package org.wso2.carbon.apimgt.impl;

import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import feign.Feign;
import feign.Response;
import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.slf4j.Slf4jLogger;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.ExceptionCodes;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.AccessTokenRequest;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.api.model.URITemplate;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.dto.ScopeDTO;
import org.wso2.carbon.apimgt.impl.dto.UserInfoDTO;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient;
import org.wso2.carbon.apimgt.impl.kmclient.FormEncoder;
import org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder;
import org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException;
import org.wso2.carbon.apimgt.impl.kmclient.model.AuthClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.Claim;
import org.wso2.carbon.apimgt.impl.kmclient.model.ClaimsList;
import org.wso2.carbon.apimgt.impl.kmclient.model.ClientInfo;
import org.wso2.carbon.apimgt.impl.kmclient.model.DCRClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.IntrospectInfo;
import org.wso2.carbon.apimgt.impl.kmclient.model.IntrospectionClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.ScopeClient;
import org.wso2.carbon.apimgt.impl.kmclient.model.TenantHeaderInterceptor;
import org.wso2.carbon.apimgt.impl.kmclient.model.TokenInfo;
import org.wso2.carbon.apimgt.impl.kmclient.model.UserClient;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/AMDefaultKeyManagerImpl.class */
public class AMDefaultKeyManagerImpl extends AbstractKeyManager {
    private static final Log log = LogFactory.getLog(AMDefaultKeyManagerImpl.class);
    private static final String GRANT_TYPE_VALUE = "client_credentials";
    private DCRClient dcrClient;
    private IntrospectionClient introspectionClient;
    private AuthClient authClient;
    private ScopeClient scopeClient;
    private UserClient userClient;

    public OAuthApplicationInfo createApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String str = (String) oAuthApplicationInfo.getParameter("username");
        if (StringUtils.isEmpty(str)) {
            throw new APIManagementException("Missing user ID for OAuth application creation.");
        }
        String clientName = oAuthApplicationInfo.getClientName();
        String applicationUUID = oAuthAppRequest.getOAuthApplicationInfo().getApplicationUUID();
        String str2 = (String) oAuthApplicationInfo.getParameter("key_type");
        if (!StringUtils.isNotEmpty(clientName) || !StringUtils.isNotEmpty(str2)) {
            throw new APIManagementException("Missing required information for OAuth application creation.");
        }
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
        if (extractDomainFromName != null && !extractDomainFromName.isEmpty() && !"PRIMARY".equals(extractDomainFromName)) {
            str = str.replace(UserCoreConstants.DOMAIN_SEPARATOR, "_");
        }
        String format = String.format("%s_%s_%s", APIUtil.replaceEmailDomain(MultitenantUtils.getTenantAwareUsername(str)), applicationUUID, str2);
        if (log.isDebugEnabled()) {
            log.debug("Trying to create OAuth application : " + format + " for application: " + clientName + " and key type: " + str2);
        }
        String[] strArr = {(String) oAuthApplicationInfo.getParameter(APIConstants.AccessTokenConstants.TOKEN_SCOPES)};
        try {
            buildDTOFromClientInfo(this.dcrClient.createApplication(createClientInfo(oAuthApplicationInfo, format, false)), oAuthApplicationInfo);
            oAuthApplicationInfo.addParameter(APIConstants.AccessTokenConstants.TOKEN_SCOPES, strArr);
            oAuthApplicationInfo.setIsSaasApplication(false);
            return oAuthApplicationInfo;
        } catch (KeyManagerClientException e) {
            handleException("Can not create OAuth application  : " + format + " for application: " + clientName + " and key type: " + str2, e);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v125, types: [java.util.Map] */
    private ClientInfo createClientInfo(OAuthApplicationInfo oAuthApplicationInfo, String str, boolean z) throws JSONException, APIManagementException {
        ClientInfo clientInfo = new ClientInfo();
        JSONObject jSONObject = new JSONObject(oAuthApplicationInfo.getJsonString());
        String str2 = (String) oAuthApplicationInfo.getParameter("username");
        if (jSONObject.has("grant_types")) {
            String string = jSONObject.getString("grant_types");
            if (string.startsWith(",")) {
                string = string.substring(1);
            }
            clientInfo.setGrantTypes(Arrays.asList(string.split(",")));
        }
        if (StringUtils.isNotEmpty(oAuthApplicationInfo.getCallBackURL())) {
            clientInfo.setRedirectUris(Arrays.asList(oAuthApplicationInfo.getCallBackURL().trim().split("\\s*,\\s*")));
        }
        clientInfo.setClientName(str);
        if (StringUtils.isEmpty(oAuthApplicationInfo.getTokenType())) {
            clientInfo.setTokenType("JWT");
        } else {
            clientInfo.setTokenType(oAuthApplicationInfo.getTokenType());
        }
        if (!APIUtil.isCrossTenantSubscriptionsEnabled() || this.tenantDomain.equals(MultitenantUtils.getTenantDomain(str2))) {
            clientInfo.setApplication_owner(MultitenantUtils.getTenantAwareUsername(str2));
        } else {
            clientInfo.setApplication_owner(APIUtil.retrieveDefaultReservedUsername());
        }
        if (StringUtils.isNotEmpty(oAuthApplicationInfo.getClientId())) {
            if (z) {
                clientInfo.setClientId(oAuthApplicationInfo.getClientId());
            } else {
                clientInfo.setPresetClientId(oAuthApplicationInfo.getClientId());
            }
        }
        if (StringUtils.isNotEmpty(oAuthApplicationInfo.getClientSecret())) {
            if (z) {
                clientInfo.setClientId(oAuthApplicationInfo.getClientSecret());
            } else {
                clientInfo.setPresetClientSecret(oAuthApplicationInfo.getClientSecret());
            }
        }
        Object parameter = oAuthApplicationInfo.getParameter(APIConstants.JSON_ADDITIONAL_PROPERTIES);
        HashMap hashMap = new HashMap();
        if (parameter instanceof String) {
            hashMap = (Map) new Gson().fromJson((String) parameter, Map.class);
        }
        if (hashMap.containsKey(APIConstants.KeyManager.APPLICATION_ACCESS_TOKEN_EXPIRY_TIME)) {
            Object obj = hashMap.get(APIConstants.KeyManager.APPLICATION_ACCESS_TOKEN_EXPIRY_TIME);
            if ((obj instanceof String) && !APIConstants.KeyManager.NOT_APPLICABLE_VALUE.equals(obj)) {
                try {
                    long parseLong = Long.parseLong((String) obj);
                    if (parseLong < 0) {
                        throw new APIManagementException("Invalid application access token expiry time given for " + str, ExceptionCodes.INVALID_APPLICATION_PROPERTIES);
                    }
                    clientInfo.setApplicationAccessTokenLifeTime(Long.valueOf(parseLong));
                } catch (NumberFormatException e) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.USER_ACCESS_TOKEN_EXPIRY_TIME)) {
            Object obj2 = hashMap.get(APIConstants.KeyManager.USER_ACCESS_TOKEN_EXPIRY_TIME);
            if ((obj2 instanceof String) && !APIConstants.KeyManager.NOT_APPLICABLE_VALUE.equals(obj2)) {
                try {
                    long parseLong2 = Long.parseLong((String) obj2);
                    if (parseLong2 < 0) {
                        throw new APIManagementException("Invalid user access token expiry time given for " + str, ExceptionCodes.INVALID_APPLICATION_PROPERTIES);
                    }
                    clientInfo.setUserAccessTokenLifeTime(Long.valueOf(parseLong2));
                } catch (NumberFormatException e2) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.REFRESH_TOKEN_EXPIRY_TIME)) {
            Object obj3 = hashMap.get(APIConstants.KeyManager.REFRESH_TOKEN_EXPIRY_TIME);
            if ((obj3 instanceof String) && !APIConstants.KeyManager.NOT_APPLICABLE_VALUE.equals(obj3)) {
                try {
                    clientInfo.setRefreshTokenLifeTime(Long.valueOf(Long.parseLong((String) obj3)));
                } catch (NumberFormatException e3) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.ID_TOKEN_EXPIRY_TIME)) {
            Object obj4 = hashMap.get(APIConstants.KeyManager.ID_TOKEN_EXPIRY_TIME);
            if ((obj4 instanceof String) && !APIConstants.KeyManager.NOT_APPLICABLE_VALUE.equals(obj4)) {
                try {
                    clientInfo.setIdTokenLifeTime(Long.valueOf(Long.parseLong((String) obj4)));
                } catch (NumberFormatException e4) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.PKCE_MANDATORY)) {
            Object obj5 = hashMap.get(APIConstants.KeyManager.PKCE_MANDATORY);
            if ((obj5 instanceof String) && !APIConstants.KeyManager.PKCE_MANDATORY.equals(obj5)) {
                try {
                    clientInfo.setPkceMandatory(Boolean.valueOf(Boolean.parseBoolean((String) obj5)));
                } catch (NumberFormatException e5) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.PKCE_SUPPORT_PLAIN)) {
            Object obj6 = hashMap.get(APIConstants.KeyManager.PKCE_SUPPORT_PLAIN);
            if ((obj6 instanceof String) && !APIConstants.KeyManager.PKCE_SUPPORT_PLAIN.equals(obj6)) {
                try {
                    clientInfo.setPkceSupportPlain(Boolean.valueOf(Boolean.parseBoolean((String) obj6)));
                } catch (NumberFormatException e6) {
                }
            }
        }
        if (hashMap.containsKey(APIConstants.KeyManager.BYPASS_CLIENT_CREDENTIALS)) {
            Object obj7 = hashMap.get(APIConstants.KeyManager.BYPASS_CLIENT_CREDENTIALS);
            if ((obj7 instanceof String) && !APIConstants.KeyManager.BYPASS_CLIENT_CREDENTIALS.equals(obj7)) {
                try {
                    clientInfo.setBypassClientCredentials(Boolean.valueOf(Boolean.parseBoolean((String) obj7)));
                } catch (NumberFormatException e7) {
                }
            }
        }
        clientInfo.setApplicationDisplayName(oAuthApplicationInfo.getClientName());
        return clientInfo;
    }

    public OAuthApplicationInfo updateApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String str = (String) oAuthApplicationInfo.getParameter("username");
        String clientName = oAuthApplicationInfo.getClientName();
        String applicationUUID = oAuthApplicationInfo.getApplicationUUID();
        String str2 = (String) oAuthApplicationInfo.getParameter("key_type");
        if (!StringUtils.isNotEmpty(clientName) || !StringUtils.isNotEmpty(str2)) {
            throw new APIManagementException("Missing required information for OAuth application update.");
        }
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
        if (extractDomainFromName != null && !extractDomainFromName.isEmpty() && !"PRIMARY".equals(extractDomainFromName)) {
            str = str.replace(UserCoreConstants.DOMAIN_SEPARATOR, "_");
        }
        String format = String.format("%s_%s_%s", APIUtil.replaceEmailDomain(MultitenantUtils.getTenantAwareUsername(str)), applicationUUID, str2);
        log.debug("Updating OAuth Client with ID : " + oAuthApplicationInfo.getClientId());
        if (log.isDebugEnabled() && oAuthApplicationInfo.getCallBackURL() != null) {
            log.debug("CallBackURL : " + oAuthApplicationInfo.getCallBackURL());
        }
        if (log.isDebugEnabled() && clientName != null) {
            log.debug("Client Name : " + format);
        }
        try {
            return buildDTOFromClientInfo(this.dcrClient.updateApplication(Base64.getUrlEncoder().encodeToString(oAuthApplicationInfo.getClientId().getBytes(StandardCharsets.UTF_8)), createClientInfo(oAuthApplicationInfo, format, true)), new OAuthApplicationInfo());
        } catch (KeyManagerClientException e) {
            handleException("Error occurred while updating OAuth Client : ", e);
            return null;
        }
    }

    public OAuthApplicationInfo updateApplicationOwner(OAuthAppRequest oAuthAppRequest, String str) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        log.debug("Updating Application Owner : " + oAuthApplicationInfo.getClientId());
        try {
            return buildDTOFromClientInfo(this.dcrClient.updateApplicationOwner(str, Base64.getUrlEncoder().encodeToString(oAuthApplicationInfo.getClientId().getBytes(StandardCharsets.UTF_8))), new OAuthApplicationInfo());
        } catch (KeyManagerClientException e) {
            handleException("Error occurred while updating OAuth Client : ", e);
            return null;
        }
    }

    public void deleteApplication(String str) throws APIManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Trying to delete OAuth application for consumer key :" + str);
        }
        try {
            this.dcrClient.deleteApplication(Base64.getUrlEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8)));
        } catch (KeyManagerClientException e) {
            handleException("Cannot remove service provider for the given consumer key : " + str, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException, java.lang.Exception] */
    public OAuthApplicationInfo retrieveApplication(String str) throws APIManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Trying to retrieve OAuth application for consumer key :" + str);
        }
        try {
            return buildDTOFromClientInfo(this.dcrClient.getApplication(Base64.getUrlEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8))), new OAuthApplicationInfo());
        } catch (KeyManagerClientException e) {
            if (e.getStatusCode() == 404) {
                return null;
            }
            handleException("Cannot retrieve service provider for the given consumer key : " + str, e);
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable, org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException] */
    public AccessTokenInfo getNewApplicationAccessToken(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        if (accessTokenRequest == null) {
            log.warn("No information available to generate Token.");
            return null;
        }
        if (accessTokenRequest.getValidityPeriod() == -1) {
            accessTokenRequest.setValidityPeriod(-2L);
        }
        String join = String.join(" ", accessTokenRequest.getScope());
        try {
            TokenInfo generate = APIConstants.OAuthConstants.TOKEN_EXCHANGE.equals(accessTokenRequest.getGrantType()) ? this.authClient.generate(accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret(), accessTokenRequest.getGrantType(), join, (String) accessTokenRequest.getRequestParam(APIConstants.OAuthConstants.SUBJECT_TOKEN), APIConstants.OAuthConstants.JWT_TOKEN_TYPE) : this.authClient.generate(Base64.getEncoder().encodeToString((accessTokenRequest.getClientId() + ':' + accessTokenRequest.getClientSecret()).getBytes(StandardCharsets.UTF_8)), "client_credentials", join);
            AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
            if (StringUtils.isNotEmpty(generate.getScope())) {
                accessTokenInfo.setScope(generate.getScope().split(" "));
            } else {
                accessTokenInfo.setScope(new String[0]);
            }
            accessTokenInfo.setAccessToken(generate.getToken());
            accessTokenInfo.setValidityPeriod(generate.getExpiry());
            return accessTokenInfo;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error occurred while calling token endpoint - " + e.getReason(), (Throwable) e);
        }
    }

    public String getNewApplicationConsumerSecret(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        try {
            return this.dcrClient.updateApplicationSecret(Base64.getUrlEncoder().encodeToString(accessTokenRequest.getClientId().getBytes(StandardCharsets.UTF_8))).getClientSecret();
        } catch (KeyManagerClientException e) {
            handleException("Error while generating new consumer secret", e);
            return null;
        }
    }

    public AccessTokenInfo getTokenMetaData(String str) throws APIManagementException {
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        try {
            IntrospectInfo introspect = this.introspectionClient.introspect(str);
            accessTokenInfo.setAccessToken(str);
            if (!introspect.isActive()) {
                accessTokenInfo.setTokenValid(false);
                accessTokenInfo.setErrorcode(APIConstants.KeyValidationStatus.API_AUTH_INVALID_CREDENTIALS);
                return accessTokenInfo;
            }
            accessTokenInfo.setTokenValid(true);
            if (introspect.getIat() > 0 && introspect.getExpiry() > 0) {
                if (introspect.getExpiry() != Long.MAX_VALUE) {
                    accessTokenInfo.setValidityPeriod((introspect.getExpiry() - introspect.getIat()) * 1000);
                } else {
                    accessTokenInfo.setValidityPeriod(Long.MAX_VALUE);
                }
                accessTokenInfo.setIssuedTime(introspect.getIat() * 1000);
            }
            if (StringUtils.isNotEmpty(introspect.getScope())) {
                accessTokenInfo.setScope(introspect.getScope().split(" "));
            }
            accessTokenInfo.setConsumerKey(introspect.getClientId());
            String username = introspect.getUsername();
            if (!StringUtils.isEmpty(username)) {
                accessTokenInfo.setEndUserName(username);
            }
            return accessTokenInfo;
        } catch (KeyManagerClientException e) {
            throw new APIManagementException("Error occurred in token introspection!", e);
        }
    }

    public KeyManagerConfiguration getKeyManagerConfiguration() throws APIManagementException {
        return this.configuration;
    }

    public OAuthApplicationInfo mapOAuthApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String clientId = oAuthApplicationInfo.getClientId();
        String[] strArr = {(String) oAuthApplicationInfo.getParameter(APIConstants.AccessTokenConstants.TOKEN_SCOPES)};
        String str = (String) oAuthApplicationInfo.getParameter(APIConstants.JSON_CLIENT_SECRET);
        oAuthApplicationInfo.addParameter("validityPeriod", getConfigurationParamValue(APIConstants.IDENTITY_OAUTH2_FIELD_VALIDITY_PERIOD));
        try {
            buildDTOFromClientInfo(this.dcrClient.getApplication(Base64.getUrlEncoder().encodeToString(clientId.getBytes(StandardCharsets.UTF_8))), oAuthApplicationInfo);
        } catch (KeyManagerClientException e) {
            handleException("Some thing went wrong while getting OAuth application for given consumer key " + oAuthApplicationInfo.getClientId(), e);
        }
        if (!str.equals(oAuthApplicationInfo.getClientSecret())) {
            throw new APIManagementException("The secret key is wrong for the given consumer key " + clientId);
        }
        oAuthApplicationInfo.addParameter(APIConstants.AccessTokenConstants.TOKEN_SCOPES, strArr);
        oAuthApplicationInfo.setIsSaasApplication(false);
        if (log.isDebugEnabled()) {
            log.debug("Creating semi-manual application for consumer id  :  " + oAuthApplicationInfo.getClientId());
        }
        return oAuthApplicationInfo;
    }

    private OAuthApplicationInfo buildDTOFromClientInfo(ClientInfo clientInfo, OAuthApplicationInfo oAuthApplicationInfo) {
        oAuthApplicationInfo.setClientName(clientInfo.getClientName());
        oAuthApplicationInfo.setClientId(clientInfo.getClientId());
        if (clientInfo.getRedirectUris() != null) {
            oAuthApplicationInfo.setCallBackURL(String.join(",", clientInfo.getRedirectUris()));
            oAuthApplicationInfo.addParameter("redirect_uris", String.join(",", clientInfo.getRedirectUris()));
        }
        oAuthApplicationInfo.setClientSecret(clientInfo.getClientSecret());
        if (clientInfo.getGrantTypes() != null) {
            oAuthApplicationInfo.addParameter("grant_types", String.join(" ", clientInfo.getGrantTypes()));
        } else if (oAuthApplicationInfo.getParameter("grant_types") instanceof String) {
            oAuthApplicationInfo.addParameter("grant_types", ((String) oAuthApplicationInfo.getParameter("grant_types")).replace(",", " "));
        }
        oAuthApplicationInfo.addParameter("client_name", clientInfo.getClientName());
        HashMap hashMap = new HashMap();
        hashMap.put(APIConstants.KeyManager.APPLICATION_ACCESS_TOKEN_EXPIRY_TIME, clientInfo.getApplicationAccessTokenLifeTime());
        hashMap.put(APIConstants.KeyManager.USER_ACCESS_TOKEN_EXPIRY_TIME, clientInfo.getUserAccessTokenLifeTime());
        hashMap.put(APIConstants.KeyManager.REFRESH_TOKEN_EXPIRY_TIME, clientInfo.getRefreshTokenLifeTime());
        hashMap.put(APIConstants.KeyManager.ID_TOKEN_EXPIRY_TIME, clientInfo.getIdTokenLifeTime());
        hashMap.put(APIConstants.KeyManager.PKCE_MANDATORY, clientInfo.getPkceMandatory());
        hashMap.put(APIConstants.KeyManager.PKCE_SUPPORT_PLAIN, clientInfo.getPkceSupportPlain());
        hashMap.put(APIConstants.KeyManager.BYPASS_CLIENT_CREDENTIALS, clientInfo.getBypassClientCredentials());
        oAuthApplicationInfo.addParameter(APIConstants.JSON_ADDITIONAL_PROPERTIES, hashMap);
        return oAuthApplicationInfo;
    }

    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        this.configuration = keyManagerConfiguration;
        String str = (String) keyManagerConfiguration.getParameter("Username");
        String str2 = (String) keyManagerConfiguration.getParameter("Password");
        String str3 = (String) keyManagerConfiguration.getParameter("ServerURL");
        String concat = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT) != null ? (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT) : str3.split("/services")[0].concat(getTenantAwareContext().trim()).concat(APIConstants.KeyManager.KEY_MANAGER_OPERATIONS_DCR_ENDPOINT);
        String concat2 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.TOKEN_ENDPOINT) != null ? (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.TOKEN_ENDPOINT) : str3.split("/services")[0].concat(APIConstants.IDENTITY_TOKEN_ENDPOINT_CONTEXT);
        addKeyManagerConfigsAsSystemProperties(concat2);
        if (keyManagerConfiguration.getParameter(APIConstants.KeyManager.REVOKE_ENDPOINT) != null) {
        } else {
            str3.split("/services")[0].concat(APIConstants.IDENTITY_REVOKE_ENDPOINT);
        }
        String concat3 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.SCOPE_MANAGEMENT_ENDPOINT) != null ? (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.SCOPE_MANAGEMENT_ENDPOINT) : str3.split("/services")[0].concat(getTenantAwareContext().trim()).concat(APIConstants.KEY_MANAGER_OAUTH2_SCOPES_REST_API_BASE_PATH);
        String concat4 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.INTROSPECTION_ENDPOINT) != null ? (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.INTROSPECTION_ENDPOINT) : str3.split("/services")[0].concat(getTenantAwareContext().trim()).concat("/oauth2/introspect");
        String concat5 = keyManagerConfiguration.getParameter(APIConstants.KeyManager.USERINFO_ENDPOINT) != null ? (String) keyManagerConfiguration.getParameter(APIConstants.KeyManager.USERINFO_ENDPOINT) : str3.split("/services")[0].concat(getTenantAwareContext().trim()).concat(APIConstants.KeyManager.KEY_MANAGER_OPERATIONS_USERINFO_ENDPOINT);
        this.dcrClient = (DCRClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(concat))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str, str2)).requestInterceptor(new TenantHeaderInterceptor(this.tenantDomain)).errorDecoder(new KMClientErrorDecoder()).target(DCRClient.class, concat);
        this.authClient = (AuthClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(concat2))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).errorDecoder(new KMClientErrorDecoder()).encoder(new FormEncoder()).target(AuthClient.class, concat2);
        this.introspectionClient = (IntrospectionClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(concat4))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str, str2)).requestInterceptor(new TenantHeaderInterceptor(this.tenantDomain)).errorDecoder(new KMClientErrorDecoder()).encoder(new FormEncoder()).target(IntrospectionClient.class, concat4);
        this.scopeClient = (ScopeClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(concat3))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str, str2)).requestInterceptor(new TenantHeaderInterceptor(this.tenantDomain)).errorDecoder(new KMClientErrorDecoder()).target(ScopeClient.class, concat3);
        this.userClient = (UserClient) Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(concat5))).encoder(new GsonEncoder()).decoder(new GsonDecoder()).logger(new Slf4jLogger()).requestInterceptor(new BasicAuthRequestInterceptor(str, str2)).requestInterceptor(new TenantHeaderInterceptor(this.tenantDomain)).errorDecoder(new KMClientErrorDecoder()).target(UserClient.class, concat5);
    }

    @Override // org.wso2.carbon.apimgt.impl.AbstractKeyManager
    public boolean registerNewResource(API api, Map map) throws APIManagementException {
        return true;
    }

    public Map getResourceByApiId(String str) throws APIManagementException {
        return null;
    }

    public boolean updateRegisteredResource(API api, Map map) throws APIManagementException {
        return false;
    }

    public void deleteRegisteredResourceByAPIId(String str) throws APIManagementException {
    }

    public void deleteMappedApplication(String str) throws APIManagementException {
    }

    public Set<String> getActiveTokensByConsumerKey(String str) throws APIManagementException {
        return new HashSet();
    }

    public AccessTokenInfo getAccessTokenByConsumerKey(String str) throws APIManagementException {
        return new AccessTokenInfo();
    }

    public Map<String, Set<Scope>> getScopesForAPIS(String str) throws APIManagementException {
        return null;
    }

    public void registerScope(Scope scope) throws APIManagementException {
        String key = scope.getKey();
        ScopeDTO scopeDTO = new ScopeDTO();
        scopeDTO.setName(key);
        scopeDTO.setDisplayName(scope.getName());
        scopeDTO.setDescription(scope.getDescription());
        if (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) {
            scopeDTO.setBindings(Arrays.asList(scope.getRoles().trim().split(",")));
        }
        try {
            Response registerScope = this.scopeClient.registerScope(scopeDTO);
            try {
                if (registerScope.status() != 201) {
                    throw new APIManagementException("Error occurred while registering scope: " + key + ". Error Status: " + registerScope.status() + " . Error Response: " + readHttpResponseAsString(registerScope.body()));
                }
                if (registerScope != null) {
                    registerScope.close();
                }
            } finally {
            }
        } catch (KeyManagerClientException e) {
            handleException("Cannot register scope : " + key, e);
        }
    }

    protected String readHttpResponseAsString(Response.Body body) throws APIManagementException {
        try {
            InputStream asInputStream = body.asInputStream();
            try {
                String iOUtils = IOUtils.toString(asInputStream);
                if (asInputStream != null) {
                    asInputStream.close();
                }
                return iOUtils;
            } finally {
            }
        } catch (IOException e) {
            throw new APIManagementException("Error occurred while reading response body as string", e);
        }
    }

    public Scope getScopeByName(String str) throws APIManagementException {
        ScopeDTO scopeDTO = null;
        try {
            scopeDTO = this.scopeClient.getScopeByName(str);
        } catch (KeyManagerClientException e) {
            handleException("Cannot read scope : " + str, e);
        }
        return fromDTOToScope(scopeDTO);
    }

    private Scope fromDTOToScope(ScopeDTO scopeDTO) {
        Scope scope = new Scope();
        scope.setName(scopeDTO.getDisplayName());
        scope.setKey(scopeDTO.getName());
        scope.setDescription(scopeDTO.getDescription());
        scope.setRoles((scopeDTO.getBindings() == null || scopeDTO.getBindings().isEmpty()) ? "" : String.join(",", scopeDTO.getBindings()));
        return scope;
    }

    private Map<String, Scope> fromDTOListToScopeListMapping(ScopeDTO[] scopeDTOArr) {
        HashMap hashMap = new HashMap();
        for (ScopeDTO scopeDTO : scopeDTOArr) {
            hashMap.put(scopeDTO.getName(), fromDTOToScope(scopeDTO));
        }
        return hashMap;
    }

    public Map<String, Scope> getAllScopes() throws APIManagementException {
        ScopeDTO[] scopeDTOArr = new ScopeDTO[0];
        try {
            scopeDTOArr = this.scopeClient.getScopes();
        } catch (KeyManagerClientException e) {
            handleException("Error while retrieving scopes", e);
        }
        return fromDTOListToScopeListMapping(scopeDTOArr);
    }

    public void attachResourceScopes(API api, Set<URITemplate> set) throws APIManagementException {
    }

    public void updateResourceScopes(API api, Set<String> set, Set<Scope> set2, Set<URITemplate> set3, Set<URITemplate> set4) throws APIManagementException {
        detachResourceScopes(api, set3);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            deleteScope(it.next());
        }
        for (Scope scope : set2) {
            String key = scope.getKey();
            if (!isScopeExists(key)) {
                registerScope(scope);
            } else if (log.isDebugEnabled()) {
                log.debug("Scope: " + key + " already registered in KM. Skipping registering scope.");
            }
        }
        attachResourceScopes(api, set4);
    }

    public void detachResourceScopes(API api, Set<URITemplate> set) throws APIManagementException {
    }

    public void deleteScope(String str) throws APIManagementException {
        try {
            Response deleteScope = this.scopeClient.deleteScope(str);
            if (deleteScope.status() != 200) {
                throw new APIManagementException("Error occurred while deleting scope: " + str + ". Error Status: " + deleteScope.status() + " . Error Response: " + readHttpResponseAsString(deleteScope.body()));
            }
        } catch (KeyManagerClientException e) {
            handleException("Error occurred while deleting scope", e);
        }
    }

    public void updateScope(Scope scope) throws APIManagementException {
        String key = scope.getKey();
        try {
            ScopeDTO scopeDTO = new ScopeDTO();
            scopeDTO.setDisplayName(scope.getName());
            scopeDTO.setDescription(scope.getDescription());
            if (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) {
                scopeDTO.setBindings(Arrays.asList(scope.getRoles().trim().split(",")));
            }
            this.scopeClient.updateScope(scopeDTO, scope.getKey());
        } catch (KeyManagerClientException e) {
            handleException("Error occurred while updating scope: " + key, e);
        }
    }

    public boolean isScopeExists(String str) throws APIManagementException {
        try {
            Response isScopeExist = this.scopeClient.isScopeExist(str);
            try {
                if (isScopeExist.status() == 200) {
                    if (isScopeExist != null) {
                        isScopeExist.close();
                    }
                    return true;
                }
                if (isScopeExist.status() != 404) {
                    throw new APIManagementException("Error occurred while checking existence of scope: " + str + ". Error Status: " + isScopeExist.status() + " . Error Response: " + readHttpResponseAsString(isScopeExist.body()));
                }
                if (isScopeExist != null) {
                    isScopeExist.close();
                }
                return false;
            } finally {
            }
        } catch (KeyManagerClientException e) {
            handleException("Error while check scope exist", e);
            return false;
        }
    }

    public void validateScopes(Set<Scope> set) throws APIManagementException {
        for (Scope scope : set) {
            Scope scopeByName = getScopeByName(scope.getKey());
            scope.setName(scopeByName.getName());
            scope.setDescription(scopeByName.getDescription());
            scope.setRoles(scopeByName.getRoles());
        }
    }

    public String getType() {
        return "default";
    }

    protected String getConfigurationParamValue(String str) {
        return (String) this.configuration.getParameter(str);
    }

    protected boolean checkAccessTokenPartitioningEnabled() {
        return APIUtil.checkAccessTokenPartitioningEnabled();
    }

    protected boolean checkUserNameAssertionEnabled() {
        return APIUtil.checkUserNameAssertionEnabled();
    }

    private String getTenantAwareContext() {
        return !APIConstants.SUPER_TENANT_DOMAIN.equals(this.tenantDomain) ? APIConstants.TENANT_PREFIX.concat(this.tenantDomain) : "";
    }

    private void addKeyManagerConfigsAsSystemProperties(String str) {
        try {
            URL url = new URL(str);
            String host = url.getHost();
            int port = url.getPort();
            if (port == -1) {
                port = "https".equals(url.getProtocol()) ? 443 : 80;
            }
            System.setProperty(APIConstants.KEYMANAGER_PORT, String.valueOf(port));
            if (host.equals(System.getProperty(APIConstants.CARBON_LOCALIP))) {
                System.setProperty(APIConstants.KEYMANAGER_HOSTNAME, "localhost");
            } else {
                System.setProperty(APIConstants.KEYMANAGER_HOSTNAME, host);
            }
        } catch (MalformedURLException e) {
            log.error("Exception While resolving KeyManager Server URL or Port " + e.getMessage(), e);
        }
    }

    public Map<String, String> getUserClaims(String str, Map<String, Object> map) throws APIManagementException {
        HashMap hashMap = new HashMap();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        UserInfoDTO userInfoDTO = new UserInfoDTO();
        userInfoDTO.setUsername(tenantAwareUsername);
        if (tenantAwareUsername.contains(CarbonConstants.DOMAIN_SEPARATOR)) {
            userInfoDTO.setDomain(tenantAwareUsername.split(CarbonConstants.DOMAIN_SEPARATOR)[0]);
        }
        if (map.containsKey("accessToken")) {
            userInfoDTO.setAccessToken(map.get("accessToken").toString());
        }
        if (map.containsKey(APIConstants.KeyManager.CLAIM_DIALECT)) {
            userInfoDTO.setDialectURI(map.get(APIConstants.KeyManager.CLAIM_DIALECT).toString());
        }
        if (map.containsKey(APIConstants.KeyManager.BINDING_FEDERATED_USER_CLAIMS)) {
            userInfoDTO.setBindFederatedUserClaims(Boolean.valueOf(map.get(APIConstants.KeyManager.BINDING_FEDERATED_USER_CLAIMS).toString()));
        }
        try {
            ClaimsList generateClaims = this.userClient.generateClaims(userInfoDTO);
            if (generateClaims != null && generateClaims.getList() != null) {
                for (Claim claim : generateClaims.getList()) {
                    hashMap.put(claim.getUri(), claim.getValue());
                }
            }
        } catch (KeyManagerClientException e) {
            handleException("Error while getting user info", e);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.wso2.carbon.apimgt.impl.AbstractKeyManager
    public void validateOAuthAppCreationProperties(OAuthApplicationInfo oAuthApplicationInfo) throws APIManagementException {
        Object parameter;
        super.validateOAuthAppCreationProperties(oAuthApplicationInfo);
        if (ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(getType()) == null || (parameter = oAuthApplicationInfo.getParameter(APIConstants.JSON_ADDITIONAL_PROPERTIES)) == null) {
            return;
        }
        for (Map.Entry entry : new JsonParser().parse((String) parameter).entrySet()) {
            String asString = ((JsonElement) entry.getValue()).getAsString();
            if (StringUtils.isNotBlank(asString) && !StringUtils.equals(asString, APIConstants.KeyManager.NOT_APPLICABLE_VALUE)) {
                try {
                    if (APIConstants.KeyManager.PKCE_MANDATORY.equals(entry.getKey()) || APIConstants.KeyManager.PKCE_SUPPORT_PLAIN.equals(entry.getKey()) || APIConstants.KeyManager.BYPASS_CLIENT_CREDENTIALS.equals(entry.getKey())) {
                        if (!asString.equalsIgnoreCase(Boolean.TRUE.toString()) && !asString.equalsIgnoreCase(Boolean.FALSE.toString())) {
                            throw new APIManagementException("Application configuration values cannot have negative values.", ExceptionCodes.from(ExceptionCodes.INVALID_APPLICATION_ADDITIONAL_PROPERTIES, new String[]{"Application configuration values cannot have negative values."}));
                        }
                    } else if (Long.valueOf(Long.parseLong(asString)).longValue() < 0) {
                        throw new APIManagementException("Application configuration values cannot have negative values.", ExceptionCodes.from(ExceptionCodes.INVALID_APPLICATION_ADDITIONAL_PROPERTIES, new String[]{"Application configuration values cannot have negative values."}));
                    }
                } catch (NumberFormatException e) {
                    throw new APIManagementException("Application configuration values cannot have string values.", ExceptionCodes.from(ExceptionCodes.INVALID_APPLICATION_ADDITIONAL_PROPERTIES, new String[]{"Application configuration values cannot have string values."}));
                }
            }
        }
    }
}
