package org.wso2.carbon.identity.oauth.config;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.util.JavaUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.issuer.UUIDValueGenerator;
import org.apache.oltu.oauth2.as.issuer.ValueGenerator;
import org.apache.oltu.oauth2.as.validator.CodeValidator;
import org.apache.oltu.oauth2.as.validator.TokenValidator;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.oltu.oauth2.common.validators.OAuthValidator;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.common.CodeTokenResponseValidator;
import org.wso2.carbon.identity.oauth.common.IDTokenResponseValidator;
import org.wso2.carbon.identity.oauth.common.IDTokenTokenResponseValidator;
import org.wso2.carbon.identity.oauth.common.SAML2GrantValidator;
import org.wso2.carbon.identity.oauth.tokenprocessor.HashingPersistenceProcessor;
import org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor;
import org.wso2.carbon.identity.oauth.tokenprocessor.TokenPersistenceProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever;
import org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponent;
import org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest;
import org.wso2.carbon.identity.oauth2.model.TokenIssuerDO;
import org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer;
import org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2TokenCallbackHandler;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeHandler;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.identity.oauth2.validators.grant.AuthorizationCodeGrantValidator;
import org.wso2.carbon.identity.oauth2.validators.grant.ClientCredentialGrantValidator;
import org.wso2.carbon.identity.oauth2.validators.grant.PasswordGrantValidator;
import org.wso2.carbon.identity.oauth2.validators.grant.RefreshTokenGrantValidator;
import org.wso2.carbon.identity.openidconnect.CIBARequestObjectValidatorImpl;
import org.wso2.carbon.identity.openidconnect.CustomClaimsCallbackHandler;
import org.wso2.carbon.identity.openidconnect.IDTokenBuilder;
import org.wso2.carbon.identity.openidconnect.OIDCConstants;
import org.wso2.carbon.identity.openidconnect.RequestObjectBuilder;
import org.wso2.carbon.identity.openidconnect.RequestObjectValidator;
import org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/config/OAuthServerConfiguration.class */
public class OAuthServerConfiguration {
    private static final String CONFIG_ELEM_OAUTH = "OAuth";
    private static final String AUTHORIZATION_CODE_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler";
    private static final String CLIENT_CREDENTIALS_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler";
    private static final String PASSWORD_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler";
    private static final String REFRESH_TOKEN_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler";
    private static final String SAML20_BEARER_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler";
    private static final String IWA_NTLM_BEARER_GRANT_HANDLER_CLASS = "org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler";
    private static final String REQUEST_PARAM_VALUE_BUILDER_CLASS = "org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder";
    private static final String DEFAULT_OAUTH_TOKEN_ISSUER_CLASS = "org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl";
    private static final String JWT_TOKEN_ISSUER_CLASS = "org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer";
    private static final String REQUEST_PARAM_VALUE_BUILDER = "request_param_value_builder";
    private static OAuthServerConfiguration instance;
    private String oauthTokenGeneratorClassName;
    private OAuthIssuer oauthTokenGenerator;
    private String oauthIdentityTokenGeneratorClassName;
    private String persistAccessTokenAlias;
    private String retainOldAccessTokens;
    private String tokenCleanupFeatureEnable;
    private OauthTokenIssuer oauthIdentityTokenGenerator;
    private Map<String, AuthorizationGrantHandler> supportedGrantTypes;
    private Map<String, RequestObjectBuilder> requestObjectBuilder;
    private Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> supportedGrantTypeValidators;
    private Map<String, ResponseTypeHandler> supportedResponseTypes;
    private Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> supportedResponseTypeValidators;
    private String saml2BearerTokenUserType;
    public static final String DEFAULT_TOKEN_TYPE = "Default";
    public static final String JWT_TOKEN_TYPE = "JWT";
    private String oAuthAuthzRequestClassName;
    private Boolean openIDConnectSkipLoginConsent;
    private Boolean openIDConnectSkipLogoutConsent;
    private OAuth2ScopeValidator oAuth2ScopeValidator;
    private boolean useSPTenantDomainValue;
    private ValueGenerator tokenValueGenerator;
    private String tokenValueGeneratorClassName;
    private static final Log log = LogFactory.getLog(OAuthServerConfiguration.class);
    private static String oauth1RequestTokenUrl = null;
    private static String oauth1AuthorizeUrl = null;
    private static String oauth1AccessTokenUrl = null;
    private static String oauth2AuthzEPUrl = null;
    private static String oauth2TokenEPUrl = null;
    private static String oauth2UserInfoEPUrl = null;
    private static String oauth2RevocationEPUrl = null;
    private static String oauth2IntrospectionEPUrl = null;
    private static String oidcConsentPageUrl = null;
    private static String oauth2DCREPUrl = null;
    private static String oauth2JWKSPageUrl = null;
    private static String oidcWebFingerEPUrl = null;
    private static String oidcDiscoveryUrl = null;
    private static String oauth2ConsentPageUrl = null;
    private static String oauth2ErrorPageUrl = null;
    private static boolean isOAuthResponseJspPageAvailable = false;
    public static final String DEFAULT_OAUTH_AUTHZ_REQUEST_CLASSNAME = CarbonOAuthAuthzRequest.class.getName();
    private long authorizationCodeValidityPeriodInSeconds = 300;
    private long userAccessTokenValidityPeriodInSeconds = 3600;
    private long applicationAccessTokenValidityPeriodInSeconds = 3600;
    private long refreshTokenValidityPeriodInSeconds = 86400;
    private long timeStampSkewInSeconds = 300;
    private String tokenPersistenceProcessorClassName = "org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor";
    private String clientIdValidationRegex = "[a-zA-Z0-9_]{15,30}";
    private boolean scopeValidationConfigValue = true;
    private boolean cacheEnabled = false;
    private boolean isTokenRenewalPerRequestEnabled = false;
    private boolean isRefreshTokenRenewalEnabled = true;
    private boolean isExtendRenewedTokenExpiryTimeEnabled = true;
    private boolean assertionsUserNameEnabled = false;
    private boolean accessTokenPartitioningEnabled = false;
    private boolean redirectToRequestedRedirectUriEnabled = true;
    private boolean allowCrossTenantIntrospection = true;
    private String accessTokenPartitioningDomains = null;
    private TokenPersistenceProcessor persistenceProcessor = null;
    private Set<OAuthCallbackHandlerMetaData> callbackHandlerMetaData = new HashSet();
    private Map<String, String> supportedGrantTypeClassNames = new HashMap();
    private Map<String, Boolean> refreshTokenAllowedGrantTypes = new HashMap();
    private Map<String, String> idTokenAllowedForGrantTypesMap = new HashMap();
    private Set<String> idTokenNotAllowedGrantTypesSet = new HashSet();
    private Set<String> userConsentEnabledGrantTypes = new HashSet();
    private Map<String, String> supportedGrantTypeValidatorNames = new HashMap();
    private Map<String, String> supportedResponseTypeClassNames = new HashMap();
    private Map<String, String> supportedResponseTypeValidatorNames = new HashMap();
    private Map<String, TokenIssuerDO> supportedTokenIssuers = new HashMap();
    private List<String> supportedTokenTypes = new ArrayList();
    private Map<String, OauthTokenIssuer> oauthTokenIssuerMap = new HashMap();
    private String[] supportedClaims = null;
    private Map<String, Properties> supportedClientAuthHandlerData = new HashMap();
    private String saml2TokenCallbackHandlerName = null;
    private boolean saml2UserIdFromClaims = false;
    private boolean mapFederatedUsersToLocal = false;
    private SAML2TokenCallbackHandler saml2TokenCallbackHandler = null;
    private Map<String, String> tokenValidatorClassNames = new HashMap();
    private boolean isAuthContextTokGenEnabled = false;
    private String tokenGeneratorImplClass = "org.wso2.carbon.identity.oauth2.token.JWTTokenGenerator";
    private String claimsRetrieverImplClass = "org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever";
    private String consumerDialectURI = DefaultClaimsRetriever.DEFAULT_DIALECT_URI;
    private String signatureAlgorithm = "SHA256withRSA";
    private String idTokenSignatureAlgorithm = "SHA256withRSA";
    private String defaultIdTokenEncryptionAlgorithm = "RSA-OAEP";
    private List<String> supportedIdTokenEncryptionAlgorithms = new ArrayList();
    private String defaultIdTokenEncryptionMethod = "A128GCM";
    private List<String> supportedIdTokenEncryptionMethods = new ArrayList();
    private String userInfoJWTSignatureAlgorithm = "SHA256withRSA";
    private String authContextTTL = "15L";
    private boolean useMultiValueSeparatorForAuthContextToken = true;
    private boolean addTenantDomainToIdTokenEnabled = false;
    private boolean addUserstoreDomainToIdTokenEnabled = false;
    private boolean requestObjectEnabled = true;
    private String openIDConnectIDTokenBuilderClassName = "org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder";
    private String defaultRequestValidatorClassName = "org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl";
    private String defaultCibaRequestValidatorClassName = "org.wso2.carbon.identity.openidconnect.CIBARequestObjectValidatorImpl";
    private String openIDConnectIDTokenCustomClaimsHanlderClassName = "org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback";
    private IDTokenBuilder openIDConnectIDTokenBuilder = null;
    private Map<String, String> requestObjectBuilderClassNames = new HashMap();
    private volatile RequestObjectValidator requestObjectValidator = null;
    private volatile RequestObjectValidator cibaRequestObjectValidator = null;
    private CustomClaimsCallbackHandler openidConnectIDTokenCustomClaimsCallbackHandler = null;
    private String openIDConnectIDTokenIssuerIdentifier = null;
    private String openIDConnectIDTokenSubClaim = "http://wso2.org/claims/fullname";
    private Boolean openIDConnectSkipUserConsent = true;
    private String openIDConnectIDTokenExpiration = "3600";
    private long openIDConnectIDTokenExpiryTimeInSeconds = 3600;
    private String openIDConnectUserInfoEndpointClaimDialect = DefaultClaimsRetriever.DEFAULT_DIALECT_URI;
    private String openIDConnectUserInfoEndpointClaimRetriever = "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever";
    private String openIDConnectUserInfoEndpointRequestValidator = "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator";
    private String openIDConnectUserInfoEndpointAccessTokenValidator = "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator";
    private String openIDConnectUserInfoEndpointResponseBuilder = "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder";
    private boolean convertOriginalClaimsFromAssertionsToOIDCDialect = false;
    private boolean returnOnlyMappedLocalRoles = false;
    private boolean addUnmappedUserAttributes = false;
    private Set<OAuth2ScopeValidator> oAuth2ScopeValidators = new HashSet();
    private Set<OAuth2ScopeHandler> oAuth2ScopeHandlers = new HashSet();
    private boolean isJWTSignedWithSPKey = true;
    private boolean isImplicitErrorFragment = true;
    private boolean isRevokeResponseHeadersEnabled = true;
    private boolean showDisplayNameInConsentPage = false;
    private String hashAlgorithm = "SHA-256";
    private boolean isClientSecretHashEnabled = false;
    private String openIDConnectBCLogoutTokenExpiryInSeconds = "120";
    private boolean enableIntrospectionDataProviders = false;
    private List<String> allowedScopes = new ArrayList();
    private List<String> filteredIntrospectionClaims = new ArrayList();
    private boolean dropUnregisteredScopes = false;
    private int deviceCodeKeyLength = 6;
    private long deviceCodeExpiryTime = Constants.EXPIRES_IN_MILLISECONDS;
    private int deviceCodePollingInterval = Constants.INTERVAL_MILLISECONDS;
    private String deviceCodeKeySet = Constants.KEY_SET;
    private String deviceAuthzEPUrl = null;

    /* loaded from: input_file:org/wso2/carbon/identity/oauth/config/OAuthServerConfiguration$ConfigElements.class */
    private class ConfigElements {
        public static final String OAUTH1_REQUEST_TOKEN_URL = "OAuth1RequestTokenUrl";
        public static final String OAUTH1_AUTHORIZE_URL = "OAuth1AuthorizeUrl";
        public static final String OAUTH1_ACCESS_TOKEN_URL = "OAuth1AccessTokenUrl";
        public static final String OAUTH2_AUTHZ_EP_URL = "OAuth2AuthzEPUrl";
        public static final String OAUTH2_TOKEN_EP_URL = "OAuth2TokenEPUrl";
        public static final String OAUTH2_USERINFO_EP_URL = "OAuth2UserInfoEPUrl";
        public static final String OAUTH2_REVOCATION_EP_URL = "OAuth2RevokeEPUrl";
        public static final String OAUTH2_INTROSPECTION_EP_URL = "OAuth2IntrospectEPUrl";
        public static final String OAUTH2_CONSENT_PAGE_URL = "OAuth2ConsentPage";
        public static final String OAUTH2_DCR_EP_URL = "OAuth2DCREPUrl";
        public static final String OAUTH2_JWKS_PAGE_URL = "OAuth2JWKSPage";
        public static final String OIDC_WEB_FINGER_EP_URL = "OIDCWebFingerEPUrl";
        public static final String OIDC_DISCOVERY_EP_URL = "OIDCDiscoveryEPUrl";
        public static final String OAUTH2_ERROR_PAGE_URL = "OAuth2ErrorPage";
        public static final String OIDC_CONSENT_PAGE_URL = "OIDCConsentPage";
        public static final String DEVICE_AUTHZ_EP_URL = "OAuth2DeviceAuthzEPUrl";
        public static final String AUTHORIZATION_CONTEXT_TOKEN_GENERATION = "AuthorizationContextTokenGeneration";
        public static final String ENABLED = "Enabled";
        public static final String TOKEN_GENERATOR_IMPL_CLASS = "TokenGeneratorImplClass";
        public static final String CLAIMS_RETRIEVER_IMPL_CLASS = "ClaimsRetrieverImplClass";
        public static final String CONSUMER_DIALECT_URI = "ConsumerDialectURI";
        public static final String SIGNATURE_ALGORITHM = "SignatureAlgorithm";
        public static final String ID_TOKEN_ENCRYPTION_ALGORITHM = "IDTokenEncryptionAlgorithm";
        public static final String SUPPORTED_ID_TOKEN_ENCRYPTION_ALGORITHMS = "SupportedIDTokenEncryptionAlgorithms";
        public static final String SUPPORTED_ID_TOKEN_ENCRYPTION_ALGORITHM = "SupportedIDTokenEncryptionAlgorithm";
        public static final String ID_TOKEN_ENCRYPTION_METHOD = "IDTokenEncryptionMethod";
        public static final String SUPPORTED_ID_TOKEN_ENCRYPTION_METHODS = "SupportedIDTokenEncryptionMethods";
        public static final String SUPPORTED_ID_TOKEN_ENCRYPTION_METHOD = "SupportedIDTokenEncryptionMethod";
        public static final String SECURITY_CONTEXT_TTL = "AuthorizationContextTTL";
        private static final String AUTH_CONTEXT_TOKEN_USE_MULTIVALUE_SEPARATOR = "UseMultiValueSeparator";
        public static final String ENABLE_ASSERTIONS = "EnableAssertions";
        public static final String ENABLE_ASSERTIONS_USERNAME = "UserName";
        public static final String ENABLE_ACCESS_TOKEN_PARTITIONING = "EnableAccessTokenPartitioning";
        public static final String REDIRECT_TO_REQUESTED_REDIRECT_URI = "RedirectToRequestedRedirectUri";
        public static final String ACCESS_TOKEN_PARTITIONING_DOMAINS = "AccessTokenPartitioningDomains";
        public static final String OPENID_CONNECT = "OpenIDConnect";
        public static final String OPENID_CONNECT_IDTOKEN_BUILDER = "IDTokenBuilder";
        public static final String OPENID_CONNECT_IDTOKEN_SUB_CLAIM = "IDTokenSubjectClaim";
        public static final String OPENID_CONNECT_IDTOKEN_ISSUER_ID = "IDTokenIssuerID";
        public static final String OPENID_CONNECT_IDTOKEN_EXPIRATION = "IDTokenExpiration";
        public static final String OPENID_CONNECT_SKIP_USER_CONSENT = "SkipUserConsent";
        public static final String OPENID_CONNECT_SKIP_LOGIN_CONSENT = "SkipLoginConsent";
        public static final String OPENID_CONNECT_SKIP_LOGOUT_CONSENT = "SkipLogoutConsent";
        public static final String OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_DIALECT = "UserInfoEndpointClaimDialect";
        public static final String OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_RETRIEVER = "UserInfoEndpointClaimRetriever";
        public static final String OPENID_CONNECT_USERINFO_ENDPOINT_REQUEST_VALIDATOR = "UserInfoEndpointRequestValidator";
        public static final String OPENID_CONNECT_USERINFO_ENDPOINT_ACCESS_TOKEN_VALIDATOR = "UserInfoEndpointAccessTokenValidator";
        public static final String OPENID_CONNECT_USERINFO_ENDPOINT_RESPONSE_BUILDER = "UserInfoEndpointResponseBuilder";
        public static final String OPENID_CONNECT_USERINFO_JWT_SIGNATURE_ALGORITHM = "UserInfoJWTSignatureAlgorithm";
        public static final String OPENID_CONNECT_SIGN_JWT_WITH_SP_KEY = "SignJWTWithSPKey";
        public static final String OPENID_CONNECT_IDTOKEN_CUSTOM_CLAIM_CALLBACK_HANDLER = "IDTokenCustomClaimsCallBackHandler";
        public static final String OPENID_CONNECT_CONVERT_ORIGINAL_CLAIMS_FROM_ASSERTIONS_TO_OIDCDIALECT = "ConvertOriginalClaimsFromAssertionsToOIDCDialect";
        private static final String OPENID_CONNECT_ADD_TENANT_DOMAIN_TO_ID_TOKEN = "AddTenantDomainToIdToken";
        private static final String OPENID_CONNECT_ADD_USERSTORE_DOMAIN_TO_ID_TOKEN = "AddUserstoreDomainToIdToken";
        private static final String REQUEST_OBJECT_ENABLED = "RequestObjectEnabled";
        public static final String SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP = "FederatedRoleManagement.ReturnOnlyMappedLocalRoles";
        public static final String OPENID_CONNECT_ADD_UN_MAPPED_USER_ATTRIBUTES = "AddUnmappedUserAttributes";
        public static final String SUPPORTED_CLAIMS = "OpenIDConnectClaims";
        public static final String REQUEST_OBJECT = "RequestObject";
        public static final String REQUEST_OBJECT_VALIDATOR = "RequestObjectValidator";
        public static final String OAUTH_AUTHZ_REQUEST_CLASS = "OAuthAuthzRequestClass";
        public static final String CIBA_REQUEST_OBJECT_VALIDATOR = "CIBARequestObjectValidator";
        public static final String OPENID_CONNECT_BACK_CHANNEL_LOGOUT_TOKEN_EXPIRATION = "LogoutTokenExpiration";
        private static final String OAUTH_CALLBACK_HANDLERS = "OAuthCallbackHandlers";
        private static final String OAUTH_CALLBACK_HANDLER = "OAuthCallbackHandler";
        private static final String CALLBACK_CLASS = "Class";
        private static final String CALLBACK_PRIORITY = "Priority";
        private static final String CALLBACK_PROPERTIES = "Properties";
        private static final String CALLBACK_PROPERTY = "Property";
        private static final String CALLBACK_ATTR_NAME = "Name";
        private static final String TOKEN_VALIDATORS = "TokenValidators";
        private static final String TOKEN_VALIDATOR = "TokenValidator";
        private static final String TOKEN_TYPE_ATTR = "type";
        private static final String TOKEN_CLASS_ATTR = "class";
        private static final String SCOPE_HANDLERS = "ScopeHandlers";
        private static final String SCOPE_HANDLER = "ScopeHandler";
        private static final String SCOPE_HANDLER_CLASS_ATTR = "class";
        private static final String SCOPE_HANDLER_PROPERTY = "Property";
        private static final String SCOPE_HANDLER_PROPERTY_NAME_ATTR = "name";
        private static final String SCOPE_VALIDATOR = "OAuthScopeValidator";
        private static final String SCOPE_VALIDATORS = "ScopeValidators";
        private static final String SCOPE_VALIDATOR_ELEM = "ScopeValidator";
        private static final String SCOPE_VALIDATOR_PROPERTY = "Property";
        private static final String SCOPE_VALIDATOR_PROPERTY_NAME_ATTR = "name";
        private static final String SCOPE_CLASS_ATTR = "class";
        private static final String SKIP_SCOPE_ATTR = "scopesToSkip";
        private static final String IMPLICIT_ERROR_FRAGMENT = "ImplicitErrorFragment";
        private static final String SCOPE_VALIDATION_FOR_AUTHZ_CODE_AND_IMPLICIT = "ScopeValidationEnabledForAuthzCodeAndImplicitGrant";
        private static final String TIMESTAMP_SKEW = "TimestampSkew";
        private static final String AUTHORIZATION_CODE_DEFAULT_VALIDITY_PERIOD = "AuthorizationCodeDefaultValidityPeriod";
        private static final String USER_ACCESS_TOKEN_DEFAULT_VALIDITY_PERIOD = "UserAccessTokenDefaultValidityPeriod";
        private static final String APPLICATION_ACCESS_TOKEN_VALIDATION_PERIOD = "AccessTokenDefaultValidityPeriod";
        private static final String REFRESH_TOKEN_VALIDITY_PERIOD = "RefreshTokenValidityPeriod";
        private static final String ENABLE_CACHE = "EnableOAuthCache";
        private static final String RENEW_REFRESH_TOKEN_FOR_REFRESH_GRANT = "RenewRefreshTokenForRefreshGrant";
        private static final String EXTEND_RENEWED_REFRESH_TOKEN_EXPIRY_TIME = "ExtendRenewedRefreshTokenExpiryTime";
        private static final String TOKEN_PERSISTENCE_PROCESSOR = "TokenPersistenceProcessor";
        private static final String OAUTH_TOKEN_GENERATOR = "OAuthTokenGenerator";
        private static final String IDENTITY_OAUTH_TOKEN_GENERATOR = "IdentityOAuthTokenGenerator";
        private static final String CLIENT_ID_VALIDATE_REGEX = "ClientIdValidationRegex";
        private static final String IDENTITY_OAUTH_PERSIST_TOKEN_ALIAS = "PersistAccessTokenAlias";
        private static final String OAUTH2_TOKEN_CLEAN_ELEM = "TokenCleanup";
        private static final String TOKEN_CLEANUP_FEATURE = "EnableTokenCleanup";
        private static final String RETAIN_OLD_ACCESS_TOKENS = "RetainOldAccessToken";
        private static final String SUPPORTED_GRANT_TYPES = "SupportedGrantTypes";
        private static final String SUPPORTED_GRANT_TYPE = "SupportedGrantType";
        private static final String GRANT_TYPE_NAME = "GrantTypeName";
        private static final String SUPPORTED_TOKEN_TYPES = "SupportedTokenTypes";
        private static final String SUPPORTED_TOKEN_TYPE = "SupportedTokenType";
        private static final String TOKEN_TYPE_NAME = "TokenTypeName";
        private static final String USER_CONSENT_ENABLED_GRANT_TYPES = "UserConsentEnabledGrantTypes";
        private static final String USER_CONSENT_ENABLED_GRANT_TYPE = "UserConsentEnabledGrantType";
        private static final String USER_CONSENT_ENABLED_GRANT_TYPE_NAME = "GrantTypeName";
        private static final String ID_TOKEN_ALLOWED = "IdTokenAllowed";
        private static final String GRANT_TYPE_HANDLER_IMPL_CLASS = "GrantTypeHandlerImplClass";
        private static final String GRANT_TYPE_VALIDATOR_IMPL_CLASS = "GrantTypeValidatorImplClass";
        private static final String RESPONSE_TYPE_VALIDATOR_IMPL_CLASS = "ResponseTypeValidatorImplClass";
        private static final String TOKEN_TYPE_IMPL_CLASS = "TokenTypeImplClass";
        private static final String CLIENT_AUTH_HANDLERS = "ClientAuthHandlers";
        private static final String CLIENT_AUTH_HANDLER_IMPL_CLASS = "ClientAuthHandler";
        private static final String CLIENT_AUTH_CLASS = "Class";
        private static final String DEFAULT_CLIENT_AUTHENTICATOR = "org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler";
        private static final String CLIENT_AUTH_PROPERTY = "Property";
        private static final String CLIENT_AUTH_NAME = "Name";
        private static final String SUPPORTED_RESP_TYPES = "SupportedResponseTypes";
        private static final String SUPPORTED_RESP_TYPE = "SupportedResponseType";
        private static final String RESP_TYPE_NAME = "ResponseTypeName";
        private static final String RESP_TYPE_HANDLER_IMPL_CLASS = "ResponseTypeHandlerImplClass";
        private static final String SAML2_GRANT = "SAML2Grant";
        private static final String SAML2_TOKEN_HANDLER = "SAML2TokenHandler";
        private static final String SAML2_BEARER_USER_TYPE = "UserType";
        private static final String SAML2_USER_ID_FROM_CLAIMS = "UseUserIdFromClaims";
        private static final String ENABLE_REVOKE_RESPONSE_HEADERS = "EnableRevokeResponseHeaders";
        private static final String IDENTITY_OAUTH_SHOW_DISPLAY_NAME_IN_CONSENT_PAGE = "ShowDisplayNameInConsentPage";
        private static final String REFRESH_TOKEN_ALLOWED = "IsRefreshTokenAllowed";
        private static final String OAUTH_TOKEN_VALUE_GENERATOR = "AccessTokenValueGenerator";
        private static final String OAUTH_USE_SP_TENANT_DOMAIN = "UseSPTenantDomain";
        private static final String MAP_FED_USERS_TO_LOCAL = "MapFederatedUsersToLocal";
        private static final String REQUEST_OBJECT_BUILDERS = "RequestObjectBuilders";
        private static final String REQUEST_OBJECT_BUILDER = "RequestObjectBuilder";
        private static final String BUILDER_TYPE = "Type";
        private static final String REQUEST_OBJECT_IMPL_CLASS = "ClassName";
        private static final String HASH_ALGORITHM = "HashAlgorithm";
        private static final String ENABLE_CLIENT_SECRET_HASH = "EnableClientSecretHash";
        private static final String INTROSPECTION_CONFIG = "Introspection";
        private static final String ENABLE_DATA_PROVIDERS_CONFIG = "EnableDataProviders";
        private static final String RENEW_TOKEN_PER_REQUEST = "RenewTokenPerRequest";
        private static final String ALLOWED_SCOPES_ELEMENT = "AllowedScopes";
        private static final String SCOPES_ELEMENT = "Scope";
        private static final String FILTERED_CLAIMS = "FilteredClaims";
        private static final String FILTERED_CLAIM = "FilteredClaim";
        private static final String DROP_UNREGISTERED_SCOPES = "DropUnregisteredScopes";
        private static final String DEVICE_CODE_GRANT = "DeviceCodeGrant";
        private static final String DEVICE_CODE_KEY_LENGTH = "KeyLength";
        private static final String DEVICE_CODE_EXPIRY_TIME = "ExpiryTime";
        private static final String DEVICE_CODE_POLLING_INTERVAL = "PollingInterval";
        private static final String DEVICE_CODE_KEY_SET = "KeySet";
        private static final String ALLOW_CROSS_TENANT_TOKEN_INTROSPECTION = "AllowCrossTenantTokenIntrospection";

        private ConfigElements() {
        }
    }

    private OAuthServerConfiguration() {
        buildOAuthServerConfiguration();
    }

    public static OAuthServerConfiguration getInstance() {
        CarbonUtils.checkSecurity();
        if (instance == null) {
            synchronized (OAuthServerConfiguration.class) {
                if (instance == null) {
                    instance = new OAuthServerConfiguration();
                }
            }
        }
        return instance;
    }

    private void buildOAuthServerConfiguration() {
        OMElement configElement = IdentityConfigParser.getInstance().getConfigElement("OAuth");
        if (configElement == null) {
            warnOnFaultyConfiguration("OAuth element is not available.");
            return;
        }
        parseOAuthCallbackHandlers(configElement.getFirstChildWithName(getQNameWithIdentityNS("OAuthCallbackHandlers")));
        parseTokenValidators(configElement.getFirstChildWithName(getQNameWithIdentityNS("TokenValidators")));
        OMElement firstChildWithName = configElement.getFirstChildWithName(getQNameWithIdentityNS("OAuthScopeValidator"));
        OMElement firstChildWithName2 = configElement.getFirstChildWithName(getQNameWithIdentityNS("ScopeValidators"));
        OMElement firstChildWithName3 = configElement.getFirstChildWithName(getQNameWithIdentityNS("ScopeValidationEnabledForAuthzCodeAndImplicitGrant"));
        if (firstChildWithName3 != null) {
            this.scopeValidationConfigValue = Boolean.parseBoolean(firstChildWithName3.getText());
        }
        if (firstChildWithName != null) {
            parseScopeValidator(firstChildWithName);
        } else if (firstChildWithName2 != null) {
            parseScopeValidator(firstChildWithName2);
        }
        OMElement firstChildWithName4 = configElement.getFirstChildWithName(getQNameWithIdentityNS("ScopeHandlers"));
        if (firstChildWithName4 != null) {
            parseScopeHandlers(firstChildWithName4);
        }
        parseDefaultValidityPeriods(configElement);
        parseOAuthURLs(configElement);
        parseTokenRenewalPerRequestConfiguration(configElement);
        parseRefreshTokenRenewalConfiguration(configElement);
        parseTokenPersistenceProcessorConfig(configElement);
        parseSupportedGrantTypesConfig(configElement);
        parseUserConsentEnabledGrantTypesConfig(configElement);
        parseSupportedResponseTypesConfig(configElement);
        parseSupportedClientAuthHandlersConfig(configElement.getFirstChildWithName(getQNameWithIdentityNS("ClientAuthHandlers")));
        parseSAML2GrantConfig(configElement);
        parseAuthorizationContextTokenGeneratorConfig(configElement);
        parseEnableAssertionsUserNameConfig(configElement);
        parseAccessTokenPartitioningConfig(configElement);
        parseAccessTokenPartitioningDomainsConfig(configElement);
        parseOpenIDConnectConfig(configElement);
        parseOAuthTokenGeneratorConfig(configElement);
        parseImplicitErrorFragment(configElement);
        parseOAuthTokenIssuerConfig(configElement);
        parseClientIdValidationRegex(configElement);
        parsePersistAccessTokenAliasConfig(configElement);
        parseSupportedTokenTypesConfig(configElement);
        parseOAuthTokenValueGenerator(configElement);
        parseOAuthDeviceCodeGrantConfig(configElement);
        parseUseSPTenantDomainConfig(configElement);
        parseRevokeResponseHeadersEnableConfig(configElement);
        parseShowDisplayNameInConsentPage(configElement);
        parseHashAlgorithm(configElement);
        parseEnableHashMode(configElement);
        parseRetainOldAccessTokensConfig(configElement);
        tokenCleanupFeatureConfig(configElement);
        parseTokenIntrospectionConfig(configElement);
        parseRedirectToOAuthErrorPageConfig(configElement);
        parseAllowedScopesConfiguration(configElement);
        parseFilteredClaimsForIntrospectionConfiguration(configElement);
        parseDropUnregisteredScopes(configElement);
        parseAllowCrossTenantIntrospection(configElement);
        setOAuthResponseJspPageAvailable();
    }

    private void parseAllowedScopesConfiguration(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("AllowedScopes"));
        if (firstChildWithName != null) {
            Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("Scope"));
            while (childrenWithName.hasNext()) {
                this.allowedScopes.add(((OMElement) childrenWithName.next()).getText());
            }
        }
    }

    private void parseFilteredClaimsForIntrospectionConfiguration(OMElement oMElement) {
        OMElement firstChildWithName;
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("Introspection"));
        if (firstChildWithName2 == null || (firstChildWithName = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS("FilteredClaims"))) == null) {
            return;
        }
        Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("FilteredClaim"));
        while (childrenWithName.hasNext()) {
            this.filteredIntrospectionClaims.add(((OMElement) childrenWithName.next()).getText());
        }
    }

    private void parseTokenIntrospectionConfig(OMElement oMElement) {
        OMElement firstChildWithName;
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("Introspection"));
        if (firstChildWithName2 == null || (firstChildWithName = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS("EnableDataProviders"))) == null) {
            return;
        }
        this.enableIntrospectionDataProviders = Boolean.parseBoolean(firstChildWithName.getText().trim());
    }

    private void parseShowDisplayNameInConsentPage(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("ShowDisplayNameInConsentPage"));
        if (firstChildWithName != null) {
            this.showDisplayNameInConsentPage = Boolean.parseBoolean(firstChildWithName.getText());
        }
    }

    private void parseDropUnregisteredScopes(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("DropUnregisteredScopes"));
        if (firstChildWithName != null) {
            this.dropUnregisteredScopes = Boolean.parseBoolean(firstChildWithName.getText());
        }
    }

    public Set<OAuthCallbackHandlerMetaData> getCallbackHandlerMetaData() {
        return this.callbackHandlerMetaData;
    }

    public boolean isShowDisplayNameInConsentPage() {
        return this.showDisplayNameInConsentPage;
    }

    public boolean isDropUnregisteredScopes() {
        return this.dropUnregisteredScopes;
    }

    public List<String> getAllowedScopes() {
        return this.allowedScopes;
    }

    public List<String> getFilteredIntrospectionClaims() {
        return this.filteredIntrospectionClaims;
    }

    public String getOAuth1RequestTokenUrl() {
        return oauth1RequestTokenUrl;
    }

    public String getOAuth1AuthorizeUrl() {
        return oauth1AuthorizeUrl;
    }

    public String getOAuth1AccessTokenUrl() {
        return oauth1AccessTokenUrl;
    }

    public String getOAuth2AuthzEPUrl() {
        return oauth2AuthzEPUrl;
    }

    public String getOAuth2TokenEPUrl() {
        return oauth2TokenEPUrl;
    }

    public String getOAuth2DCREPUrl() {
        return oauth2DCREPUrl;
    }

    public String getOAuth2JWKSPageUrl() {
        return oauth2JWKSPageUrl;
    }

    public String getOidcDiscoveryUrl() {
        return oidcDiscoveryUrl;
    }

    public String getOidcWebFingerEPUrl() {
        return oidcWebFingerEPUrl;
    }

    public String getOauth2UserInfoEPUrl() {
        return oauth2UserInfoEPUrl;
    }

    public String getOauth2RevocationEPUrl() {
        return oauth2RevocationEPUrl;
    }

    public String getOauth2IntrospectionEPUrl() {
        return oauth2IntrospectionEPUrl;
    }

    public String getDeviceAuthzEPUrl() {
        return this.deviceAuthzEPUrl;
    }

    public OAuthIssuer getOAuthTokenGenerator() {
        if (this.oauthTokenGenerator == null) {
            synchronized (this) {
                if (this.oauthTokenGenerator == null) {
                    try {
                        if (this.oauthTokenGeneratorClassName != null) {
                            this.oauthTokenGenerator = (OAuthIssuer) getClass().getClassLoader().loadClass(this.oauthTokenGeneratorClassName).newInstance();
                            log.info("An instance of " + this.oauthTokenGeneratorClassName + " is created for OAuth token generation.");
                        } else {
                            this.oauthTokenGenerator = new OAuthIssuerImpl(getTokenValueGenerator());
                            log.info("The default OAuth token issuer will be used. No custom token generator is set.");
                        }
                    } catch (Exception e) {
                        log.error("Error when instantiating the OAuthIssuer : " + this.tokenPersistenceProcessorClassName + ". Defaulting to OAuthIssuerImpl", e);
                        this.oauthTokenGenerator = new OAuthIssuerImpl(getTokenValueGenerator());
                    }
                }
            }
        }
        return this.oauthTokenGenerator;
    }

    public ValueGenerator getTokenValueGenerator() {
        if (this.tokenValueGenerator == null) {
            synchronized (this) {
                if (this.tokenValueGenerator == null) {
                    try {
                        if (this.tokenValueGeneratorClassName != null) {
                            this.tokenValueGenerator = (ValueGenerator) getClass().getClassLoader().loadClass(this.tokenValueGeneratorClassName).newInstance();
                            if (log.isDebugEnabled()) {
                                log.debug("An instance of " + this.tokenValueGeneratorClassName + " is created.");
                            }
                        } else {
                            this.tokenValueGenerator = new UUIDValueGenerator();
                            if (log.isDebugEnabled()) {
                                log.debug("Default token value generator UUIDValueGenerator will be used.");
                            }
                        }
                    } catch (Exception e) {
                        log.error("Error while initiating the token value generator :" + this.tokenValueGeneratorClassName + ". Defaulting to UUIDValueGenerator.", e);
                        this.tokenValueGenerator = new UUIDValueGenerator();
                    }
                }
            }
        }
        return this.tokenValueGenerator;
    }

    public OauthTokenIssuer getIdentityOauthTokenIssuer() {
        if (this.oauthIdentityTokenGenerator == null) {
            synchronized (this) {
                if (this.oauthIdentityTokenGenerator == null) {
                    try {
                        if (this.oauthIdentityTokenGeneratorClassName != null) {
                            this.oauthIdentityTokenGenerator = (OauthTokenIssuer) getClass().getClassLoader().loadClass(this.oauthIdentityTokenGeneratorClassName).newInstance();
                            log.info("An instance of " + this.oauthIdentityTokenGeneratorClassName + " is created for Identity OAuth token generation.");
                        } else {
                            this.oauthIdentityTokenGenerator = new OauthTokenIssuerImpl();
                            log.info("The default Identity OAuth token issuer will be used. No custom token generator is set.");
                        }
                    } catch (Exception e) {
                        log.error("Error when instantiating the OAuthIssuer : " + this.tokenPersistenceProcessorClassName + ". Defaulting to OAuthIssuerImpl", e);
                        this.oauthIdentityTokenGenerator = new OauthTokenIssuerImpl();
                    }
                }
            }
        }
        return this.oauthIdentityTokenGenerator;
    }

    public boolean usePersistedAccessTokenAlias() {
        if (this.persistAccessTokenAlias != null) {
            return Boolean.TRUE.toString().equalsIgnoreCase(this.persistAccessTokenAlias);
        }
        return true;
    }

    public boolean useRetainOldAccessTokens() {
        return Boolean.TRUE.toString().equalsIgnoreCase(this.retainOldAccessTokens);
    }

    public boolean isTokenCleanupEnabled() {
        return Boolean.TRUE.toString().equalsIgnoreCase(this.tokenCleanupFeatureEnable);
    }

    public String getOIDCConsentPageUrl() {
        return oidcConsentPageUrl;
    }

    public String getOauth2ConsentPageUrl() {
        return oauth2ConsentPageUrl;
    }

    public String getOauth2ErrorPageUrl() {
        return oauth2ErrorPageUrl;
    }

    public long getAuthorizationCodeValidityPeriodInSeconds() {
        return this.authorizationCodeValidityPeriodInSeconds;
    }

    public long getUserAccessTokenValidityPeriodInSeconds() {
        return this.userAccessTokenValidityPeriodInSeconds;
    }

    public long getApplicationAccessTokenValidityPeriodInSeconds() {
        return this.applicationAccessTokenValidityPeriodInSeconds;
    }

    public long getRefreshTokenValidityPeriodInSeconds() {
        return this.refreshTokenValidityPeriodInSeconds;
    }

    public long getTimeStampSkewInSeconds() {
        return this.timeStampSkewInSeconds;
    }

    public String getClientIdValidationRegex() {
        return this.clientIdValidationRegex;
    }

    public boolean isCacheEnabled() {
        return this.cacheEnabled;
    }

    public boolean isRefreshTokenRenewalEnabled() {
        return this.isRefreshTokenRenewalEnabled;
    }

    public boolean isExtendRenewedTokenExpiryTimeEnabled() {
        return this.isExtendRenewedTokenExpiryTimeEnabled;
    }

    public Map<String, OauthTokenIssuer> getOauthTokenIssuerMap() {
        return this.oauthTokenIssuerMap;
    }

    public boolean isTokenRenewalPerRequestEnabled() {
        return this.isTokenRenewalPerRequestEnabled;
    }

    public Map<String, AuthorizationGrantHandler> getSupportedGrantTypes() {
        if (this.supportedGrantTypes == null) {
            synchronized (this) {
                if (this.supportedGrantTypes == null) {
                    HashMap hashMap = new HashMap();
                    for (Map.Entry<String, String> entry : this.supportedGrantTypeClassNames.entrySet()) {
                        AuthorizationGrantHandler authorizationGrantHandler = null;
                        try {
                            try {
                                authorizationGrantHandler = (AuthorizationGrantHandler) Class.forName(entry.getValue()).newInstance();
                                authorizationGrantHandler.init();
                            } catch (ClassNotFoundException e) {
                                log.error("Cannot find class: " + entry.getValue(), e);
                            } catch (InstantiationException e2) {
                                log.error("Error instantiating " + entry.getValue(), e2);
                            }
                        } catch (IllegalAccessException e3) {
                            log.error("Illegal access to " + entry.getValue(), e3);
                        } catch (IdentityOAuth2Exception e4) {
                            log.error("Error while initializing " + entry.getValue(), e4);
                        }
                        if (authorizationGrantHandler != null) {
                            hashMap.put(entry.getKey(), authorizationGrantHandler);
                        } else {
                            log.warn("Grant type : " + entry.getKey() + ", is not added as a supported grant type. Relevant grant handler failed to initiate properly.");
                        }
                    }
                    this.supportedGrantTypes = hashMap;
                }
            }
        }
        return this.supportedGrantTypes;
    }

    public Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> getSupportedGrantTypeValidators() {
        if (this.supportedGrantTypeValidators == null) {
            synchronized (this) {
                if (this.supportedGrantTypeValidators == null) {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put(GrantType.PASSWORD.toString(), PasswordGrantValidator.class);
                    hashtable.put(GrantType.CLIENT_CREDENTIALS.toString(), ClientCredentialGrantValidator.class);
                    hashtable.put(GrantType.AUTHORIZATION_CODE.toString(), AuthorizationCodeGrantValidator.class);
                    hashtable.put(GrantType.REFRESH_TOKEN.toString(), RefreshTokenGrantValidator.class);
                    hashtable.put(org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString(), SAML2GrantValidator.class);
                    if (this.supportedGrantTypeValidatorNames != null) {
                        for (Map.Entry<String, String> entry : this.supportedGrantTypeValidatorNames.entrySet()) {
                            try {
                                hashtable.put(entry.getKey(), Class.forName(entry.getValue()));
                            } catch (ClassCastException e) {
                                log.error("Cannot cast class: " + entry.getValue(), e);
                            } catch (ClassNotFoundException e2) {
                                log.error("Cannot find class: " + entry.getValue(), e2);
                            }
                        }
                    }
                    this.supportedGrantTypeValidators = hashtable;
                }
            }
        }
        return this.supportedGrantTypeValidators;
    }

    public Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> getSupportedResponseTypeValidators() {
        if (this.supportedResponseTypeValidators == null) {
            synchronized (this) {
                if (this.supportedResponseTypeValidators == null) {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put(ResponseType.CODE.toString(), CodeValidator.class);
                    hashtable.put(ResponseType.TOKEN.toString(), TokenValidator.class);
                    hashtable.put(OIDCConstants.ID_TOKEN, IDTokenResponseValidator.class);
                    hashtable.put("id_token token", IDTokenTokenResponseValidator.class);
                    hashtable.put("code token", CodeTokenResponseValidator.class);
                    hashtable.put("code id_token", CodeTokenResponseValidator.class);
                    hashtable.put("code id_token token", CodeTokenResponseValidator.class);
                    if (this.supportedResponseTypeValidatorNames != null) {
                        for (Map.Entry<String, String> entry : this.supportedResponseTypeValidatorNames.entrySet()) {
                            try {
                                hashtable.put(entry.getKey(), Class.forName(entry.getValue()));
                            } catch (ClassCastException e) {
                                log.error("Cannot cast class: " + entry.getValue(), e);
                            } catch (ClassNotFoundException e2) {
                                log.error("Cannot find class: " + entry.getValue(), e2);
                            }
                        }
                        this.supportedResponseTypeValidators = hashtable;
                    }
                }
            }
        }
        return this.supportedResponseTypeValidators;
    }

    public Map<String, ResponseTypeHandler> getSupportedResponseTypes() {
        if (this.supportedResponseTypes == null) {
            synchronized (this) {
                if (this.supportedResponseTypes == null) {
                    Hashtable hashtable = new Hashtable();
                    for (Map.Entry<String, String> entry : this.supportedResponseTypeClassNames.entrySet()) {
                        ResponseTypeHandler responseTypeHandler = null;
                        try {
                            try {
                                responseTypeHandler = (ResponseTypeHandler) Class.forName(entry.getValue()).newInstance();
                                responseTypeHandler.init();
                            } catch (ClassNotFoundException e) {
                                log.error("Cannot find class: " + entry.getValue(), e);
                            } catch (InstantiationException e2) {
                                log.error("Error instantiating " + entry.getValue(), e2);
                            }
                        } catch (IllegalAccessException e3) {
                            log.error("Illegal access to " + entry.getValue(), e3);
                        } catch (IdentityOAuth2Exception e4) {
                            log.error("Error while initializing " + entry.getValue(), e4);
                        }
                        hashtable.put(entry.getKey(), responseTypeHandler);
                    }
                    this.supportedResponseTypes = hashtable;
                }
            }
        }
        return this.supportedResponseTypes;
    }

    public String getHashAlgorithm() {
        return this.hashAlgorithm;
    }

    public boolean isClientSecretHashEnabled() {
        return this.isClientSecretHashEnabled;
    }

    private void parseRequestObjectConfig(OMElement oMElement) {
        if (oMElement != null) {
            Iterator childrenWithName = oMElement.getChildrenWithName(getQNameWithIdentityNS("RequestObjectBuilder"));
            while (childrenWithName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithName.next();
                OMElement firstChildWithName = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("Type"));
                OMElement firstChildWithName2 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("ClassName"));
                if (firstChildWithName == null) {
                    log.warn("Empty configuration element for <Type> under <RequestObjectBuilder> configuration.");
                } else if (firstChildWithName2 == null) {
                    log.warn("No <ClassName> tag to define RequestObjectBuilder implementation found under <RequestObjectBuilder> configuration.");
                } else {
                    this.requestObjectBuilderClassNames.put(firstChildWithName.getText(), firstChildWithName2.getText());
                }
            }
        }
        setDefaultRequestObjectBuilderClasses();
        if (log.isDebugEnabled()) {
            for (Map.Entry<String, String> entry : this.requestObjectBuilderClassNames.entrySet()) {
                log.debug(entry.getKey().toString() + " is associated with " + entry.getValue().toString());
            }
        }
    }

    private void setDefaultRequestObjectBuilderClasses() {
        if (this.requestObjectBuilderClassNames.get(REQUEST_PARAM_VALUE_BUILDER) == null) {
            log.info("'RequestObjectBuilder' element for Type: request_param_value_builderis not configured in identity.xml. Therefore instantiating default request object builder: org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder");
            this.requestObjectBuilderClassNames.put(REQUEST_PARAM_VALUE_BUILDER, REQUEST_PARAM_VALUE_BUILDER_CLASS);
        }
    }

    public RequestObjectValidator getRequestObjectValidator() {
        if (this.requestObjectValidator == null) {
            synchronized (RequestObjectValidator.class) {
                if (this.requestObjectValidator == null) {
                    try {
                        this.requestObjectValidator = (RequestObjectValidator) Thread.currentThread().getContextClassLoader().loadClass(this.defaultRequestValidatorClassName).newInstance();
                    } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                        log.warn("Failed to initiate RequestObjectValidator from identity.xml. Hence initiating the default implementation");
                        this.requestObjectValidator = new RequestObjectValidatorImpl();
                    }
                }
            }
        }
        return this.requestObjectValidator;
    }

    public RequestObjectValidator getCIBARequestObjectValidator() {
        if (this.cibaRequestObjectValidator == null) {
            synchronized (RequestObjectValidator.class) {
                if (this.cibaRequestObjectValidator == null) {
                    try {
                        this.cibaRequestObjectValidator = (RequestObjectValidator) Thread.currentThread().getContextClassLoader().loadClass(this.defaultCibaRequestValidatorClassName).newInstance();
                    } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                        log.warn("Failed to initiate CIBA RequestObjectValidator from identity.xml. Hence initiating the default implementation", e);
                        this.cibaRequestObjectValidator = new CIBARequestObjectValidatorImpl();
                    }
                }
            }
        }
        return this.cibaRequestObjectValidator;
    }

    public Map<String, RequestObjectBuilder> getRequestObjectBuilders() {
        if (this.requestObjectBuilder == null) {
            synchronized (this) {
                if (this.requestObjectBuilder == null) {
                    HashMap hashMap = new HashMap();
                    for (Map.Entry<String, String> entry : this.requestObjectBuilderClassNames.entrySet()) {
                        RequestObjectBuilder requestObjectBuilder = null;
                        try {
                            requestObjectBuilder = (RequestObjectBuilder) Class.forName(entry.getValue()).newInstance();
                        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                            log.error("Error instantiating " + entry.getValue(), e);
                        }
                        if (requestObjectBuilder != null) {
                            hashMap.put(entry.getKey(), requestObjectBuilder);
                        } else {
                            log.warn("Failed to initiate request object builder class which is associated with the builder " + entry.getKey());
                        }
                    }
                    this.requestObjectBuilder = hashMap;
                }
            }
        }
        return this.requestObjectBuilder;
    }

    public String getOAuthAuthzRequestClassName() {
        return this.oAuthAuthzRequestClassName;
    }

    public Set<String> getSupportedResponseTypeNames() {
        return this.supportedResponseTypeClassNames.keySet();
    }

    public String[] getSupportedClaims() {
        return this.supportedClaims;
    }

    public SAML2TokenCallbackHandler getSAML2TokenCallbackHandler() {
        if (StringUtils.isBlank(this.saml2TokenCallbackHandlerName)) {
            return null;
        }
        if (this.saml2TokenCallbackHandler == null) {
            synchronized (SAML2TokenCallbackHandler.class) {
                if (this.saml2TokenCallbackHandler == null) {
                    try {
                        this.saml2TokenCallbackHandler = (SAML2TokenCallbackHandler) Thread.currentThread().getContextClassLoader().loadClass(this.saml2TokenCallbackHandlerName).newInstance();
                    } catch (ClassNotFoundException e) {
                        log.error("Error while instantiating the SAML2TokenCallbackHandler ", e);
                    } catch (IllegalAccessException e2) {
                        log.error("Error while instantiating the SAML2TokenCallbackHandler ", e2);
                    } catch (InstantiationException e3) {
                        log.error("Error while instantiating the SAML2TokenCallbackHandler ", e3);
                    }
                }
            }
        }
        return this.saml2TokenCallbackHandler;
    }

    public Map<String, String> getTokenValidatorClassNames() {
        return this.tokenValidatorClassNames;
    }

    public boolean isAccessTokenPartitioningEnabled() {
        return this.accessTokenPartitioningEnabled;
    }

    public Map<String, String> getIdTokenAllowedForGrantTypesMap() {
        return this.idTokenAllowedForGrantTypesMap;
    }

    public Set<String> getIdTokenNotAllowedGrantTypesSet() {
        return this.idTokenNotAllowedGrantTypesSet;
    }

    public boolean isRedirectToRequestedRedirectUriEnabled() {
        return this.redirectToRequestedRedirectUriEnabled;
    }

    public boolean isUserNameAssertionEnabled() {
        return this.assertionsUserNameEnabled;
    }

    public String getAccessTokenPartitioningDomains() {
        return this.accessTokenPartitioningDomains;
    }

    private QName getQNameWithIdentityNS(String str) {
        return new QName("http://wso2.org/projects/carbon/carbon.xml", str);
    }

    public boolean isAuthContextTokGenEnabled() {
        return this.isAuthContextTokGenEnabled;
    }

    public String getTokenGeneratorImplClass() {
        return this.tokenGeneratorImplClass;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public String getIdTokenSignatureAlgorithm() {
        return this.idTokenSignatureAlgorithm;
    }

    public String getDefaultIdTokenEncryptionAlgorithm() {
        return this.defaultIdTokenEncryptionAlgorithm;
    }

    public List<String> getSupportedIdTokenEncryptionAlgorithm() {
        return this.supportedIdTokenEncryptionAlgorithms;
    }

    public String getDefaultIdTokenEncryptionMethod() {
        return this.defaultIdTokenEncryptionMethod;
    }

    public List<String> getSupportedIdTokenEncryptionMethods() {
        return this.supportedIdTokenEncryptionMethods;
    }

    public String getUserInfoJWTSignatureAlgorithm() {
        return this.userInfoJWTSignatureAlgorithm;
    }

    public String getConsumerDialectURI() {
        return this.consumerDialectURI;
    }

    public String getClaimsRetrieverImplClass() {
        return this.claimsRetrieverImplClass;
    }

    public String getAuthorizationContextTTL() {
        return this.authContextTTL;
    }

    public boolean isUseMultiValueSeparatorForAuthContextToken() {
        return this.useMultiValueSeparatorForAuthContextToken;
    }

    public TokenPersistenceProcessor getPersistenceProcessor() throws IdentityOAuth2Exception {
        if (this.persistenceProcessor == null) {
            synchronized (this) {
                if (this.persistenceProcessor == null) {
                    try {
                        this.persistenceProcessor = (TokenPersistenceProcessor) getClass().getClassLoader().loadClass(this.tokenPersistenceProcessorClassName).newInstance();
                        if (log.isDebugEnabled()) {
                            log.debug("An instance of " + this.tokenPersistenceProcessorClassName + " is created for OAuthServerConfiguration.");
                        }
                    } catch (Exception e) {
                        log.error("Error when instantiating the TokenPersistenceProcessor : " + this.tokenPersistenceProcessorClassName + ". Defaulting to PlainTextPersistenceProcessor", e);
                        this.persistenceProcessor = new PlainTextPersistenceProcessor();
                    }
                }
            }
        }
        return this.persistenceProcessor;
    }

    public IDTokenBuilder getOpenIDConnectIDTokenBuilder() {
        if (this.openIDConnectIDTokenBuilder == null) {
            synchronized (IDTokenBuilder.class) {
                if (this.openIDConnectIDTokenBuilder == null) {
                    try {
                        try {
                            try {
                                this.openIDConnectIDTokenBuilder = (IDTokenBuilder) Thread.currentThread().getContextClassLoader().loadClass(this.openIDConnectIDTokenBuilderClassName).newInstance();
                            } catch (IllegalAccessException e) {
                                log.error("Error while instantiating the IDTokenBuilder ", e);
                            }
                        } catch (InstantiationException e2) {
                            log.error("Error while instantiating the IDTokenBuilder ", e2);
                        }
                    } catch (ClassNotFoundException e3) {
                        log.error("Error while instantiating the IDTokenBuilder ", e3);
                    }
                }
            }
        }
        return this.openIDConnectIDTokenBuilder;
    }

    public CustomClaimsCallbackHandler getOpenIDConnectCustomClaimsCallbackHandler() {
        if (this.openidConnectIDTokenCustomClaimsCallbackHandler == null) {
            synchronized (CustomClaimsCallbackHandler.class) {
                if (this.openidConnectIDTokenCustomClaimsCallbackHandler == null) {
                    try {
                        this.openidConnectIDTokenCustomClaimsCallbackHandler = (CustomClaimsCallbackHandler) Thread.currentThread().getContextClassLoader().loadClass(this.openIDConnectIDTokenCustomClaimsHanlderClassName).newInstance();
                    } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                        log.error("Error while instantiating the IDTokenBuilder ", e);
                    }
                }
            }
        }
        return this.openidConnectIDTokenCustomClaimsCallbackHandler;
    }

    public String getOpenIDConnectIDTokenIssuerIdentifier() {
        return this.openIDConnectIDTokenIssuerIdentifier;
    }

    public String getOpenIDConnectIDTokenSubjectClaim() {
        return this.openIDConnectIDTokenSubClaim;
    }

    public boolean getOpenIDConnectSkipeUserConsentConfig() {
        if (this.openIDConnectSkipLoginConsent != null) {
            return this.openIDConnectSkipLoginConsent.booleanValue();
        }
        if (log.isDebugEnabled()) {
            log.debug("The SkipLoginConsent property is not configured. So retrieving the SkipUserConsent value.");
        }
        return this.openIDConnectSkipUserConsent.booleanValue();
    }

    public boolean getOpenIDConnectSkipLogoutConsentConfig() {
        if (this.openIDConnectSkipLogoutConsent != null) {
            return this.openIDConnectSkipLogoutConsent.booleanValue();
        }
        if (log.isDebugEnabled()) {
            log.debug("The SkipLogoutConsent property is not configured. So retrieving the SkipUserConsent value.");
        }
        return this.openIDConnectSkipUserConsent.booleanValue();
    }

    public String getOpenIDConnectIDTokenExpiration() {
        return this.openIDConnectIDTokenExpiration;
    }

    public long getOpenIDConnectIDTokenExpiryTimeInSeconds() {
        return this.openIDConnectIDTokenExpiryTimeInSeconds;
    }

    public String getOpenIDConnectBCLogoutTokenExpiration() {
        return this.openIDConnectBCLogoutTokenExpiryInSeconds;
    }

    public String getOpenIDConnectUserInfoEndpointClaimDialect() {
        return this.openIDConnectUserInfoEndpointClaimDialect;
    }

    public String getOpenIDConnectUserInfoEndpointClaimRetriever() {
        return this.openIDConnectUserInfoEndpointClaimRetriever;
    }

    public String getOpenIDConnectUserInfoEndpointRequestValidator() {
        return this.openIDConnectUserInfoEndpointRequestValidator;
    }

    public String getOpenIDConnectUserInfoEndpointAccessTokenValidator() {
        return this.openIDConnectUserInfoEndpointAccessTokenValidator;
    }

    public String getOpenIDConnectUserInfoEndpointResponseBuilder() {
        return this.openIDConnectUserInfoEndpointResponseBuilder;
    }

    public boolean isJWTSignedWithSPKey() {
        return this.isJWTSignedWithSPKey;
    }

    public boolean isImplicitErrorFragment() {
        return this.isImplicitErrorFragment;
    }

    public boolean isRevokeResponseHeadersEnabled() {
        return this.isRevokeResponseHeadersEnabled;
    }

    @Deprecated
    public boolean isEnableIntrospectionDataProviders() {
        return this.enableIntrospectionDataProviders;
    }

    public boolean getValueForIsRefreshTokenAllowed(String str) {
        Boolean bool = this.refreshTokenAllowedGrantTypes.get(str);
        if (bool == null) {
            return true;
        }
        return bool.booleanValue();
    }

    public boolean isUserConsentRequiredForClaims(String str) {
        return this.userConsentEnabledGrantTypes.contains(str);
    }

    public boolean getUseSPTenantDomainValue() {
        return this.useSPTenantDomainValue;
    }

    public String getSaml2BearerTokenUserType() {
        return this.saml2BearerTokenUserType;
    }

    public boolean getSaml2UserIdFromClaims() {
        return this.saml2UserIdFromClaims;
    }

    public boolean isConvertOriginalClaimsFromAssertionsToOIDCDialect() {
        return this.convertOriginalClaimsFromAssertionsToOIDCDialect;
    }

    public boolean isReturnOnlyMappedLocalRoles() {
        return this.returnOnlyMappedLocalRoles;
    }

    public boolean isAddUnmappedUserAttributes() {
        return this.addUnmappedUserAttributes;
    }

    public boolean isMapFederatedUsersToLocal() {
        return this.mapFederatedUsersToLocal;
    }

    public boolean isAddTenantDomainToIdTokenEnabled() {
        return this.addTenantDomainToIdTokenEnabled;
    }

    public boolean isAddUserstoreDomainToIdTokenEnabled() {
        return this.addUserstoreDomainToIdTokenEnabled;
    }

    public boolean isRequestObjectEnabled() {
        return this.requestObjectEnabled;
    }

    public int getDeviceCodeKeyLength() {
        return this.deviceCodeKeyLength;
    }

    public long getDeviceCodeExpiryTime() {
        return this.deviceCodeExpiryTime;
    }

    public int getDeviceCodePollingInterval() {
        return this.deviceCodePollingInterval;
    }

    public String getDeviceCodeKeySet() {
        return this.deviceCodeKeySet;
    }

    private void parseOAuthCallbackHandlers(OMElement oMElement) {
        if (oMElement == null) {
            warnOnFaultyConfiguration("OAuthCallbackHandlers element is not available.");
            return;
        }
        Iterator childrenWithLocalName = oMElement.getChildrenWithLocalName("OAuthCallbackHandler");
        int i = 0;
        if (childrenWithLocalName != null) {
            while (childrenWithLocalName.hasNext()) {
                OAuthCallbackHandlerMetaData buildAuthzCallbackHandlerMetadata = buildAuthzCallbackHandlerMetadata((OMElement) childrenWithLocalName.next());
                if (buildAuthzCallbackHandlerMetadata != null) {
                    this.callbackHandlerMetaData.add(buildAuthzCallbackHandlerMetadata);
                    if (log.isDebugEnabled()) {
                        log.debug("OAuthCallbackHandlerMetadata was added. Class : " + buildAuthzCallbackHandlerMetadata.getClassName());
                    }
                    i++;
                }
            }
        }
        if (i <= 0) {
            warnOnFaultyConfiguration("No OAuthCallbackHandler elements were found.");
        }
    }

    private void parseTokenValidators(OMElement oMElement) {
        Iterator childrenWithLocalName;
        if (oMElement == null || (childrenWithLocalName = oMElement.getChildrenWithLocalName("TokenValidator")) == null) {
            return;
        }
        while (childrenWithLocalName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
            if (oMElement2 != null) {
                this.tokenValidatorClassNames.put(oMElement2.getAttributeValue(new QName("type")), oMElement2.getAttributeValue(new QName("class")));
            }
        }
    }

    private void parseScopeValidator(OMElement oMElement) {
        OAuth2ScopeValidator oAuth2ScopeValidator;
        HashSet hashSet = new HashSet();
        if ("ScopeValidators".equals(oMElement.getLocalName())) {
            Iterator childrenWithName = oMElement.getChildrenWithName(getQNameWithIdentityNS("ScopeValidator"));
            while (childrenWithName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithName.next();
                String attributeValue = oMElement2.getAttributeValue(new QName("class"));
                if (attributeValue != null && (oAuth2ScopeValidator = (OAuth2ScopeValidator) getClassInstance(attributeValue, OAuth2ScopeValidator.class)) != null) {
                    oAuth2ScopeValidator.setScopesToSkip(getScopesToSkipSet(oMElement2.getAttributeValue(new QName("scopesToSkip"))));
                    Iterator childrenWithName2 = oMElement2.getChildrenWithName(getQNameWithIdentityNS("Property"));
                    HashMap hashMap = new HashMap();
                    while (childrenWithName2.hasNext()) {
                        OMElement oMElement3 = (OMElement) childrenWithName2.next();
                        String attributeValue2 = oMElement3.getAttributeValue(new QName(OAuth2ServiceComponent.NAME));
                        String text = oMElement3.getText();
                        hashMap.put(attributeValue2, text);
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("Property: %s with value: %s is set to ScopeValidator: %s.", attributeValue2, text, attributeValue));
                        }
                    }
                    oAuth2ScopeValidator.setProperties(hashMap);
                    hashSet.add(oAuth2ScopeValidator);
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("ScopeValidator: %s is added to ScopeValidators list.", oAuth2ScopeValidator.getClass().getCanonicalName()));
                    }
                }
            }
        } else {
            String attributeValue3 = oMElement.getAttributeValue(new QName("class"));
            String attributeValue4 = oMElement.getAttributeValue(new QName("scopesToSkip"));
            if (attributeValue3 != null) {
                OAuth2ScopeValidator oAuth2ScopeValidator2 = (OAuth2ScopeValidator) getClassInstance(attributeValue3, OAuth2ScopeValidator.class);
                if (oAuth2ScopeValidator2 != null) {
                    oAuth2ScopeValidator2.setScopesToSkip(getScopesToSkipSet(attributeValue4));
                }
                hashSet.add(oAuth2ScopeValidator2);
            }
        }
        setOAuth2ScopeValidators(hashSet);
    }

    private void parseScopeHandlers(OMElement oMElement) {
        OAuth2ScopeHandler oAuth2ScopeHandler;
        HashSet hashSet = new HashSet();
        Iterator childrenWithName = oMElement.getChildrenWithName(getQNameWithIdentityNS("ScopeHandler"));
        if (childrenWithName == null) {
            return;
        }
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            String attributeValue = oMElement2.getAttributeValue(new QName("class"));
            if (attributeValue != null && (oAuth2ScopeHandler = (OAuth2ScopeHandler) getClassInstance(attributeValue, OAuth2ScopeHandler.class)) != null) {
                Iterator childrenWithName2 = oMElement2.getChildrenWithName(getQNameWithIdentityNS("Property"));
                HashMap hashMap = new HashMap();
                while (childrenWithName2.hasNext()) {
                    OMElement oMElement3 = (OMElement) childrenWithName2.next();
                    String attributeValue2 = oMElement3.getAttributeValue(new QName(OAuth2ServiceComponent.NAME));
                    String text = oMElement3.getText();
                    hashMap.put(attributeValue2, text);
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Property: %s with value: %s is set to ScopeHandler: %s.", attributeValue2, text, attributeValue));
                    }
                }
                oAuth2ScopeHandler.setProperties(hashMap);
                hashSet.add(oAuth2ScopeHandler);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("ScopeHandler: %s is added to ScopeHandler list.", oAuth2ScopeHandler.getClass().getCanonicalName()));
                }
            }
        }
        setOAuth2ScopeHandlers(hashSet);
    }

    private <T> T getClassInstance(String str, Class<T> cls) {
        try {
            return cls.cast(Thread.currentThread().getContextClassLoader().loadClass(str).newInstance());
        } catch (ClassCastException e) {
            log.error("Cannot cast the class: " + str + " to type: " + cls.getCanonicalName(), e);
            return null;
        } catch (ClassNotFoundException e2) {
            log.error("Class not found in build path " + str, e2);
            return null;
        } catch (IllegalAccessException e3) {
            log.error("Class access error " + str, e3);
            return null;
        } catch (InstantiationException e4) {
            log.error("Class initialization error " + str, e4);
            return null;
        }
    }

    private Set<String> getScopesToSkipSet(String str) {
        HashSet hashSet = new HashSet();
        if (StringUtils.isNotEmpty(str)) {
            hashSet = new HashSet(Arrays.asList(str.trim().split("\\s+")));
        }
        return hashSet;
    }

    private void warnOnFaultyConfiguration(String str) {
        log.warn("Error in OAuth Configuration. " + str);
    }

    private OAuthCallbackHandlerMetaData buildAuthzCallbackHandlerMetadata(OMElement oMElement) {
        String attributeValue = oMElement.getAttributeValue(new QName("Class"));
        if (attributeValue == null) {
            log.error("Mandatory attribute \"Class\" is not present in the AuthorizationCallbackHandler element. AuthorizationCallbackHandler will not be registered.");
            return null;
        }
        int i = 1;
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("Priority"));
        if (firstChildWithName != null) {
            i = Integer.parseInt(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("Priority level of : " + i + " is set for the AuthorizationCallbackHandler with the class : " + attributeValue);
        }
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("Properties"));
        Properties properties = null;
        if (firstChildWithName2 != null) {
            Iterator childrenWithLocalName = firstChildWithName2.getChildrenWithLocalName("Property");
            properties = new Properties();
            if (log.isDebugEnabled()) {
                log.debug("Registering Properties for AuthorizationCallbackHandler class : " + attributeValue);
            }
            while (childrenWithLocalName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
                String attributeValue2 = oMElement2.getAttributeValue(new QName("Name"));
                String text = oMElement2.getText();
                properties.put(attributeValue2, text);
                if (log.isDebugEnabled()) {
                    log.debug("Property name : " + attributeValue2 + ", Property Value : " + text);
                }
            }
        }
        return new OAuthCallbackHandlerMetaData(attributeValue, properties, i);
    }

    private void parseDefaultValidityPeriods(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("AuthorizationCodeDefaultValidityPeriod"));
        if (firstChildWithName != null) {
            this.authorizationCodeValidityPeriodInSeconds = Long.parseLong(firstChildWithName.getText());
        }
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("UserAccessTokenDefaultValidityPeriod"));
        if (firstChildWithName2 != null) {
            this.userAccessTokenValidityPeriodInSeconds = Long.parseLong(firstChildWithName2.getText());
        }
        OMElement firstChildWithName3 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("AccessTokenDefaultValidityPeriod"));
        if (firstChildWithName3 != null) {
            this.applicationAccessTokenValidityPeriodInSeconds = Long.parseLong(firstChildWithName3.getText());
        }
        OMElement firstChildWithName4 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("RefreshTokenValidityPeriod"));
        if (firstChildWithName4 != null) {
            this.refreshTokenValidityPeriodInSeconds = Long.parseLong(firstChildWithName4.getText().trim());
        }
        OMElement firstChildWithName5 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("TimestampSkew"));
        if (firstChildWithName5 != null) {
            this.timeStampSkewInSeconds = Long.parseLong(firstChildWithName5.getText());
        }
        if (log.isDebugEnabled()) {
            if (firstChildWithName == null) {
                log.debug("\"Authorization Code Default Timeout\" element was not available in identity.xml. Continuing with the default value.");
            }
            if (firstChildWithName2 == null) {
                log.debug("\"Access Token Default Timeout\" element was not available in from identity.xml. Continuing with the default value.");
            }
            if (firstChildWithName4 == null) {
                log.debug("\"Refresh Token Default Timeout\" element was not available in from identity.xml. Continuing with the default value.");
            }
            if (firstChildWithName5 == null) {
                log.debug("\"Default Timestamp Skew\" element was not available in from identity.xml. Continuing with the default value.");
            }
            if (log.isDebugEnabled()) {
                log.debug("Authorization Code Default Timeout is set to : " + this.authorizationCodeValidityPeriodInSeconds + "ms.");
                log.debug("User Access Token Default Timeout is set to " + this.userAccessTokenValidityPeriodInSeconds + "ms.");
                log.debug("Application Access Token Default Timeout is set to " + this.applicationAccessTokenValidityPeriodInSeconds + "ms.");
                log.debug("Refresh Token validity period is set to " + this.refreshTokenValidityPeriodInSeconds + "s.");
                log.debug("Default TimestampSkew is set to " + this.timeStampSkewInSeconds + "ms.");
            }
        }
    }

    private void parseOAuthURLs(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH1_REQUEST_TOKEN_URL));
        if (firstChildWithName != null && StringUtils.isNotBlank(firstChildWithName.getText())) {
            oauth1RequestTokenUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName.getText());
        }
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH1_AUTHORIZE_URL));
        if (firstChildWithName2 != null && StringUtils.isNotBlank(firstChildWithName2.getText())) {
            oauth1AuthorizeUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName2.getText());
        }
        OMElement firstChildWithName3 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH1_ACCESS_TOKEN_URL));
        if (firstChildWithName3 != null && StringUtils.isNotBlank(firstChildWithName3.getText())) {
            oauth1AccessTokenUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName3.getText());
        }
        OMElement firstChildWithName4 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_AUTHZ_EP_URL));
        if (firstChildWithName4 != null && StringUtils.isNotBlank(firstChildWithName4.getText())) {
            oauth2AuthzEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName4.getText());
        }
        OMElement firstChildWithName5 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_TOKEN_EP_URL));
        if (firstChildWithName5 != null && StringUtils.isNotBlank(firstChildWithName5.getText())) {
            oauth2TokenEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName5.getText());
        }
        OMElement firstChildWithName6 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_USERINFO_EP_URL));
        if (firstChildWithName6 != null && StringUtils.isNotBlank(firstChildWithName6.getText())) {
            oauth2UserInfoEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName6.getText());
        }
        OMElement firstChildWithName7 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_REVOCATION_EP_URL));
        if (firstChildWithName7 != null && StringUtils.isNotBlank(firstChildWithName7.getText())) {
            oauth2RevocationEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName7.getText());
        }
        OMElement firstChildWithName8 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_INTROSPECTION_EP_URL));
        if (firstChildWithName8 != null && StringUtils.isNotBlank(firstChildWithName8.getText())) {
            oauth2IntrospectionEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName8.getText());
        }
        OMElement firstChildWithName9 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_CONSENT_PAGE_URL));
        if (firstChildWithName9 != null && StringUtils.isNotBlank(firstChildWithName9.getText())) {
            oauth2ConsentPageUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName9.getText());
        }
        OMElement firstChildWithName10 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_DCR_EP_URL));
        if (firstChildWithName10 != null && StringUtils.isNotBlank(firstChildWithName10.getText())) {
            oauth2DCREPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName10.getText());
        }
        OMElement firstChildWithName11 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_JWKS_PAGE_URL));
        if (firstChildWithName11 != null && StringUtils.isNotBlank(firstChildWithName11.getText())) {
            oauth2JWKSPageUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName11.getText());
        }
        OMElement firstChildWithName12 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OIDC_DISCOVERY_EP_URL));
        if (firstChildWithName12 != null && StringUtils.isNotBlank(firstChildWithName12.getText())) {
            oidcDiscoveryUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName12.getText());
        }
        OMElement firstChildWithName13 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OIDC_WEB_FINGER_EP_URL));
        if (firstChildWithName13 != null && StringUtils.isNotBlank(firstChildWithName13.getText())) {
            oidcWebFingerEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName13.getText());
        }
        OMElement firstChildWithName14 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OIDC_CONSENT_PAGE_URL));
        if (firstChildWithName14 != null && StringUtils.isNotBlank(firstChildWithName14.getText())) {
            oidcConsentPageUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName14.getText());
        }
        OMElement firstChildWithName15 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH2_ERROR_PAGE_URL));
        if (firstChildWithName15 != null && StringUtils.isNotBlank(firstChildWithName15.getText())) {
            oauth2ErrorPageUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName15.getText());
        }
        OMElement firstChildWithName16 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.DEVICE_AUTHZ_EP_URL));
        if (firstChildWithName16 == null || !StringUtils.isNotBlank(firstChildWithName16.getText())) {
            return;
        }
        this.deviceAuthzEPUrl = IdentityUtil.fillURLPlaceholders(firstChildWithName16.getText());
    }

    private void parseRefreshTokenRenewalConfiguration(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("RenewRefreshTokenForRefreshGrant"));
        if (firstChildWithName != null) {
            this.isRefreshTokenRenewalEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("RenewRefreshTokenForRefreshGrant was set to : " + this.isRefreshTokenRenewalEnabled);
        }
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS("ExtendRenewedRefreshTokenExpiryTime"));
        if (firstChildWithName2 != null) {
            this.isExtendRenewedTokenExpiryTimeEnabled = Boolean.parseBoolean(firstChildWithName2.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("ExtendRenewedRefreshTokenExpiryTime was set to : " + this.isExtendRenewedTokenExpiryTimeEnabled);
        }
    }

    private void parseAccessTokenPartitioningConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ENABLE_ACCESS_TOKEN_PARTITIONING));
        if (firstChildWithName != null) {
            this.accessTokenPartitioningEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("Enable OAuth Access Token Partitioning was set to : " + this.accessTokenPartitioningEnabled);
        }
    }

    private void parseAccessTokenPartitioningDomainsConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ACCESS_TOKEN_PARTITIONING_DOMAINS));
        if (firstChildWithName != null) {
            this.accessTokenPartitioningDomains = firstChildWithName.getText();
        }
        if (log.isDebugEnabled()) {
            log.debug("Enable OAuth Access Token Partitioning Domains was set to : " + this.accessTokenPartitioningDomains);
        }
    }

    private void parseEnableAssertionsUserNameConfig(OMElement oMElement) {
        OMElement firstChildWithName;
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ENABLE_ASSERTIONS));
        if (firstChildWithName2 != null && (firstChildWithName = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ENABLE_ASSERTIONS_USERNAME))) != null) {
            this.assertionsUserNameEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("Enable Assertions-UserName was set to : " + this.assertionsUserNameEnabled);
        }
    }

    private void parseTokenPersistenceProcessorConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("TokenPersistenceProcessor"));
        if (firstChildWithName != null && StringUtils.isNotBlank(firstChildWithName.getText())) {
            this.tokenPersistenceProcessorClassName = firstChildWithName.getText().trim();
        }
        if (log.isDebugEnabled()) {
            log.debug("Token Persistence Processor was set to : " + this.tokenPersistenceProcessorClassName);
        }
    }

    private void parseOAuthTokenGeneratorConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("OAuthTokenGenerator"));
        if (firstChildWithName == null || "".equals(firstChildWithName.getText().trim())) {
            if (log.isDebugEnabled()) {
                log.debug("The default OAuth token issuer will be used. No custom token generator is set.");
            }
        } else {
            this.oauthTokenGeneratorClassName = firstChildWithName.getText().trim();
            if (log.isDebugEnabled()) {
                log.debug("OAuth token generator is set to : " + this.oauthTokenGeneratorClassName);
            }
        }
    }

    private void parseOAuthTokenIssuerConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("IdentityOAuthTokenGenerator"));
        if (firstChildWithName == null || "".equals(firstChildWithName.getText().trim())) {
            if (log.isDebugEnabled()) {
                log.debug("The default Identity OAuth token issuer will be used. No custom token generator is set.");
            }
        } else {
            this.oauthIdentityTokenGeneratorClassName = firstChildWithName.getText().trim();
            if (log.isDebugEnabled()) {
                log.debug("Identity OAuth token generator is set to : " + this.oauthIdentityTokenGeneratorClassName);
            }
        }
    }

    private void parseClientIdValidationRegex(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("ClientIdValidationRegex"));
        if (firstChildWithName != null && !"".equals(firstChildWithName.getText().trim())) {
            this.clientIdValidationRegex = firstChildWithName.getText().trim();
        }
        if (log.isDebugEnabled()) {
            log.debug("Client id validation regex is set to: " + this.clientIdValidationRegex);
        }
    }

    private void parsePersistAccessTokenAliasConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("PersistAccessTokenAlias"));
        if (firstChildWithName == null || "".equals(firstChildWithName.getText().trim())) {
            if (log.isDebugEnabled()) {
                log.debug("PersistAccessTokenAlias is not defiled. Default config will be used.");
            }
        } else {
            this.persistAccessTokenAlias = firstChildWithName.getText().trim();
            if (log.isDebugEnabled()) {
                log.debug("Identity OAuth persist access token alias is set to : " + this.persistAccessTokenAlias);
            }
        }
    }

    private void parseRetainOldAccessTokensConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("TokenCleanup"));
        if (firstChildWithName == null) {
            this.tokenCleanupFeatureEnable = "false";
            return;
        }
        OMElement firstChildWithName2 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("RetainOldAccessToken"));
        if (firstChildWithName2 == null || "".equals(firstChildWithName2.getText().trim())) {
            this.retainOldAccessTokens = "false";
            if (log.isDebugEnabled()) {
                log.debug("Retain old access token  is not defined.Default config will be used");
                return;
            }
            return;
        }
        this.retainOldAccessTokens = firstChildWithName2.getText().trim();
        if (log.isDebugEnabled()) {
            log.debug("Retain old access token is set to : " + this.retainOldAccessTokens);
        }
    }

    private void tokenCleanupFeatureConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("TokenCleanup"));
        if (firstChildWithName == null) {
            this.tokenCleanupFeatureEnable = "false";
            return;
        }
        OMElement firstChildWithName2 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("EnableTokenCleanup"));
        if (firstChildWithName2 == null || !StringUtils.isNotBlank(firstChildWithName2.getText())) {
            this.tokenCleanupFeatureEnable = "false";
            if (log.isDebugEnabled()) {
                log.debug("Old token cleanup process enable  is not defined. Default config will be used");
                return;
            }
            return;
        }
        this.tokenCleanupFeatureEnable = firstChildWithName2.getText().trim();
        if (log.isDebugEnabled()) {
            log.debug("Old token cleanup process enable is set to : " + this.tokenCleanupFeatureEnable);
        }
    }

    private void parseSupportedGrantTypesConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("SupportedGrantTypes"));
        if (firstChildWithName != null) {
            Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("SupportedGrantType"));
            while (childrenWithName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithName.next();
                OMElement firstChildWithName2 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("GrantTypeName"));
                String text = firstChildWithName2 != null ? firstChildWithName2.getText() : null;
                OMElement firstChildWithName3 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("GrantTypeHandlerImplClass"));
                String text2 = firstChildWithName3 != null ? firstChildWithName3.getText() : null;
                OMElement firstChildWithName4 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("IdTokenAllowed"));
                String text3 = firstChildWithName4 != null ? firstChildWithName4.getText() : null;
                if (StringUtils.isNotEmpty(text) && StringUtils.isNotEmpty(text3)) {
                    this.idTokenAllowedForGrantTypesMap.put(text, text3);
                    if (!Boolean.parseBoolean(text3)) {
                        this.idTokenNotAllowedGrantTypesSet.add(text);
                    }
                }
                if (StringUtils.isNotEmpty(text) && StringUtils.isNotEmpty(text2)) {
                    this.supportedGrantTypeClassNames.put(text, text2);
                    OMElement firstChildWithName5 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("GrantTypeValidatorImplClass"));
                    String text4 = firstChildWithName5 != null ? firstChildWithName5.getText() : null;
                    if (StringUtils.isNotEmpty(text4)) {
                        this.supportedGrantTypeValidatorNames.put(text, text4);
                    }
                    OMElement firstChildWithName6 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("IsRefreshTokenAllowed"));
                    if (firstChildWithName6 != null && StringUtils.isNotBlank(firstChildWithName6.getText())) {
                        this.refreshTokenAllowedGrantTypes.put(text, Boolean.valueOf(Boolean.parseBoolean(firstChildWithName6.getText())));
                    }
                }
            }
        } else {
            log.warn("'SupportedGrantTypes' element not configured in identity.xml. Therefore instantiating default grant type handlers");
            HashMap hashMap = new HashMap(5);
            hashMap.put(GrantType.AUTHORIZATION_CODE.toString(), AUTHORIZATION_CODE_GRANT_HANDLER_CLASS);
            hashMap.put(GrantType.CLIENT_CREDENTIALS.toString(), CLIENT_CREDENTIALS_GRANT_HANDLER_CLASS);
            hashMap.put(GrantType.PASSWORD.toString(), PASSWORD_GRANT_HANDLER_CLASS);
            hashMap.put(GrantType.REFRESH_TOKEN.toString(), REFRESH_TOKEN_GRANT_HANDLER_CLASS);
            hashMap.put(org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString(), SAML20_BEARER_GRANT_HANDLER_CLASS);
            hashMap.put(org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString(), IWA_NTLM_BEARER_GRANT_HANDLER_CLASS);
            this.supportedGrantTypeClassNames.putAll(hashMap);
        }
        if (log.isDebugEnabled()) {
            for (Map.Entry<String, String> entry : this.supportedGrantTypeClassNames.entrySet()) {
                log.debug(entry.getKey().toString() + "supported by" + entry.getValue().toString());
            }
        }
    }

    private void parseSupportedTokenTypesConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("SupportedTokenTypes"));
        if (firstChildWithName != null) {
            Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("SupportedTokenType"));
            while (childrenWithName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithName.next();
                OMElement firstChildWithName2 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("TokenTypeName"));
                String str = null;
                if (firstChildWithName2 != null) {
                    str = firstChildWithName2.getText();
                }
                OMElement firstChildWithName3 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("TokenTypeImplClass"));
                String str2 = null;
                if (firstChildWithName3 != null) {
                    str2 = firstChildWithName3.getText();
                }
                OMElement firstChildWithName4 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("PersistAccessTokenAlias"));
                String str3 = null;
                if (firstChildWithName4 != null) {
                    str3 = firstChildWithName4.getText();
                }
                if (StringUtils.isNotEmpty(str)) {
                    TokenIssuerDO tokenIssuerDO = new TokenIssuerDO();
                    if (StringUtils.isNotEmpty(str2)) {
                        tokenIssuerDO.setTokenType(str);
                        tokenIssuerDO.setTokenImplClass(str2);
                    }
                    if (StringUtils.isNotEmpty(str3)) {
                        tokenIssuerDO.setPersistAccessTokenAlias(Boolean.valueOf(str3).booleanValue());
                    } else {
                        tokenIssuerDO.setPersistAccessTokenAlias(true);
                    }
                    this.supportedTokenIssuers.put(str, tokenIssuerDO);
                }
            }
        }
        boolean z = false;
        Iterator<Map.Entry<String, TokenIssuerDO>> it = this.supportedTokenIssuers.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenIssuerDO value = it.next().getValue();
            if (this.oauthIdentityTokenGeneratorClassName != null && this.oauthIdentityTokenGeneratorClassName.equals(value.getTokenImplClass())) {
                z = true;
                break;
            }
        }
        if (!z && this.oauthIdentityTokenGeneratorClassName != null) {
            boolean z2 = true;
            if (this.persistAccessTokenAlias != null) {
                z2 = Boolean.parseBoolean(this.persistAccessTokenAlias);
            }
            this.supportedTokenIssuers.put("Default", new TokenIssuerDO("Default", this.oauthIdentityTokenGeneratorClassName, z2));
        }
        if (!this.supportedTokenIssuers.containsKey("Default")) {
            this.supportedTokenIssuers.put("Default", new TokenIssuerDO("Default", DEFAULT_OAUTH_TOKEN_ISSUER_CLASS, true));
        }
        if (!this.supportedTokenIssuers.containsKey("JWT")) {
            this.supportedTokenIssuers.put("JWT", new TokenIssuerDO("JWT", JWT_TOKEN_ISSUER_CLASS, true));
        }
        this.supportedTokenTypes.addAll(this.supportedTokenIssuers.keySet());
    }

    public List<String> getSupportedTokenTypes() {
        return Collections.unmodifiableList(this.supportedTokenTypes);
    }

    public OauthTokenIssuer addAndReturnTokenIssuerInstance(String str) throws IdentityOAuth2Exception {
        TokenIssuerDO tokenIssuerDO = this.supportedTokenIssuers.get(str);
        OauthTokenIssuer oauthTokenIssuer = null;
        if (tokenIssuerDO != null && tokenIssuerDO.getTokenImplClass() != null) {
            try {
                if (this.oauthTokenIssuerMap.get(str) == null) {
                    oauthTokenIssuer = (OauthTokenIssuer) getClass().getClassLoader().loadClass(tokenIssuerDO.getTokenImplClass()).newInstance();
                    oauthTokenIssuer.setPersistAccessTokenAlias(this.supportedTokenIssuers.get(str).isPersistAccessTokenAlias());
                    this.oauthTokenIssuerMap.put(str, oauthTokenIssuer);
                    log.info("An instance of " + tokenIssuerDO.getTokenImplClass() + " is created for Identity OAuth token generation.");
                } else {
                    oauthTokenIssuer = this.oauthTokenIssuerMap.get(str);
                }
            } catch (Exception e) {
                throw new IdentityOAuth2Exception("Error when instantiating the OAuthIssuer : " + tokenIssuerDO.getTokenImplClass() + ". Defaulting to OAuthIssuerImpl", e);
            }
        }
        return oauthTokenIssuer;
    }

    private void parseUserConsentEnabledGrantTypesConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("UserConsentEnabledGrantTypes"));
        if (firstChildWithName == null) {
            log.warn("<UserConsentEnabledGrantTypes> element in not found in identity.xml. Adding 'authorization_code' and 'implicit' grant types as default user consent enabled grant types.");
            this.userConsentEnabledGrantTypes.add(OAuthAdminServiceImpl.AUTHORIZATION_CODE);
            this.userConsentEnabledGrantTypes.add("implicit");
            return;
        }
        Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("UserConsentEnabledGrantType"));
        while (childrenWithName.hasNext()) {
            OMElement firstChildWithName2 = ((OMElement) childrenWithName.next()).getFirstChildWithName(getQNameWithIdentityNS("GrantTypeName"));
            String str = null;
            if (firstChildWithName2 != null) {
                str = firstChildWithName2.getText();
            }
            if (StringUtils.isNotEmpty(str)) {
                this.userConsentEnabledGrantTypes.add(str);
            } else {
                log.warn("Grant Type: " + str + " is not a supported grant type. Therefore skipping it from user consent enabled grant type list.");
            }
        }
    }

    private void parseSupportedResponseTypesConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("SupportedResponseTypes"));
        if (firstChildWithName != null) {
            Iterator childrenWithName = firstChildWithName.getChildrenWithName(getQNameWithIdentityNS("SupportedResponseType"));
            while (childrenWithName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithName.next();
                OMElement firstChildWithName2 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("ResponseTypeName"));
                String text = firstChildWithName2 != null ? firstChildWithName2.getText() : null;
                OMElement firstChildWithName3 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("ResponseTypeHandlerImplClass"));
                String text2 = firstChildWithName3 != null ? firstChildWithName3.getText() : null;
                if (text != null && !"".equals(text) && text2 != null && !"".equals(text2)) {
                    this.supportedResponseTypeClassNames.put(text, text2);
                    OMElement firstChildWithName4 = oMElement2.getFirstChildWithName(getQNameWithIdentityNS("ResponseTypeValidatorImplClass"));
                    String text3 = firstChildWithName4 != null ? firstChildWithName4.getText() : null;
                    if (!StringUtils.isEmpty(text3)) {
                        this.supportedResponseTypeValidatorNames.put(text, text3);
                    }
                }
            }
        } else {
            log.warn("'SupportedResponseTypes' element not configured in identity.xml. Therefore instantiating default response type handlers");
            HashMap hashMap = new HashMap();
            hashMap.put(ResponseType.CODE.toString(), "org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler");
            hashMap.put(ResponseType.TOKEN.toString(), "org.wso2.carbon.identity.oauth2.authz.handlers.AccessTokenResponseTypeHandler");
            hashMap.put(OIDCConstants.ID_TOKEN, "org.wso2.carbon.identity.oauth2.authz.handlers.IDTokenResponseTypeHandler");
            hashMap.put("id_token token", "org.wso2.carbon.identity.oauth2.authz.handlers.IDTokenTokenResponseTypeHandler");
            hashMap.put("code token", "org.wso2.carbon.identity.oauth2.authz.handlers.HybridResponseTypeHandler");
            hashMap.put("code id_token", "org.wso2.carbon.identity.oauth2.authz.handlers.HybridResponseTypeHandler");
            hashMap.put("code id_token token", "org.wso2.carbon.identity.oauth2.authz.handlers.HybridResponseTypeHandler");
            this.supportedResponseTypeClassNames.putAll(hashMap);
        }
        if (log.isDebugEnabled()) {
            for (Map.Entry<String, String> entry : this.supportedResponseTypeClassNames.entrySet()) {
                log.debug(entry.getKey().toString() + "supported by" + entry.getValue().toString());
            }
        }
    }

    private void parseSupportedClientAuthHandlersConfig(OMElement oMElement) {
        if (oMElement != null) {
            log.warn("'SupportedClientAuthMethods' is no longer supported (ClientAuthHandler in identity.xml). If you have customized ClientAuthHandler implementations migrate them");
            Iterator childrenWithLocalName = oMElement.getChildrenWithLocalName("ClientAuthHandler");
            while (childrenWithLocalName.hasNext()) {
                OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
                Iterator childrenWithLocalName2 = oMElement2.getChildrenWithLocalName("Property");
                Properties properties = new Properties();
                while (childrenWithLocalName2.hasNext()) {
                    OMElement oMElement3 = (OMElement) childrenWithLocalName2.next();
                    String attributeValue = oMElement3.getAttributeValue(new QName("Name"));
                    String text = oMElement3.getText();
                    properties.put(attributeValue, text);
                    if (log.isDebugEnabled()) {
                        log.debug("Property name : " + attributeValue + ", Property Value : " + text);
                    }
                }
                String attributeValue2 = oMElement2.getAttributeValue(new QName("Class"));
                if (StringUtils.isEmpty(attributeValue2)) {
                    log.error("Mandatory attribute \"Class\" is not present in the ClientAuthHandler element. ");
                    return;
                }
                this.supportedClientAuthHandlerData.put(attributeValue2, properties);
            }
        } else {
            HashMap hashMap = new HashMap(1);
            hashMap.put("org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler", new Properties());
            this.supportedClientAuthHandlerData.putAll(hashMap);
        }
        if (log.isDebugEnabled()) {
            Iterator<Map.Entry<String, Properties>> it = this.supportedClientAuthHandlerData.entrySet().iterator();
            while (it.hasNext()) {
                log.debug("Supported client authentication method " + it.next().getKey());
            }
        }
    }

    private void parseSAML2GrantConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("SAML2Grant"));
        OMElement oMElement2 = null;
        OMElement oMElement3 = null;
        OMElement oMElement4 = null;
        if (firstChildWithName != null) {
            oMElement2 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("UserType"));
            oMElement3 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("SAML2TokenHandler"));
            oMElement4 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("UseUserIdFromClaims"));
        }
        if (oMElement3 != null && StringUtils.isNotBlank(oMElement3.getText())) {
            this.saml2TokenCallbackHandlerName = oMElement3.getText().trim();
        }
        if (oMElement2 != null && StringUtils.isNotBlank(oMElement2.getText())) {
            this.saml2BearerTokenUserType = oMElement2.getText().trim();
        }
        if (oMElement4 == null || !StringUtils.isNotBlank(oMElement4.getText())) {
            return;
        }
        this.saml2UserIdFromClaims = Boolean.parseBoolean(oMElement4.getText().trim());
    }

    private void parseAuthorizationContextTokenGeneratorConfig(OMElement oMElement) {
        OMElement firstChildWithName;
        String trim;
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.AUTHORIZATION_CONTEXT_TOKEN_GENERATION));
        if (firstChildWithName2 != null && (firstChildWithName = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ENABLED))) != null && (trim = firstChildWithName.getText().trim()) != null && JavaUtils.isTrueExplicitly(trim)) {
            this.isAuthContextTokGenEnabled = true;
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.TOKEN_GENERATOR_IMPL_CLASS)) != null) {
                this.tokenGeneratorImplClass = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.TOKEN_GENERATOR_IMPL_CLASS)).getText().trim();
            }
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CLAIMS_RETRIEVER_IMPL_CLASS)) != null) {
                this.claimsRetrieverImplClass = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CLAIMS_RETRIEVER_IMPL_CLASS)).getText().trim();
            }
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CONSUMER_DIALECT_URI)) != null) {
                this.consumerDialectURI = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CONSUMER_DIALECT_URI)).getText().trim();
            }
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SIGNATURE_ALGORITHM)) != null) {
                this.signatureAlgorithm = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SIGNATURE_ALGORITHM)).getText().trim();
            }
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SECURITY_CONTEXT_TTL)) != null) {
                this.authContextTTL = firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SECURITY_CONTEXT_TTL)).getText().trim();
            }
            if (firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS("UseMultiValueSeparator")) != null) {
                this.useMultiValueSeparatorForAuthContextToken = Boolean.parseBoolean(firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS("UseMultiValueSeparator")).getText().trim());
            }
        }
        if (log.isDebugEnabled()) {
            if (this.isAuthContextTokGenEnabled) {
                log.debug("JWT Generation is enabled");
            } else {
                log.debug("JWT Generation is disabled");
            }
        }
    }

    private void parseImplicitErrorFragment(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("ImplicitErrorFragment"));
        if (firstChildWithName != null) {
            this.isImplicitErrorFragment = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("ImplicitErrorFragment was set to : " + this.isImplicitErrorFragment);
        }
    }

    private void parseRevokeResponseHeadersEnableConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("EnableRevokeResponseHeaders"));
        if (firstChildWithName != null) {
            this.isRevokeResponseHeadersEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("Enable revoke response headers : " + this.isRevokeResponseHeadersEnabled);
        }
    }

    private void parseOAuthTokenValueGenerator(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("AccessTokenValueGenerator"));
        if (firstChildWithName != null) {
            this.tokenValueGeneratorClassName = firstChildWithName.getText().trim();
        }
        if (log.isDebugEnabled()) {
            log.debug("Oauth token value generator class is set to: " + this.oauthTokenGeneratorClassName);
        }
    }

    private void parseOAuthDeviceCodeGrantConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("DeviceCodeGrant"));
        if (firstChildWithName != null && firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("KeyLength")) != null) {
            try {
                this.deviceCodeKeyLength = Integer.parseInt(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("KeyLength")).getText().trim());
            } catch (NumberFormatException e) {
                log.error("Error while converting user_code length " + firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("KeyLength")).getText().trim() + " to integer. Falling back to the default value.", e);
            }
        }
        if (firstChildWithName != null && firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("ExpiryTime")) != null) {
            try {
                this.deviceCodeExpiryTime = Long.parseLong(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("ExpiryTime")).getText().trim());
            } catch (NumberFormatException e2) {
                log.error("Error while converting device code expiry " + firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("ExpiryTime")).getText().trim() + " to long. Falling back to the default value.", e2);
            }
        }
        if (firstChildWithName != null && firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("PollingInterval")) != null) {
            try {
                this.deviceCodePollingInterval = Integer.parseInt(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("PollingInterval")).getText().trim());
            } catch (NumberFormatException e3) {
                log.error("Error while converting polling interval " + firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("PollingInterval")).getText().trim() + " to integer. Falling back to the default value.", e3);
            }
        }
        if (firstChildWithName == null || firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("KeySet")) == null) {
            return;
        }
        this.deviceCodeKeySet = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("KeySet")).getText().trim();
    }

    private void parseOpenIDConnectConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("OpenIDConnect"));
        if (firstChildWithName != null) {
            parseRequestObjectConfig(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("RequestObjectBuilders")));
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.REQUEST_OBJECT_VALIDATOR)) != null) {
                this.defaultRequestValidatorClassName = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.REQUEST_OBJECT_VALIDATOR)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CIBA_REQUEST_OBJECT_VALIDATOR)) != null) {
                this.defaultCibaRequestValidatorClassName = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.CIBA_REQUEST_OBJECT_VALIDATOR)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_BUILDER)) != null) {
                this.openIDConnectIDTokenBuilderClassName = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_BUILDER)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SIGNATURE_ALGORITHM)) != null) {
                this.idTokenSignatureAlgorithm = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SIGNATURE_ALGORITHM)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ID_TOKEN_ENCRYPTION_ALGORITHM)) != null) {
                this.defaultIdTokenEncryptionAlgorithm = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ID_TOKEN_ENCRYPTION_ALGORITHM)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_ALGORITHMS)) != null) {
                parseSupportedIdTokenEncryptionAlgorithms(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_ALGORITHMS)));
            } else {
                this.supportedIdTokenEncryptionAlgorithms.add("RSA1_5");
                this.supportedIdTokenEncryptionAlgorithms.add("RSA-OAEP");
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ID_TOKEN_ENCRYPTION_METHOD)) != null) {
                this.defaultIdTokenEncryptionMethod = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.ID_TOKEN_ENCRYPTION_METHOD)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_METHODS)) != null) {
                parseSupportedIdTokenEncryptionMethods(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_METHODS)));
            } else {
                this.supportedIdTokenEncryptionMethods.add("A128GCM");
                this.supportedIdTokenEncryptionMethods.add("A192GCM");
                this.supportedIdTokenEncryptionMethods.add("A256GCM");
                this.supportedIdTokenEncryptionMethods.add("A128CBC-HS256");
                this.supportedIdTokenEncryptionMethods.add("A128CBC+HS256");
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_CUSTOM_CLAIM_CALLBACK_HANDLER)) != null) {
                this.openIDConnectIDTokenCustomClaimsHanlderClassName = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_CUSTOM_CLAIM_CALLBACK_HANDLER)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_SUB_CLAIM)) != null) {
                this.openIDConnectIDTokenSubClaim = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_SUB_CLAIM)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_USER_CONSENT)) != null) {
                this.openIDConnectSkipUserConsent = Boolean.valueOf(Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_USER_CONSENT)).getText().trim()));
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_LOGIN_CONSENT)) != null) {
                this.openIDConnectSkipLoginConsent = Boolean.valueOf(Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_LOGIN_CONSENT)).getText().trim()));
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_LOGOUT_CONSENT)) != null) {
                this.openIDConnectSkipLogoutConsent = Boolean.valueOf(Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SKIP_LOGOUT_CONSENT)).getText().trim()));
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_ISSUER_ID)) != null) {
                this.openIDConnectIDTokenIssuerIdentifier = IdentityUtil.fillURLPlaceholders(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_ISSUER_ID)).getText().trim());
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_EXPIRATION)) != null) {
                this.openIDConnectIDTokenExpiration = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_IDTOKEN_EXPIRATION)).getText().trim();
                try {
                    this.openIDConnectIDTokenExpiryTimeInSeconds = Long.parseLong(this.openIDConnectIDTokenExpiration);
                } catch (NumberFormatException e) {
                    log.warn("Invalid value: '" + this.openIDConnectIDTokenExpiration + "' set for ID Token Expiry Time in Seconds. Value should be an integer. Setting expiry time to default value: " + this.openIDConnectIDTokenExpiryTimeInSeconds + " seconds.");
                }
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_DIALECT)) != null) {
                this.openIDConnectUserInfoEndpointClaimDialect = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_DIALECT)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_RETRIEVER)) != null) {
                this.openIDConnectUserInfoEndpointClaimRetriever = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_CLAIM_RETRIEVER)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_REQUEST_VALIDATOR)) != null) {
                this.openIDConnectUserInfoEndpointRequestValidator = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_REQUEST_VALIDATOR)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_ACCESS_TOKEN_VALIDATOR)) != null) {
                this.openIDConnectUserInfoEndpointAccessTokenValidator = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_ACCESS_TOKEN_VALIDATOR)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_RESPONSE_BUILDER)) != null) {
                this.openIDConnectUserInfoEndpointResponseBuilder = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_ENDPOINT_RESPONSE_BUILDER)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_JWT_SIGNATURE_ALGORITHM)) != null) {
                this.userInfoJWTSignatureAlgorithm = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_USERINFO_JWT_SIGNATURE_ALGORITHM)).getText().trim();
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SIGN_JWT_WITH_SP_KEY)) != null) {
                this.isJWTSignedWithSPKey = Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_SIGN_JWT_WITH_SP_KEY)).getText().trim());
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_CLAIMS)) != null) {
                String trim = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.SUPPORTED_CLAIMS)).getText().trim();
                if (log.isDebugEnabled()) {
                    log.debug("Supported Claims : " + trim);
                }
                if (StringUtils.isNotEmpty(trim)) {
                    this.supportedClaims = trim.split(",");
                }
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_BACK_CHANNEL_LOGOUT_TOKEN_EXPIRATION)) != null) {
                this.openIDConnectBCLogoutTokenExpiryInSeconds = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_BACK_CHANNEL_LOGOUT_TOKEN_EXPIRATION)).getText().trim();
            }
            OMElement firstChildWithName2 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_CONVERT_ORIGINAL_CLAIMS_FROM_ASSERTIONS_TO_OIDCDIALECT));
            if (firstChildWithName2 != null) {
                this.convertOriginalClaimsFromAssertionsToOIDCDialect = Boolean.parseBoolean(firstChildWithName2.getText().trim());
            }
            OMElement firstChildWithName3 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OPENID_CONNECT_ADD_UN_MAPPED_USER_ATTRIBUTES));
            if (firstChildWithName3 != null) {
                this.addUnmappedUserAttributes = Boolean.parseBoolean(firstChildWithName3.getText().trim());
            }
            if (IdentityUtil.getProperty(ConfigElements.SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP) != null) {
                this.returnOnlyMappedLocalRoles = Boolean.parseBoolean(IdentityUtil.getProperty(ConfigElements.SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP));
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("AddTenantDomainToIdToken")) != null) {
                this.addTenantDomainToIdTokenEnabled = Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("AddTenantDomainToIdToken")).getText().trim());
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("AddUserstoreDomainToIdToken")) != null) {
                this.addUserstoreDomainToIdTokenEnabled = Boolean.parseBoolean(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("AddUserstoreDomainToIdToken")).getText().trim());
            }
            if (firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("RequestObjectEnabled")) != null && Boolean.FALSE.toString().equals(firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS("RequestObjectEnabled")).getText().trim())) {
                this.requestObjectEnabled = false;
            }
            OMElement firstChildWithName4 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.OAUTH_AUTHZ_REQUEST_CLASS));
            this.oAuthAuthzRequestClassName = firstChildWithName4 != null ? firstChildWithName4.getText().trim() : DEFAULT_OAUTH_AUTHZ_REQUEST_CLASSNAME;
        }
    }

    private void parseSupportedIdTokenEncryptionAlgorithms(OMElement oMElement) {
        Iterator childrenWithLocalName;
        if (oMElement == null || (childrenWithLocalName = oMElement.getChildrenWithLocalName(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_ALGORITHM)) == null) {
            return;
        }
        while (childrenWithLocalName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
            if (oMElement2 != null) {
                this.supportedIdTokenEncryptionAlgorithms.add(oMElement2.getText());
            }
        }
    }

    private void parseSupportedIdTokenEncryptionMethods(OMElement oMElement) {
        Iterator childrenWithLocalName;
        if (oMElement == null || (childrenWithLocalName = oMElement.getChildrenWithLocalName(ConfigElements.SUPPORTED_ID_TOKEN_ENCRYPTION_METHOD)) == null) {
            return;
        }
        while (childrenWithLocalName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
            if (oMElement2 != null) {
                this.supportedIdTokenEncryptionMethods.add(oMElement2.getText());
            }
        }
    }

    private void parseHashAlgorithm(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("HashAlgorithm"));
        if (firstChildWithName != null) {
            this.hashAlgorithm = firstChildWithName.getText();
        }
        if (log.isDebugEnabled()) {
            log.debug("Hash algorithm was set to : " + this.hashAlgorithm);
        }
    }

    private void parseEnableHashMode(OMElement oMElement) {
        try {
            this.persistenceProcessor = getPersistenceProcessor();
        } catch (IdentityOAuth2Exception e) {
            log.error("Error while getting an instance of TokenPersistenceProcessor.");
        }
        if (this.persistenceProcessor instanceof HashingPersistenceProcessor) {
            OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("EnableClientSecretHash"));
            if (firstChildWithName != null) {
                this.isClientSecretHashEnabled = Boolean.parseBoolean(firstChildWithName.getText());
            }
            if (log.isDebugEnabled()) {
                log.debug("Is client secret hashing enabled: " + this.isClientSecretHashEnabled);
            }
        }
    }

    private void parseRedirectToOAuthErrorPageConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS(ConfigElements.REDIRECT_TO_REQUESTED_REDIRECT_URI));
        if (firstChildWithName != null) {
            this.redirectToRequestedRedirectUriEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("Redirecting to OAuth2 Error page is set to : " + firstChildWithName);
        }
    }

    public OAuth2ScopeValidator getoAuth2ScopeValidator() {
        return this.oAuth2ScopeValidator;
    }

    public void setoAuth2ScopeValidator(OAuth2ScopeValidator oAuth2ScopeValidator) {
        this.oAuth2ScopeValidator = oAuth2ScopeValidator;
    }

    public Set<OAuth2ScopeValidator> getOAuth2ScopeValidators() {
        return this.oAuth2ScopeValidators;
    }

    public Map<String, TokenIssuerDO> getSupportedTokenIssuers() {
        return this.supportedTokenIssuers;
    }

    public void setOAuth2ScopeValidators(Set<OAuth2ScopeValidator> set) {
        this.oAuth2ScopeValidators = set;
    }

    public Set<OAuth2ScopeHandler> getOAuth2ScopeHandlers() {
        return this.oAuth2ScopeHandlers;
    }

    public void setOAuth2ScopeHandlers(Set<OAuth2ScopeHandler> set) {
        this.oAuth2ScopeHandlers = set;
    }

    private void parseUseSPTenantDomainConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("UseSPTenantDomain"));
        if (firstChildWithName != null) {
            this.useSPTenantDomainValue = Boolean.parseBoolean(firstChildWithName.getText().trim());
        }
        if (log.isDebugEnabled()) {
            log.debug("Use SP tenant domain value is set to: " + this.useSPTenantDomainValue);
        }
    }

    private void parseTokenRenewalPerRequestConfiguration(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("RenewTokenPerRequest"));
        if (firstChildWithName != null) {
            this.isTokenRenewalPerRequestEnabled = Boolean.parseBoolean(firstChildWithName.getText());
        }
        if (log.isDebugEnabled()) {
            log.debug("RenewTokenPerRequest was set to : " + this.isTokenRenewalPerRequestEnabled);
        }
    }

    public void populateOAuthTokenIssuerMap() throws IdentityOAuth2Exception {
        if (this.supportedTokenIssuers == null) {
            throw new IdentityOAuth2Exception("supportedTokenIssuers map returned null when populating the oauthTokenIssuerMap object.");
        }
        for (Map.Entry<String, TokenIssuerDO> entry : this.supportedTokenIssuers.entrySet()) {
            try {
                OauthTokenIssuer oauthTokenIssuer = (OauthTokenIssuer) Thread.currentThread().getContextClassLoader().loadClass(entry.getValue().getTokenImplClass()).newInstance();
                oauthTokenIssuer.setPersistAccessTokenAlias(entry.getValue().isPersistAccessTokenAlias());
                this.oauthTokenIssuerMap.put(entry.getKey(), oauthTokenIssuer);
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                throw new IdentityOAuth2Exception("Error while populating OAuth Token Issuer Map. Issuer key: " + entry.getKey() + ", Issuer value: " + entry.getValue(), e);
            }
        }
    }

    public boolean isScopeValidationEnabledForCodeAndImplicitGrant() {
        return this.scopeValidationConfigValue;
    }

    private void parseAllowCrossTenantIntrospection(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS("AllowCrossTenantTokenIntrospection"));
        if (firstChildWithName != null) {
            this.allowCrossTenantIntrospection = Boolean.parseBoolean(firstChildWithName.getText());
        }
    }

    public boolean isCrossTenantTokenIntrospectionAllowed() {
        return this.allowCrossTenantIntrospection;
    }

    private static void setOAuthResponseJspPageAvailable() {
        isOAuthResponseJspPageAvailable = Files.exists(Paths.get(CarbonUtils.getCarbonHome(), "repository", "deployment", "server", "webapps", "authenticationendpoint", "oauth_response.jsp"), new LinkOption[0]);
    }

    public boolean isOAuthResponseJspPageAvailable() {
        return isOAuthResponseJspPageAvailable;
    }
}
