package org.wso2.carbon.apimgt.impl.factory;

import com.google.gson.Gson;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.cert.X509Certificate;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.KeyManager;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.KeyManagerConnectorConfiguration;
import org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO;
import org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto;
import org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.dto.KeyManagerDto;
import org.wso2.carbon.apimgt.impl.dto.OrganizationKeyManagerDto;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.jwt.JWTValidator;
import org.wso2.carbon.apimgt.impl.jwt.JWTValidatorImpl;
import org.wso2.carbon.apimgt.impl.loader.KeyManagerConfigurationDataRetriever;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/factory/KeyManagerHolder.class */
public class KeyManagerHolder {
    private static Log log = LogFactory.getLog(KeyManagerHolder.class);
    private static Map<String, OrganizationKeyManagerDto> organizationWiseMap = new HashMap();
    private static Map<String, KeyManagerDto> globalJWTValidatorMap = new HashMap();

    public static void addKeyManagerConfiguration(String str, String str2, String str3, KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        String str4 = (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.ISSUER);
        OrganizationKeyManagerDto organizationKeyManagerDto = organizationWiseMap.get(str);
        if (organizationKeyManagerDto == null) {
            organizationKeyManagerDto = new OrganizationKeyManagerDto();
        }
        if (organizationKeyManagerDto.getKeyManagerByName(str2) != null) {
            log.warn("Key Manager " + str2 + " already initialized in tenant " + str);
        }
        if (!keyManagerConfiguration.isEnabled() || KeyManagerConfiguration.TokenType.EXCHANGED.equals(keyManagerConfiguration.getTokenType())) {
            return;
        }
        KeyManager keyManager = null;
        JWTValidator jWTValidator = null;
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
        String firstProperty = aPIManagerConfiguration.getFirstProperty(APIConstants.DEFAULT_KEY_MANAGER_TYPE);
        KeyManagerConnectorConfiguration keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(str3);
        if (keyManagerConnectorConfiguration != null) {
            if (StringUtils.isNotEmpty(keyManagerConnectorConfiguration.getImplementation())) {
                try {
                    keyManager = (KeyManager) Class.forName(keyManagerConnectorConfiguration.getImplementation()).newInstance();
                    keyManager.setTenantDomain(str);
                    if (StringUtils.isNotEmpty(firstProperty) && firstProperty.equals(str3)) {
                        keyManagerConfiguration.addParameter("Username", aPIManagerConfiguration.getFirstProperty(APIConstants.API_KEY_VALIDATOR_USERNAME));
                        keyManagerConfiguration.addParameter("Password", aPIManagerConfiguration.getFirstProperty(APIConstants.API_KEY_VALIDATOR_PASSWORD));
                    }
                    keyManager.loadConfiguration(keyManagerConfiguration);
                } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new APIManagementException("Error while loading keyManager configuration", e);
                }
            }
            jWTValidator = getJWTValidator(keyManagerConfiguration, keyManagerConnectorConfiguration.getJWTValidator());
        } else if ("default".equals(str3)) {
            keyManager = new AMDefaultKeyManagerImpl();
            keyManager.setTenantDomain(str);
            keyManager.loadConfiguration(keyManagerConfiguration);
            jWTValidator = getJWTValidator(keyManagerConfiguration, null);
        }
        KeyManagerDto keyManagerDto = new KeyManagerDto();
        keyManagerDto.setName(str2);
        keyManagerDto.setIssuer(str4);
        keyManagerDto.setJwtValidator(jWTValidator);
        keyManagerDto.setKeyManager(keyManager);
        organizationKeyManagerDto.putKeyManagerDto(keyManagerDto);
        organizationWiseMap.put(str, organizationKeyManagerDto);
    }

    public static Map<String, KeyManagerDto> getTenantKeyManagers(String str) {
        OrganizationKeyManagerDto tenantKeyManagerDto = getTenantKeyManagerDto(str);
        return tenantKeyManagerDto != null ? tenantKeyManagerDto.getKeyManagerMap() : Collections.emptyMap();
    }

    private KeyManagerHolder() {
    }

    public static void updateKeyManagerConfiguration(String str, String str2, String str3, KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        removeKeyManagerConfiguration(str, str2);
        if (keyManagerConfiguration.isEnabled()) {
            addKeyManagerConfiguration(str, str2, str3, keyManagerConfiguration);
        }
    }

    public static void removeKeyManagerConfiguration(String str, String str2) {
        OrganizationKeyManagerDto organizationKeyManagerDto = organizationWiseMap.get(str);
        if (organizationKeyManagerDto != null) {
            organizationKeyManagerDto.removeKeyManagerDtoByName(str2);
        }
    }

    private static JWTValidator getJWTValidator(KeyManagerConfiguration keyManagerConfiguration, String str) throws APIManagementException {
        Object parameter;
        JWTValidator jWTValidator;
        Object parameter2 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.SELF_VALIDATE_JWT);
        if (parameter2 == null || !((Boolean) parameter2).booleanValue() || (parameter = keyManagerConfiguration.getParameter(APIConstants.KeyManager.ISSUER)) == null) {
            return null;
        }
        TokenIssuerDto tokenIssuerDto = new TokenIssuerDto((String) parameter);
        Object parameter3 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CLAIM_MAPPING);
        if (parameter3 instanceof List) {
            Gson gson = new Gson();
            tokenIssuerDto.addClaimMappings((ClaimMappingDto[]) gson.fromJson(gson.toJsonTree(parameter3), ClaimMappingDto[].class));
        }
        Object parameter4 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CONSUMER_KEY_CLAIM);
        if ((parameter4 instanceof String) && StringUtils.isNotEmpty((String) parameter4)) {
            tokenIssuerDto.setConsumerKeyClaim((String) parameter4);
        }
        Object parameter5 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.SCOPES_CLAIM);
        if ((parameter5 instanceof String) && StringUtils.isNotEmpty((String) parameter5)) {
            tokenIssuerDto.setScopesClaim((String) parameter5);
        }
        Object parameter6 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.JWKS_ENDPOINT);
        if (parameter6 != null && StringUtils.isNotEmpty((String) parameter6)) {
            JWKSConfigurationDTO jWKSConfigurationDTO = new JWKSConfigurationDTO();
            jWKSConfigurationDTO.setEnabled(true);
            jWKSConfigurationDTO.setUrl((String) parameter6);
            tokenIssuerDto.setJwksConfigurationDTO(jWKSConfigurationDTO);
        }
        Object parameter7 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CERTIFICATE_TYPE);
        Object parameter8 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CERTIFICATE_VALUE);
        if (parameter7 != null && StringUtils.isNotEmpty((String) parameter7) && parameter8 != null && StringUtils.isNotEmpty((String) parameter8)) {
            if (APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(parameter7)) {
                JWKSConfigurationDTO jWKSConfigurationDTO2 = new JWKSConfigurationDTO();
                jWKSConfigurationDTO2.setEnabled(true);
                jWKSConfigurationDTO2.setUrl((String) parameter8);
                tokenIssuerDto.setJwksConfigurationDTO(jWKSConfigurationDTO2);
            } else {
                X509Certificate retrieveCertificateFromContent = APIUtil.retrieveCertificateFromContent((String) parameter8);
                if (retrieveCertificateFromContent != null) {
                    tokenIssuerDto.setCertificate(retrieveCertificateFromContent);
                }
            }
        }
        if (StringUtils.isEmpty(str)) {
            jWTValidator = new JWTValidatorImpl();
        } else {
            try {
                jWTValidator = (JWTValidator) Class.forName(str).newInstance();
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                log.error("Error while initializing JWT Validator", e);
                throw new APIManagementException("Error while initializing JWT Validator", e);
            }
        }
        jWTValidator.loadTokenIssuerConfiguration(tokenIssuerDto);
        return jWTValidator;
    }

    public static KeyManager getKeyManagerInstance(String str, String str2) {
        KeyManagerDto keyManagerByName;
        OrganizationKeyManagerDto tenantKeyManagerDto = getTenantKeyManagerDto(str);
        if (tenantKeyManagerDto == null || (keyManagerByName = tenantKeyManagerDto.getKeyManagerByName(str2)) == null) {
            return null;
        }
        return keyManagerByName.getKeyManager();
    }

    public static KeyManagerDto getKeyManagerByIssuer(String str, String str2) {
        if (globalJWTValidatorMap.containsKey(str2)) {
            return globalJWTValidatorMap.get(str2);
        }
        OrganizationKeyManagerDto tenantKeyManagerDto = getTenantKeyManagerDto(str);
        if (tenantKeyManagerDto != null) {
            return tenantKeyManagerDto.getKeyManagerDtoByIssuer(str2);
        }
        return null;
    }

    private static OrganizationKeyManagerDto getTenantKeyManagerDto(String str) {
        OrganizationKeyManagerDto organizationKeyManagerDto = organizationWiseMap.get(str);
        if (organizationKeyManagerDto == null) {
            synchronized ("KeyManagerHolder".concat(str)) {
                if (organizationKeyManagerDto == null) {
                    new KeyManagerConfigurationDataRetriever(str).run();
                    organizationKeyManagerDto = organizationWiseMap.get(str);
                }
            }
        }
        return organizationKeyManagerDto;
    }

    public static void addGlobalJWTValidators(TokenIssuerDto tokenIssuerDto) {
        KeyManagerDto keyManagerDto = new KeyManagerDto();
        keyManagerDto.setIssuer(tokenIssuerDto.getIssuer());
        keyManagerDto.setName(APIConstants.KeyManager.DEFAULT_KEY_MANAGER);
        JWTValidatorImpl jWTValidatorImpl = new JWTValidatorImpl();
        jWTValidatorImpl.loadTokenIssuerConfiguration(tokenIssuerDto);
        keyManagerDto.setJwtValidator(jWTValidatorImpl);
        globalJWTValidatorMap.put(tokenIssuerDto.getIssuer(), keyManagerDto);
    }
}
