package org.wso2.carbon.apimgt.impl;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TimeZone;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.everit.json.schema.Schema;
import org.everit.json.schema.ValidationException;
import org.json.JSONException;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.w3c.dom.Node;
import org.wso2.carbon.apimgt.api.APIAdmin;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException;
import org.wso2.carbon.apimgt.api.ExceptionCodes;
import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.APICategory;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.ApplicationInfo;
import org.wso2.carbon.apimgt.api.model.ConfigurationDto;
import org.wso2.carbon.apimgt.api.model.Environment;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.KeyManagerConnectorConfiguration;
import org.wso2.carbon.apimgt.api.model.Monetization;
import org.wso2.carbon.apimgt.api.model.MonetizationUsagePublishInfo;
import org.wso2.carbon.apimgt.api.model.Workflow;
import org.wso2.carbon.apimgt.api.model.botDataAPI.BotDetectionData;
import org.wso2.carbon.apimgt.api.model.policy.APIPolicy;
import org.wso2.carbon.apimgt.api.model.policy.Policy;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.alertmgt.AlertMgtConstants;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.dao.ChoreoApiMgtDAO;
import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants;
import org.wso2.carbon.apimgt.impl.dto.ThrottleProperties;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.keymgt.KeyMgtNotificationSender;
import org.wso2.carbon.apimgt.impl.monetization.DefaultMonetizationImpl;
import org.wso2.carbon.apimgt.impl.service.KeyMgtRegistrationService;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.IdentityProviderProperty;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/APIAdminImpl.class */
public class APIAdminImpl implements APIAdmin {
    private static final Log log = LogFactory.getLog(APIAdminImpl.class);
    protected ApiMgtDAO apiMgtDAO = ApiMgtDAO.getInstance();
    protected ChoreoApiMgtDAO choreoApiMgtDAO = ChoreoApiMgtDAO.getInstance();

    public List<Environment> getAllEnvironments(String str) throws APIManagementException {
        List<Environment> allEnvironments = this.choreoApiMgtDAO.getAllEnvironments(str);
        List list = (List) allEnvironments.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
        ArrayList arrayList = new ArrayList(allEnvironments.size() + APIUtil.getReadOnlyEnvironments().size());
        Stream<Environment> filter = APIUtil.getReadOnlyEnvironments().values().stream().filter(environment -> {
            return !list.contains(environment.getName());
        });
        Objects.requireNonNull(arrayList);
        filter.forEach((v1) -> {
            r1.add(v1);
        });
        arrayList.addAll(allEnvironments);
        return arrayList;
    }

    public Environment getEnvironment(String str, String str2) throws APIManagementException {
        Environment environment = APIUtil.getReadOnlyEnvironments().get(str2);
        if (environment == null) {
            environment = this.apiMgtDAO.getEnvironment(str, str2);
            if (environment == null) {
                throw new APIMgtResourceNotFoundException(String.format("Failed to retrieve Environment with UUID %s. Environment not found", str2), ExceptionCodes.from(ExceptionCodes.GATEWAY_ENVIRONMENT_NOT_FOUND, new String[]{String.format("UUID '%s'", str2)}));
            }
        }
        return environment;
    }

    public Environment addEnvironment(String str, Environment environment) throws APIManagementException {
        if (getAllEnvironments(str).stream().anyMatch(environment2 -> {
            return StringUtils.equals(environment2.getName(), environment.getName());
        })) {
            throw new APIManagementException(String.format("Failed to add Environment. An Environment named %s already exists", environment.getName()), ExceptionCodes.from(ExceptionCodes.EXISTING_GATEWAY_ENVIRONMENT_FOUND, new String[]{String.format("name '%s'", environment.getName())}));
        }
        validateForUniqueVhostNames(environment);
        return this.apiMgtDAO.addEnvironment(str, environment);
    }

    public void deleteEnvironment(String str, String str2) throws APIManagementException {
        if (getEnvironment(str, str2).isReadOnly()) {
            throw new APIMgtResourceNotFoundException(String.format("Failed to delete Environment with UUID '%s'. Environment is read only", str2), ExceptionCodes.from(ExceptionCodes.READONLY_GATEWAY_ENVIRONMENT, new String[]{String.format("UUID '%s'", str2)}));
        }
        this.apiMgtDAO.deleteEnvironment(str2);
    }

    public Environment updateEnvironment(String str, Environment environment) throws APIManagementException {
        Environment environment2 = getEnvironment(str, environment.getUuid());
        if (environment2.isReadOnly()) {
            throw new APIMgtResourceNotFoundException(String.format("Failed to update Environment with UUID '%s'. Environment is read only", environment.getUuid()), ExceptionCodes.from(ExceptionCodes.READONLY_GATEWAY_ENVIRONMENT, new String[]{String.format("UUID '%s'", environment.getUuid())}));
        }
        if (!environment2.getName().equals(environment.getName())) {
            throw new APIMgtResourceNotFoundException(String.format("Failed to update Environment with UUID '%s'. Environment name can not be changed", environment.getUuid()), ExceptionCodes.from(ExceptionCodes.READONLY_GATEWAY_ENVIRONMENT_NAME, new String[0]));
        }
        validateForUniqueVhostNames(environment);
        environment.setId(environment2.getId());
        return this.apiMgtDAO.updateEnvironment(environment);
    }

    private void validateForUniqueVhostNames(Environment environment) throws APIManagementException {
        ArrayList arrayList = new ArrayList(environment.getVhosts().size());
        if (environment.getVhosts().stream().map((v0) -> {
            return v0.getHost();
        }).anyMatch(str -> {
            boolean contains = arrayList.contains(str);
            arrayList.add(str);
            return contains;
        })) {
            throw new APIManagementException(String.format("Failed to add Environment. Virtual Host %s is duplicated", arrayList.get(arrayList.size() - 1)), ExceptionCodes.from(ExceptionCodes.GATEWAY_ENVIRONMENT_DUPLICATE_VHOST_FOUND, new String[0]));
        }
    }

    public Application[] getAllApplicationsOfTenantForMigration(String str) throws APIManagementException {
        return this.apiMgtDAO.getAllApplicationsOfTenantForMigration(str);
    }

    public Application[] getApplicationsWithPagination(String str, String str2, int i, int i2, int i3, String str3, String str4, String str5) throws APIManagementException {
        return this.apiMgtDAO.getApplicationsWithPagination(str, str2, i, i2, i3, str4, str5, str3);
    }

    public int getApplicationsCount(int i, String str, String str2) throws APIManagementException {
        return this.apiMgtDAO.getApplicationsCount(i, str, str2);
    }

    public Monetization getMonetizationImplClass() throws APIManagementException {
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
        Monetization monetization = null;
        if (aPIManagerConfiguration == null) {
            log.error("API Manager configuration is not initialized.");
        } else {
            String monetizationImpl = aPIManagerConfiguration.getMonetizationConfigurationDto().getMonetizationImpl();
            if (monetizationImpl == null) {
                monetization = new DefaultMonetizationImpl();
            } else {
                try {
                    monetization = (Monetization) APIUtil.getClassInstance(monetizationImpl);
                } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    APIUtil.handleException("Failed to load monetization implementation class.", e);
                }
            }
        }
        return monetization;
    }

    public MonetizationUsagePublishInfo getMonetizationUsagePublishInfo() throws APIManagementException {
        return this.apiMgtDAO.getMonetizationUsagePublishInfo();
    }

    public void updateMonetizationUsagePublishInfo(MonetizationUsagePublishInfo monetizationUsagePublishInfo) throws APIManagementException {
        this.apiMgtDAO.updateUsagePublishInfo(monetizationUsagePublishInfo);
    }

    public void addMonetizationUsagePublishInfo(MonetizationUsagePublishInfo monetizationUsagePublishInfo) throws APIManagementException {
        this.apiMgtDAO.addMonetizationUsagePublishInfo(monetizationUsagePublishInfo);
    }

    public long getTimestamp(String str) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(APIConstants.Monetization.USAGE_PUBLISH_TIME_FORMAT);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone(APIConstants.Monetization.USAGE_PUBLISH_TIME_ZONE));
        long j = 0;
        try {
            j = simpleDateFormat.parse(str).getTime();
        } catch (ParseException e) {
            log.error("Error while parsing the date ", e);
        }
        return j;
    }

    public List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(String str) throws APIManagementException {
        String str2 = str;
        try {
            if (APIUtil.isInternalOrganization(str)) {
                KeyMgtRegistrationService.registerDefaultKeyManager(str);
            } else {
                str2 = APIUtil.getInternalOrganizationDomain(str);
            }
            List<KeyManagerConfigurationDTO> keyManagerConfigurationsByOrganization = this.apiMgtDAO.getKeyManagerConfigurationsByOrganization(str2);
            Iterator<KeyManagerConfigurationDTO> it = keyManagerConfigurationsByOrganization.iterator();
            KeyManagerConfigurationDTO keyManagerConfigurationDTO = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                KeyManagerConfigurationDTO next = it.next();
                if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(next.getName())) {
                    keyManagerConfigurationDTO = next;
                    it.remove();
                    break;
                }
            }
            if (keyManagerConfigurationDTO != null) {
                APIUtil.getAndSetDefaultKeyManagerConfiguration(keyManagerConfigurationDTO);
                keyManagerConfigurationsByOrganization.add(keyManagerConfigurationDTO);
            }
            if (!StringUtils.equals(str, str2)) {
                keyManagerConfigurationsByOrganization.addAll(this.apiMgtDAO.getKeyManagerConfigurationsByOrganization(str));
            }
            setAliasForTokenExchangeKeyManagers(keyManagerConfigurationsByOrganization, str2);
            for (KeyManagerConfigurationDTO keyManagerConfigurationDTO2 : keyManagerConfigurationsByOrganization) {
                decryptKeyManagerConfigurationValues(keyManagerConfigurationDTO2);
                if (!StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO2.getTokenType())) {
                    getKeyManagerEndpoints(keyManagerConfigurationDTO2);
                }
            }
            setIdentityProviderRelatedInformation(keyManagerConfigurationsByOrganization, str);
            return keyManagerConfigurationsByOrganization;
        } catch (UserStoreException e) {
            throw new APIManagementException("Error while retrieving tenant id for organization " + str, e);
        }
    }

    private void setIdentityProviderRelatedInformation(List<KeyManagerConfigurationDTO> list, String str) throws APIManagementException {
        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : list) {
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
                try {
                    if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                        IdentityProvider idPByResourceId = IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), APIUtil.getTenantDomainFromTenantId(APIUtil.getInternalOrganizationId(str)), Boolean.FALSE.booleanValue());
                        keyManagerConfigurationDTO.setDescription(idPByResourceId.getIdentityProviderDescription());
                        keyManagerConfigurationDTO.setEnabled(idPByResourceId.isEnable());
                    }
                } catch (IdentityProviderManagementException e) {
                    log.error("IdP retrieval failed. ", e);
                }
            }
        }
    }

    private void setAliasForTokenExchangeKeyManagers(List<KeyManagerConfigurationDTO> list, String str) throws APIManagementException {
        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : list) {
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
                if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                    try {
                        keyManagerConfigurationDTO.setAlias(IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), str, Boolean.FALSE.booleanValue()).getAlias());
                    } catch (IdentityProviderManagementException e) {
                        throw new APIManagementException("IdP retrieval failed. " + e.getMessage(), e, ExceptionCodes.IDP_RETRIEVAL_FAILED);
                    }
                } else {
                    continue;
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.util.List] */
    public Map<String, List<KeyManagerConfigurationDTO>> getDirectActiveKeyManagerConfigurations() throws APIManagementException {
        List<KeyManagerConfigurationDTO> activeKeyManagerConfigurations = this.apiMgtDAO.getActiveKeyManagerConfigurations();
        HashMap hashMap = new HashMap();
        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : activeKeyManagerConfigurations) {
            ArrayList arrayList = hashMap.containsKey(keyManagerConfigurationDTO.getOrganization()) ? (List) hashMap.get(keyManagerConfigurationDTO.getOrganization()) : new ArrayList();
            if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName())) {
                APIUtil.getAndSetDefaultKeyManagerConfiguration(keyManagerConfigurationDTO);
            }
            arrayList.add(keyManagerConfigurationDTO);
            hashMap.put(keyManagerConfigurationDTO.getOrganization(), arrayList);
        }
        return hashMap;
    }

    public List<KeyManagerConfigurationDTO> getDirectActiveKeyManagerConfigurations(String str) throws APIManagementException {
        ArrayList arrayList = new ArrayList(this.apiMgtDAO.getKeyManagerConfigurationsByOrganization(APIConstants.SUPER_TENANT_DOMAIN));
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KeyManagerConfigurationDTO keyManagerConfigurationDTO = (KeyManagerConfigurationDTO) it.next();
            if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName())) {
                APIUtil.getAndSetDefaultKeyManagerConfiguration(keyManagerConfigurationDTO);
                break;
            }
        }
        if (!APIConstants.SUPER_TENANT_DOMAIN.equals(str)) {
            arrayList.addAll(this.apiMgtDAO.getActiveKeyManagerConfigurations(str));
        }
        return arrayList;
    }

    public KeyManagerConfigurationDTO getKeyManagerConfigurationByExternalRefId(String str) throws APIManagementException {
        return this.apiMgtDAO.getKeyManagerConfigurationByExternalRefId(str);
    }

    public KeyManagerConfigurationDTO getKeyManagerConfigurationById(String str, String str2) throws APIManagementException {
        KeyManagerConfigurationDTO keyManagerConfigurationByID = this.apiMgtDAO.getKeyManagerConfigurationByID(str, str2);
        if (keyManagerConfigurationByID == null) {
            return null;
        }
        if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationByID.getName())) {
            APIUtil.getAndSetDefaultKeyManagerConfiguration(keyManagerConfigurationByID);
        }
        if (!KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationByID.getTokenType().toUpperCase()).equals(KeyManagerConfiguration.TokenType.EXCHANGED)) {
            maskValues(keyManagerConfigurationByID);
        }
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationByID.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationByID.getTokenType())) {
            try {
                if (keyManagerConfigurationByID.getExternalReferenceId() != null) {
                    mergeIdpWithKeyManagerConfiguration(IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationByID.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(str), Boolean.FALSE.booleanValue()), keyManagerConfigurationByID);
                }
            } catch (IdentityProviderManagementException e) {
                throw new APIManagementException("IdP retrieval failed. " + e.getMessage(), e, ExceptionCodes.IDP_RETRIEVAL_FAILED);
            }
        }
        if (!StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationByID.getTokenType())) {
            getKeyManagerEndpoints(keyManagerConfigurationByID);
        }
        return keyManagerConfigurationByID;
    }

    public boolean isIDPExistInOrg(String str, String str2) throws APIManagementException {
        return this.apiMgtDAO.isIDPExistInOrg(str, str2);
    }

    public ApplicationInfo getLightweightApplicationByConsumerKey(String str) throws APIManagementException {
        return this.apiMgtDAO.getLightweightApplicationByConsumerKey(str);
    }

    public boolean isKeyManagerConfigurationExistById(String str, String str2) throws APIManagementException {
        return this.apiMgtDAO.isKeyManagerConfigurationExistById(str, str2);
    }

    public KeyManagerConfigurationDTO addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        if (this.apiMgtDAO.isKeyManagerConfigurationExistByName(keyManagerConfigurationDTO.getName(), keyManagerConfigurationDTO.getOrganization())) {
            throw new APIManagementException("Key manager Already Exist by Name " + keyManagerConfigurationDTO.getName() + " in tenant " + keyManagerConfigurationDTO.getOrganization(), ExceptionCodes.KEY_MANAGER_ALREADY_EXIST);
        }
        if (KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationDTO.getTokenType().toUpperCase()).equals(KeyManagerConfiguration.TokenType.EXTERNAL)) {
            validateExternalKeyManagerConfiguration(keyManagerConfigurationDTO);
            validateExternalKeyManagerEndpointConfiguration(keyManagerConfigurationDTO);
        } else if (!KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationDTO.getTokenType().toUpperCase()).equals(KeyManagerConfiguration.TokenType.EXCHANGED)) {
            validateKeyManagerConfiguration(keyManagerConfigurationDTO);
            validateKeyManagerEndpointConfiguration(keyManagerConfigurationDTO);
        }
        if (!KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationDTO.getTokenType().toUpperCase()).equals(KeyManagerConfiguration.TokenType.EXCHANGED)) {
            validateKeyManagerIssuerUniqueness(keyManagerConfigurationDTO.getOrganization(), String.valueOf(keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.ISSUER)));
        }
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
            keyManagerConfigurationDTO.setUuid(UUID.randomUUID().toString());
            try {
                keyManagerConfigurationDTO.setExternalReferenceId(IdentityProviderManager.getInstance().addIdPWithResourceId(createIdp(keyManagerConfigurationDTO), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization())).getResourceId());
            } catch (IdentityProviderManagementException e) {
                throw new APIManagementException("IdP adding failed. " + e.getMessage(), e, ExceptionCodes.IDP_ADDING_FAILED);
            }
        }
        if (StringUtils.isBlank(keyManagerConfigurationDTO.getUuid())) {
            keyManagerConfigurationDTO.setUuid(UUID.randomUUID().toString());
        }
        KeyManagerConfigurationDTO keyManagerConfigurationDTO2 = new KeyManagerConfigurationDTO(keyManagerConfigurationDTO);
        encryptKeyManagerConfigurationValues(null, keyManagerConfigurationDTO2);
        this.apiMgtDAO.addKeyManagerConfiguration(keyManagerConfigurationDTO2);
        if (!KeyManagerConfiguration.TokenType.EXCHANGED.toString().equalsIgnoreCase(keyManagerConfigurationDTO2.getTokenType())) {
            ServiceReferenceHolder.getInstance().getKeyManagerConfigurationService().addKeyManagerConfiguration(keyManagerConfigurationDTO2.getOrganization(), keyManagerConfigurationDTO2.getName(), keyManagerConfigurationDTO2.getType(), APIUtil.toKeyManagerConfiguration(keyManagerConfigurationDTO2));
            new KeyMgtNotificationSender().notify(keyManagerConfigurationDTO, "add");
        }
        return keyManagerConfigurationDTO;
    }

    private void validateKeyManagerEndpointConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        KeyManagerConnectorConfiguration keyManagerConnectorConfiguration;
        if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName()) || (keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO.getType())) == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (ConfigurationDto configurationDto : keyManagerConnectorConfiguration.getEndpointConfigurations()) {
            if (configurationDto.isRequired() && !keyManagerConfigurationDTO.getEndpoints().containsKey(configurationDto.getName())) {
                if (configurationDto.getDefaultValue() != null && (configurationDto.getDefaultValue() instanceof String) && StringUtils.isNotEmpty((String) configurationDto.getDefaultValue())) {
                    keyManagerConfigurationDTO.getEndpoints().put(configurationDto.getName(), (String) configurationDto.getDefaultValue());
                }
                arrayList.add(configurationDto.getName());
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        String join = String.join(",", arrayList);
        throw new APIManagementException("Key Manager Endpoint Configuration value for " + join + " is/are required", ExceptionCodes.from(ExceptionCodes.REQUIRED_KEY_MANAGER_CONFIGURATION_MISSING, new String[]{join}));
    }

    private void validateExternalKeyManagerEndpointConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        ArrayList arrayList = new ArrayList();
        for (String str : APIConstants.KeyManager.REQUIRED_ENDPOINTS_FOR_EXT_KEY_MANAGERS) {
            if (!keyManagerConfigurationDTO.getEndpoints().containsKey(str)) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            String join = String.join(",", arrayList);
            throw new APIManagementException("Key Manager Endpoint Configuration value for " + join + " is/are required", ExceptionCodes.from(ExceptionCodes.REQUIRED_KEY_MANAGER_CONFIGURATION_MISSING, new String[]{join}));
        }
        for (String str2 : APIConstants.KeyManager.REQUIRED_ENDPOINTS_FOR_EXT_KEY_MANAGERS) {
            if (!APIUtil.isValidURL((String) keyManagerConfigurationDTO.getEndpoints().get(str2))) {
                throw new APIManagementException("Key Manager Endpoint Configuration value for " + str2 + " is not a valid URL", ExceptionCodes.from(ExceptionCodes.INVALID_KEY_MANAGER_ENDPOINTS, new String[]{str2}));
            }
        }
    }

    private void encryptKeyManagerConfigurationValues(KeyManagerConfigurationDTO keyManagerConfigurationDTO, KeyManagerConfigurationDTO keyManagerConfigurationDTO2) throws APIManagementException {
        KeyManagerConnectorConfiguration keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO2.getType());
        if (keyManagerConnectorConfiguration != null) {
            Map additionalProperties = keyManagerConfigurationDTO2.getAdditionalProperties();
            for (ConfigurationDto configurationDto : keyManagerConnectorConfiguration.getConnectionConfigurations()) {
                if (configurationDto.isMask()) {
                    String str = (String) additionalProperties.get(configurationDto.getName());
                    if (APIConstants.DEFAULT_MODIFIED_ENDPOINT_PASSWORD.equals(str)) {
                        additionalProperties.replace(configurationDto.getName(), keyManagerConfigurationDTO.getAdditionalProperties().get(configurationDto.getName()));
                    } else if (StringUtils.isNotEmpty(str)) {
                        additionalProperties.replace(configurationDto.getName(), encryptValues(str));
                    }
                }
            }
        }
    }

    private KeyManagerConfigurationDTO decryptKeyManagerConfigurationValues(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        Map additionalProperties = keyManagerConfigurationDTO.getAdditionalProperties();
        for (Map.Entry entry : additionalProperties.entrySet()) {
            String str = (String) entry.getKey();
            Object value = entry.getValue();
            if (value != null) {
                additionalProperties.replace(str, decryptValue(value));
            }
        }
        return keyManagerConfigurationDTO;
    }

    private Object decryptValue(Object obj) throws APIManagementException {
        if (obj instanceof String) {
            return getDecryptedValue((String) obj);
        }
        if (obj instanceof List) {
            ArrayList arrayList = new ArrayList();
            Iterator it = ((List) obj).iterator();
            while (it.hasNext()) {
                arrayList.add(decryptValue(it.next()));
            }
            return arrayList;
        }
        if (!(obj instanceof Map)) {
            return obj;
        }
        Map map = (Map) obj;
        for (Map.Entry entry : map.entrySet()) {
            map.replace((String) entry.getKey(), decryptValue(entry.getValue()));
        }
        return map;
    }

    private String getDecryptedValue(String str) throws APIManagementException {
        try {
            JsonObject parse = new JsonParser().parse(str);
            if (parse instanceof JsonObject) {
                JsonObject jsonObject = parse;
                JsonPrimitive asJsonPrimitive = jsonObject.getAsJsonPrimitive(APIConstants.ENCRYPTED_VALUE);
                if (asJsonPrimitive.isBoolean()) {
                    JsonPrimitive asJsonPrimitive2 = jsonObject.getAsJsonPrimitive("value");
                    if (asJsonPrimitive.getAsBoolean() && asJsonPrimitive2.isString()) {
                        return new String(CryptoUtil.getDefaultCryptoUtil().decrypt(asJsonPrimitive2.getAsString().getBytes()));
                    }
                }
            }
        } catch (JsonParseException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while parsing element " + str, e);
            }
        } catch (CryptoException e2) {
            throw new APIManagementException("Error while Decrypting value", e2);
        }
        return str;
    }

    public KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        IdentityProvider addIdPWithResourceId;
        KeyManagerConfiguration.TokenType valueOf = KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationDTO.getTokenType().toUpperCase());
        if (valueOf.equals(KeyManagerConfiguration.TokenType.EXTERNAL)) {
            validateExternalKeyManagerConfiguration(keyManagerConfigurationDTO);
            validateExternalKeyManagerEndpointConfiguration(keyManagerConfigurationDTO);
        } else if (!valueOf.equals(KeyManagerConfiguration.TokenType.EXCHANGED)) {
            validateKeyManagerConfiguration(keyManagerConfigurationDTO);
            validateKeyManagerEndpointConfiguration(keyManagerConfigurationDTO);
        }
        KeyManagerConfigurationDTO keyManagerConfigurationByID = this.apiMgtDAO.getKeyManagerConfigurationByID(keyManagerConfigurationDTO.getOrganization(), keyManagerConfigurationDTO.getUuid());
        if (keyManagerConfigurationByID == null) {
            throw new APIManagementException("Key Manager Configuration not found for ID: " + keyManagerConfigurationDTO.getUuid(), ExceptionCodes.KEY_MANAGER_NOT_FOUND);
        }
        if (KeyManagerConfiguration.TokenType.EXTERNAL.equals(valueOf) ^ KeyManagerConfiguration.TokenType.EXTERNAL.equals(KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationByID.getTokenType().toUpperCase()))) {
            throw new APIManagementException("Cannot switch between tokenType when the Key Manager's Token Type is External", ExceptionCodes.from(ExceptionCodes.INVALID_KEY_MANAGER_PROPERTIES, new String[]{APIConstants.APP_TOKEN_TYPE}));
        }
        if (!valueOf.equals(KeyManagerConfiguration.TokenType.EXCHANGED) && !Objects.equals(keyManagerConfigurationByID.getAdditionalProperties().get(APIConstants.KeyManager.ISSUER), keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.ISSUER))) {
            validateKeyManagerIssuerUniqueness(keyManagerConfigurationDTO.getOrganization(), String.valueOf(keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.ISSUER)));
        }
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
            try {
                if (StringUtils.isNotEmpty(keyManagerConfigurationByID.getExternalReferenceId())) {
                    addIdPWithResourceId = IdentityProviderManager.getInstance().updateIdPByResourceId(keyManagerConfigurationByID.getExternalReferenceId(), updatedIDP(IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationByID.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization()), Boolean.FALSE.booleanValue()), keyManagerConfigurationDTO), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization()));
                } else {
                    addIdPWithResourceId = IdentityProviderManager.getInstance().addIdPWithResourceId(createIdp(keyManagerConfigurationDTO), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization()));
                    keyManagerConfigurationDTO.setExternalReferenceId(addIdPWithResourceId.getResourceId());
                }
                keyManagerConfigurationDTO.setExternalReferenceId(addIdPWithResourceId.getResourceId());
            } catch (IdentityProviderManagementException e) {
                throw new APIManagementException("IdP adding failed. " + e.getMessage(), e, ExceptionCodes.IDP_ADDING_FAILED);
            }
        }
        if ((StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationByID.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationByID.getTokenType())) && StringUtils.equals(KeyManagerConfiguration.TokenType.DIRECT.toString(), keyManagerConfigurationDTO.getTokenType()) && StringUtils.isNotEmpty(keyManagerConfigurationByID.getExternalReferenceId())) {
            try {
                IdentityProviderManager.getInstance().deleteIdPByResourceId(keyManagerConfigurationByID.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization()));
                keyManagerConfigurationDTO.setExternalReferenceId((String) null);
            } catch (IdentityProviderManagementException e2) {
                throw new APIManagementException("IdP deletion failed. " + e2.getMessage(), e2, ExceptionCodes.IDP_DELETION_FAILED);
            }
        }
        encryptKeyManagerConfigurationValues(keyManagerConfigurationByID, keyManagerConfigurationDTO);
        this.apiMgtDAO.updateKeyManagerConfiguration(keyManagerConfigurationDTO);
        if (!KeyManagerConfiguration.TokenType.EXCHANGED.toString().equalsIgnoreCase(keyManagerConfigurationDTO.getTokenType())) {
            ServiceReferenceHolder.getInstance().getKeyManagerConfigurationService().updateKeyManagerConfiguration(keyManagerConfigurationDTO.getOrganization(), keyManagerConfigurationDTO.getName(), keyManagerConfigurationDTO.getType(), APIUtil.toKeyManagerConfiguration(keyManagerConfigurationDTO));
            new KeyMgtNotificationSender().notify(decryptKeyManagerConfigurationValues(keyManagerConfigurationDTO), APIConstants.KeyManager.KeyManagerEvent.ACTION_UPDATE);
        }
        return keyManagerConfigurationDTO;
    }

    private IdentityProvider updatedIDP(IdentityProvider identityProvider, KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
        IdentityProvider cloneIdentityProvider = cloneIdentityProvider(identityProvider);
        cloneIdentityProvider.setIdentityProviderName(sanitizeName(getSubstringOfTen(keyManagerConfigurationDTO.getName()) + "_" + keyManagerConfigurationDTO.getOrganization() + "_" + keyManagerConfigurationDTO.getUuid()));
        cloneIdentityProvider.setDisplayName(keyManagerConfigurationDTO.getDisplayName());
        cloneIdentityProvider.setPrimary(Boolean.FALSE.booleanValue());
        cloneIdentityProvider.setIdentityProviderDescription(keyManagerConfigurationDTO.getDescription());
        cloneIdentityProvider.setAlias(keyManagerConfigurationDTO.getAlias());
        String str = null;
        if (keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_VALUE)) {
            str = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_VALUE);
        }
        String str2 = null;
        if (keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_TYPE)) {
            str2 = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_TYPE);
        }
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            if (APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(str2)) {
                if (StringUtils.isNotBlank(str)) {
                    IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
                    identityProviderProperty.setName(APIConstants.JWKS_URI);
                    identityProviderProperty.setValue(str);
                    arrayList.add(identityProviderProperty);
                }
            } else if (APIConstants.KeyManager.CERTIFICATE_TYPE_PEM_FILE.equals(str2)) {
                cloneIdentityProvider.setCertificate(String.join(str, ""));
            }
        }
        if (keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ISSUER) != null) {
            IdentityProviderProperty identityProviderProperty2 = new IdentityProviderProperty();
            identityProviderProperty2.setName("idpIssuerName");
            identityProviderProperty2.setValue((String) keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ISSUER));
            arrayList.add(identityProviderProperty2);
        }
        if (arrayList.size() > 0) {
            cloneIdentityProvider.setIdpProperties((IdentityProviderProperty[]) arrayList.toArray(new IdentityProviderProperty[0]));
        }
        cloneIdentityProvider.setEnable(keyManagerConfigurationDTO.isEnabled());
        updateClaims(cloneIdentityProvider, keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.CLAIM_MAPPING));
        return cloneIdentityProvider;
    }

    public void deleteIdentityProvider(String str, KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        if (keyManagerConfigurationDTO != null) {
            if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
                try {
                    if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                        if (log.isDebugEnabled()) {
                            log.debug("Retrieving key manager reference IDP for tenant domain : " + tenantDomain);
                        }
                        IdentityProviderManager.getInstance().deleteIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), APIUtil.getInternalOrganizationDomain(str));
                    }
                } catch (IdentityProviderManagementException e) {
                    throw new APIManagementException("IdP deletion failed. " + e.getMessage(), e, ExceptionCodes.IDP_DELETION_FAILED);
                }
            }
        }
    }

    public void deleteKeyManagerConfigurationById(String str, KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        if (keyManagerConfigurationDTO != null) {
            if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName())) {
                throw new APIManagementException("Resident Key Manager couldn't delete", ExceptionCodes.INTERNAL_ERROR);
            }
            deleteIdentityProvider(str, keyManagerConfigurationDTO);
            this.apiMgtDAO.deleteKeyManagerConfigurationById(keyManagerConfigurationDTO.getUuid(), str);
            if (KeyManagerConfiguration.TokenType.EXCHANGED.toString().equalsIgnoreCase(keyManagerConfigurationDTO.getTokenType())) {
                return;
            }
            ServiceReferenceHolder.getInstance().getKeyManagerConfigurationService().removeKeyManagerConfiguration(str, keyManagerConfigurationDTO.getName());
            new KeyMgtNotificationSender().notify(keyManagerConfigurationDTO, "delete");
        }
    }

    public KeyManagerConfigurationDTO getKeyManagerConfigurationByName(String str, String str2) throws APIManagementException {
        KeyManagerConfigurationDTO keyManagerConfigurationByName = this.apiMgtDAO.getKeyManagerConfigurationByName(str, str2);
        if (keyManagerConfigurationByName != null && APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationByName.getName())) {
            APIUtil.getAndSetDefaultKeyManagerConfiguration(keyManagerConfigurationByName);
        }
        maskValues(keyManagerConfigurationByName);
        if (!StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationByName.getTokenType())) {
            getKeyManagerEndpoints(keyManagerConfigurationByName);
        }
        return keyManagerConfigurationByName;
    }

    public void addBotDetectionAlertSubscription(String str) throws APIManagementException {
        this.apiMgtDAO.addBotDetectionAlertSubscription(str);
    }

    public List<BotDetectionData> getBotDetectionAlertSubscriptions() throws APIManagementException {
        return this.apiMgtDAO.getBotDetectionAlertSubscriptions();
    }

    public void deleteBotDetectionAlertSubscription(String str) throws APIManagementException {
        this.apiMgtDAO.deleteBotDetectionAlertSubscription(str);
    }

    public BotDetectionData getBotDetectionAlertSubscription(String str, String str2) throws APIManagementException {
        return this.apiMgtDAO.getBotDetectionAlertSubscription(str, str2);
    }

    public List<BotDetectionData> retrieveBotDetectionData() throws APIManagementException {
        JSONArray jSONArray;
        ArrayList arrayList = new ArrayList();
        JSONObject executeQueryOnStreamProcessor = APIUtil.executeQueryOnStreamProcessor(AlertMgtConstants.APIM_ALERT_BOT_DETECTION_APP, SQLConstants.BotDataConstants.GET_BOT_DETECTED_DATA);
        if (executeQueryOnStreamProcessor != null && (jSONArray = (JSONArray) executeQueryOnStreamProcessor.get(APIConstants.Analytics.RECORDS_DELIMITER)) != null && jSONArray.size() != 0) {
            Iterator it = jSONArray.iterator();
            while (it.hasNext()) {
                JSONArray jSONArray2 = (JSONArray) it.next();
                BotDetectionData botDetectionData = new BotDetectionData();
                botDetectionData.setCurrentTime(((Long) jSONArray2.get(0)).longValue());
                botDetectionData.setMessageID((String) jSONArray2.get(1));
                botDetectionData.setApiMethod((String) jSONArray2.get(2));
                botDetectionData.setHeaderSet((String) jSONArray2.get(3));
                botDetectionData.setMessageBody(extractBotDetectionDataContent((String) jSONArray2.get(4)));
                botDetectionData.setClientIp((String) jSONArray2.get(5));
                arrayList.add(botDetectionData);
            }
        }
        return arrayList;
    }

    public String extractBotDetectionDataContent(String str) {
        String str2 = "";
        try {
            Node firstChild = APIUtil.getSecuredDocumentBuilder().newDocumentBuilder().parse(new InputSource(new StringReader(str))).getFirstChild().getFirstChild();
            if (firstChild != null) {
                StringWriter stringWriter = new StringWriter();
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(firstChild), new StreamResult(stringWriter));
                String stringWriter2 = stringWriter.toString();
                str2 = stringWriter2.substring(stringWriter2.indexOf("?>") + 2);
            }
        } catch (IOException | ParserConfigurationException | TransformerException | SAXException e) {
            log.error("Error while extracting content from " + str, e);
            str2 = str;
        }
        return str2;
    }

    public APICategory addCategory(APICategory aPICategory, String str, String str2) throws APIManagementException {
        if (isCategoryNameExists(aPICategory.getName(), null, str2)) {
            APIUtil.handleException("Category with name '" + aPICategory.getName() + "' already exists");
        }
        return this.apiMgtDAO.addCategory(aPICategory, str2);
    }

    public void updateCategory(APICategory aPICategory) throws APIManagementException {
        this.apiMgtDAO.updateCategory(aPICategory);
    }

    public void deleteCategory(String str, String str2) throws APIManagementException {
        if (isCategoryAttached(getAPICategoryByID(str), str2) > 0) {
            APIUtil.handleException("Unable to delete the category. It is attached to API(s)");
        }
        this.apiMgtDAO.deleteCategory(str);
    }

    public List<APICategory> getAllAPICategoriesOfOrganization(String str) throws APIManagementException {
        return this.apiMgtDAO.getAllCategories(str);
    }

    public List<APICategory> getAPICategoriesOfOrganization(String str) throws APIManagementException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        List<APICategory> allAPICategoriesOfOrganization = getAllAPICategoriesOfOrganization(str);
        if (allAPICategoriesOfOrganization.size() > 0) {
            for (APICategory aPICategory : allAPICategoriesOfOrganization) {
                aPICategory.setNumberOfAPIs(isCategoryAttached(aPICategory, username));
            }
        }
        return allAPICategoriesOfOrganization;
    }

    public boolean isCategoryNameExists(String str, String str2, String str3) throws APIManagementException {
        return this.apiMgtDAO.isAPICategoryNameExists(str, str2, str3);
    }

    public APICategory getAPICategoryByID(String str) throws APIManagementException {
        APICategory aPICategoryByID = this.apiMgtDAO.getAPICategoryByID(str);
        if (aPICategoryByID != null) {
            return aPICategoryByID;
        }
        throw new APIMgtResourceNotFoundException("Failed to get APICategory. API category corresponding to UUID " + str + " does not exist");
    }

    private int isCategoryAttached(APICategory aPICategory, String str) throws APIManagementException {
        return ((Integer) new APIProviderImpl(str).searchPaginatedAPIs("api-category=*" + aPICategory.getName() + APIConstants.CHAR_ASTERIX, MultitenantUtils.getTenantDomain(str), 0, Integer.MAX_VALUE, null, null).get(APIConstants.API_DATA_LENGTH)).intValue();
    }

    private void validateExternalKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        if (StringUtils.isEmpty(keyManagerConfigurationDTO.getName())) {
            throw new APIManagementException("Key Manager Name can't be empty", ExceptionCodes.KEY_MANAGER_NAME_EMPTY);
        }
        ArrayList arrayList = new ArrayList();
        for (String str : APIConstants.KeyManager.REQUIRED_CONF_FOR_EXT_KEY_MANAGERS) {
            if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(str)) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            throw new APIManagementException("Key Manager Configuration value for " + String.join(",", arrayList) + " is/are required", ExceptionCodes.from(ExceptionCodes.REQUIRED_KEY_MANAGER_CONFIGURATION_MISSING, new String[]{String.join(",", arrayList)}));
        }
        if (!APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_TYPE))) {
            throw new APIManagementException("Invalid certificate type. Only JWKS is supported", ExceptionCodes.from(ExceptionCodes.INVALID_KEY_MANAGER_PROPERTIES, new String[]{"certificates.type"}));
        }
        if (!APIUtil.isValidURL(String.valueOf(keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_VALUE)))) {
            throw new APIManagementException("Invalid JWKS URL is provided. Only valid URLs are supported", ExceptionCodes.from(ExceptionCodes.INVALID_KEY_MANAGER_PROPERTIES, new String[]{"certificates.value"}));
        }
    }

    private void validateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
        if (StringUtils.isEmpty(keyManagerConfigurationDTO.getName())) {
            throw new APIManagementException("Key Manager Name can't be empty", ExceptionCodes.KEY_MANAGER_NAME_EMPTY);
        }
        if (APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName())) {
            return;
        }
        KeyManagerConnectorConfiguration keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO.getType());
        if (keyManagerConnectorConfiguration == null) {
            throw new APIManagementException("Key Manager Type " + keyManagerConfigurationDTO.getType() + " is invalid.", ExceptionCodes.INVALID_KEY_MANAGER_TYPE);
        }
        ArrayList arrayList = new ArrayList();
        for (ConfigurationDto configurationDto : keyManagerConnectorConfiguration.getConnectionConfigurations()) {
            if (configurationDto.isRequired() && !keyManagerConfigurationDTO.getAdditionalProperties().containsKey(configurationDto.getName())) {
                if (StringUtils.isNotEmpty((String) configurationDto.getDefaultValue())) {
                    keyManagerConfigurationDTO.getAdditionalProperties().put(configurationDto.getName(), configurationDto.getDefaultValue());
                }
                arrayList.add(configurationDto.getName());
            }
        }
        if (!arrayList.isEmpty()) {
            throw new APIManagementException("Key Manager Configuration value for " + String.join(",", arrayList) + " is/are required", ExceptionCodes.REQUIRED_KEY_MANAGER_CONFIGURATION_MISSING);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CONSUMER_KEY_CLAIM) && StringUtils.isNotEmpty(keyManagerConnectorConfiguration.getDefaultConsumerKeyClaim())) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CONSUMER_KEY_CLAIM, keyManagerConnectorConfiguration.getDefaultConsumerKeyClaim());
        }
        if (keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.SCOPES_CLAIM) || !StringUtils.isNotEmpty(keyManagerConnectorConfiguration.getDefaultScopesClaim())) {
            return;
        }
        keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.SCOPES_CLAIM, keyManagerConnectorConfiguration.getDefaultScopesClaim());
    }

    private Object encryptValues(Object obj) throws APIManagementException {
        try {
            CryptoUtil defaultCryptoUtil = CryptoUtil.getDefaultCryptoUtil();
            if (obj instanceof String) {
                return getEncryptedValue(new String(defaultCryptoUtil.encrypt(((String) obj).getBytes())));
            }
            if (obj instanceof List) {
                ArrayList arrayList = new ArrayList();
                Iterator it = ((List) obj).iterator();
                while (it.hasNext()) {
                    arrayList.add(encryptValues(it.next()));
                }
                return arrayList;
            }
            if (!(obj instanceof Map)) {
                return null;
            }
            Map map = (Map) obj;
            for (Map.Entry entry : map.entrySet()) {
                map.replace((String) entry.getKey(), encryptValues(entry.getValue()));
            }
            return map;
        } catch (CryptoException e) {
            throw new APIManagementException("Error while encrypting values", e);
        }
    }

    private String getEncryptedValue(String str) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(APIConstants.ENCRYPTED_VALUE, true);
        jSONObject.put("value", str);
        return jSONObject.toJSONString();
    }

    private void maskValues(KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
        KeyManagerConnectorConfiguration keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO.getType());
        Map additionalProperties = keyManagerConfigurationDTO.getAdditionalProperties();
        for (ConfigurationDto configurationDto : keyManagerConnectorConfiguration.getConnectionConfigurations()) {
            if (configurationDto.isMask()) {
                additionalProperties.replace(configurationDto.getName(), APIConstants.DEFAULT_MODIFIED_ENDPOINT_PASSWORD);
            }
        }
    }

    public Workflow[] getworkflows(String str, String str2, String str3) throws APIManagementException {
        return ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getWorkflowProperties().isListTasks() ? this.apiMgtDAO.getworkflows(str, str2, str3) : new Workflow[0];
    }

    public Workflow getworkflowReferenceByExternalWorkflowReferenceID(String str, String str2, String str3) throws APIManagementException {
        Workflow workflow = null;
        if (ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getWorkflowProperties().isListTasks()) {
            workflow = this.apiMgtDAO.getworkflowReferenceByExternalWorkflowReferenceID(str, str2, str3);
        }
        if (workflow == null) {
            throw new APIMgtResourceNotFoundException("External workflow Reference: " + str + " was not found.");
        }
        return workflow;
    }

    public boolean isScopeExistsForUser(String str, String str2) throws APIManagementException {
        if (!APIUtil.isUserExist(str)) {
            throw new APIManagementException("User Not Found. Username :" + str + ",", ExceptionCodes.USER_NOT_FOUND);
        }
        Map<String, String> rESTAPIScopesForTenant = APIUtil.getRESTAPIScopesForTenant(MultitenantUtils.getTenantDomain(str));
        if (rESTAPIScopesForTenant.containsKey(str2)) {
            return getRoleScopeList(APIUtil.getListOfRoles(str), rESTAPIScopesForTenant).contains(str2);
        }
        throw new APIManagementException("Scope Not Found.  Scope : " + str2 + ",", ExceptionCodes.SCOPE_NOT_FOUND);
    }

    public boolean isScopeExists(String str, String str2) {
        return APIUtil.getRESTAPIScopesForTenant(MultitenantUtils.getTenantDomain(str)).containsKey(str2);
    }

    private List<String> getRoleScopeList(String[] strArr, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        if (strArr == null || strArr.length == 0) {
            strArr = new String[0];
        }
        List asList = Arrays.asList(strArr);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            for (String str : entry.getValue().split(",")) {
                if (asList.contains(str)) {
                    arrayList.add(entry.getKey());
                }
            }
        }
        return arrayList;
    }

    public void addTenantTheme(int i, InputStream inputStream) throws APIManagementException {
        this.apiMgtDAO.addTenantTheme(i, inputStream);
    }

    public void updateTenantTheme(int i, InputStream inputStream) throws APIManagementException {
        this.apiMgtDAO.updateTenantTheme(i, inputStream);
    }

    public InputStream getTenantTheme(int i) throws APIManagementException {
        return this.apiMgtDAO.getTenantTheme(i);
    }

    public boolean isTenantThemeExist(int i) throws APIManagementException {
        return this.apiMgtDAO.isTenantThemeExist(i);
    }

    public void deleteTenantTheme(int i) throws APIManagementException {
        this.apiMgtDAO.deleteTenantTheme(i);
    }

    public String getTenantConfig(String str) throws APIManagementException {
        return ServiceReferenceHolder.getInstance().getApimConfigService().getTenantConfig(str);
    }

    public void updateTenantConfig(String str, String str2) throws APIManagementException {
        Schema retrieveTenantConfigJsonSchema = APIUtil.retrieveTenantConfigJsonSchema();
        if (retrieveTenantConfigJsonSchema == null) {
            throw new APIManagementException("tenant-config validation failure", ExceptionCodes.INTERNAL_ERROR);
        }
        try {
            retrieveTenantConfigJsonSchema.validate(new org.json.JSONObject(str2));
            APIUtil.validateRestAPIScopes(str2);
            ServiceReferenceHolder.getInstance().getApimConfigService().updateTenantConfig(str, str2);
        } catch (ValidationException | JSONException e) {
            throw new APIManagementException("tenant-config validation failure", ExceptionCodes.from(ExceptionCodes.INVALID_TENANT_CONFIG, new String[]{e.getMessage()}));
        }
    }

    public String getTenantConfigSchema(String str) {
        return APIUtil.retrieveTenantConfigJsonSchema().toString();
    }

    public Policy[] getPolicies(int i, String str) throws APIManagementException {
        APIPolicy[] aPIPolicyArr = null;
        if ("api".equals(str)) {
            aPIPolicyArr = this.apiMgtDAO.getAPIPolicies(i);
        } else if ("app".equals(str)) {
            aPIPolicyArr = this.apiMgtDAO.getApplicationPolicies(i);
        } else if (APIConstants.JwtTokenConstants.END_USERNAME.equals(str)) {
            aPIPolicyArr = this.apiMgtDAO.getSubscriptionPolicies(i);
        } else if ("global".equals(str)) {
            aPIPolicyArr = this.apiMgtDAO.getGlobalPolicies(i);
        }
        ThrottleProperties throttleProperties = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getThrottleProperties();
        ArrayList arrayList = new ArrayList();
        if (aPIPolicyArr != null) {
            for (APIPolicy aPIPolicy : aPIPolicyArr) {
                if (!"Unlimited".equals(aPIPolicy.getPolicyName())) {
                    arrayList.add(aPIPolicy);
                } else if (throttleProperties.isEnableUnlimitedTier()) {
                    arrayList.add(aPIPolicy);
                }
            }
        }
        return (Policy[]) arrayList.toArray(new Policy[0]);
    }

    public boolean isEnvNameExist(String str, String str2) throws APIManagementException {
        Iterator<Map.Entry<String, Environment>> it = APIUtil.getReadOnlyGatewayEnvironments().entrySet().iterator();
        while (it.hasNext()) {
            if (it.next().getValue().getName().equals(str)) {
                return true;
            }
        }
        return ChoreoApiMgtDAO.getInstance().isEnvNameExists(str, str2);
    }

    public boolean isVHostNameExist(String str) throws APIManagementException {
        return ChoreoApiMgtDAO.getInstance().isVHostExists(str);
    }

    public boolean checkHealth() {
        return ServiceReferenceHolder.getInstance().isStarted();
    }

    private IdentityProvider createIdp(KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setIdentityProviderName(sanitizeName(getSubstringOfTen(keyManagerConfigurationDTO.getName()) + "_" + keyManagerConfigurationDTO.getOrganization() + "_" + keyManagerConfigurationDTO.getUuid()));
        identityProvider.setDisplayName(keyManagerConfigurationDTO.getDisplayName());
        identityProvider.setPrimary(Boolean.FALSE.booleanValue());
        identityProvider.setIdentityProviderDescription(keyManagerConfigurationDTO.getDescription());
        identityProvider.setAlias(keyManagerConfigurationDTO.getAlias());
        String str = null;
        if (keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_VALUE)) {
            str = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_VALUE);
        }
        String str2 = null;
        if (keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_TYPE)) {
            str2 = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.KeyManager.CERTIFICATE_TYPE);
        }
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            if (APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(str2)) {
                if (StringUtils.isNotBlank(str)) {
                    IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
                    identityProviderProperty.setName(APIConstants.JWKS_URI);
                    identityProviderProperty.setValue(str);
                    arrayList.add(identityProviderProperty);
                }
            } else if (APIConstants.KeyManager.CERTIFICATE_TYPE_PEM_FILE.equals(str2)) {
                identityProvider.setCertificate(String.join(str, ""));
            }
        }
        if (keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ISSUER) != null) {
            IdentityProviderProperty identityProviderProperty2 = new IdentityProviderProperty();
            identityProviderProperty2.setName("idpIssuerName");
            identityProviderProperty2.setValue((String) keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ISSUER));
            arrayList.add(identityProviderProperty2);
        }
        if (arrayList.size() > 0) {
            identityProvider.setIdpProperties((IdentityProviderProperty[]) arrayList.toArray(new IdentityProviderProperty[0]));
        }
        identityProvider.setEnable(keyManagerConfigurationDTO.isEnabled());
        updateClaims(identityProvider, keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.CLAIM_MAPPING));
        return identityProvider;
    }

    private void updateClaims(IdentityProvider identityProvider, Object obj) {
        if (obj != null) {
            ClaimConfig claimConfig = new ClaimConfig();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            claimConfig.setLocalClaimDialect(false);
            Iterator it = ((JsonArray) obj).iterator();
            while (it.hasNext()) {
                JsonObject jsonObject = (JsonElement) it.next();
                if (jsonObject instanceof JsonObject) {
                    JsonElement jsonElement = jsonObject.get("remoteClaim");
                    JsonElement jsonElement2 = jsonObject.get("localClaim");
                    ClaimMapping claimMapping = new ClaimMapping();
                    Claim claim = new Claim();
                    claim.setClaimUri(jsonElement.getAsString());
                    Claim claim2 = new Claim();
                    claim2.setClaimUri(jsonElement2.getAsString());
                    claimMapping.setRemoteClaim(claim);
                    claimMapping.setLocalClaim(claim2);
                    arrayList.add(claimMapping);
                    arrayList2.add(claim);
                }
            }
            claimConfig.setClaimMappings((ClaimMapping[]) arrayList.toArray(new ClaimMapping[0]));
            claimConfig.setIdpClaims((Claim[]) arrayList2.toArray(new Claim[0]));
            identityProvider.setClaimConfig(claimConfig);
        }
    }

    private String sanitizeName(String str) {
        return str.replaceAll("[^a-zA-Z0-9-_\\.]", "_");
    }

    private String getSubstringOfTen(String str) {
        return str.length() < 10 ? str : str.substring(0, 10);
    }

    private void mergeIdpWithKeyManagerConfiguration(IdentityProvider identityProvider, KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
        keyManagerConfigurationDTO.setDisplayName(identityProvider.getDisplayName());
        keyManagerConfigurationDTO.setDescription(identityProvider.getIdentityProviderDescription());
        IdentityProviderProperty[] idpProperties = identityProvider.getIdpProperties();
        if (idpProperties.length > 0) {
            for (IdentityProviderProperty identityProviderProperty : idpProperties) {
                if (StringUtils.equals(identityProviderProperty.getName(), APIConstants.JWKS_URI)) {
                    keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT);
                    keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, identityProviderProperty.getValue());
                }
                if (StringUtils.equals(identityProviderProperty.getName(), "idpIssuerName")) {
                    keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ISSUER, identityProviderProperty.getValue());
                }
            }
        } else if (StringUtils.isNotBlank(identityProvider.getCertificate())) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_PEM_FILE);
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, identityProvider.getCertificate());
        }
        keyManagerConfigurationDTO.setEnabled(identityProvider.isEnable());
        keyManagerConfigurationDTO.setAlias(identityProvider.getAlias());
        ClaimConfig claimConfig = identityProvider.getClaimConfig();
        JsonArray jsonArray = new JsonArray();
        for (ClaimMapping claimMapping : claimConfig.getClaimMappings()) {
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("localClaim", claimMapping.getLocalClaim().getClaimUri());
            jsonObject.addProperty("remoteClaim", claimMapping.getRemoteClaim().getClaimUri());
            jsonArray.add(jsonObject);
        }
        keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CLAIM_MAPPING, jsonArray);
    }

    private void getKeyManagerEndpoints(KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
        List<ConfigurationDto> endpointConfigurations;
        HashMap hashMap = new HashMap();
        keyManagerConfigurationDTO.setEndpoints(hashMap);
        if ("default".equals(keyManagerConfigurationDTO.getType()) || (endpointConfigurations = ServiceReferenceHolder.getInstance().getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO.getType()).getEndpointConfigurations()) == null) {
            return;
        }
        for (ConfigurationDto configurationDto : endpointConfigurations) {
            Object property = keyManagerConfigurationDTO.getProperty(configurationDto.getName());
            if ((property instanceof String) && StringUtils.isNotEmpty((String) property)) {
                hashMap.put(configurationDto.getName(), (String) property);
            }
        }
    }

    private static IdentityProvider cloneIdentityProvider(IdentityProvider identityProvider) {
        Gson gson = new Gson();
        return (IdentityProvider) gson.fromJson(gson.toJson(identityProvider), IdentityProvider.class);
    }

    private void validateKeyManagerIssuerUniqueness(String str, String str2) throws APIManagementException {
        Iterator<KeyManagerConfigurationDTO> it = this.apiMgtDAO.getKeyManagerConfigurationsByOrganization(str).iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(str2, it.next().getProperty(APIConstants.KeyManager.ISSUER).toString())) {
                throw new APIManagementException("Issuer already exists for the organization " + str, ExceptionCodes.from(ExceptionCodes.ISSUER_ALREADY_EXISTS, new String[]{str2}));
            }
        }
    }
}
