package org.wso2.carbon.apimgt.core.impl;

import feign.Response;
import feign.gson.GsonDecoder;
import java.io.IOException;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.core.api.KeyManager;
import org.wso2.carbon.apimgt.core.auth.DCRMServiceStub;
import org.wso2.carbon.apimgt.core.auth.DCRMServiceStubFactory;
import org.wso2.carbon.apimgt.core.auth.OAuth2ServiceStubs;
import org.wso2.carbon.apimgt.core.auth.OAuth2ServiceStubsFactory;
import org.wso2.carbon.apimgt.core.auth.ScopeRegistration;
import org.wso2.carbon.apimgt.core.auth.ScopeRegistrationServiceStubFactory;
import org.wso2.carbon.apimgt.core.auth.dto.DCRClientInfo;
import org.wso2.carbon.apimgt.core.auth.dto.DCRError;
import org.wso2.carbon.apimgt.core.auth.dto.OAuth2IntrospectionResponse;
import org.wso2.carbon.apimgt.core.auth.dto.OAuth2TokenInfo;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.ExceptionCodes;
import org.wso2.carbon.apimgt.core.exception.KeyManagementException;
import org.wso2.carbon.apimgt.core.models.API;
import org.wso2.carbon.apimgt.core.models.AccessTokenInfo;
import org.wso2.carbon.apimgt.core.models.AccessTokenRequest;
import org.wso2.carbon.apimgt.core.models.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.core.models.OAuthAppRequest;
import org.wso2.carbon.apimgt.core.models.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.core.models.Scope;
import org.wso2.carbon.apimgt.core.util.KeyManagerConstants;

/* loaded from: input_file:org/wso2/carbon/apimgt/core/impl/DefaultKeyManagerImpl.class */
public class DefaultKeyManagerImpl implements KeyManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultKeyManagerImpl.class);
    protected DCRMServiceStub dcrmServiceStub;
    protected OAuth2ServiceStubs oAuth2ServiceStubs;
    protected ScopeRegistration scopeRegistration;

    public DefaultKeyManagerImpl() throws APIManagementException {
        this(DCRMServiceStubFactory.getDCRMServiceStub(), OAuth2ServiceStubsFactory.getOAuth2ServiceStubs(), ScopeRegistrationServiceStubFactory.getScopeRegistration());
    }

    public DefaultKeyManagerImpl(DCRMServiceStub dCRMServiceStub, OAuth2ServiceStubs oAuth2ServiceStubs, ScopeRegistration scopeRegistration) throws APIManagementException {
        this.dcrmServiceStub = dCRMServiceStub;
        this.oAuth2ServiceStubs = oAuth2ServiceStubs;
        this.scopeRegistration = scopeRegistration;
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public OAuthApplicationInfo createApplication(OAuthAppRequest oAuthAppRequest) throws KeyManagementException {
        log.debug("Creating OAuth2 application:{}", oAuthAppRequest.toString());
        String clientName = oAuthAppRequest.getClientName();
        String keyType = oAuthAppRequest.getKeyType();
        if (keyType != null) {
            clientName = clientName + '_' + keyType;
        }
        DCRClientInfo dCRClientInfo = new DCRClientInfo();
        dCRClientInfo.setClientName(clientName);
        dCRClientInfo.setGrantTypes(oAuthAppRequest.getGrantTypes());
        if (StringUtils.isNotEmpty(oAuthAppRequest.getCallBackURL())) {
            dCRClientInfo.addCallbackUrl(oAuthAppRequest.getCallBackURL());
        }
        Response registerApplication = this.dcrmServiceStub.registerApplication(dCRClientInfo);
        if (registerApplication == null) {
            throw new KeyManagementException("Error occurred while DCR application creation. Response is null", ExceptionCodes.OAUTH2_APP_CREATION_FAILED);
        }
        if (registerApplication.status() == 201) {
            try {
                OAuthApplicationInfo oAuthApplicationInfo = getOAuthApplicationInfo(registerApplication);
                oAuthApplicationInfo.setParameters(oAuthAppRequest.getParameters());
                log.debug("OAuth2 application created: {}", oAuthApplicationInfo.toString());
                return oAuthApplicationInfo;
            } catch (IOException e) {
                throw new KeyManagementException("Error occurred while parsing the DCR application creation response message.", e, ExceptionCodes.OAUTH2_APP_CREATION_FAILED);
            }
        }
        if (registerApplication.status() != 400) {
            throw new KeyManagementException("Error occurred while DCR application creation. Error: " + registerApplication.body().toString() + " Status Code: " + registerApplication.status(), ExceptionCodes.OAUTH2_APP_CREATION_FAILED);
        }
        try {
            DCRError dCRError = (DCRError) new GsonDecoder().decode(registerApplication, DCRError.class);
            throw new KeyManagementException("Error occurred while DCR application creation. Error: " + dCRError.getError() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + registerApplication.status(), ExceptionCodes.OAUTH2_APP_CREATION_FAILED);
        } catch (IOException e2) {
            throw new KeyManagementException("Error occurred while parsing the DCR error message.", e2, ExceptionCodes.OAUTH2_APP_CREATION_FAILED);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public OAuthApplicationInfo updateApplication(OAuthApplicationInfo oAuthApplicationInfo) throws KeyManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Updating OAuth2 application with : " + oAuthApplicationInfo.toString());
        }
        String clientName = oAuthApplicationInfo.getClientName();
        String str = (String) oAuthApplicationInfo.getParameter(KeyManagerConstants.APP_KEY_TYPE);
        if (str != null) {
            clientName = clientName + '_' + str;
        }
        DCRClientInfo dCRClientInfo = new DCRClientInfo();
        dCRClientInfo.setClientName(clientName);
        dCRClientInfo.setClientId(oAuthApplicationInfo.getClientId());
        dCRClientInfo.setClientSecret(oAuthApplicationInfo.getClientSecret());
        dCRClientInfo.addCallbackUrl(oAuthApplicationInfo.getCallBackURL());
        dCRClientInfo.setGrantTypes(oAuthApplicationInfo.getGrantTypes());
        Response updateApplication = this.dcrmServiceStub.updateApplication(dCRClientInfo, dCRClientInfo.getClientId());
        if (updateApplication == null) {
            throw new KeyManagementException("Error occurred while updating DCR application. Response is null", ExceptionCodes.OAUTH2_APP_UPDATE_FAILED);
        }
        if (updateApplication.status() != 200) {
            if (updateApplication.status() != 400) {
                throw new KeyManagementException("Error occurred while updating DCR application. Error: " + updateApplication.body().toString() + " Status Code: " + updateApplication.status(), ExceptionCodes.OAUTH2_APP_UPDATE_FAILED);
            }
            try {
                DCRError dCRError = (DCRError) new GsonDecoder().decode(updateApplication, DCRError.class);
                throw new KeyManagementException("Error occurred while updating DCR application. Error: " + dCRError.getError() + ". Error Description: " + dCRError.getErrorDescription() + ". Status Code: " + updateApplication.status(), ExceptionCodes.OAUTH2_APP_UPDATE_FAILED);
            } catch (IOException e) {
                throw new KeyManagementException("Error occurred while parsing the DCR error message.", e, ExceptionCodes.OAUTH2_APP_UPDATE_FAILED);
            }
        }
        try {
            OAuthApplicationInfo oAuthApplicationInfo2 = getOAuthApplicationInfo(updateApplication);
            oAuthApplicationInfo2.setParameters(oAuthApplicationInfo.getParameters());
            if (log.isDebugEnabled()) {
                log.debug("OAuth2 application updated: " + oAuthApplicationInfo2.toString());
            }
            return oAuthApplicationInfo2;
        } catch (IOException e2) {
            throw new KeyManagementException("Error occurred while parsing the DCR application update response message.", e2, ExceptionCodes.OAUTH2_APP_UPDATE_FAILED);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public void deleteApplication(String str) throws KeyManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Deleting OAuth application for consumer key: " + str);
        }
        if (StringUtils.isEmpty(str)) {
            throw new KeyManagementException("Unable to delete OAuth Application. Consumer Key is null or empty", ExceptionCodes.OAUTH2_APP_DELETION_FAILED);
        }
        Response deleteApplication = this.dcrmServiceStub.deleteApplication(str);
        if (deleteApplication == null) {
            throw new KeyManagementException("Error occurred while deleting DCR application. Response is null", ExceptionCodes.OAUTH2_APP_DELETION_FAILED);
        }
        if (deleteApplication.status() != 204) {
            throw new KeyManagementException("Error occurred while deleting DCR application. Error: " + deleteApplication.body().toString() + " Status Code: " + deleteApplication.status(), ExceptionCodes.OAUTH2_APP_DELETION_FAILED);
        }
        if (log.isDebugEnabled()) {
            log.debug("OAuth2 application for consumer key: " + str + " deleted.");
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public OAuthApplicationInfo retrieveApplication(String str) throws KeyManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving OAuth application for consumer key: " + str);
        }
        if (StringUtils.isEmpty(str)) {
            throw new KeyManagementException("Unable to retrieve OAuth Application. Consumer Key is null or empty", ExceptionCodes.OAUTH2_APP_RETRIEVAL_FAILED);
        }
        Response application = this.dcrmServiceStub.getApplication(str);
        if (application == null) {
            throw new KeyManagementException("Error occurred while retrieving DCR application. Response is null", ExceptionCodes.OAUTH2_APP_RETRIEVAL_FAILED);
        }
        if (application.status() != 200) {
            throw new KeyManagementException("Error occurred while retrieving DCR application. Error: " + application.body().toString() + " Status Code: " + application.status(), ExceptionCodes.OAUTH2_APP_RETRIEVAL_FAILED);
        }
        try {
            OAuthApplicationInfo oAuthApplicationInfo = getOAuthApplicationInfo(application);
            if (log.isDebugEnabled()) {
                log.debug("OAuth2 application retrieved: " + oAuthApplicationInfo.toString());
            }
            return oAuthApplicationInfo;
        } catch (IOException e) {
            throw new KeyManagementException("Error occurred while parsing the DCR application retrieval response message.", e, ExceptionCodes.OAUTH2_APP_RETRIEVAL_FAILED);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public AccessTokenInfo getNewAccessToken(AccessTokenRequest accessTokenRequest) throws KeyManagementException {
        Response generateJWTGrantAccessToken;
        if (accessTokenRequest == null) {
            throw new KeyManagementException("No information available to generate Token. AccessTokenRequest is null", ExceptionCodes.INVALID_TOKEN_REQUEST);
        }
        if (!StringUtils.isEmpty(accessTokenRequest.getTokenToRevoke())) {
            revokeAccessToken(accessTokenRequest.getTokenToRevoke(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
        }
        try {
            if (KeyManagerConstants.CLIENT_CREDENTIALS_GRANT_TYPE.equals(accessTokenRequest.getGrantType())) {
                generateJWTGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateClientCredentialsGrantAccessToken(accessTokenRequest.getScopes(), accessTokenRequest.getValidityPeriod(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
            } else if ("password".equals(accessTokenRequest.getGrantType())) {
                generateJWTGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generatePasswordGrantAccessToken(accessTokenRequest.getResourceOwnerUsername(), accessTokenRequest.getResourceOwnerPassword(), accessTokenRequest.getScopes(), accessTokenRequest.getValidityPeriod(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
            } else if (KeyManagerConstants.AUTHORIZATION_CODE_GRANT_TYPE.equals(accessTokenRequest.getGrantType())) {
                generateJWTGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateAuthCodeGrantAccessToken(accessTokenRequest.getAuthorizationCode(), accessTokenRequest.getCallbackURI(), accessTokenRequest.getScopes(), accessTokenRequest.getValidityPeriod(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
            } else if ("refresh_token".equals(accessTokenRequest.getGrantType())) {
                generateJWTGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateRefreshGrantAccessToken(accessTokenRequest.getRefreshToken(), accessTokenRequest.getScopes(), accessTokenRequest.getValidityPeriod(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
            } else {
                if (!KeyManagerConstants.JWT_GRANT_TYPE.equals(accessTokenRequest.getGrantType())) {
                    throw new KeyManagementException("Invalid access token request. Unsupported grant type: " + accessTokenRequest.getGrantType(), ExceptionCodes.INVALID_TOKEN_REQUEST);
                }
                generateJWTGrantAccessToken = this.oAuth2ServiceStubs.getTokenServiceStub().generateJWTGrantAccessToken(accessTokenRequest.getAssertion(), KeyManagerConstants.JWT_GRANT_TYPE, accessTokenRequest.getScopes(), accessTokenRequest.getValidityPeriod(), accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret());
            }
            if (generateJWTGrantAccessToken == null) {
                throw new KeyManagementException("Error occurred while generating an access token. Response is null", ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
            }
            if (generateJWTGrantAccessToken.status() != 200) {
                throw new KeyManagementException("Token generation request failed. HTTP error code: " + generateJWTGrantAccessToken.status() + " Error Response Body: " + generateJWTGrantAccessToken.body().toString(), ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
            }
            log.debug("A new access token is successfully generated.");
            try {
                OAuth2TokenInfo oAuth2TokenInfo = (OAuth2TokenInfo) new GsonDecoder().decode(generateJWTGrantAccessToken, OAuth2TokenInfo.class);
                AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
                accessTokenInfo.setAccessToken(oAuth2TokenInfo.getAccessToken());
                accessTokenInfo.setScopes(oAuth2TokenInfo.getScope());
                accessTokenInfo.setRefreshToken(oAuth2TokenInfo.getRefreshToken());
                accessTokenInfo.setIdToken(oAuth2TokenInfo.getIdToken());
                accessTokenInfo.setValidityPeriod(oAuth2TokenInfo.getExpiresIn());
                return accessTokenInfo;
            } catch (IOException e) {
                throw new KeyManagementException("Error occurred while parsing token response", e, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
            }
        } catch (APIManagementException e2) {
            throw new KeyManagementException("Token generation request failed. Error: " + e2.getMessage(), e2, ExceptionCodes.ACCESS_TOKEN_GENERATION_FAILED);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public AccessTokenInfo getTokenMetaData(String str) throws KeyManagementException {
        log.debug("Token introspection request is being sent.");
        try {
            Response introspectToken = this.oAuth2ServiceStubs.getIntrospectionServiceStub().introspectToken(str);
            if (introspectToken == null) {
                throw new KeyManagementException("Error occurred while introspecting access token. Response is null", ExceptionCodes.TOKEN_INTROSPECTION_FAILED);
            }
            if (introspectToken.status() != 200) {
                throw new KeyManagementException("Token introspection request failed. HTTP error code: " + introspectToken.status() + " Error Response Body: " + introspectToken.body().toString(), ExceptionCodes.TOKEN_INTROSPECTION_FAILED);
            }
            log.debug("Token introspection is successful");
            try {
                OAuth2IntrospectionResponse oAuth2IntrospectionResponse = (OAuth2IntrospectionResponse) new GsonDecoder().decode(introspectToken, OAuth2IntrospectionResponse.class);
                AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
                if (oAuth2IntrospectionResponse.isActive()) {
                    accessTokenInfo.setTokenValid(true);
                    accessTokenInfo.setAccessToken(str);
                    accessTokenInfo.setScopes(oAuth2IntrospectionResponse.getScope());
                    accessTokenInfo.setConsumerKey(oAuth2IntrospectionResponse.getClientId());
                    accessTokenInfo.setIssuedTime(oAuth2IntrospectionResponse.getIat());
                    accessTokenInfo.setExpiryTime(oAuth2IntrospectionResponse.getExp());
                    if (StringUtils.isNotEmpty(oAuth2IntrospectionResponse.getUsername())) {
                        accessTokenInfo.setEndUserName(oAuth2IntrospectionResponse.getUsername());
                    }
                    accessTokenInfo.setValidityPeriod(oAuth2IntrospectionResponse.getExp() - oAuth2IntrospectionResponse.getIat());
                } else {
                    accessTokenInfo.setTokenValid(false);
                    log.error("Invalid or expired access token received.");
                    accessTokenInfo.setErrorCode(KeyManagerConstants.KeyValidationStatus.API_AUTH_INVALID_CREDENTIALS);
                }
                return accessTokenInfo;
            } catch (IOException e) {
                throw new KeyManagementException("Error occurred while parsing token introspection response", e, ExceptionCodes.TOKEN_INTROSPECTION_FAILED);
            }
        } catch (APIManagementException e2) {
            throw new KeyManagementException("Error occurred while introspecting access token.", e2, ExceptionCodes.TOKEN_INTROSPECTION_FAILED);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public void revokeAccessToken(String str, String str2, String str3) throws KeyManagementException {
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public KeyManagerConfiguration getKeyManagerConfiguration() throws KeyManagementException {
        return null;
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) throws KeyManagementException {
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public boolean registerNewResource(API api, Map map) throws KeyManagementException {
        return true;
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public Map getResourceByApiId(String str) throws KeyManagementException {
        return null;
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public boolean updateRegisteredResource(API api, Map map) throws KeyManagementException {
        return false;
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public void deleteRegisteredResourceByAPIId(String str) throws KeyManagementException {
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public void deleteMappedApplication(String str) throws KeyManagementException {
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public boolean registerScope(Scope scope) throws KeyManagementException {
        if (this.scopeRegistration.isScopeExist(scope.getName())) {
            throw new KeyManagementException("Scope Registration Failed", ExceptionCodes.SCOPE_REGISTRATION_FAILED);
        }
        return this.scopeRegistration.registerScope(scope);
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public Scope retrieveScope(String str) throws KeyManagementException {
        return this.scopeRegistration.getScopeByName(str);
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public boolean updateScope(Scope scope) throws KeyManagementException {
        return this.scopeRegistration.updateScope(scope);
    }

    @Override // org.wso2.carbon.apimgt.core.api.KeyManager
    public boolean deleteScope(String str) throws KeyManagementException {
        return this.scopeRegistration.deleteScope(str);
    }

    private OAuthApplicationInfo getOAuthApplicationInfo(Response response) throws IOException {
        OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
        DCRClientInfo dCRClientInfo = (DCRClientInfo) new GsonDecoder().decode(response, DCRClientInfo.class);
        oAuthApplicationInfo.setClientName(dCRClientInfo.getClientName());
        oAuthApplicationInfo.setClientId(dCRClientInfo.getClientId());
        oAuthApplicationInfo.setClientSecret(dCRClientInfo.getClientSecret());
        oAuthApplicationInfo.setGrantTypes(dCRClientInfo.getGrantTypes());
        oAuthApplicationInfo.setCallBackURL(dCRClientInfo.getRedirectURIs().get(0));
        return oAuthApplicationInfo;
    }
}
