e);
        } catch (InvalidOAuthClientException e2) {
            throw handleClientError(Error.INVALID_OAUTH_CLIENT, "Cannot find a valid OAuth client for consumerKey: " + str, e2);
        }
    }

    public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String str) throws IdentityOAuthAdminException {
        try {
            OAuthAppDO appInformationByAppName = new OAuthAppDAO().getAppInformationByAppName(str);
            return appInformationByAppName != null ? OAuthUtil.buildConsumerAppDTO(appInformationByAppName) : new OAuthConsumerAppDTO();
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while retrieving the app information by app name: " + str, e);
        } catch (InvalidOAuthClientException e2) {
            throw handleClientError(Error.INVALID_OAUTH_CLIENT, "Cannot find a valid OAuth client with application name: " + str);
        }
    }

    public void registerOAuthApplicationData(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
    }

    public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        OAuthAppDO oAuthAppDO = new OAuthAppDO();
        if (username == null) {
            if (LOG.isDebugEnabled()) {
                if (oAuthConsumerAppDTO != null) {
                    LOG.debug("No authenticated user found. Failed to register OAuth App: " + oAuthConsumerAppDTO.getApplicationName());
                } else {
                    LOG.debug("No authenticated user found. Failed to register OAuth App");
                }
            }
            throw handleClientError(Error.AUTHENTICATED_USER_NOT_FOUND, "No authenticated user found. Failed to register OAuth App.");
        }
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        if (oAuthConsumerAppDTO == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No application details in the request. Failed to register OAuth App.");
            }
            throw handleClientError(Error.INVALID_REQUEST, "No application details in the request. Failed to register OAuth App.");
        }
        oAuthAppDO.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
        validateCallbackURI(oAuthConsumerAppDTO);
        oAuthAppDO.setCallbackUrl(oAuthConsumerAppDTO.getCallbackUrl());
        oAuthAppDO.setState("ACTIVE");
        if (StringUtils.isEmpty(oAuthConsumerAppDTO.getOauthConsumerKey())) {
            oAuthAppDO.setOauthConsumerKey(OAuthUtil.getRandomNumber());
            oAuthAppDO.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
        } else {
            oAuthAppDO.setOauthConsumerKey(oAuthConsumerAppDTO.getOauthConsumerKey());
            if (StringUtils.isEmpty(oAuthConsumerAppDTO.getOauthConsumerSecret())) {
                oAuthAppDO.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
            } else {
                oAuthAppDO.setOauthConsumerSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
            }
        }
        oAuthAppDO.setAppOwner(getAppOwner(oAuthConsumerAppDTO, buildAuthenticatedUser(username, tenantDomain)));
        if (oAuthConsumerAppDTO.getOAuthVersion() != null) {
            oAuthAppDO.setOauthVersion(oAuthConsumerAppDTO.getOAuthVersion());
        } else {
            oAuthAppDO.setOauthVersion("OAuth-2.0");
        }
        if ("OAuth-2.0".equals(oAuthAppDO.getOauthVersion())) {
            validateGrantTypes(oAuthConsumerAppDTO);
            oAuthAppDO.setGrantTypes(oAuthConsumerAppDTO.getGrantTypes());
            oAuthAppDO.setScopeValidators(filterScopeValidators(oAuthConsumerAppDTO));
            oAuthAppDO.setAudiences(oAuthConsumerAppDTO.getAudiences());
            oAuthAppDO.setPkceMandatory(oAuthConsumerAppDTO.getPkceMandatory());
            oAuthAppDO.setPkceSupportPlain(oAuthConsumerAppDTO.getPkceSupportPlain());
            validateTokenExpiryConfigurations(oAuthConsumerAppDTO);
            oAuthAppDO.setUserAccessTokenExpiryTime(oAuthConsumerAppDTO.getUserAccessTokenExpiryTime());
            oAuthAppDO.setApplicationAccessTokenExpiryTime(oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime());
            oAuthAppDO.setRefreshTokenExpiryTime(oAuthConsumerAppDTO.getRefreshTokenExpiryTime());
            oAuthAppDO.setIdTokenExpiryTime(oAuthConsumerAppDTO.getIdTokenExpiryTime());
            oAuthAppDO.setRequestObjectSignatureValidationEnabled(oAuthConsumerAppDTO.isRequestObjectSignatureValidationEnabled());
            oAuthAppDO.setIdTokenEncryptionEnabled(oAuthConsumerAppDTO.isIdTokenEncryptionEnabled());
            if (oAuthConsumerAppDTO.isIdTokenEncryptionEnabled()) {
                oAuthAppDO.setIdTokenEncryptionAlgorithm(filterIdTokenEncryptionAlgorithm(oAuthConsumerAppDTO));
                oAuthAppDO.setIdTokenEncryptionMethod(filterIdTokenEncryptionMethod(oAuthConsumerAppDTO));
            }
            oAuthAppDO.setBackChannelLogoutUrl(oAuthConsumerAppDTO.getBackChannelLogoutUrl());
            oAuthAppDO.setFrontchannelLogoutUrl(oAuthConsumerAppDTO.getFrontchannelLogoutUrl());
            if (oAuthConsumerAppDTO.getTokenType() != null) {
                oAuthAppDO.setTokenType(oAuthConsumerAppDTO.getTokenType());
            } else {
                oAuthAppDO.setTokenType(getDefaultTokenType());
            }
            oAuthAppDO.setBypassClientCredentials(oAuthConsumerAppDTO.isBypassClientCredentials());
            oAuthAppDO.setRenewRefreshTokenEnabled(oAuthConsumerAppDTO.getRenewRefreshTokenEnabled());
            oAuthAppDO.setTokenBindingType(oAuthConsumerAppDTO.getTokenBindingType());
        }
        oAuthAppDAO.addOAuthApplication(oAuthAppDO);
        AppInfoCache.getInstance().addToCache(oAuthAppDO.getOauthConsumerKey(), oAuthAppDO);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Oauth Application registration success : " + oAuthConsumerAppDTO.getApplicationName() + " in tenant domain: " + tenantDomain);
        }
        return OAuthUtil.buildConsumerAppDTO(oAuthAppDO);
    }

    private void validateGrantTypes(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthClientException {
        String[] split = oAuthConsumerAppDTO.getGrantTypes().split("\\s");
        ArrayList arrayList = new ArrayList(Arrays.asList(getAllowedGrantTypes()));
        for (String str : split) {
            if (!StringUtils.isBlank(str) && !arrayList.contains(str)) {
                throw handleClientError(Error.INVALID_REQUEST, String.format("'%s' grant type is not allowed.", str));
            }
        }
    }

    private IdentityOAuthClientException handleClientError(Error error, String str) {
        return new IdentityOAuthClientException(error.getErrorCode(), str);
    }

    private IdentityOAuthClientException handleClientError(Oauth2ScopeConstants.ErrorMessages errorMessages, String str) {
        return new IdentityOAuthClientException(errorMessages.getCode(), str);
    }

    private IdentityOAuthClientException handleClientError(Error error, String str, Exception exc) {
        return new IdentityOAuthClientException(error.getErrorCode(), str, exc);
    }

    private void validateCallbackURI(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthClientException {
        if ((oAuthConsumerAppDTO.getGrantTypes().contains(AUTHORIZATION_CODE) || oAuthConsumerAppDTO.getGrantTypes().contains("implicit")) && StringUtils.isEmpty(oAuthConsumerAppDTO.getCallbackUrl())) {
            throw handleClientError(Error.INVALID_REQUEST, "Callback URI is mandatory for Code or Implicit grant types");
        }
    }

    public void updateConsumerApplication(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        String oauthConsumerKey = oAuthConsumerAppDTO.getOauthConsumerKey();
        if (StringUtils.isEmpty(oauthConsumerKey) || StringUtils.isEmpty(oAuthConsumerAppDTO.getOauthConsumerSecret())) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ConsumerKey or ConsumerSecret is not provided for updating the OAuth application.");
            }
            throw handleClientError(Error.INVALID_REQUEST, "ConsumerKey or ConsumerSecret is not provided for updating the OAuth application.");
        }
        MultitenantUtils.getTenantAwareUsername(CarbonContext.getThreadLocalCarbonContext().getUsername());
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        try {
            OAuthAppDO oAuthApp = getOAuthApp(oauthConsumerKey);
            if (oAuthApp == null) {
                String str = "OAuth application cannot be found for consumerKey: " + oauthConsumerKey;
                if (LOG.isDebugEnabled()) {
                    LOG.debug(str);
                }
                throw handleClientError(Error.INVALID_OAUTH_CLIENT, str);
            }
            if (!StringUtils.equals(oAuthConsumerAppDTO.getOauthConsumerSecret(), oAuthApp.getOauthConsumerSecret())) {
                String str2 = "Invalid ConsumerSecret is provided for updating the OAuth application with consumerKey: " + oauthConsumerKey;
                if (LOG.isDebugEnabled()) {
                    LOG.debug(str2);
                }
                throw handleClientError(Error.INVALID_REQUEST, str2);
            }
            oAuthApp.setAppOwner(getAppOwner(oAuthConsumerAppDTO, oAuthApp.getAppOwner()));
            oAuthApp.setOauthConsumerKey(oauthConsumerKey);
            oAuthApp.setOauthConsumerSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
            validateCallbackURI(oAuthConsumerAppDTO);
            oAuthApp.setCallbackUrl(oAuthConsumerAppDTO.getCallbackUrl());
            oAuthApp.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
            oAuthApp.setPkceMandatory(oAuthConsumerAppDTO.getPkceMandatory());
            oAuthApp.setPkceSupportPlain(oAuthConsumerAppDTO.getPkceSupportPlain());
            validateTokenExpiryConfigurations(oAuthConsumerAppDTO);
            oAuthApp.setUserAccessTokenExpiryTime(oAuthConsumerAppDTO.getUserAccessTokenExpiryTime());
            oAuthApp.setApplicationAccessTokenExpiryTime(oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime());
            oAuthApp.setRefreshTokenExpiryTime(oAuthConsumerAppDTO.getRefreshTokenExpiryTime());
            oAuthApp.setIdTokenExpiryTime(oAuthConsumerAppDTO.getIdTokenExpiryTime());
            oAuthApp.setTokenType(oAuthConsumerAppDTO.getTokenType());
            oAuthApp.setBypassClientCredentials(oAuthConsumerAppDTO.isBypassClientCredentials());
            if ("OAuth-2.0".equals(oAuthConsumerAppDTO.getOAuthVersion())) {
                validateGrantTypes(oAuthConsumerAppDTO);
                oAuthApp.setGrantTypes(oAuthConsumerAppDTO.getGrantTypes());
                oAuthApp.setAudiences(oAuthConsumerAppDTO.getAudiences());
                oAuthApp.setScopeValidators(filterScopeValidators(oAuthConsumerAppDTO));
                oAuthApp.setRequestObjectSignatureValidationEnabled(oAuthConsumerAppDTO.isRequestObjectSignatureValidationEnabled());
                oAuthApp.setIdTokenEncryptionEnabled(oAuthConsumerAppDTO.isIdTokenEncryptionEnabled());
                if (oAuthConsumerAppDTO.isIdTokenEncryptionEnabled()) {
                    oAuthApp.setIdTokenEncryptionAlgorithm(filterIdTokenEncryptionAlgorithm(oAuthConsumerAppDTO));
                    oAuthApp.setIdTokenEncryptionMethod(filterIdTokenEncryptionMethod(oAuthConsumerAppDTO));
                }
                oAuthApp.setBackChannelLogoutUrl(oAuthConsumerAppDTO.getBackChannelLogoutUrl());
                oAuthApp.setFrontchannelLogoutUrl(oAuthConsumerAppDTO.getFrontchannelLogoutUrl());
                oAuthApp.setRenewRefreshTokenEnabled(oAuthConsumerAppDTO.getRenewRefreshTokenEnabled());
                oAuthApp.setTokenBindingType(oAuthConsumerAppDTO.getTokenBindingType());
                oAuthApp.setTokenRevocationWithIDPSessionTerminationEnabled(oAuthConsumerAppDTO.isTokenRevocationWithIDPSessionTerminationEnabled());
                oAuthApp.setTokenBindingValidationEnabled(oAuthConsumerAppDTO.isTokenBindingValidationEnabled());
            }
            oAuthAppDAO.updateConsumerApplication(oAuthApp);
            AppInfoCache.getInstance().addToCache(oAuthApp.getOauthConsumerKey(), oAuthApp);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Oauth Application update success : " + oAuthConsumerAppDTO.getApplicationName() + " in tenant domain: " + tenantDomain);
            }
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while updating the app information.", e);
        } catch (InvalidOAuthClientException e2) {
            throw handleClientError(Error.INVALID_OAUTH_CLIENT, "Cannot find a valid OAuth client for consumerKey: " + oauthConsumerKey, e2);
        }
    }

    public String getOauthApplicationState(String str) throws IdentityOAuthAdminException {
        return getOAuth2Service().getOauthApplicationState(str);
    }

    @Deprecated
    public void addScope(String str, String[] strArr) throws IdentityOAuthAdminException {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            if (!StringUtils.isNotEmpty(str)) {
                throw handleClientError(Error.INVALID_REQUEST, "The scope can not be empty.");
            }
            OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().addScope(tenantId, str, strArr);
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while inserting OIDC scopes and claims.", e);
        }
    }

    public void addScope(ScopeDTO scopeDTO) throws IdentityOAuthAdminException {
        addScopePreValidation(scopeDTO);
        try {
            OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().addScope(scopeDTO, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleErrorWithExceptionType(String.format("Error while inserting OIDC scope: %s, %s", scopeDTO.getName(), e.getMessage()), e);
        }
    }

    public ScopeDTO[] getScopes() throws IdentityOAuthAdminException {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            List<ScopeDTO> scopes = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().getScopes(tenantId);
            if (CollectionUtils.isNotEmpty(scopes)) {
                return (ScopeDTO[]) scopes.toArray(new ScopeDTO[scopes.size()]);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Could not find scope claim mapping. Hence returning an empty array.");
            }
            return new ScopeDTO[0];
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while loading OIDC scopes and claims for tenant: " + tenantId, e);
        }
    }

    public ScopeDTO getScope(String str) throws IdentityOAuthAdminException {
        validateScopeName(str);
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            ScopeDTO scope = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().getScope(str, tenantId);
            if (scope == null) {
                throw handleClientError(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getMessage(), str));
            }
            return scope;
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleErrorWithExceptionType(String.format("Error while loading OIDC scope: %s for tenant %s", str, Integer.valueOf(tenantId)), e);
        }
    }

    public void deleteScope(String str) throws IdentityOAuthAdminException {
        validateScopeName(str);
        validateScopeExistence(str);
        try {
            OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().deleteScope(str, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Scope: " + str + " is deleted from the database.");
            }
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleErrorWithExceptionType("Error while deleting OIDC scope: " + str, e);
        }
    }

    public String[] getScopeNames() throws IdentityOAuthAdminException {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            List<String> scopeNames = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().getScopeNames(tenantId);
            if (CollectionUtils.isNotEmpty(scopeNames)) {
                return (String[]) scopeNames.toArray(new String[scopeNames.size()]);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Could not load oidc scopes. Hence returning an empty array.");
            }
            return new String[0];
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while loading OIDC scopes and claims for tenant: " + tenantId, e);
        }
    }

    public String[] getClaims(String str) throws IdentityOAuthAdminException {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            ScopeDTO claims = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().getClaims(str, tenantId);
            if (claims != null && ArrayUtils.isNotEmpty(claims.getClaim())) {
                return claims.getClaim();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Could not load oidc claims. Hence returning an empty array.");
            }
            return new String[0];
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while loading OIDC claims for the scope: " + str + " in tenant: " + tenantId, e);
        }
    }

    @Deprecated
    public void updateScope(String str, String[] strArr, String[] strArr2) throws IdentityOAuthAdminException {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().updateScope(str, tenantId, Arrays.asList(strArr), Arrays.asList(strArr2));
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while updating OIDC claims for the scope: " + str + " in tenant: " + tenantId, e);
        }
    }

    public void updateScope(ScopeDTO scopeDTO) throws IdentityOAuthAdminException {
        updateScopePreValidation(scopeDTO);
        validateScopeExistence(scopeDTO.getName());
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        try {
            OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().updateScope(scopeDTO, tenantId);
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleErrorWithExceptionType(String.format("Error while updating the scope: %s in tenant: %s", scopeDTO.getName(), Integer.valueOf(tenantId)), e);
        }
    }

    public boolean isScopeExist(String str) throws IdentityOAuthAdminException {
        try {
            return OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().isScopeExist(str, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while inserting the scopes.", e);
        }
    }

    public void updateConsumerAppState(String str, String str2) throws IdentityOAuthAdminException {
        try {
            getOAuthApp(str).setState(str2);
            Properties properties = new Properties();
            properties.setProperty("new_state", str2);
            properties.setProperty("action", "revoke");
            AppInfoCache.getInstance().clearCacheEntry(str);
            updateAppAndRevokeTokensAndAuthzCodes(str, properties);
            if (LOG.isDebugEnabled()) {
                LOG.debug("App state is updated to:" + str2 + " in the AppInfoCache for OAuth App with consumerKey: " + str);
            }
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error while updating state of OAuth app with consumerKey: " + str, e);
        } catch (InvalidOAuthClientException e2) {
            throw handleClientError(Error.INVALID_OAUTH_CLIENT, "Error while updating state of OAuth app with consumerKey: " + str, e2);
        }
    }

    public void updateOauthSecretKey(String str) throws IdentityOAuthAdminException {
        updateAndRetrieveOauthSecretKey(str);
    }

    public OAuthConsumerAppDTO updateAndRetrieveOauthSecretKey(String str) throws IdentityOAuthAdminException {
        Properties properties = new Properties();
        String randomNumber = OAuthUtil.getRandomNumber();
        properties.setProperty("new_secretKey", randomNumber);
        properties.setProperty("action", "regenerate");
        properties.setProperty("new_state", "ACTIVE");
        AppInfoCache.getInstance().clearCacheEntry(str);
        updateAppAndRevokeTokensAndAuthzCodes(str, properties);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Client Secret for OAuth app with consumerKey: " + str + " updated in OAuthCache.");
        }
        OAuthConsumerAppDTO oAuthApplicationData = getOAuthApplicationData(str);
        oAuthApplicationData.setOauthConsumerSecret(randomNumber);
        return oAuthApplicationData;
    }

    void updateAppAndRevokeTokensAndAuthzCodes(String str, Properties properties) throws IdentityOAuthAdminException {
        int i = 0;
        try {
            Set<AccessTokenDO> activeAcessTokenDataByConsumerKey = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getActiveAcessTokenDataByConsumerKey(str);
            String[] strArr = new String[activeAcessTokenDataByConsumerKey.size()];
            for (AccessTokenDO accessTokenDO : activeAcessTokenDataByConsumerKey) {
                String accessToken = accessTokenDO.getAccessToken();
                strArr[i] = accessToken;
                i++;
                OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(accessToken));
                String buildScopeString = OAuth2Util.buildScopeString(accessTokenDO.getScope());
                String authenticatedUser = accessTokenDO.getAuthzUser().toString();
                String federatedIdPName = accessTokenDO.getAuthzUser().getFederatedIdPName();
                OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser) ? str + ":" + authenticatedUser + ":" + buildScopeString + ":" + federatedIdPName : str + ":" + authenticatedUser.toLowerCase() + ":" + buildScopeString + ":" + federatedIdPName));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Access tokens and token of users are removed from the cache for OAuth App with consumerKey: " + str);
            }
            Set<String> activeAuthorizationCodesByConsumerKey = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getActiveAuthorizationCodesByConsumerKey(str);
            Iterator<String> it = activeAuthorizationCodesByConsumerKey.iterator();
            while (it.hasNext()) {
                OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(it.next()));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Access tokens are removed from the cache for OAuth App with consumerKey: " + str);
            }
            OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().updateAppAndRevokeTokensAndAuthzCodes(str, properties, (String[]) activeAuthorizationCodesByConsumerKey.toArray(new String[activeAuthorizationCodesByConsumerKey.size()]), strArr);
        } catch (IdentityOAuth2Exception | IdentityApplicationManagementException e) {
            throw OAuthUtil.handleError("Error in updating oauth app & revoking access tokens and authz codes for OAuth App with consumerKey: " + str, e);
        }
    }

    public void removeOAuthApplicationData(String str) throws IdentityOAuthAdminException {
        new OAuthAppDAO().removeConsumerApplication(str);
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str));
        AppInfoCache.getInstance().clearCacheEntry(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Client credentials are removed from the cache for OAuth App with consumerKey: " + str);
        }
    }

    public void removeAllOAuthApplicationData(int i) throws IdentityOAuthAdminException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Deleting all OAuth Application data of the tenant: " + i);
        }
        new OAuthAppDAO().removeConsumerApplicationsByTenantId(i);
    }

    public OAuthConsumerAppDTO[] getAppsAuthorizedByUser() throws IdentityOAuthAdminException {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        AuthenticatedUser buildAuthenticatedUser = buildAuthenticatedUser(username, tenantDomain);
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(username, tenantDomain);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str = OAuth2Util.getUserStoreForFederatedUser(buildAuthenticatedUser);
            } catch (IdentityOAuth2Exception e) {
                throw OAuthUtil.handleError("Error occurred while getting user store domain for User ID : " + buildAuthenticatedUser, e);
            }
        }
        try {
            Set<String> allTimeAuthorizedClientIds = OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().getAllTimeAuthorizedClientIds(buildAuthenticatedUser);
            HashSet hashSet = new HashSet();
            for (String str2 : allTimeAuthorizedClientIds) {
                try {
                    Set<AccessTokenDO> accessTokens = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokens(str2, buildAuthenticatedUser, str, true);
                    if (!accessTokens.isEmpty()) {
                        HashSet hashSet2 = new HashSet();
                        Iterator<AccessTokenDO> it = accessTokens.iterator();
                        while (it.hasNext()) {
                            String buildScopeString = OAuth2Util.buildScopeString(it.next().getScope());
                            try {
                                AccessTokenDO latestAccessToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(str2, buildAuthenticatedUser, str, buildScopeString, true);
                                if (latestAccessToken != null && !hashSet2.contains(str2 + ":" + addTenantDomainToEntry)) {
                                    OAuthAppDO oAuthAppDO = getOAuthAppDO(latestAccessToken.getConsumerKey());
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug("Found App: " + oAuthAppDO.getApplicationName() + " for user: " + addTenantDomainToEntry);
                                    }
                                    hashSet.add(OAuthUtil.buildConsumerAppDTO(oAuthAppDO));
                                    hashSet2.add(str2 + ":" + addTenantDomainToEntry);
                                }
                            } catch (IdentityOAuth2Exception e2) {
                                throw OAuthUtil.handleError("Error occurred while retrieving latest access token issued for Client ID : " + str2 + ", User ID : " + addTenantDomainToEntry + " and Scope : " + buildScopeString, e2);
                            }
                        }
                    }
                } catch (IdentityOAuth2Exception e3) {
                    throw OAuthUtil.handleError("Error occurred while retrieving access tokens issued for Client ID : " + str2 + ", User ID : " + addTenantDomainToEntry, e3);
                }
            }
            return (OAuthConsumerAppDTO[]) hashSet.toArray(new OAuthConsumerAppDTO[0]);
        } catch (IdentityOAuth2Exception e4) {
            throw OAuthUtil.handleError("Error occurred while retrieving apps authorized by User ID : " + addTenantDomainToEntry, e4);
        }
    }

    private OAuthAppDO getOAuthAppDO(String str) throws IdentityOAuthAdminException {
        try {
            return getOAuthApp(str);
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error occurred while retrieving app information for Client ID : " + str, e);
        } catch (InvalidOAuthClientException e2) {
            throw handleClientError(Error.INVALID_OAUTH_CLIENT, "Invalid ConsumerKey: " + str, e2);
        }
    }

    public OAuthRevocationResponseDTO revokeAuthzForAppsByResourceOwner(OAuthRevocationRequestDTO oAuthRevocationRequestDTO) throws IdentityOAuthAdminException {
        triggerPreRevokeListeners(oAuthRevocationRequestDTO);
        if (oAuthRevocationRequestDTO.getApps() == null || oAuthRevocationRequestDTO.getApps().length <= 0) {
            OAuthRevocationResponseDTO oAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
            oAuthRevocationResponseDTO.setError(true);
            oAuthRevocationResponseDTO.setErrorCode("invalid_request");
            oAuthRevocationResponseDTO.setErrorMsg("Invalid revocation request");
            triggerPostRevokeListeners(oAuthRevocationRequestDTO, oAuthRevocationResponseDTO, new AccessTokenDO[]{null});
            return oAuthRevocationResponseDTO;
        }
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        AuthenticatedUser buildAuthenticatedUser = buildAuthenticatedUser(username, tenantDomain);
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(username, tenantDomain);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str = OAuth2Util.getUserStoreForFederatedUser(buildAuthenticatedUser);
            } catch (IdentityOAuth2Exception e) {
                throw OAuthUtil.handleError("Error occurred while getting user store domain from User ID : " + buildAuthenticatedUser, e);
            }
        }
        OAuthConsumerAppDTO[] appsAuthorizedByUser = getAppsAuthorizedByUser();
        for (String str2 : oAuthRevocationRequestDTO.getApps()) {
            for (OAuthConsumerAppDTO oAuthConsumerAppDTO : appsAuthorizedByUser) {
                if (oAuthConsumerAppDTO.getApplicationName().equals(str2)) {
                    try {
                        Set<AccessTokenDO> accessTokens = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokens(oAuthConsumerAppDTO.getOauthConsumerKey(), buildAuthenticatedUser, str, true);
                        for (AccessTokenDO accessTokenDO : accessTokens) {
                            AuthenticatedUser authzUser = accessTokenDO.getAuthzUser();
                            String str3 = "NONE";
                            if (accessTokenDO.getTokenBinding() != null && StringUtils.isNotBlank(accessTokenDO.getTokenBinding().getBindingReference())) {
                                str3 = accessTokenDO.getTokenBinding().getBindingReference();
                            }
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), authzUser, OAuth2Util.buildScopeString(accessTokenDO.getScope()), str3);
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) authzUser, OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) authzUser);
                            OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
                            try {
                                AccessTokenDO latestAccessToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(oAuthConsumerAppDTO.getOauthConsumerKey(), buildAuthenticatedUser, str, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true);
                                if (latestAccessToken != null) {
                                    try {
                                        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{latestAccessToken.getAccessToken()});
                                        try {
                                            OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().revokeOAuthConsentByApplicationAndUser(authzUser.getAuthenticatedSubjectIdentifier(), tenantDomain, str2);
                                        } catch (IdentityOAuth2Exception e2) {
                                            throw OAuthUtil.handleError("Error occurred while removing OAuth Consent of Application: " + str2 + " of user: " + addTenantDomainToEntry, e2);
                                        }
                                    } catch (IdentityOAuth2Exception e3) {
                                        throw OAuthUtil.handleError("Error occurred while revoking Access Token : " + latestAccessToken.getAccessToken(), e3);
                                    }
                                }
                                triggerPostRevokeListeners(oAuthRevocationRequestDTO, new OAuthRevocationResponseDTO(), (AccessTokenDO[]) accessTokens.toArray(new AccessTokenDO[0]));
                            } catch (IdentityOAuth2Exception e4) {
                                throw OAuthUtil.handleError("Error occurred while retrieving latest access token issued for Client ID : " + oAuthConsumerAppDTO.getOauthConsumerKey() + ", User ID : " + addTenantDomainToEntry + " and Scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope()), e4);
                            }
                        }
                    } catch (IdentityOAuth2Exception e5) {
                        throw OAuthUtil.handleError("Error occurred while retrieving access tokens issued for Client ID : " + oAuthConsumerAppDTO.getOauthConsumerKey() + ", User ID : " + addTenantDomainToEntry, e5);
                    }
                }
            }
        }
        return new OAuthRevocationResponseDTO();
    }

    public OAuthRevocationResponseDTO updateApproveAlwaysForAppConsentByResourceOwner(String str, String str2) throws IdentityOAuthAdminException {
        OAuthRevocationResponseDTO oAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        try {
            OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().updateApproveAlwaysForAppConsentByResourceOwner(username, tenantDomain, str, str2);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error occurred while revoking OAuth Consent approve always of Application " + str + " of user " + username, e);
            oAuthRevocationResponseDTO.setError(true);
            oAuthRevocationResponseDTO.setErrorCode("invalid_request");
            oAuthRevocationResponseDTO.setErrorMsg("Invalid revocation request");
        }
        return oAuthRevocationResponseDTO;
    }

    void triggerPreRevokeListeners(OAuthRevocationRequestDTO oAuthRevocationRequestDTO) throws IdentityOAuthAdminException {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPreTokenRevocationByResourceOwner(oAuthRevocationRequestDTO, new HashMap());
        } catch (IdentityOAuth2Exception e) {
            throw OAuthUtil.handleError("Error occurred with Oauth pre-revoke listener ", e);
        }
    }

    void triggerPostRevokeListeners(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, OAuthRevocationResponseDTO oAuthRevocationResponseDTO, AccessTokenDO[] accessTokenDOArr) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        for (AccessTokenDO accessTokenDO : accessTokenDOArr) {
            if (oAuthEventInterceptorProxy != null && oAuthEventInterceptorProxy.isEnabled()) {
                try {
                    oAuthEventInterceptorProxy.onPostTokenRevocationByResourceOwner(oAuthRevocationRequestDTO, oAuthRevocationResponseDTO, accessTokenDO, new HashMap());
                } catch (IdentityOAuth2Exception e) {
                    LOG.error("Error occurred with post revocation listener.", e);
                }
            }
        }
    }

    public String[] getAllowedGrantTypes() {
        if (allowedGrants == null) {
            synchronized (OAuthAdminService.class) {
                if (allowedGrants == null) {
                    HashSet hashSet = new HashSet(OAuthServerConfiguration.getInstance().getSupportedGrantTypes().keySet());
                    if (isImplicitGrantEnabled()) {
                        hashSet.add("implicit");
                    }
                    allowedGrants = new ArrayList(hashSet);
                }
            }
        }
        return (String[]) allowedGrants.toArray(new String[allowedGrants.size()]);
    }

    boolean isImplicitGrantEnabled() {
        for (String str : OAuthServerConfiguration.getInstance().getSupportedResponseTypes().keySet()) {
            if (str.contains(RESPONSE_TYPE_TOKEN) || str.contains("id_token")) {
                return true;
            }
        }
        return false;
    }

    public String[] getAllowedScopeValidators() {
        if (allowedScopeValidators == null) {
            Set<OAuth2ScopeValidator> oAuth2ScopeValidators = OAuthServerConfiguration.getInstance().getOAuth2ScopeValidators();
            ArrayList arrayList = new ArrayList();
            Iterator<OAuth2ScopeValidator> it = oAuth2ScopeValidators.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getValidatorName());
            }
            allowedScopeValidators = (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
        return allowedScopeValidators;
    }

    public List<String> getSupportedTokenTypes() {
        return OAuthServerConfiguration.getInstance().getSupportedTokenTypes();
    }

    public String getDefaultTokenType() {
        return "Default";
    }

    public boolean isRefreshTokenRenewalEnabled() {
        return OAuthServerConfiguration.getInstance().isRefreshTokenRenewalEnabled();
    }

    public boolean isPKCESupportEnabled() {
        return OAuth2Util.isPKCESupportEnabled();
    }

    public List<TokenBindingMetaDataDTO> getSupportedTokenBindingsMetaData() {
        return OAuthComponentServiceHolder.getInstance().getTokenBindingMetaDataDTOs();
    }

    public OAuthTokenExpiryTimeDTO getTokenExpiryTimes() {
        OAuthTokenExpiryTimeDTO oAuthTokenExpiryTimeDTO = new OAuthTokenExpiryTimeDTO();
        oAuthTokenExpiryTimeDTO.setUserAccessTokenExpiryTime(OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds());
        oAuthTokenExpiryTimeDTO.setApplicationAccessTokenExpiryTime(OAuthServerConfiguration.getInstance().getApplicationAccessTokenValidityPeriodInSeconds());
        oAuthTokenExpiryTimeDTO.setRefreshTokenExpiryTime(OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds());
        oAuthTokenExpiryTimeDTO.setIdTokenExpiryTime(OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenExpiryTimeInSeconds());
        return oAuthTokenExpiryTimeDTO;
    }

    AuthenticatedUser buildAuthenticatedUser(String str, String str2) {
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(str));
        authenticatedUser.setTenantDomain(str2);
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(str));
        return authenticatedUser;
    }

    void validateTokenExpiryConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
        if (oAuthConsumerAppDTO.getUserAccessTokenExpiryTime() == 0) {
            oAuthConsumerAppDTO.setUserAccessTokenExpiryTime(OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds());
            logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "user access token", oAuthConsumerAppDTO.getUserAccessTokenExpiryTime());
        }
        if (oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime() == 0) {
            oAuthConsumerAppDTO.setApplicationAccessTokenExpiryTime(OAuthServerConfiguration.getInstance().getApplicationAccessTokenValidityPeriodInSeconds());
            logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "application access token", oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime());
        }
        if (oAuthConsumerAppDTO.getRefreshTokenExpiryTime() == 0) {
            oAuthConsumerAppDTO.setRefreshTokenExpiryTime(OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds());
            logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "refresh token", oAuthConsumerAppDTO.getRefreshTokenExpiryTime());
        }
        if (oAuthConsumerAppDTO.getIdTokenExpiryTime() == 0) {
            oAuthConsumerAppDTO.setIdTokenExpiryTime(OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenExpiryTimeInSeconds());
            logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "id token", oAuthConsumerAppDTO.getIdTokenExpiryTime());
        }
    }

    void logOnInvalidConfig(String str, String str2, long j) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Invalid expiry time value '0' set for token type: " + str2 + " in ServiceProvider: " + str + ". Defaulting to expiry value: " + j + " seconds.");
        }
    }

    String[] filterScopeValidators(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        ArrayList arrayList = new ArrayList(Arrays.asList(getAllowedScopeValidators()));
        String[] scopeValidators = oAuthConsumerAppDTO.getScopeValidators();
        if (scopeValidators == null) {
            scopeValidators = new String[0];
        }
        for (String str : scopeValidators) {
            if (!arrayList.contains(str)) {
                throw handleClientError(Error.INVALID_REQUEST, String.format("'%s' scope validator is not allowed.", str));
            }
        }
        return scopeValidators;
    }

    String filterIdTokenEncryptionMethod(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        List<String> supportedIdTokenEncryptionMethods = OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionMethods();
        String idTokenEncryptionMethod = oAuthConsumerAppDTO.getIdTokenEncryptionMethod();
        if (supportedIdTokenEncryptionMethods.contains(idTokenEncryptionMethod)) {
            return idTokenEncryptionMethod;
        }
        throw handleClientError(Error.INVALID_REQUEST, String.format("'%s' IdToken Encryption Method is not allowed.", idTokenEncryptionMethod));
    }

    String filterIdTokenEncryptionAlgorithm(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        List<String> supportedIdTokenEncryptionAlgorithm = OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionAlgorithm();
        String idTokenEncryptionAlgorithm = oAuthConsumerAppDTO.getIdTokenEncryptionAlgorithm();
        if (supportedIdTokenEncryptionAlgorithm.contains(idTokenEncryptionAlgorithm)) {
            return idTokenEncryptionAlgorithm;
        }
        throw handleClientError(Error.INVALID_REQUEST, String.format("'%s' IdToken Encryption Method is not allowed.", idTokenEncryptionAlgorithm));
    }

    public OAuthIDTokenAlgorithmDTO getSupportedIDTokenAlgorithms() {
        OAuthIDTokenAlgorithmDTO oAuthIDTokenAlgorithmDTO = new OAuthIDTokenAlgorithmDTO();
        oAuthIDTokenAlgorithmDTO.setDefaultIdTokenEncryptionAlgorithm(OAuthServerConfiguration.getInstance().getDefaultIdTokenEncryptionAlgorithm());
        oAuthIDTokenAlgorithmDTO.setDefaultIdTokenEncryptionMethod(OAuthServerConfiguration.getInstance().getDefaultIdTokenEncryptionMethod());
        oAuthIDTokenAlgorithmDTO.setSupportedIdTokenEncryptionAlgorithms(OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionAlgorithm());
        oAuthIDTokenAlgorithmDTO.setSupportedIdTokenEncryptionMethods(OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionMethods());
        return oAuthIDTokenAlgorithmDTO;
    }

    public boolean isHashDisabled() {
        return OAuth2Util.isHashDisabled();
    }

    AuthenticatedUser getAppOwner(OAuthConsumerAppDTO oAuthConsumerAppDTO, AuthenticatedUser authenticatedUser) throws IdentityOAuthAdminException {
        AuthenticatedUser authenticatedUser2 = authenticatedUser;
        String username = oAuthConsumerAppDTO.getUsername();
        if (StringUtils.isNotBlank(username)) {
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
            try {
                if (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().isExistingUser(tenantAwareUsername)) {
                    authenticatedUser2 = buildAuthenticatedUser(tenantAwareUsername, CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
                } else {
                    LOG.warn("OAuth application owner user name " + username + " does not exist in the user store. Using user: " + authenticatedUser.toFullQualifiedUsername() + " as app owner.");
                }
            } catch (UserStoreException e) {
                throw OAuthUtil.handleError("Error while retrieving the user store manager for user: " + username, e);
            }
        }
        return authenticatedUser2;
    }

    OAuth2Service getOAuth2Service() {
        return OAuthComponentServiceHolder.getInstance().getOauth2Service();
    }

    OAuthAppDO getOAuthApp(String str) throws InvalidOAuthClientException, IdentityOAuth2Exception {
        OAuthAppDO oAuthAppDO = (OAuthAppDO) AppInfoCache.getInstance().getValueFromCache(str);
        if (oAuthAppDO != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("OAuth app with consumerKey: " + str + " retrieved from AppInfoCache.");
            }
            return oAuthAppDO;
        }
        OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(str);
        if (appInformation != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("OAuth app with consumerKey: " + str + " retrieved from database.");
            }
            AppInfoCache.getInstance().addToCache(str, appInformation);
        }
        return appInformation;
    }

    private void addScopePreValidation(ScopeDTO scopeDTO) throws IdentityOAuthClientException {
        validateScopeName(scopeDTO.getName());
        validateDisplayName(scopeDTO.getDisplayName());
    }

    private void updateScopePreValidation(ScopeDTO scopeDTO) throws IdentityOAuthClientException {
        validateScopeName(scopeDTO.getName());
        validateDisplayName(scopeDTO.getDisplayName());
    }

    private void validateScopeName(String str) throws IdentityOAuthClientException {
        if (StringUtils.isBlank(str)) {
            throw handleClientError(Error.INVALID_REQUEST, Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED.getMessage());
        }
        validateWhiteSpaces(str);
    }

    private void validateWhiteSpaces(String str) throws IdentityOAuthClientException {
        if (Pattern.compile("\\s").matcher(str).find()) {
            throw handleClientError(Error.INVALID_REQUEST, String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_CONTAINS_WHITESPACES.getMessage(), str));
        }
    }

    private void validateDisplayName(String str) throws IdentityOAuthClientException {
        if (StringUtils.isBlank(str)) {
            throw handleClientError(Error.INVALID_REQUEST, Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_DISPLAY_NAME_NOT_SPECIFIED.getMessage());
        }
    }

    private void validateScopeExistence(String str) throws IdentityOAuthAdminException {
        if (!isScopeExist(str)) {
            throw handleClientError(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getMessage(), str));
        }
    }
}
