package org.wso2.choreo.connect.enforcer.config;

import com.google.protobuf.ProtocolStringList;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.X509CertUtils;
import java.io.IOException;
import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto;
import org.wso2.choreo.connect.discovery.config.enforcer.Analytics;
import org.wso2.choreo.connect.discovery.config.enforcer.AuthHeader;
import org.wso2.choreo.connect.discovery.config.enforcer.BinaryPublisher;
import org.wso2.choreo.connect.discovery.config.enforcer.Cache;
import org.wso2.choreo.connect.discovery.config.enforcer.ClaimMapping;
import org.wso2.choreo.connect.discovery.config.enforcer.Config;
import org.wso2.choreo.connect.discovery.config.enforcer.Filter;
import org.wso2.choreo.connect.discovery.config.enforcer.Issuer;
import org.wso2.choreo.connect.discovery.config.enforcer.JWTGenerator;
import org.wso2.choreo.connect.discovery.config.enforcer.JWTIssuer;
import org.wso2.choreo.connect.discovery.config.enforcer.Keypair;
import org.wso2.choreo.connect.discovery.config.enforcer.Management;
import org.wso2.choreo.connect.discovery.config.enforcer.Metrics;
import org.wso2.choreo.connect.discovery.config.enforcer.MutualSSL;
import org.wso2.choreo.connect.discovery.config.enforcer.PublisherPool;
import org.wso2.choreo.connect.discovery.config.enforcer.RestServer;
import org.wso2.choreo.connect.discovery.config.enforcer.Service;
import org.wso2.choreo.connect.discovery.config.enforcer.Soap;
import org.wso2.choreo.connect.discovery.config.enforcer.TMURLGroup;
import org.wso2.choreo.connect.discovery.config.enforcer.ThrottleAgent;
import org.wso2.choreo.connect.discovery.config.enforcer.Throttling;
import org.wso2.choreo.connect.discovery.config.enforcer.Tracing;
import org.wso2.choreo.connect.enforcer.commons.exception.EnforcerException;
import org.wso2.choreo.connect.enforcer.commons.logging.ErrorDetails;
import org.wso2.choreo.connect.enforcer.commons.logging.LoggingConstants;
import org.wso2.choreo.connect.enforcer.config.dto.AdminRestServerDto;
import org.wso2.choreo.connect.enforcer.config.dto.AnalyticsDTO;
import org.wso2.choreo.connect.enforcer.config.dto.AnalyticsReceiverConfigDTO;
import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto;
import org.wso2.choreo.connect.enforcer.config.dto.AuthServiceConfigurationDto;
import org.wso2.choreo.connect.enforcer.config.dto.CacheDto;
import org.wso2.choreo.connect.enforcer.config.dto.CredentialDto;
import org.wso2.choreo.connect.enforcer.config.dto.ExtendedTokenIssuerDto;
import org.wso2.choreo.connect.enforcer.config.dto.FilterDTO;
import org.wso2.choreo.connect.enforcer.config.dto.JWTIssuerConfigurationDto;
import org.wso2.choreo.connect.enforcer.config.dto.ManagementCredentialsDto;
import org.wso2.choreo.connect.enforcer.config.dto.MetricsDTO;
import org.wso2.choreo.connect.enforcer.config.dto.MutualSSLDto;
import org.wso2.choreo.connect.enforcer.config.dto.SoapErrorResponseConfigDto;
import org.wso2.choreo.connect.enforcer.config.dto.ThreadPoolConfig;
import org.wso2.choreo.connect.enforcer.config.dto.ThrottleAgentConfigDto;
import org.wso2.choreo.connect.enforcer.config.dto.ThrottleConfigDto;
import org.wso2.choreo.connect.enforcer.config.dto.ThrottlePublisherConfigDto;
import org.wso2.choreo.connect.enforcer.config.dto.TracingDTO;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.Constants;
import org.wso2.choreo.connect.enforcer.constants.JwtConstants;
import org.wso2.choreo.connect.enforcer.jmx.MBeanRegistrator;
import org.wso2.choreo.connect.enforcer.jwks.BackendJWKSDto;
import org.wso2.choreo.connect.enforcer.throttle.databridge.agent.conf.AgentConfiguration;
import org.wso2.choreo.connect.enforcer.util.BackendJwtUtils;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;
import org.wso2.choreo.connect.enforcer.util.JWTUtils;
import org.wso2.choreo.connect.enforcer.util.TLSUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/config/ConfigHolder.class */
public class ConfigHolder {
    private static ConfigHolder configHolder;
    private EnvVarConfig envVarConfig = EnvVarConfig.getInstance();
    EnforcerConfig config = new EnforcerConfig();
    private KeyStore trustStore = null;
    private KeyStore trustStoreForJWT = null;
    private KeyStore opaKeyStore = null;
    private TrustManagerFactory trustManagerFactory = null;
    private ArrayList<ExtendedTokenIssuerDto> configIssuerList;
    private boolean controlPlaneEnabled;
    private static final String apimDTOPackageName = "org.wso2.carbon.apimgt";
    private static final Logger logger = LogManager.getLogger(ConfigHolder.class);
    private static final String dtoPackageName = EnforcerConfig.class.getPackageName();

    private ConfigHolder() {
        loadTrustStore();
        loadOpaClientKeyStore();
    }

    public static ConfigHolder getInstance() {
        if (configHolder != null) {
            return configHolder;
        }
        configHolder = new ConfigHolder();
        return configHolder;
    }

    public static ConfigHolder load(Config config) {
        configHolder.parseConfigs(config);
        return configHolder;
    }

    private void parseConfigs(Config config) {
        populateAuthService(config.getAuthService());
        populateJWTIssuerConfiguration(config.getSecurity().getTokenServiceList());
        this.controlPlaneEnabled = config.getControlPlaneEnabled();
        populateThrottlingConfig(config.getThrottling());
        populateJWTGeneratorConfigurations(config.getJwtGenerator());
        populateTracingConfig(config.getTracing());
        populateMetricsConfig(config.getMetrics());
        populateCacheConfigs(config.getCache());
        populateAnalyticsConfig(config.getAnalytics());
        populateJWTIssuerConfigurations(config.getJwtIssuer());
        populateAuthHeaderConfigurations(config.getSecurity().getAuthHeader());
        populateMTLSConfigurations(config.getSecurity().getMutualSSL());
        populateManagementCredentials(config.getManagement());
        populateRestServer(config.getRestServer());
        populateSoapErrorResponseConfigs(config.getSoap());
        populateCustomFilters(config.getFiltersList());
        resolveConfigsWithEnvs(this.config);
    }

    private void populateSoapErrorResponseConfigs(Soap soap) {
        SoapErrorResponseConfigDto soapErrorResponseConfigDto = new SoapErrorResponseConfigDto();
        soapErrorResponseConfigDto.setEnable(soap.getSoapErrorInXMLEnabled());
        this.config.setSoapErrorResponseConfigDto(soapErrorResponseConfigDto);
    }

    private void populateRestServer(RestServer restServer) {
        AdminRestServerDto adminRestServerDto = new AdminRestServerDto();
        adminRestServerDto.setEnable(restServer.getEnable());
        this.config.setRestServer(adminRestServerDto);
    }

    private void populateManagementCredentials(Management management) {
        ManagementCredentialsDto managementCredentialsDto = new ManagementCredentialsDto();
        managementCredentialsDto.setPassword(management.getPassword().toCharArray());
        managementCredentialsDto.setUserName(management.getUsername());
        this.config.setManagement(managementCredentialsDto);
    }

    private void populateAuthHeaderConfigurations(AuthHeader authHeader) {
        AuthHeaderDto authHeaderDto = new AuthHeaderDto();
        authHeaderDto.setAuthorizationHeader(authHeader.getAuthorizationHeader());
        authHeaderDto.setEnableOutboundAuthHeader(authHeader.getEnableOutboundAuthHeader());
        authHeaderDto.setTestConsoleHeaderName(authHeader.getTestConsoleHeaderName());
        this.config.setAuthHeader(authHeaderDto);
    }

    private void populateMTLSConfigurations(MutualSSL mutualSSL) {
        MutualSSLDto mutualSSLDto = new MutualSSLDto();
        mutualSSLDto.setCertificateHeader(mutualSSL.getCertificateHeader());
        mutualSSLDto.setEnableClientValidation(mutualSSL.getEnableClientValidation());
        mutualSSLDto.setClientCertificateEncode(mutualSSL.getClientCertificateEncode());
        mutualSSLDto.setEnableOutboundCertificateHeader(mutualSSL.getEnableOutboundCertificateHeader());
        this.config.setMtlsInfo(mutualSSLDto);
    }

    private void populateAuthService(Service service) {
        AuthServiceConfigurationDto authServiceConfigurationDto = new AuthServiceConfigurationDto();
        authServiceConfigurationDto.setKeepAliveTime(service.getKeepAliveTime());
        authServiceConfigurationDto.setPort(service.getPort());
        authServiceConfigurationDto.setMaxHeaderLimit(service.getMaxHeaderLimit());
        authServiceConfigurationDto.setMaxMessageSize(service.getMaxMessageSize());
        ThreadPoolConfig threadPoolConfig = new ThreadPoolConfig();
        MBeanRegistrator.registerMBean(threadPoolConfig);
        threadPoolConfig.setCoreSize(service.getThreadPool().getCoreSize());
        threadPoolConfig.setKeepAliveTime(service.getThreadPool().getKeepAliveTime());
        threadPoolConfig.setMaxSize(service.getThreadPool().getMaxSize());
        threadPoolConfig.setQueueSize(service.getThreadPool().getQueueSize());
        authServiceConfigurationDto.setThreadPool(threadPoolConfig);
        this.config.setAuthService(authServiceConfigurationDto);
    }

    private void populateJWTIssuerConfiguration(List<Issuer> list) {
        this.configIssuerList = new ArrayList<>();
        try {
            setTrustStoreForJWT(KeyStore.getInstance(KeyStore.getDefaultType()));
            getTrustStoreForJWT().load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error while initiating the truststore for JWT related public certificates", e);
        }
        for (Issuer issuer : list) {
            ExtendedTokenIssuerDto extendedTokenIssuerDto = new ExtendedTokenIssuerDto(issuer.getIssuer());
            JWKSConfigurationDTO jWKSConfigurationDTO = new JWKSConfigurationDTO();
            jWKSConfigurationDTO.setEnabled(StringUtils.isNotEmpty(issuer.getJwksURL()));
            jWKSConfigurationDTO.setUrl(issuer.getJwksURL());
            extendedTokenIssuerDto.setJwksConfigurationDTO(jWKSConfigurationDTO);
            for (ClaimMapping claimMapping : issuer.getClaimMappingList()) {
                extendedTokenIssuerDto.addClaimMapping(new ClaimMappingDto(claimMapping.getRemoteClaim(), claimMapping.getLocalClaim()));
            }
            this.config.setJwtTransformers(BackendJwtUtils.loadJWTTransformers());
            String certificateAlias = issuer.getCertificateAlias();
            if (certificateAlias.isBlank()) {
                if (APIConstants.KeyManager.APIM_PUBLISHER_ISSUER.equals(issuer.getName())) {
                    certificateAlias = APIConstants.PUBLISHER_CERTIFICATE_ALIAS;
                } else if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(issuer.getName())) {
                    certificateAlias = APIConstants.WSO2_PUBLIC_CERTIFICATE_ALIAS;
                } else if (APIConstants.KeyManager.APIM_APIKEY_ISSUER.equals(issuer.getName())) {
                    certificateAlias = APIConstants.APIKEY_CERTIFICATE_ALIAS;
                }
            }
            extendedTokenIssuerDto.setCertificateAlias(certificateAlias);
            if (!certificateAlias.isBlank()) {
                try {
                    Certificate certificateFromFile = TLSUtils.getCertificateFromFile(issuer.getCertificateFilePath());
                    getTrustStoreForJWT().setCertificateEntry(certificateAlias, certificateFromFile);
                    TLSUtils.convertCertificate(certificateFromFile);
                    extendedTokenIssuerDto.setCertificate(TLSUtils.convertCertificate(certificateFromFile));
                } catch (IOException | KeyStoreException | CertificateException | EnforcerException e2) {
                    logger.error("Error while adding certificates to the JWT related Truststore", e2);
                }
            }
            extendedTokenIssuerDto.setName(issuer.getName());
            extendedTokenIssuerDto.setConsumerKeyClaim(issuer.getConsumerKeyClaim());
            extendedTokenIssuerDto.setValidateSubscriptions(issuer.getValidateSubscription());
            if (APIConstants.KeyManager.APIM_APIKEY_ISSUER.equals(issuer.getName())) {
                extendedTokenIssuerDto.setIssuer(APIConstants.KeyManager.APIM_APIKEY_ISSUER_URL);
                this.config.getIssuersMap().put(APIConstants.KeyManager.APIM_APIKEY_ISSUER_URL, extendedTokenIssuerDto);
            } else {
                this.config.getIssuersMap().put(issuer.getIssuer(), extendedTokenIssuerDto);
            }
            this.configIssuerList.add(extendedTokenIssuerDto);
        }
    }

    private void populateThrottlingConfig(Throttling throttling) {
        ThrottleConfigDto throttleConfigDto = new ThrottleConfigDto();
        throttleConfigDto.setGlobalPublishingEnabled(throttling.getEnableGlobalEventPublishing());
        throttleConfigDto.setHeaderConditionsEnabled(throttling.getEnableHeaderConditions());
        throttleConfigDto.setQueryConditionsEnabled(throttling.getEnableQueryParamConditions());
        throttleConfigDto.setJwtClaimConditionsEnabled(throttling.getEnableJwtClaimConditions());
        throttleConfigDto.setJmsConnectionInitialContextFactory(throttling.getJmsConnectionInitialContextFactory());
        throttleConfigDto.setJmsConnectionProviderUrl(throttling.getJmsConnectionProviderUrl());
        this.config.setThrottleConfig(throttleConfigDto);
        populateTMBinaryConfig(throttling.getPublisher());
    }

    private void populateTracingConfig(Tracing tracing) {
        TracingDTO tracingDTO = new TracingDTO();
        tracingDTO.setTracingEnabled(tracing.getEnabled());
        tracingDTO.setExporterType(tracing.getType());
        tracingDTO.setConfigProperties(tracing.getConfigPropertiesMap());
        this.config.setTracingConfig(tracingDTO);
    }

    private void populateMetricsConfig(Metrics metrics) {
        MetricsDTO metricsDTO = new MetricsDTO();
        metricsDTO.setMetricsEnabled(metrics.getEnabled());
        metricsDTO.setMetricsType(metrics.getType());
        this.config.setMetricsConfig(metricsDTO);
    }

    private void populateTMBinaryConfig(BinaryPublisher binaryPublisher) {
        ThrottleAgent agent = binaryPublisher.getAgent();
        AgentConfiguration agentConfiguration = AgentConfiguration.getInstance();
        agentConfiguration.setBatchSize(agent.getBatchSize());
        agentConfiguration.setCiphers(agent.getCiphers());
        agentConfiguration.setCorePoolSize(agent.getCorePoolSize());
        agentConfiguration.setEvictionTimePeriod(agent.getEvictionTimePeriod());
        agentConfiguration.setKeepAliveTimeInPool(agent.getKeepAliveTimeInPool());
        agentConfiguration.setMaxIdleConnections(agent.getMaxIdleConnections());
        agentConfiguration.setMaxPoolSize(agent.getMaxPoolSize());
        agentConfiguration.setMaxTransportPoolSize(agent.getMaxTransportPoolSize());
        agentConfiguration.setMinIdleTimeInPool(agent.getMinIdleTimeInPool());
        agentConfiguration.setQueueSize(agent.getQueueSize());
        agentConfiguration.setReconnectionInterval(agent.getReconnectionInterval());
        agentConfiguration.setSecureEvictionTimePeriod(agent.getSecureEvictionTimePeriod());
        agentConfiguration.setSecureMaxIdleConnections(agent.getSecureMaxIdleConnections());
        agentConfiguration.setSecureMaxTransportPoolSize(agent.getSecureMaxTransportPoolSize());
        agentConfiguration.setSecureMinIdleTimeInPool(agent.getSecureMinIdleTimeInPool());
        agentConfiguration.setSslEnabledProtocols(agent.getSslEnabledProtocols());
        agentConfiguration.setSocketTimeoutMS(agent.getSocketTimeoutMS());
        agentConfiguration.setTrustStore(this.trustStore);
        PublisherPool pool = binaryPublisher.getPool();
        ThrottlePublisherConfigDto throttlePublisherConfigDto = new ThrottlePublisherConfigDto();
        throttlePublisherConfigDto.setUserName(binaryPublisher.getUsername());
        throttlePublisherConfigDto.setPassword(binaryPublisher.getPassword());
        throttlePublisherConfigDto.setInitIdleObjectDataPublishingAgents(pool.getInitIdleObjectDataPublishingAgents());
        throttlePublisherConfigDto.setMaxIdleDataPublishingAgents(pool.getMaxIdleDataPublishingAgents());
        throttlePublisherConfigDto.setPublisherThreadPoolCoreSize(pool.getPublisherThreadPoolCoreSize());
        throttlePublisherConfigDto.setPublisherThreadPoolKeepAliveTime(pool.getPublisherThreadPoolKeepAliveTime());
        throttlePublisherConfigDto.setPublisherThreadPoolMaximumSize(pool.getPublisherThreadPoolMaximumSize());
        processTMPublisherURLGroup(binaryPublisher.getUrlGroupList(), throttlePublisherConfigDto);
        ThrottleAgentConfigDto throttleAgentConfigDto = new ThrottleAgentConfigDto();
        throttleAgentConfigDto.setAgent(agentConfiguration);
        throttleAgentConfigDto.setUsername(binaryPublisher.getUsername());
        throttleAgentConfigDto.setPassword(binaryPublisher.getPassword());
        throttleAgentConfigDto.setPublisher(throttlePublisherConfigDto);
        this.config.getThrottleConfig().setThrottleAgent(throttleAgentConfigDto);
    }

    private void loadTrustStore() {
        try {
            this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.trustStore.load(null);
            if (getEnvVarConfig().isTrustDefaultCerts()) {
                loadDefaultCertsToTrustStore();
            }
            loadTrustedCertsToTrustStore();
            this.trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustManagerFactory.init(this.trustStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error in loading certs to the trust store.", e);
        }
    }

    private void loadTrustedCertsToTrustStore() throws IOException {
        TLSUtils.addCertsToTruststore(this.trustStore, getEnvVarConfig().getTrustedAdapterCertsPath());
    }

    private void loadDefaultCertsToTrustStore() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        if (x509TrustManager != null) {
            Arrays.stream(x509TrustManager.getAcceptedIssuers()).forEach(x509Certificate -> {
                try {
                    this.trustStore.setCertificateEntry(RandomStringUtils.random(10, true, false), x509Certificate);
                } catch (KeyStoreException e) {
                    logger.error("Error while adding default trusted ca cert", e);
                }
            });
        }
    }

    private void loadOpaClientKeyStore() {
        this.opaKeyStore = FilterUtils.createClientKeyStore(getEnvVarConfig().getOpaClientPublicKeyPath(), getEnvVarConfig().getOpaClientPrivateKeyPath());
    }

    private void processTMPublisherURLGroup(List<TMURLGroup> list, ThrottlePublisherConfigDto throttlePublisherConfigDto) {
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        for (TMURLGroup tMURLGroup : list) {
            ProtocolStringList receiverURLsList = tMURLGroup.getReceiverURLsList();
            ProtocolStringList authURLsList = tMURLGroup.getAuthURLsList();
            if (receiverURLsList.size() == 1 && authURLsList.size() == 1) {
                sb.append(Constants.START_BRACKET).append(receiverURLsList.get(0)).append("},");
                sb2.append(Constants.START_BRACKET).append(authURLsList.get(0)).append("},");
            } else {
                String type = tMURLGroup.getType();
                if (type.isBlank() || (!Constants.LOADBALANCE.equalsIgnoreCase(type) && !"failover".equalsIgnoreCase(type))) {
                    logger.warn("Type is not loadbalance or failover. Hence proceeding as a failover configuration.");
                    type = "failover";
                }
                sb.append(processSingleURLGroup(receiverURLsList, type)).append(",");
                sb2.append(processSingleURLGroup(authURLsList, type)).append(",");
            }
        }
        if (sb.toString().isBlank() || sb2.toString().isBlank()) {
            return;
        }
        throttlePublisherConfigDto.setReceiverUrlGroup(sb.substring(0, sb.length() - 1));
        throttlePublisherConfigDto.setAuthUrlGroup(sb2.substring(0, sb2.length() - 1));
    }

    private String processSingleURLGroup(List<String> list, String str) {
        StringBuilder sb = new StringBuilder(Constants.START_BRACKET);
        for (String str2 : list) {
            if (Constants.LOADBALANCE.equalsIgnoreCase(str)) {
                sb.append(str2).append(",");
            } else if ("failover".equalsIgnoreCase(str)) {
                sb.append(str2).append("|");
            } else {
                sb.append(str2).append("|");
            }
        }
        return new StringBuilder(sb.substring(0, sb.length() - 1) + "}").toString();
    }

    private void populateJWTGeneratorConfigurations(JWTGenerator jWTGenerator) {
        JWTConfigurationDto jWTConfigurationDto = new JWTConfigurationDto();
        jWTConfigurationDto.setEnabled(jWTGenerator.getEnable());
        jWTConfigurationDto.setJwtHeader(jWTGenerator.getHeader());
        jWTConfigurationDto.setConsumerDialectUri(jWTGenerator.getClaimDialect());
        jWTConfigurationDto.setSignatureAlgorithm(jWTGenerator.getSigningAlgorithm());
        jWTConfigurationDto.setEnableUserClaims(jWTGenerator.getEnableUserClaims());
        jWTConfigurationDto.setGatewayJWTGeneratorImpl(jWTGenerator.getGatewayGeneratorImpl());
        jWTConfigurationDto.setTtl(jWTGenerator.getTokenTtl());
        Keypair signingKey = getSigningKey(jWTGenerator.getKeypairsList());
        try {
            jWTConfigurationDto.setPublicCert(TLSUtils.getCertificate(signingKey.getPublicCertificatePath()));
            jWTConfigurationDto.setPrivateKey(JWTUtils.getPrivateKey(signingKey.getPrivateKeyPath()));
        } catch (IOException | CertificateException | EnforcerException e) {
            logger.error("Error in loading keypair for Backend JWTs: " + e, ErrorDetails.errorLog(LoggingConstants.Severity.CRITICAL, 5400));
        }
        this.config.setJwtConfigurationDto(jWTConfigurationDto);
        populateBackendJWKSConfiguration(jWTGenerator);
    }

    private void populateBackendJWKSConfiguration(JWTGenerator jWTGenerator) {
        BackendJWKSDto backendJWKSDto = new BackendJWKSDto();
        List<Keypair> keypairsList = jWTGenerator.getKeypairsList();
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<Keypair> it = keypairsList.iterator();
            while (it.hasNext()) {
                arrayList.add(new RSAKey.Builder(RSAKey.parse(X509CertUtils.parse(TLSUtils.getCertificate(it.next().getPublicCertificatePath()).getEncoded())).toRSAPublicKey()).keyUse(KeyUse.SIGNATURE).algorithm(getJWKSAlgorithm(jWTGenerator.getSigningAlgorithm())).keyIDFromThumbprint().build().toPublicJWK());
            }
        } catch (JOSEException | IOException | CertificateException e) {
            logger.error("Error in loading additional public certificates for JWKS: " + e, ErrorDetails.errorLog(LoggingConstants.Severity.CRITICAL, 5401));
        }
        backendJWKSDto.setJwks(arrayList);
        this.config.setBackendJWKSDto(backendJWKSDto);
    }

    private Keypair getSigningKey(List<Keypair> list) {
        for (Keypair keypair : list) {
            if (keypair.getUseForSigning()) {
                return keypair;
            }
        }
        return null;
    }

    private Algorithm getJWKSAlgorithm(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -794853417:
                if (str.equals(JwtConstants.RS384)) {
                    z = false;
                    break;
                }
                break;
            case -611254448:
                if (str.equals(JwtConstants.RS512)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return JWSAlgorithm.RS384;
            case true:
                return JWSAlgorithm.RS512;
            default:
                return JWSAlgorithm.RS256;
        }
    }

    private void populateCacheConfigs(Cache cache) {
        CacheDto cacheDto = new CacheDto();
        cacheDto.setEnabled(cache.getEnable());
        cacheDto.setMaximumSize(cache.getMaximumSize());
        cacheDto.setExpiryTime(cache.getExpiryTime());
        this.config.setCacheDto(cacheDto);
    }

    private void populateAnalyticsConfig(Analytics analytics) {
        AnalyticsReceiverConfigDTO analyticsReceiverConfigDTO = new AnalyticsReceiverConfigDTO();
        analyticsReceiverConfigDTO.setKeepAliveTime(analytics.getService().getKeepAliveTime());
        analyticsReceiverConfigDTO.setMaxHeaderLimit(analytics.getService().getMaxHeaderLimit());
        analyticsReceiverConfigDTO.setMaxMessageSize(analytics.getService().getMaxMessageSize());
        analyticsReceiverConfigDTO.setPort(analytics.getService().getPort());
        ThreadPoolConfig threadPoolConfig = new ThreadPoolConfig();
        threadPoolConfig.setCoreSize(analytics.getService().getThreadPool().getCoreSize());
        threadPoolConfig.setMaxSize(analytics.getService().getThreadPool().getMaxSize());
        threadPoolConfig.setKeepAliveTime(analytics.getService().getThreadPool().getKeepAliveTime());
        threadPoolConfig.setQueueSize(analytics.getService().getThreadPool().getQueueSize());
        analyticsReceiverConfigDTO.setThreadPoolConfig(threadPoolConfig);
        AnalyticsDTO analyticsDTO = new AnalyticsDTO();
        analyticsDTO.setEnabled(analytics.getEnabled());
        analyticsDTO.setType(analytics.getType());
        analyticsDTO.setConfigProperties(analytics.getConfigPropertiesMap());
        analyticsDTO.setServerConfig(analyticsReceiverConfigDTO);
        this.config.setAnalyticsConfig(analyticsDTO);
    }

    private void resolveConfigsWithEnvs(Object obj) {
        Arrays.asList(obj.getClass().getDeclaredFields());
        if (obj.getClass().getSuperclass() != null && (obj.getClass().getSuperclass().getPackageName().contains(dtoPackageName) || obj.getClass().getSuperclass().getPackageName().contains(apimDTOPackageName))) {
            processRecursiveObject(obj, obj.getClass().getSuperclass().getDeclaredFields());
        }
        processRecursiveObject(obj, obj.getClass().getDeclaredFields());
    }

    private void processRecursiveObject(Object obj, Field[] fieldArr) {
        for (Field field : fieldArr) {
            try {
                field.setAccessible(true);
            } catch (IllegalAccessException e) {
                logger.error("Error while reading the config value : " + field.getName(), e);
            }
            if (field.getType().isAssignableFrom(String.class) || field.getType().isAssignableFrom(char[].class)) {
                field.set(obj, getEnvValue(field.get(obj)));
            } else if (!field.getName().contains(Constants.OBJECT_THIS_NOTATION)) {
                if (Map.class.isAssignableFrom(field.getType())) {
                    for (Map.Entry entry : ((Map) field.get(obj)).entrySet()) {
                        if (entry.getValue().getClass().isAssignableFrom(String.class) || entry.getValue().getClass().isAssignableFrom(char[].class)) {
                            field.set(obj, getEnvValue(field.get(obj)));
                        } else if (entry.getValue().getClass().getPackageName().contains(dtoPackageName) || entry.getValue().getClass().getPackageName().contains(apimDTOPackageName)) {
                            resolveConfigsWithEnvs(entry.getValue());
                        }
                    }
                } else if (field.getType().isArray() && field.getType().getPackageName().contains(dtoPackageName)) {
                    for (Object obj2 : (Object[]) field.get(obj)) {
                        if (obj2.getClass().getPackageName().contains(dtoPackageName) || obj2.getClass().getPackageName().contains(apimDTOPackageName)) {
                            resolveConfigsWithEnvs(obj2);
                        } else if (obj2.getClass().isAssignableFrom(String.class) || obj2.getClass().isAssignableFrom(char[].class)) {
                            field.set(obj, getEnvValue(obj2));
                        }
                    }
                } else if (field.getType().getPackageName().contains(dtoPackageName) || field.getType().getPackageName().contains(apimDTOPackageName)) {
                    resolveConfigsWithEnvs(field.get(obj));
                }
            }
        }
    }

    private Object getEnvValue(Object obj) {
        return obj instanceof String ? replaceEnvRegex((String) obj) : obj instanceof char[] ? replaceEnvRegex(String.valueOf((char[]) obj)).toCharArray() : obj;
    }

    private String replaceEnvRegex(String str) {
        Matcher matcher = Pattern.compile("\\$env\\{(.*?)\\}").matcher(str);
        if (str.contains("$env{")) {
            while (matcher.find()) {
                String substring = str.substring(matcher.start() + 5, matcher.end() - 1);
                if (System.getenv(substring) != null) {
                    str = str.replace(str.substring(matcher.start(), matcher.end()), System.getenv(substring));
                }
            }
        }
        return str;
    }

    private void populateJWTIssuerConfigurations(JWTIssuer jWTIssuer) {
        JWTIssuerConfigurationDto jWTIssuerConfigurationDto = new JWTIssuerConfigurationDto();
        jWTIssuerConfigurationDto.setEnabled(jWTIssuer.getEnabled());
        jWTIssuerConfigurationDto.setIssuer(jWTIssuer.getIssuer());
        jWTIssuerConfigurationDto.setConsumerDialectUri(jWTIssuer.getClaimDialect());
        jWTIssuerConfigurationDto.setSignatureAlgorithm(jWTIssuer.getSigningAlgorithm());
        try {
            jWTIssuerConfigurationDto.setPrivateKey(JWTUtils.getPrivateKey(jWTIssuer.getPrivateKeyPath()));
            jWTIssuerConfigurationDto.setPublicCert(TLSUtils.getCertificate(jWTIssuer.getPublicCertificatePath()));
        } catch (IOException | CertificateException | EnforcerException e) {
            logger.error("Error in loading public cert or private key", e);
        }
        jWTIssuerConfigurationDto.setTtl(jWTIssuer.getValidityPeriod());
        CredentialDto[] credentialDtoArr = new CredentialDto[jWTIssuer.getJwtUsersList().size()];
        for (int i = 0; i < jWTIssuer.getJwtUsersList().size(); i++) {
            credentialDtoArr[i] = new CredentialDto(jWTIssuer.getJwtUsers(i).getUsername(), jWTIssuer.getJwtUsers(i).getPassword().toCharArray());
        }
        this.config.setJwtUsersCredentials(credentialDtoArr);
        this.config.setJwtIssuerConfigurationDto(jWTIssuerConfigurationDto);
    }

    private void populateCustomFilters(List<Filter> list) {
        FilterDTO[] filterDTOArr = new FilterDTO[list.size()];
        int i = 0;
        for (Filter filter : list) {
            FilterDTO filterDTO = new FilterDTO();
            filterDTO.setClassName(filter.getClassName());
            filterDTO.setPosition(filter.getPosition());
            filterDTO.setConfigProperties(filter.getConfigPropertiesMap());
            filterDTOArr[i] = filterDTO;
            i++;
        }
        this.config.setCustomFilters(filterDTOArr);
    }

    public EnforcerConfig getConfig() {
        return this.config;
    }

    public void setConfig(EnforcerConfig enforcerConfig) {
        this.config = enforcerConfig;
    }

    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    public KeyStore getTrustStoreForJWT() {
        return this.trustStoreForJWT;
    }

    public KeyStore getOpaKeyStore() {
        return this.opaKeyStore;
    }

    public void setTrustStoreForJWT(KeyStore keyStore) {
        this.trustStoreForJWT = keyStore;
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory) {
        this.trustManagerFactory = trustManagerFactory;
    }

    public EnvVarConfig getEnvVarConfig() {
        return this.envVarConfig;
    }

    public ArrayList<ExtendedTokenIssuerDto> getConfigIssuerList() {
        return this.configIssuerList;
    }

    public void setConfigIssuerList(ArrayList<ExtendedTokenIssuerDto> arrayList) {
        this.configIssuerList = arrayList;
    }

    public boolean isControlPlaneEnabled() {
        return this.controlPlaneEnabled;
    }
}
