package org.wso2.carbon.identity.oauth.dcr.service;

import com.google.gson.Gson;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dcr.DCRMConstants;
import org.wso2.carbon.identity.oauth.dcr.bean.Application;
import org.wso2.carbon.identity.oauth.dcr.bean.ApplicationRegistrationRequest;
import org.wso2.carbon.identity.oauth.dcr.bean.ApplicationUpdateRequest;
import org.wso2.carbon.identity.oauth.dcr.exception.DCRMClientException;
import org.wso2.carbon.identity.oauth.dcr.exception.DCRMException;
import org.wso2.carbon.identity.oauth.dcr.exception.DCRMServerException;
import org.wso2.carbon.identity.oauth.dcr.internal.DCRDataHolder;
import org.wso2.carbon.identity.oauth.dcr.util.DCRConstants;
import org.wso2.carbon.identity.oauth.dcr.util.DCRMUtils;
import org.wso2.carbon.identity.oauth.dcr.util.ErrorCodes;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/dcr/service/DCRMService.class */
public class DCRMService {
    private static final String AUTH_TYPE_OAUTH_2 = "oauth2";
    private static final String OAUTH_VERSION = "OAuth-2.0";
    private static final String GRANT_TYPE_SEPARATOR = " ";
    private static final Log log = LogFactory.getLog(DCRMService.class);
    private static OAuthAdminService oAuthAdminService = new OAuthAdminService();
    private static Pattern clientIdRegexPattern = null;

    public Application getApplication(String str) throws DCRMException {
        validateRequestTenantDomain(str);
        return buildResponse(getApplicationById(str, DCRMUtils.isApplicationRolePermissionRequired()));
    }

    public Application getApplicationByName(String str) throws DCRMException {
        if (StringUtils.isEmpty(str)) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INSUFFICIENT_DATA, null);
        }
        if (!isServiceProviderExist(str, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain())) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.NOT_FOUND_APPLICATION_WITH_NAME, str);
        }
        try {
            OAuthConsumerAppDTO oAuthApplicationDataByAppName = oAuthAdminService.getOAuthApplicationDataByAppName(str);
            if (isUserAuthorized(oAuthApplicationDataByAppName.getOauthConsumerKey())) {
                return buildResponse(oAuthApplicationDataByAppName);
            }
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FORBIDDEN_UNAUTHORIZED_USER, str);
        } catch (IdentityOAuthAdminException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION, str, e);
        }
    }

    public Application registerApplication(ApplicationRegistrationRequest applicationRegistrationRequest) throws DCRMException {
        return createOAuthApplication(applicationRegistrationRequest);
    }

    public void deleteApplication(String str) throws DCRMException {
        validateRequestTenantDomain(str);
        OAuthConsumerAppDTO applicationById = getApplicationById(str);
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        try {
            String serviceProviderNameByClientId = DCRDataHolder.getInstance().getApplicationManagementService().getServiceProviderNameByClientId(applicationById.getOauthConsumerKey(), "oauth2", tenantDomain);
            if (StringUtils.equals(serviceProviderNameByClientId, "default")) {
                if (log.isDebugEnabled()) {
                    log.debug("The application with consumer key: " + applicationById.getOauthConsumerKey() + " doesn't have an associated service provider.");
                }
                deleteOAuthApplicationWithoutAssociatedSP(applicationById, tenantDomain, username);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("The application with consumer key: " + applicationById.getOauthConsumerKey() + " has an association with the service provider: " + serviceProviderNameByClientId);
                }
                deleteServiceProvider(serviceProviderNameByClientId, tenantDomain, username);
            }
        } catch (IdentityApplicationManagementException e) {
            throw new DCRMException("Error while retrieving the service provider.", (Throwable) e);
        }
    }

    public Application updateApplication(ApplicationUpdateRequest applicationUpdateRequest, String str) throws DCRMException {
        validateRequestTenantDomain(str);
        OAuthConsumerAppDTO applicationById = getApplicationById(str);
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        String clientName = applicationUpdateRequest.getClientName();
        ServiceProvider serviceProvider = getServiceProvider(applicationById.getApplicationName(), tenantDomain);
        if (StringUtils.isNotEmpty(clientName)) {
            if (!applicationById.getApplicationName().equals(clientName) && isServiceProviderExist(clientName, tenantDomain)) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.CONFLICT_EXISTING_APPLICATION, clientName);
            }
            if (!DCRMUtils.isRegexValidated(clientName)) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_SP_NAME, DCRMUtils.getSPValidatorRegex(), null);
            }
            if (serviceProvider == null) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FAILED_TO_GET_SP, applicationById.getApplicationName(), null);
            }
            ServiceProvider cloneServiceProvider = cloneServiceProvider(serviceProvider);
            cloneServiceProvider.setApplicationName(clientName);
            updateServiceProvider(cloneServiceProvider, tenantDomain, username);
        }
        try {
            if (StringUtils.isNotEmpty(clientName)) {
                if (!DCRMUtils.isRegexValidated(clientName)) {
                    throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_SP_NAME, DCRMUtils.getSPValidatorRegex(), null);
                }
                applicationById.setApplicationName(clientName);
            }
            if (!applicationUpdateRequest.getGrantTypes().isEmpty()) {
                applicationById.setGrantTypes(StringUtils.join(applicationUpdateRequest.getGrantTypes(), GRANT_TYPE_SEPARATOR));
            }
            if (!applicationUpdateRequest.getRedirectUris().isEmpty()) {
                applicationById.setCallbackUrl(validateAndSetCallbackURIs(applicationUpdateRequest.getRedirectUris(), applicationUpdateRequest.getGrantTypes()));
            }
            if (applicationUpdateRequest.getTokenType() != null) {
                applicationById.setTokenType(applicationUpdateRequest.getTokenType());
            }
            if (StringUtils.isNotEmpty(applicationUpdateRequest.getBackchannelLogoutUri())) {
                applicationById.setBackChannelLogoutUrl(validateBackchannelLogoutURI(applicationUpdateRequest.getBackchannelLogoutUri()));
            }
            oAuthAdminService.updateConsumerApplication(applicationById);
            return buildResponse(getApplicationById(str));
        } catch (IdentityOAuthAdminException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_APPLICATION, str, e);
        }
    }

    private OAuthConsumerAppDTO getApplicationById(String str) throws DCRMException {
        return getApplicationById(str, true);
    }

    private OAuthConsumerAppDTO getApplicationById(String str, boolean z) throws DCRMException {
        if (StringUtils.isEmpty(str)) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_INPUT, "Invalid client_id");
        }
        try {
            OAuthConsumerAppDTO oAuthApplicationData = oAuthAdminService.getOAuthApplicationData(str);
            if (oAuthApplicationData == null || StringUtils.isEmpty(oAuthApplicationData.getApplicationName())) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.NOT_FOUND_APPLICATION_WITH_ID, str);
            }
            if (!z || isUserAuthorized(str)) {
                return oAuthApplicationData;
            }
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FORBIDDEN_UNAUTHORIZED_USER, str);
        } catch (IdentityOAuthAdminException e) {
            if (e.getCause() instanceof InvalidOAuthClientException) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.NOT_FOUND_APPLICATION_WITH_ID, str);
            }
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION_BY_ID, str, e);
        }
    }

    private Application createOAuthApplication(ApplicationRegistrationRequest applicationRegistrationRequest) throws DCRMException {
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String clientName = applicationRegistrationRequest.getClientName();
        String spTemplateName = applicationRegistrationRequest.getSpTemplateName();
        if (!DCRMUtils.isRegexValidated(clientName)) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_SP_NAME, DCRMUtils.getSPValidatorRegex(), null);
        }
        if (isServiceProviderExist(clientName, tenantDomain)) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.CONFLICT_EXISTING_APPLICATION, clientName);
        }
        if (StringUtils.isNotEmpty(applicationRegistrationRequest.getConsumerKey()) && isClientIdExist(applicationRegistrationRequest.getConsumerKey())) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.CONFLICT_EXISTING_CLIENT_ID, applicationRegistrationRequest.getConsumerKey());
        }
        ServiceProvider createServiceProvider = createServiceProvider(username, tenantDomain, clientName, spTemplateName);
        try {
            OAuthConsumerAppDTO createOAuthApp = createOAuthApp(applicationRegistrationRequest, username, tenantDomain, clientName);
            try {
                updateServiceProviderWithOAuthAppDetails(createServiceProvider, createOAuthApp, username, tenantDomain);
                return buildResponse(createOAuthApp);
            } catch (DCRMException e) {
                deleteApplication(createOAuthApp.getOauthConsumerKey());
                throw e;
            }
        } catch (DCRMException e2) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth app: " + clientName + " registration failed in tenantDomain: " + tenantDomain + ". Deleting the service provider: " + clientName + " to rollback.");
            }
            deleteServiceProvider(clientName, tenantDomain, username);
            throw e2;
        }
    }

    private Application buildResponse(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
        Application application = new Application();
        application.setClientName(oAuthConsumerAppDTO.getApplicationName());
        application.setClientId(oAuthConsumerAppDTO.getOauthConsumerKey());
        application.setClientSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
        ArrayList arrayList = new ArrayList();
        arrayList.add(oAuthConsumerAppDTO.getCallbackUrl());
        application.setRedirectUris(arrayList);
        List<String> arrayList2 = new ArrayList();
        if (StringUtils.isNotEmpty(oAuthConsumerAppDTO.getGrantTypes())) {
            arrayList2 = Arrays.asList(oAuthConsumerAppDTO.getGrantTypes().split(GRANT_TYPE_SEPARATOR));
        }
        application.setGrantTypes(arrayList2);
        return application;
    }

    private void updateServiceProviderWithOAuthAppDetails(ServiceProvider serviceProvider, OAuthConsumerAppDTO oAuthConsumerAppDTO, String str, String str2) throws DCRMException {
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        ArrayList arrayList = new ArrayList();
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthKey(oAuthConsumerAppDTO.getOauthConsumerKey());
        inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
        arrayList.add(inboundAuthenticationRequestConfig);
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs((InboundAuthenticationRequestConfig[]) arrayList.toArray(new InboundAuthenticationRequestConfig[arrayList.size()]));
        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
        serviceProvider.setSaasApp(false);
        updateServiceProvider(serviceProvider, str2, str);
    }

    private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest applicationRegistrationRequest, String str, String str2, String str3) throws DCRMException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(str3);
        oAuthConsumerAppDTO.setCallbackUrl(validateAndSetCallbackURIs(applicationRegistrationRequest.getRedirectUris(), applicationRegistrationRequest.getGrantTypes()));
        oAuthConsumerAppDTO.setGrantTypes(StringUtils.join(applicationRegistrationRequest.getGrantTypes(), GRANT_TYPE_SEPARATOR));
        oAuthConsumerAppDTO.setOAuthVersion(OAUTH_VERSION);
        oAuthConsumerAppDTO.setTokenType(applicationRegistrationRequest.getTokenType());
        oAuthConsumerAppDTO.setBackChannelLogoutUrl(validateBackchannelLogoutURI(applicationRegistrationRequest.getBackchannelLogoutUri()));
        if (StringUtils.isNotEmpty(applicationRegistrationRequest.getConsumerKey())) {
            String clientIdValidationRegex = OAuthServerConfiguration.getInstance().getClientIdValidationRegex();
            if (!clientIdMatchesRegex(applicationRegistrationRequest.getConsumerKey(), clientIdValidationRegex)) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_CLIENT_ID_VIOLATES_PATTERN, clientIdValidationRegex);
            }
            oAuthConsumerAppDTO.setOauthConsumerKey(applicationRegistrationRequest.getConsumerKey());
        }
        if (StringUtils.isNotEmpty(applicationRegistrationRequest.getConsumerSecret())) {
            oAuthConsumerAppDTO.setOauthConsumerSecret(applicationRegistrationRequest.getConsumerSecret());
        }
        if (log.isDebugEnabled()) {
            log.debug("Creating OAuth Application: " + str3 + " in tenant: " + str2);
        }
        try {
            OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
            if (log.isDebugEnabled()) {
                log.debug("Created OAuth Application: " + str3 + " in tenant: " + str2);
            }
            if (registerAndRetrieveOAuthApplicationData == null) {
                throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_REGISTER_APPLICATION, str3);
            }
            return registerAndRetrieveOAuthApplicationData;
        } catch (IdentityOAuthAdminException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_REGISTER_APPLICATION, str3, e);
        }
    }

    private ServiceProvider createServiceProvider(String str, String str2, String str3, String str4) throws DCRMException {
        ServiceProvider serviceProvider = new ServiceProvider();
        serviceProvider.setApplicationName(str3);
        User user = new User();
        user.setUserName(str);
        user.setTenantDomain(str2);
        serviceProvider.setOwner(user);
        serviceProvider.setDescription("Service Provider for application " + str3);
        createServiceProvider(serviceProvider, str2, str, str4);
        ServiceProvider serviceProvider2 = getServiceProvider(str3, str2);
        if (serviceProvider2 == null) {
            throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FAILED_TO_REGISTER_SP, str3);
        }
        return serviceProvider2;
    }

    private boolean isServiceProviderExist(String str, String str2) {
        ServiceProvider serviceProvider = null;
        try {
            serviceProvider = getServiceProvider(str, str2);
        } catch (DCRMException e) {
            log.error("Error while retrieving service provider: " + str + " in tenant: " + str2);
        }
        return serviceProvider != null;
    }

    private boolean isClientIdExist(String str) throws DCRMException {
        try {
            OAuthConsumerAppDTO oAuthApplicationData = oAuthAdminService.getOAuthApplicationData(str);
            if (oAuthApplicationData != null) {
                if (StringUtils.isNotBlank(oAuthApplicationData.getApplicationName())) {
                    return true;
                }
            }
            return false;
        } catch (IdentityOAuthAdminException e) {
            if (e.getCause() instanceof InvalidOAuthClientException) {
                return false;
            }
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION_BY_ID, str, e);
        }
    }

    private ServiceProvider getServiceProvider(String str, String str2) throws DCRMException {
        try {
            return DCRDataHolder.getInstance().getApplicationManagementService().getServiceProvider(str, str2);
        } catch (IdentityApplicationManagementException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_GET_SP, str, e);
        }
    }

    private void updateServiceProvider(ServiceProvider serviceProvider, String str, String str2) throws DCRMException {
        try {
            DCRDataHolder.getInstance().getApplicationManagementService().updateApplication(serviceProvider, str, str2);
        } catch (IdentityApplicationManagementException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_SP, serviceProvider.getApplicationName(), e);
        }
    }

    private void createServiceProvider(ServiceProvider serviceProvider, String str, String str2, String str3) throws DCRMException {
        if (str3 != null) {
            try {
                if (!DCRDataHolder.getInstance().getApplicationManagementService().isExistingApplicationTemplate(str3, str)) {
                    throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_SP_TEMPLATE_NAME, str3);
                }
            } catch (IdentityApplicationManagementException e) {
                throw new DCRMException(ErrorCodes.BAD_REQUEST.toString(), "Error while creating service provider: " + serviceProvider.getApplicationName() + " in tenant: " + str, e);
            }
        }
        DCRDataHolder.getInstance().getApplicationManagementService().createApplicationWithTemplate(serviceProvider, str, str2, str3);
    }

    private void deleteServiceProvider(String str, String str2, String str3) throws DCRMException {
        try {
            DCRDataHolder.getInstance().getApplicationManagementService().deleteApplication(str, str2, str3);
        } catch (IdentityApplicationManagementException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_DELETE_SP, str, e);
        }
    }

    private void deleteOAuthApplicationWithoutAssociatedSP(OAuthConsumerAppDTO oAuthConsumerAppDTO, String str, String str2) throws DCRMException {
        try {
            if (log.isDebugEnabled()) {
                log.debug("Delete OAuth application with the consumer key: " + oAuthConsumerAppDTO.getOauthConsumerKey());
            }
            oAuthAdminService.removeOAuthApplicationData(oAuthConsumerAppDTO.getOauthConsumerKey());
            ApplicationManagementService applicationManagementService = DCRDataHolder.getInstance().getApplicationManagementService();
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Get service provider with application name: " + oAuthConsumerAppDTO.getApplicationName());
                }
                ServiceProvider serviceProvider = applicationManagementService.getServiceProvider(oAuthConsumerAppDTO.getApplicationName(), str);
                if (serviceProvider == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("There is no service provider exists with the name: " + oAuthConsumerAppDTO.getApplicationName());
                    }
                } else if (serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs().length == 0) {
                    if (log.isDebugEnabled()) {
                        log.debug("Delete the service provider: " + serviceProvider.getApplicationName());
                    }
                    applicationManagementService.deleteApplication(serviceProvider.getApplicationName(), str, str2);
                } else if (log.isDebugEnabled()) {
                    log.debug("Service provider with name: " + serviceProvider.getApplicationName() + " can not be deleted since it has association with other application/s");
                }
            } catch (IdentityApplicationManagementException e) {
                throw new DCRMException("Error while deleting the service provider with the name: " + oAuthConsumerAppDTO.getApplicationName(), (Throwable) e);
            }
        } catch (IdentityOAuthAdminException e2) {
            throw new DCRMException("Error while deleting the OAuth application with consumer key: " + oAuthConsumerAppDTO.getOauthConsumerKey(), (Throwable) e2);
        }
    }

    private String validateAndSetCallbackURIs(List<String> list, List<String> list2) throws DCRMException {
        if (list.size() == 0) {
            if (isRedirectURIMandatory(list2)) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_INPUT, "RedirectUris property must have at least one URI value when using Authorization code or implicit grant types.");
            }
            return "";
        }
        if (list.size() != 1) {
            return "regexp=" + createRegexPattern(list);
        }
        String str = list.get(0);
        if (DCRMUtils.isRedirectionUriValid(str)) {
            return str;
        }
        throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_REDIRECT_URI, str);
    }

    private String validateBackchannelLogoutURI(String str) throws DCRMException {
        if (DCRMUtils.isBackchannelLogoutUriValid(str)) {
            return str;
        }
        throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_BACKCHANNEL_LOGOUT_URI, str);
    }

    private boolean isRedirectURIMandatory(List<String> list) {
        return list.contains(DCRConstants.GrantTypes.AUTHORIZATION_CODE) || list.contains(DCRConstants.GrantTypes.IMPLICIT);
    }

    protected String createRegexPattern(List<String> list) throws DCRMException {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (!DCRMUtils.isRedirectionUriValid(str)) {
                throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_INVALID_REDIRECT_URI, str);
            }
            arrayList.add(escapeQueryParamsIfPresent(str));
        }
        return arrayList.isEmpty() ? "" : "(".concat(StringUtils.join(arrayList, "|")).concat(")");
    }

    private String escapeQueryParamsIfPresent(String str) {
        return str.replaceFirst("\\?", "\\\\?");
    }

    private boolean isUserAuthorized(String str) throws DCRMServerException {
        try {
            return ApplicationMgtUtil.isUserAuthorized(DCRDataHolder.getInstance().getApplicationManagementService().getServiceProviderNameByClientId(str, "oauth2", PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()), CarbonContext.getThreadLocalCarbonContext().getUsername());
        } catch (IdentityApplicationManagementException e) {
            throw DCRMUtils.generateServerException(DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION_BY_ID, str, e);
        }
    }

    private static boolean clientIdMatchesRegex(String str, String str2) {
        if (clientIdRegexPattern == null) {
            clientIdRegexPattern = Pattern.compile(str2);
        }
        return clientIdRegexPattern.matcher(str).matches();
    }

    private void validateRequestTenantDomain(String str) throws DCRMException {
        try {
            OAuth2Util.validateRequestTenantDomain(OAuth2Util.getTenantDomainOfOauthApp(str));
        } catch (InvalidOAuthClientException e) {
            throw new DCRMClientException(DCRMConstants.ErrorMessages.TENANT_DOMAIN_MISMATCH.getErrorCode(), String.format(DCRMConstants.ErrorMessages.TENANT_DOMAIN_MISMATCH.getMessage(), str));
        } catch (IdentityOAuth2Exception e2) {
            throw new DCRMServerException(String.format(DCRMConstants.ErrorMessages.FAILED_TO_VALIDATE_TENANT_DOMAIN.getMessage(), str));
        }
    }

    private ServiceProvider cloneServiceProvider(ServiceProvider serviceProvider) {
        Gson gson = new Gson();
        return (ServiceProvider) gson.fromJson(gson.toJson(serviceProvider), ServiceProvider.class);
    }
}
