package io.cellery.security.extensions.km;

import io.cellery.security.extensions.util.Utils;
import java.util.Arrays;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2IntrospectionResponseDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:io/cellery/security/extensions/km/CelleryExtendedKeyManagerImpl.class */
public class CelleryExtendedKeyManagerImpl extends AMDefaultKeyManagerImpl {
    private static final String JWT_TOKEN_TYPE = "jwt";

    public AccessTokenInfo getTokenMetaData(String str) throws APIManagementException {
        if (!Utils.isSignedJWT(str)) {
            return super.getTokenMetaData(str);
        }
        OAuth2IntrospectionResponseDTO introspectToken = introspectToken(buildTokenValidationRequest(str));
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        if (isTokenInvalid(introspectToken)) {
            accessTokenInfo.setTokenValid(false);
            accessTokenInfo.setErrorcode(900901);
        } else {
            accessTokenInfo.setTokenValid(true);
            accessTokenInfo.setEndUserName(introspectToken.getSub());
            accessTokenInfo.setConsumerKey(introspectToken.getClientId());
            accessTokenInfo.setIssuedTime(System.currentTimeMillis());
            accessTokenInfo.setScope(buildScopes(introspectToken));
            accessTokenInfo.setValidityPeriod(getExpiryPeriodInMillis(introspectToken));
            handleScopes(introspectToken, accessTokenInfo);
        }
        return accessTokenInfo;
    }

    private String[] buildScopes(OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO) {
        return OAuth2Util.buildScopeArray(oAuth2IntrospectionResponseDTO.getScope());
    }

    private OAuth2IntrospectionResponseDTO introspectToken(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) {
        return new OAuth2TokenValidationService().buildIntrospectionResponse(oAuth2TokenValidationRequestDTO);
    }

    private boolean isTokenInvalid(OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO) {
        return !oAuth2IntrospectionResponseDTO.isActive();
    }

    private long getExpiryPeriodInMillis(OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO) {
        return (oAuth2IntrospectionResponseDTO.getExp() * 1000) - System.currentTimeMillis();
    }

    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        super.loadConfiguration((KeyManagerConfiguration) null);
    }

    private void handleScopes(OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO, AccessTokenInfo accessTokenInfo) {
        String[] buildScopeArray = OAuth2Util.buildScopeArray(oAuth2IntrospectionResponseDTO.getScope());
        String configurationElementValue = getConfigurationElementValue("OAuthConfigurations.ApplicationTokenScope");
        if (buildScopeArray == null || configurationElementValue == null || configurationElementValue.isEmpty() || !Arrays.asList(buildScopeArray).contains(configurationElementValue)) {
            return;
        }
        accessTokenInfo.setApplicationToken(true);
    }

    private OAuth2TokenValidationRequestDTO buildTokenValidationRequest(String str) {
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setIdentifier(str);
        oAuth2AccessToken.setTokenType(JWT_TOKEN_TYPE);
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        return oAuth2TokenValidationRequestDTO;
    }
}
