package org.wso2.carbon.identity.oauth.dcr.service;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.base.IdentityValidationException;
import org.wso2.carbon.identity.base.IdentityValidationUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.dcr.DCRException;
import org.wso2.carbon.identity.oauth.dcr.internal.DCRDataHolder;
import org.wso2.carbon.identity.oauth.dcr.model.RegistrationRequestProfile;
import org.wso2.carbon.identity.oauth.dcr.model.RegistrationResponseProfile;
import org.wso2.carbon.identity.oauth.dcr.util.DCRConstants;
import org.wso2.carbon.identity.oauth.dcr.util.DCRMUtils;
import org.wso2.carbon.identity.oauth.dcr.util.ErrorCodes;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/dcr/service/DCRManagementService.class */
public class DCRManagementService {
    private static final String AUTH_TYPE_OAUTH_2 = "oauth2";
    private static final String OAUTH_CONSUMER_SECRET = "oauthConsumerSecret";
    private static final String OAUTH_VERSION = "OAuth-2.0";
    private static final String DEFAULT_CLIENT_SECRET_EXPIRY_TIME = "0";
    private static final Log log = LogFactory.getLog(DCRManagementService.class);
    private static DCRManagementService dcrManagementService = new DCRManagementService();

    private DCRManagementService() {
    }

    public static DCRManagementService getInstance() {
        return dcrManagementService;
    }

    public RegistrationResponseProfile registerOAuthApplication(RegistrationRequestProfile registrationRequestProfile) throws DCRException {
        String clientName = registrationRequestProfile.getClientName();
        if (log.isDebugEnabled()) {
            log.debug("Trying to register OAuth application: '" + clientName + "'");
        }
        if (DCRMUtils.isRegexValidated(clientName)) {
            return createOAuthApplication(registrationRequestProfile);
        }
        throw new DCRException("The Application name: " + clientName + " is not valid! It is not adhering to the regex: " + DCRMUtils.getSPValidatorRegex());
    }

    private RegistrationResponseProfile createOAuthApplication(RegistrationRequestProfile registrationRequestProfile) throws DCRException {
        String str = registrationRequestProfile.getOwner().replaceAll(String.valueOf(DCRConstants.UNSUPPORTED_CHARACTERS_IN_REGISTRY), "_") + "_" + registrationRequestProfile.getClientName();
        if (!DCRMUtils.isRegexValidated(str)) {
            throw new DCRException("The Application name: " + str + " is not valid! It is not adhering to the regex: " + DCRMUtils.getSPValidatorRegex());
        }
        String join = StringUtils.join(registrationRequestProfile.getGrantTypes(), " ");
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(registrationRequestProfile.getOwner());
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(registrationRequestProfile.getTenantDomain(), true);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
        try {
            ServiceProvider serviceProvider = new ServiceProvider();
            serviceProvider.setApplicationName(str);
            User user = new User();
            user.setUserName(tenantAwareUsername);
            user.setTenantDomain(registrationRequestProfile.getTenantDomain());
            serviceProvider.setOwner(user);
            serviceProvider.setDescription("Service Provider for application " + str);
            ApplicationManagementService applicationManagementService = DCRDataHolder.getInstance().getApplicationManagementService();
            try {
                if (applicationManagementService.getServiceProvider(str, registrationRequestProfile.getTenantDomain()) != null) {
                    throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), "Service Provider with name: " + str + " already registered"));
                }
                applicationManagementService.createApplication(serviceProvider, registrationRequestProfile.getTenantDomain(), tenantAwareUsername);
                ServiceProvider serviceProvider2 = applicationManagementService.getServiceProvider(str, registrationRequestProfile.getTenantDomain());
                if (serviceProvider2 == null) {
                    throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), "Couldn't create Service Provider Application " + str));
                }
                serviceProvider2.setSaasApp(false);
                OAuthAdminService oAuthAdminService = new OAuthAdminService();
                OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
                oAuthConsumerAppDTO.setApplicationName(str);
                if (registrationRequestProfile.getRedirectUris().size() == 0 && (registrationRequestProfile.getGrantTypes().contains(DCRConstants.GrantTypes.AUTHORIZATION_CODE) || registrationRequestProfile.getGrantTypes().contains(DCRConstants.GrantTypes.IMPLICIT))) {
                    throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), "RedirectUris property must have at least one URI value."));
                }
                if (registrationRequestProfile.getRedirectUris().size() == 1) {
                    String str2 = registrationRequestProfile.getRedirectUris().get(0);
                    try {
                        IdentityValidationUtil.getValidInputOverWhiteListPatterns(str2, new String[]{IdentityValidationUtil.ValidatorPattern.URL_WITHOUT_FRAGMENT.name()});
                        oAuthConsumerAppDTO.setCallbackUrl(str2);
                    } catch (IdentityValidationException e) {
                        throw ((DCRException) IdentityException.error(DCRException.class, "Redirect URI: " + str2 + ", is invalid", e));
                    }
                } else if (registrationRequestProfile.getRedirectUris().size() > 1) {
                    oAuthConsumerAppDTO.setCallbackUrl("regexp=" + createRegexPattern(registrationRequestProfile.getRedirectUris()));
                }
                oAuthConsumerAppDTO.setGrantTypes(join);
                oAuthConsumerAppDTO.setOAuthVersion(OAUTH_VERSION);
                if (log.isDebugEnabled()) {
                    log.debug("Creating OAuth App " + str);
                }
                try {
                    OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
                    if (log.isDebugEnabled()) {
                        log.debug("Created OAuth App " + str);
                        log.debug("Retrieved Details for OAuth App " + registerAndRetrieveOAuthApplicationData.getApplicationName());
                    }
                    InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
                    ArrayList arrayList = new ArrayList();
                    InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
                    inboundAuthenticationRequestConfig.setInboundAuthKey(registerAndRetrieveOAuthApplicationData.getOauthConsumerKey());
                    inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
                    String oauthConsumerSecret = registerAndRetrieveOAuthApplicationData.getOauthConsumerSecret();
                    if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
                        Property property = new Property();
                        property.setName(OAUTH_CONSUMER_SECRET);
                        property.setValue(oauthConsumerSecret);
                        inboundAuthenticationRequestConfig.setProperties(new Property[]{property});
                    }
                    arrayList.add(inboundAuthenticationRequestConfig);
                    inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs((InboundAuthenticationRequestConfig[]) arrayList.toArray(new InboundAuthenticationRequestConfig[arrayList.size()]));
                    serviceProvider2.setInboundAuthenticationConfig(inboundAuthenticationConfig);
                    try {
                        applicationManagementService.updateApplication(serviceProvider2, registrationRequestProfile.getTenantDomain(), tenantAwareUsername);
                        RegistrationResponseProfile registrationResponseProfile = new RegistrationResponseProfile();
                        registrationResponseProfile.setClientId(registerAndRetrieveOAuthApplicationData.getOauthConsumerKey());
                        registrationResponseProfile.getRedirectUrls().add(registerAndRetrieveOAuthApplicationData.getCallbackUrl());
                        registrationResponseProfile.setClientSecret(oauthConsumerSecret);
                        registrationResponseProfile.setClientName(registerAndRetrieveOAuthApplicationData.getApplicationName());
                        registrationResponseProfile.setClientSecretExpiresAt(DEFAULT_CLIENT_SECRET_EXPIRY_TIME);
                        if (StringUtils.isNotBlank(registerAndRetrieveOAuthApplicationData.getGrantTypes())) {
                            registrationResponseProfile.setGrantTypes(Arrays.asList(registerAndRetrieveOAuthApplicationData.getGrantTypes().split(" ")));
                        }
                        PrivilegedCarbonContext.endTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
                        return registrationResponseProfile;
                    } catch (IdentityApplicationManagementException e2) {
                        throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), e2.getMessage()));
                    }
                } catch (IdentityOAuthAdminException e3) {
                    throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), e3.getMessage()));
                }
            } catch (IdentityApplicationManagementException e4) {
                throw ((DCRException) IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), "Error occurred while reading service provider, " + str, e4));
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
            throw th;
        }
    }

    public void unregisterOAuthApplication(String str, String str2, String str3) throws DCRException {
        if (!StringUtils.isNotEmpty(str) || !StringUtils.isNotEmpty(str2) || !StringUtils.isNotEmpty(str3)) {
            throw new DCRException("Username, Application Name and Consumer Key cannot be null or empty");
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
        OAuthAdminService oAuthAdminService = new OAuthAdminService();
        OAuthConsumerAppDTO oAuthConsumerAppDTO = null;
        try {
            oAuthConsumerAppDTO = oAuthAdminService.getOAuthApplicationData(str3);
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while oauth application data by consumer id.", e);
            }
        }
        try {
            if (oAuthConsumerAppDTO != null) {
                try {
                    try {
                        oAuthAdminService.removeOAuthApplicationData(str3);
                        ApplicationManagementService applicationManagementService = DCRDataHolder.getInstance().getApplicationManagementService();
                        if (applicationManagementService == null) {
                            throw new IllegalStateException("Error occurred while retrieving Application Management Service");
                        }
                        if (applicationManagementService.getServiceProvider(str2, tenantDomain) == null) {
                            throw new DCRException("Couldn't retrieve Service Provider Application " + str2);
                        }
                        applicationManagementService.deleteApplication(str2, tenantDomain, tenantAwareUsername);
                    } catch (IdentityOAuthAdminException e2) {
                        throw new DCRException("Error occurred while removing application '" + str2 + "'", (Throwable) e2);
                    }
                } catch (IdentityApplicationManagementException e3) {
                    throw new DCRException("Error occurred while removing ServiceProvider for application '" + str2 + "'", (Throwable) e3);
                }
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public boolean isOAuthApplicationAvailable(String str) throws DCRException {
        ApplicationManagementService applicationManagementService = DCRDataHolder.getInstance().getApplicationManagementService();
        if (applicationManagementService == null) {
            throw new IllegalStateException("Error occurred while retrieving Application Management Service");
        }
        try {
            return applicationManagementService.getServiceProvider(str, CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) != null;
        } catch (IdentityApplicationManagementException e) {
            throw new DCRException("Error occurred while retrieving information of OAuthApp " + str, (Throwable) e);
        }
    }

    private String createRegexPattern(List<String> list) throws DCRException {
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            try {
                IdentityValidationUtil.getValidInputOverWhiteListPatterns(str, new String[]{IdentityValidationUtil.ValidatorPattern.URL_WITHOUT_FRAGMENT.name()});
                if (sb.length() > 0) {
                    sb.append("|").append(str);
                } else {
                    sb.append("(").append(str);
                }
            } catch (IdentityValidationException e) {
                throw ((DCRException) IdentityException.error(DCRException.class, "Redirect URI: " + str + ", is invalid", e));
            }
        }
        if (sb.length() > 0) {
            sb.append(")");
        }
        return sb.toString();
    }

    protected Registry getConfigSystemRegistry() {
        return PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION);
    }
}
