package io.cellery.security.extensions.jwt;

import com.nimbusds.jwt.SignedJWT;
import edu.emory.mathcs.backport.java.util.Arrays;
import io.cellery.security.extensions.exception.CelleryAuthException;
import io.cellery.security.extensions.util.Utils;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext;
import org.wso2.carbon.apimgt.keymgt.token.JWTGenerator;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:io/cellery/security/extensions/jwt/CellerySignedJWTGenerator.class */
public class CellerySignedJWTGenerator extends JWTGenerator {
    private static final Log log = LogFactory.getLog(CellerySignedJWTGenerator.class);
    private static final String CONSUMER_KEY_CLAIM = "consumerKey";
    private static final String CELL_NAME = "cell_name";

    public String generateToken(TokenValidationContext tokenValidationContext) throws APIManagementException {
        CellerySignedJWTBuilder cellerySignedJWTBuilder = new CellerySignedJWTBuilder();
        try {
            Map<String, Object> claimsFromSignedJWT = getClaimsFromSignedJWT(tokenValidationContext);
            Map<? extends String, ? extends Object> populateCustomClaims = populateCustomClaims(tokenValidationContext);
            HashMap hashMap = new HashMap();
            hashMap.putAll(claimsFromSignedJWT);
            hashMap.putAll(populateCustomClaims);
            return cellerySignedJWTBuilder.subject(getEndUserName(tokenValidationContext)).scopes(getScopes(tokenValidationContext)).claim(CONSUMER_KEY_CLAIM, getConsumerKey(tokenValidationContext)).claims(hashMap).audience(getDestinationCell(tokenValidationContext)).build();
        } catch (CelleryAuthException e) {
            throw new APIManagementException("Error generating JWT for context: " + tokenValidationContext, e);
        }
    }

    private String getEndUserName(TokenValidationContext tokenValidationContext) throws APIManagementException {
        try {
            AuthenticatedUser authzUser = OAuth2Util.getAccessTokenDOfromTokenIdentifier(tokenValidationContext.getAccessToken()).getAuthzUser();
            String endUserName = tokenValidationContext.getValidationInfoDTO().getEndUserName();
            return authzUser.isFederatedUser() ? endUserName : MultitenantUtils.getTenantAwareUsername(endUserName);
        } catch (IdentityOAuth2Exception e) {
            throw new APIManagementException("Error while retrieving authenticated user metadata.", e);
        }
    }

    private String getConsumerKey(TokenValidationContext tokenValidationContext) {
        return tokenValidationContext.getTokenInfo().getConsumerKey();
    }

    private List<String> getScopes(TokenValidationContext tokenValidationContext) {
        String[] scopes = tokenValidationContext.getTokenInfo().getScopes();
        return scopes != null ? Arrays.asList(scopes) : Collections.emptyList();
    }

    private Map<String, Object> getClaimsFromSignedJWT(TokenValidationContext tokenValidationContext) {
        String accessToken = tokenValidationContext.getAccessToken();
        if (Utils.isSignedJWT(accessToken)) {
            try {
                return Utils.getCustomClaims(SignedJWT.parse(accessToken));
            } catch (ParseException e) {
                log.error("Error retrieving claims from the JWT Token.", e);
            }
        }
        return Collections.emptyMap();
    }

    private String getDestinationCell(TokenValidationContext tokenValidationContext) throws APIManagementException {
        String apiPublisher = tokenValidationContext.getValidationInfoDTO().getApiPublisher();
        Object obj = APIManagerFactory.getInstance().getAPIProvider(apiPublisher).getAPI(new APIIdentifier(apiPublisher, tokenValidationContext.getValidationInfoDTO().getApiName(), removeDefaultVersion(tokenValidationContext))).getAdditionalProperties().get(CELL_NAME);
        if (!(obj instanceof String)) {
            log.debug("Property:cell_name was not found for the API. This API call is going to an API not published by a Cellery Cell.");
            return null;
        }
        String valueOf = String.valueOf(obj);
        log.debug("Destination Cell for API call is '" + valueOf + "'");
        return valueOf;
    }

    private String removeDefaultVersion(TokenValidationContext tokenValidationContext) {
        return tokenValidationContext.getVersion().replace("_default_", "");
    }
}
