package org.wso2.carbon.is.migration.util;

import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtSystemConfig;
import org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.cache.AppInfoCache;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.is.migration.internal.ISMigrationServiceDataHolder;
import org.wso2.carbon.is.migration.service.v5110.dao.TokenBindingDAO;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/is/migration/util/TenantPortalMigratorUtil.class */
public class TenantPortalMigratorUtil {
    private static final Logger log = LoggerFactory.getLogger(TenantPortalMigratorUtil.class);
    private static final String ACTIVE_STATE = "ACTIVE";
    private static final String OAUTH_CONSUMER_SECRET_PROPERTY = "oauthConsumerSecret";

    public static void initiatePortals(String str, int i) throws IdentityApplicationManagementException, IdentityOAuthAdminException, RegistryException, UserStoreException {
        ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
        String adminUserName = ISMigrationServiceDataHolder.getRegistryService().getUserRealm(i).getRealmConfiguration().getAdminUserName();
        for (AppPortal appPortal : AppPortal.values()) {
            if (appPortal.equals(AppPortal.ADMIN_PORTAL)) {
                String firstProperty = CarbonUtils.getServerConfiguration().getFirstProperty("Version");
                if (!StringUtils.isBlank(firstProperty)) {
                    if (!firstProperty.startsWith("5.11.0")) {
                    }
                }
            }
            if (applicationDAO.getApplication(appPortal.getName(), str) == null) {
                String randomNumber = OAuthUtil.getRandomNumber();
                List asList = Arrays.asList("authorization_code", "refresh_token", "account_switch");
                String consumerKey = appPortal.getConsumerKey();
                if (!"carbon.super".equals(str)) {
                    consumerKey = consumerKey + "_" + str;
                }
                createOAuth2Application(appPortal.getName(), appPortal.getPath(), consumerKey, randomNumber, adminUserName, i, str, TokenBindingDAO.COOKIE, asList);
                createApplication(appPortal.getName(), adminUserName, appPortal.getDescription(), consumerKey, randomNumber, str);
            }
        }
    }

    private static void createApplication(String str, String str2, String str3, String str4, String str5, String str6) throws IdentityApplicationManagementException {
        ServiceProvider serviceProvider = new ServiceProvider();
        serviceProvider.setApplicationName(str);
        serviceProvider.setDescription(str3);
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthKey(str4);
        inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
        Property property = new Property();
        property.setName(OAUTH_CONSUMER_SECRET_PROPERTY);
        property.setValue(str5);
        inboundAuthenticationRequestConfig.setProperties(new Property[]{property});
        List asList = Arrays.asList(inboundAuthenticationRequestConfig);
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs((InboundAuthenticationRequestConfig[]) asList.toArray(new InboundAuthenticationRequestConfig[0]));
        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
        LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
        localAndOutboundAuthenticationConfig.setUseUserstoreDomainInLocalSubjectIdentifier(true);
        localAndOutboundAuthenticationConfig.setUseTenantDomainInLocalSubjectIdentifier(true);
        localAndOutboundAuthenticationConfig.setSkipConsent(true);
        localAndOutboundAuthenticationConfig.setSkipLogoutConsent(true);
        serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
        ClaimConfig claimConfig = new ClaimConfig();
        claimConfig.setClaimMappings(getRequestedClaimMappings());
        claimConfig.setLocalClaimDialect(true);
        serviceProvider.setClaimConfig(claimConfig);
        ApplicationManagementServiceImpl.getInstance().createApplication(serviceProvider, str6, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("User portal application is created successfully for tenant %s.", str6));
        }
    }

    private static void createOAuth2Application(String str, String str2, String str3, String str4, String str5, int i, String str6, String str7, List<String> list) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(str);
        oAuthConsumerAppDTO.setOAuthVersion("OAuth-2.0");
        oAuthConsumerAppDTO.setOauthConsumerKey(str3);
        oAuthConsumerAppDTO.setOauthConsumerSecret(str4);
        String serverURL = IdentityUtil.getServerURL(str2, true, true);
        if (!"carbon.super".equals(str6)) {
            serverURL = serverURL.replace(str2, "/t/" + str6.trim() + str2);
        }
        oAuthConsumerAppDTO.setCallbackUrl(serverURL);
        oAuthConsumerAppDTO.setBypassClientCredentials(true);
        if (list != null && !list.isEmpty()) {
            oAuthConsumerAppDTO.setGrantTypes(String.join(" ", list));
        }
        oAuthConsumerAppDTO.setPkceMandatory(true);
        oAuthConsumerAppDTO.setTokenBindingType(str7);
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(i);
            threadLocalCarbonContext.setTenantDomain(str6);
            threadLocalCarbonContext.setUsername(str5);
            registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
            if (log.isDebugEnabled()) {
                log.debug(String.format("User portal is successfully registered as a OAuth 2 application for tenant %s.", str6));
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    private static ClaimMapping[] getRequestedClaimMappings() {
        Claim claim = new Claim();
        claim.setClaimUri("http://wso2.org/claims/emailaddress");
        ClaimMapping claimMapping = new ClaimMapping();
        claimMapping.setRequested(true);
        claimMapping.setLocalClaim(claim);
        claimMapping.setRemoteClaim(claim);
        Claim claim2 = new Claim();
        claim2.setClaimUri("http://wso2.org/claims/displayName");
        ClaimMapping claimMapping2 = new ClaimMapping();
        claimMapping2.setRequested(true);
        claimMapping2.setLocalClaim(claim2);
        claimMapping2.setRemoteClaim(claim2);
        return new ClaimMapping[]{claimMapping, claimMapping2};
    }

    private static OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws IdentityOAuthAdminException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        OAuthAppDO oAuthAppDO = new OAuthAppDO();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO();
        oAuthAppDO.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
        oAuthAppDO.setCallbackUrl(oAuthConsumerAppDTO.getCallbackUrl());
        oAuthAppDO.setState(ACTIVE_STATE);
        if (StringUtils.isEmpty(oAuthConsumerAppDTO.getOauthConsumerKey())) {
            oAuthAppDO.setOauthConsumerKey(OAuthUtil.getRandomNumber());
            oAuthAppDO.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
        } else {
            oAuthAppDO.setOauthConsumerKey(oAuthConsumerAppDTO.getOauthConsumerKey());
            if (StringUtils.isEmpty(oAuthConsumerAppDTO.getOauthConsumerSecret())) {
                oAuthAppDO.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
            } else {
                oAuthAppDO.setOauthConsumerSecret(oAuthConsumerAppDTO.getOauthConsumerSecret());
            }
        }
        oAuthAppDO.setAppOwner(buildAuthenticatedUser(username, tenantDomain));
        if (oAuthConsumerAppDTO.getOAuthVersion() != null) {
            oAuthAppDO.setOauthVersion(oAuthConsumerAppDTO.getOAuthVersion());
        } else {
            oAuthAppDO.setOauthVersion("OAuth-2.0");
        }
        if ("OAuth-2.0".equals(oAuthAppDO.getOauthVersion())) {
            oAuthAppDO.setGrantTypes(oAuthConsumerAppDTO.getGrantTypes());
            oAuthAppDO.setScopeValidators(oAuthConsumerAppDTO.getScopeValidators());
            oAuthAppDO.setAudiences(oAuthConsumerAppDTO.getAudiences());
            oAuthAppDO.setPkceMandatory(oAuthConsumerAppDTO.getPkceMandatory());
            oAuthAppDO.setPkceSupportPlain(oAuthConsumerAppDTO.getPkceSupportPlain());
            oAuthAppDO.setUserAccessTokenExpiryTime(oAuthConsumerAppDTO.getUserAccessTokenExpiryTime());
            oAuthAppDO.setApplicationAccessTokenExpiryTime(oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime());
            oAuthAppDO.setRefreshTokenExpiryTime(oAuthConsumerAppDTO.getRefreshTokenExpiryTime());
            oAuthAppDO.setIdTokenExpiryTime(oAuthConsumerAppDTO.getIdTokenExpiryTime());
            oAuthAppDO.setRequestObjectSignatureValidationEnabled(oAuthConsumerAppDTO.isRequestObjectSignatureValidationEnabled());
            oAuthAppDO.setIdTokenEncryptionEnabled(oAuthConsumerAppDTO.isIdTokenEncryptionEnabled());
            oAuthAppDO.setIdTokenEncryptionAlgorithm(oAuthConsumerAppDTO.getIdTokenEncryptionAlgorithm());
            oAuthAppDO.setIdTokenEncryptionMethod(oAuthConsumerAppDTO.getIdTokenEncryptionMethod());
            oAuthAppDO.setBackChannelLogoutUrl(oAuthConsumerAppDTO.getBackChannelLogoutUrl());
            oAuthAppDO.setFrontchannelLogoutUrl(oAuthConsumerAppDTO.getFrontchannelLogoutUrl());
            if (oAuthConsumerAppDTO.getTokenType() != null) {
                oAuthAppDO.setTokenType(oAuthConsumerAppDTO.getTokenType());
            } else {
                oAuthAppDO.setTokenType(getDefaultTokenType());
            }
            oAuthAppDO.setBypassClientCredentials(oAuthConsumerAppDTO.isBypassClientCredentials());
            oAuthAppDO.setRenewRefreshTokenEnabled(oAuthConsumerAppDTO.getRenewRefreshTokenEnabled());
            oAuthAppDO.setTokenBindingType(oAuthConsumerAppDTO.getTokenBindingType());
        }
        oAuthAppDAO.addOAuthApplication(oAuthAppDO);
        AppInfoCache.getInstance().addToCache(oAuthAppDO.getOauthConsumerKey(), oAuthAppDO);
        return OAuthUtil.buildConsumerAppDTO(oAuthAppDO);
    }

    private static String getDefaultTokenType() {
        return "Default";
    }

    private static AuthenticatedUser buildAuthenticatedUser(String str, String str2) {
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(str));
        authenticatedUser.setTenantDomain(str2);
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(str));
        return authenticatedUser;
    }
}
