package org.wso2.carbon.identity.oauth2.internal;

import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.IdentityOAuthClientException;
import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.cache.AppInfoCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.AuthzCodeDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/internal/OAuthApplicationMgtListener.class */
public class OAuthApplicationMgtListener extends AbstractApplicationMgtListener {
    public static final String OAUTH2 = "oauth2";
    public static final String OAUTH2_CONSUMER_SECRET = "oauthConsumerSecret";
    private static final String OAUTH = "oauth";
    private static final String SAAS_PROPERTY = "saasProperty";
    private static final Log log = LogFactory.getLog(OAuthApplicationMgtListener.class);
    private ThreadLocal<Boolean> threadLocalForClaimConfigUpdates = ThreadLocal.withInitial(() -> {
        return true;
    });

    public int getDefaultOrderId() {
        return 901;
    }

    public boolean doPreUpdateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        handleOAuthAppAssociationRemoval(serviceProvider);
        storeSaaSPropertyValue(serviceProvider);
        removeClientSecret(serviceProvider);
        if (!StringUtils.equals(new Gson().toJson(serviceProvider.getClaimConfig()), new Gson().toJson(OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProvider(serviceProvider.getApplicationID()).getClaimConfig()))) {
            return true;
        }
        this.threadLocalForClaimConfigUpdates.set(false);
        return true;
    }

    public boolean doPostGetServiceProvider(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        addClientSecret(serviceProvider, str2);
        return true;
    }

    public boolean doPostGetServiceProviderByClientId(ServiceProvider serviceProvider, String str, String str2, String str3) throws IdentityApplicationManagementException {
        addClientSecret(serviceProvider, str3);
        return true;
    }

    public boolean doPostCreateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        addClientSecret(serviceProvider, str);
        return true;
    }

    public boolean doPostUpdateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        revokeAccessTokensWhenSaaSDisabled(serviceProvider, str);
        addClientSecret(serviceProvider, str);
        updateAuthApplication(serviceProvider);
        removeEntriesFromCache(serviceProvider, str);
        this.threadLocalForClaimConfigUpdates.remove();
        return true;
    }

    public boolean doPostGetApplicationExcludingFileBasedSPs(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        addClientSecret(serviceProvider, str2);
        return true;
    }

    public boolean doPreDeleteApplication(String str, String str2, String str3) throws IdentityApplicationManagementException {
        ServiceProvider applicationExcludingFileBasedSPs = OAuth2ServiceComponentHolder.getApplicationMgtService().getApplicationExcludingFileBasedSPs(str, str2);
        if (applicationExcludingFileBasedSPs == null) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Service Provider not found with name: " + str);
            return true;
        }
        try {
            if (log.isDebugEnabled()) {
                log.debug("Deleting OAuth inbound data associated with application: " + str + " in tenantDomain: " + str2 + " during application delete.");
            }
            deleteAssociatedOAuthApps(applicationExcludingFileBasedSPs, str2);
            return true;
        } catch (IdentityOAuthAdminException | IdentityOAuth2Exception e) {
            throw new IdentityApplicationManagementException("Error while cleaning up oauth application data associated with service provider: " + str + " of tenantDomain: " + str2, e);
        }
    }

    private Set<String> getOAuthAppsAssociatedWithApplication(ServiceProvider serviceProvider) {
        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs;
        HashSet hashSet = new HashSet();
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig != null && (inboundAuthenticationRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs()) != null) {
            for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationRequestConfigs) {
                if (StringUtils.equals("oauth2", inboundAuthenticationRequestConfig.getInboundAuthType()) || StringUtils.equals(inboundAuthenticationRequestConfig.getInboundAuthType(), OAUTH)) {
                    hashSet.add(inboundAuthenticationRequestConfig.getInboundAuthKey());
                }
            }
        }
        return hashSet;
    }

    private void deleteAssociatedOAuthApps(ServiceProvider serviceProvider, String str) throws IdentityOAuthAdminException, IdentityOAuth2Exception, IdentityApplicationManagementException {
        Set<String> oAuthAppsAssociatedWithApplication = getOAuthAppsAssociatedWithApplication(serviceProvider);
        for (String str2 : oAuthAppsAssociatedWithApplication) {
            if (log.isDebugEnabled()) {
                log.debug("Removing OAuth application data for clientId: " + str2 + " associated with application: " + serviceProvider.getApplicationName() + " tenantDomain: " + str);
            }
            OAuthComponentServiceHolder.getInstance().getOAuthInboundConfigHandler().handleConfigDeletion(str2);
        }
        removeEntriesFromCache(oAuthAppsAssociatedWithApplication);
    }

    public void onPreCreateInbound(ServiceProvider serviceProvider, boolean z) throws IdentityApplicationManagementException {
        validateOAuthInbound(serviceProvider, z);
    }

    public void doImportServiceProvider(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        try {
            if (serviceProvider.getInboundAuthenticationConfig() != null && serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() != null) {
                for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
                    if (OAUTH.equals(inboundAuthenticationRequestConfig.getInboundAuthType()) || "oauth2".equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                        OAuthAppDO oAuthAppDO = getOAuthAppDO(inboundAuthenticationRequestConfig, serviceProvider);
                        oAuthAppDO.setAppOwner(new AuthenticatedUser(serviceProvider.getOwner()));
                        OAuthConsumerAppDTO buildConsumerAppDTO = OAuthUtil.buildConsumerAppDTO(oAuthAppDO);
                        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
                        String oauthConsumerKey = buildConsumerAppDTO.getOauthConsumerKey();
                        boolean isDuplicateConsumer = oAuthAppDAO.isDuplicateConsumer(oauthConsumerKey);
                        if (buildConsumerAppDTO.getOauthConsumerSecret() == null) {
                            if (isDuplicateConsumer) {
                                buildConsumerAppDTO.setOauthConsumerSecret(OAuth2Util.getAppInformationByClientId(oauthConsumerKey).getOauthConsumerSecret());
                            } else {
                                buildConsumerAppDTO.setOauthConsumerSecret(OAuthUtil.getRandomNumberSecure());
                            }
                        }
                        OAuthAdminServiceImpl oAuthAdminServiceImpl = OAuthComponentServiceHolder.getInstance().getoAuthAdminService();
                        if (isDuplicateConsumer) {
                            oAuthAdminServiceImpl.updateConsumerApplication(buildConsumerAppDTO);
                            return;
                        } else {
                            oAuthAdminServiceImpl.registerOAuthApplicationData(buildConsumerAppDTO);
                            return;
                        }
                    }
                }
            }
        } catch (IdentityOAuthClientException | InvalidOAuthClientException e) {
            throw handleException(e.getMessage(), e);
        } catch (IdentityOAuthAdminException | IdentityOAuth2Exception e2) {
            throw handleException("Error occurred when importing OAuth inbound.", e2);
        }
    }

    private OAuthAppDO getOAuthAppDO(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig, ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        OAuthAppDO oAuthAppDO = (OAuthAppDO) inboundAuthenticationRequestConfig.getInboundConfigurationProtocol();
        String inboundConfiguration = inboundAuthenticationRequestConfig.getInboundConfiguration();
        if (oAuthAppDO != null) {
            return oAuthAppDO;
        }
        if (!StringUtils.isNotBlank(inboundConfiguration)) {
            throw new IdentityApplicationManagementException(String.format("No inbound configurations found for oauth in the imported %s", serviceProvider.getApplicationName()));
        }
        OAuthAppDO marshelOAuthDO = marshelOAuthDO(inboundConfiguration, serviceProvider.getApplicationName(), serviceProvider.getOwner().getTenantDomain());
        inboundAuthenticationRequestConfig.setInboundConfigurationProtocol(marshelOAuthDO);
        return marshelOAuthDO;
    }

    private IdentityApplicationManagementException handleException(String str, Exception exc) {
        return ((exc instanceof IdentityOAuthClientException) || (exc instanceof InvalidOAuthClientException)) ? new IdentityApplicationManagementClientException(str, exc) : new IdentityApplicationManagementServerException(str, exc);
    }

    public void doExportServiceProvider(ServiceProvider serviceProvider, Boolean bool) throws IdentityApplicationManagementException {
        try {
            if (serviceProvider.getInboundAuthenticationConfig() != null && serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() != null) {
                for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
                    if (OAUTH.equals(inboundAuthenticationRequestConfig.getInboundAuthType()) || "oauth2".equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                        OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(inboundAuthenticationRequestConfig.getInboundAuthKey());
                        if (!"org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor".equals(OAuthServerConfiguration.getInstance().getPersistenceProcessor().getClass().getName()) || !bool.booleanValue()) {
                            appInformation.setOauthConsumerSecret(null);
                        }
                        inboundAuthenticationRequestConfig.setProperties((Property[]) Arrays.stream(inboundAuthenticationRequestConfig.getProperties()).filter(property -> {
                            return !OAUTH2_CONSUMER_SECRET.equals(property.getName());
                        }).toArray(i -> {
                            return new Property[i];
                        }));
                        inboundAuthenticationRequestConfig.setInboundConfiguration(unmarshelOAuthDO(appInformation));
                        inboundAuthenticationRequestConfig.setInboundConfigurationProtocol(appInformation);
                        return;
                    }
                }
            }
        } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
            throw new IdentityApplicationManagementException("Error occurred when retrieving OAuth application ", e);
        }
    }

    private void removeClientSecret(ServiceProvider serviceProvider) {
        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs;
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig == null || (inboundAuthenticationRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs()) == null) {
            return;
        }
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationRequestConfigs) {
            if (inboundAuthenticationRequestConfig.getInboundAuthType().equals("oauth2")) {
                Property[] properties = inboundAuthenticationRequestConfig.getProperties();
                for (Property property : properties) {
                    if (property.getName().equalsIgnoreCase(OAUTH2_CONSUMER_SECRET)) {
                        properties = (Property[]) ArrayUtils.removeElement(properties, property);
                        inboundAuthenticationRequestConfig.setProperties(properties);
                    }
                }
            }
        }
    }

    private void addClientSecret(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs;
        if (serviceProvider == null) {
            return;
        }
        try {
            InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
            if (inboundAuthenticationConfig != null && (inboundAuthenticationRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs()) != null) {
                for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationRequestConfigs) {
                    if (inboundAuthenticationRequestConfig.getInboundAuthType().equals("oauth2")) {
                        Property[] properties = inboundAuthenticationRequestConfig.getProperties();
                        Property property = new Property();
                        property.setName(OAUTH2_CONSUMER_SECRET);
                        String str2 = null;
                        try {
                            str2 = OAuth2Util.getClientSecret(inboundAuthenticationRequestConfig.getInboundAuthKey(), str);
                        } catch (InvalidOAuthClientException e) {
                            log.warn("The OAuth application data not exists for " + inboundAuthenticationRequestConfig.getInboundAuthKey());
                        }
                        property.setValue(str2);
                        inboundAuthenticationRequestConfig.setProperties((Property[]) ArrayUtils.add(properties, property));
                    }
                }
            }
        } catch (IdentityOAuth2Exception e2) {
            throw new IdentityApplicationManagementException("Injecting client secret failed.", e2);
        }
    }

    private void updateAuthApplication(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = null;
        if (serviceProvider.getInboundAuthenticationConfig() != null && serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() != null) {
            for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig2 : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
                if (StringUtils.equals(inboundAuthenticationRequestConfig2.getInboundAuthType(), OAUTH) || StringUtils.equals(inboundAuthenticationRequestConfig2.getInboundAuthType(), "oauth2")) {
                    inboundAuthenticationRequestConfig = inboundAuthenticationRequestConfig2;
                    break;
                }
            }
        }
        if (inboundAuthenticationRequestConfig == null) {
            return;
        }
        try {
            new OAuthAppDAO().updateOAuthConsumerApp(serviceProvider, inboundAuthenticationRequestConfig.getInboundAuthKey());
            AppInfoCache.getInstance().clearCacheEntry(inboundAuthenticationRequestConfig.getInboundAuthKey());
        } catch (IdentityOAuthAdminException e) {
            throw new IdentityApplicationManagementException("Error occurred while updating oauth consumer app for " + inboundAuthenticationRequestConfig.getInboundAuthKey(), e);
        }
    }

    private void removeEntriesFromCache(Set<String> set) throws IdentityOAuth2Exception {
        if (CollectionUtils.isNotEmpty(set)) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            AppInfoCache appInfoCache = AppInfoCache.getInstance();
            for (String str : set) {
                hashSet.addAll(OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getActiveTokenSetWithTokenIdByConsumerKeyForOpenidScope(str));
                hashSet2.addAll(OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getAuthorizationCodeDOSetByConsumerKeyForOpenidScope(str));
                appInfoCache.clearCacheEntry(str);
                OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str));
            }
            if (CollectionUtils.isNotEmpty(hashSet) && this.threadLocalForClaimConfigUpdates.get().booleanValue()) {
                clearCacheEntriesAgainstToken(hashSet);
            }
            if (CollectionUtils.isNotEmpty(hashSet2) && this.threadLocalForClaimConfigUpdates.get().booleanValue()) {
                clearCacheEntriesAgainstAuthzCode(hashSet2);
            }
        }
    }

    private void removeEntriesFromCache(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        try {
            removeEntriesFromCache(getOAuthAppsAssociatedWithApplication(serviceProvider));
        } catch (IdentityOAuth2Exception e) {
            throw new IdentityApplicationManagementException("Error while clearing cache for oauth application data associated with service provider: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str, e);
        }
    }

    private void clearCacheEntriesAgainstAuthzCode(Set<AuthzCodeDO> set) {
        for (AuthzCodeDO authzCodeDO : set) {
            AuthorizationGrantCache.getInstance().clearCacheEntryByCodeId(new AuthorizationGrantCacheKey(authzCodeDO.getAuthorizationCode()), authzCodeDO.getAuthzCodeId());
            OAuthCacheKey oAuthCacheKey = new OAuthCacheKey(authzCodeDO.getAuthorizationCode());
            if (((CacheEntry) OAuthCache.getInstance().getValueFromCache(oAuthCacheKey)) != null) {
                OAuthCache.getInstance().clearCacheEntry(oAuthCacheKey);
            }
        }
    }

    private void clearCacheEntriesAgainstToken(Set<AccessTokenDO> set) {
        for (AccessTokenDO accessTokenDO : set) {
            AuthorizationGrantCache.getInstance().clearCacheEntryByTokenId(new AuthorizationGrantCacheKey(accessTokenDO.getAccessToken()), accessTokenDO.getTokenId());
            OAuthCacheKey oAuthCacheKey = new OAuthCacheKey(accessTokenDO.getAccessToken());
            if (((CacheEntry) OAuthCache.getInstance().getValueFromCache(oAuthCacheKey)) != null) {
                OAuthCache.getInstance().clearCacheEntry(oAuthCacheKey);
            }
        }
    }

    private void storeSaaSPropertyValue(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        ((Map) IdentityUtil.threadLocalProperties.get()).put(SAAS_PROPERTY, Boolean.valueOf(OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProvider(serviceProvider.getApplicationID()).isSaasApp()));
    }

    private void handleOAuthAppAssociationRemoval(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        int applicationID = serviceProvider.getApplicationID();
        InboundAuthenticationRequestConfig oAuthInbound = getOAuthInbound(OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProvider(applicationID));
        if (isOAuthInboundAssociationRemoved(oAuthInbound, getOAuthInbound(serviceProvider))) {
            String inboundAuthKey = oAuthInbound.getInboundAuthKey();
            try {
                if (log.isDebugEnabled()) {
                    log.debug("OAuth inbound with clientId: " + inboundAuthKey + " has been removed from service provider with id: " + applicationID + ". Removing the stale OAuth application for clientId: " + inboundAuthKey);
                }
                OAuthComponentServiceHolder.getInstance().getOAuthInboundConfigHandler().handleConfigDeletion(inboundAuthKey);
            } catch (IdentityApplicationManagementException e) {
                throw new IdentityApplicationManagementException(String.format("Error removing OAuth2 inbound data for clientId: %s associated with service provider with id: %s during application update.", inboundAuthKey, Integer.valueOf(applicationID)), e);
            }
        }
    }

    private boolean isOAuthInboundAssociationRemoved(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig, InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig2) {
        return inboundAuthenticationRequestConfig != null && inboundAuthenticationRequestConfig2 == null;
    }

    private InboundAuthenticationRequestConfig getOAuthInbound(ServiceProvider serviceProvider) {
        if (serviceProvider == null || serviceProvider.getInboundAuthenticationConfig() == null || !ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
            return null;
        }
        return (InboundAuthenticationRequestConfig) Arrays.stream(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()).filter(inboundAuthenticationRequestConfig -> {
            return "oauth2".equals(inboundAuthenticationRequestConfig.getInboundAuthType());
        }).findAny().orElse(null);
    }

    private void revokeAccessTokensWhenSaaSDisabled(ServiceProvider serviceProvider, String str) {
        try {
            boolean z = false;
            Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(SAAS_PROPERTY);
            if (obj instanceof Boolean) {
                z = ((Boolean) obj).booleanValue();
            }
            if (z && !serviceProvider.isSaasApp()) {
                if (log.isDebugEnabled()) {
                    log.debug("SaaS setting removed for application: " + serviceProvider.getApplicationName() + "in tenant domain: " + str + ", hence proceeding to token revocation of other tenants.");
                }
                int tenantId = IdentityTenantUtil.getTenantId(str);
                new Thread(() -> {
                    for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
                        if ("oauth2".equalsIgnoreCase(inboundAuthenticationRequestConfig.getInboundAuthType()) && inboundAuthenticationRequestConfig.getInboundAuthKey() != null) {
                            try {
                                OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().revokeSaaSTokensOfOtherTenants(inboundAuthenticationRequestConfig.getInboundAuthKey(), tenantId);
                            } catch (IdentityOAuth2Exception e) {
                                log.error("Error occurred while revoking access tokens for client ID: " + inboundAuthenticationRequestConfig.getInboundAuthKey() + " and tenant domain: " + str, e);
                            }
                        }
                    }
                }).start();
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(SAAS_PROPERTY);
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(SAAS_PROPERTY);
            throw th;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:37:0x0108
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    private void validateOAuthInbound(org.wso2.carbon.identity.application.common.model.ServiceProvider r8, boolean r9) throws org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException {
        /*
            Method dump skipped, instructions count: 398
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.oauth2.internal.OAuthApplicationMgtListener.validateOAuthInbound(org.wso2.carbon.identity.application.common.model.ServiceProvider, boolean):void");
    }

    private void validateGrants(String[] strArr, List<String> list) {
        ArrayList arrayList = new ArrayList(Arrays.asList(new OAuthAdminService().getAllowedGrantTypes()));
        for (String str : strArr) {
            if (!StringUtils.isBlank(str) && !arrayList.contains(str)) {
                list.add(String.format("Grant type %s not allowed", str));
            }
        }
    }

    private void validateScopeValidators(String[] strArr, List<String> list) {
        ArrayList arrayList = new ArrayList(Arrays.asList(new OAuthAdminService().getAllowedScopeValidators()));
        Arrays.stream(strArr).forEach(str -> {
            if (arrayList.contains(str)) {
                return;
            }
            list.add(String.format("The scope validator %s is not available in the server configuration. ", str));
        });
    }

    private String unmarshelOAuthDO(OAuthAppDO oAuthAppDO) throws IdentityApplicationManagementException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{OAuthAppDO.class}).createMarshaller();
            createMarshaller.setProperty("jaxb.formatted.output", true);
            StringWriter stringWriter = new StringWriter();
            createMarshaller.marshal(oAuthAppDO, stringWriter);
            return stringWriter.toString();
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException(String.format("Error in exporting OAuth application %s@%s", oAuthAppDO.getApplicationName(), oAuthAppDO.getUser().getTenantDomain()), e);
        }
    }

    private OAuthAppDO marshelOAuthDO(String str, String str2, String str3) throws IdentityApplicationManagementException {
        try {
            return (OAuthAppDO) JAXBContext.newInstance(new Class[]{OAuthAppDO.class}).createUnmarshaller().unmarshal(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException(String.format("Error in unmarshelling OAuth application %s@%s", str2, str3), e);
        }
    }
}
