package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2;

import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundFunctions;
import org.wso2.carbon.identity.api.server.common.ContextLoader;
import org.wso2.carbon.identity.api.server.common.error.APIError;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.cors.mgt.core.exception.CORSManagementServiceClientException;
import org.wso2.carbon.identity.cors.mgt.core.exception.CORSManagementServiceException;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.IdentityOAuthClientException;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.2.59.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthInboundFunctions.class */
public class OAuthInboundFunctions {
    private static final Log log = LogFactory.getLog(OAuthInboundFunctions.class);

    private OAuthInboundFunctions() {
    }

    public static InboundAuthenticationRequestConfig putOAuthInbound(ServiceProvider serviceProvider, OpenIDConnectConfiguration openIDConnectConfiguration) {
        String tenantDomainFromContext = ContextLoader.getTenantDomainFromContext();
        try {
            String inboundAuthKey = InboundFunctions.getInboundAuthKey(serviceProvider, "oauth2");
            ApplicationManagementServiceHolder.getCorsManagementService().setCORSOrigins(serviceProvider.getApplicationResourceId(), openIDConnectConfiguration.getAllowedOrigins(), tenantDomainFromContext);
            if (inboundAuthKey == null) {
                return createOAuthInbound(serviceProvider.getApplicationName(), openIDConnectConfiguration);
            }
            OAuthConsumerAppDTO oAuthApplicationData = ApplicationManagementServiceHolder.getOAuthAdminService().getOAuthApplicationData(inboundAuthKey);
            if (!StringUtils.equals(oAuthApplicationData.getOauthConsumerKey(), openIDConnectConfiguration.getClientId())) {
                throw Utils.buildBadRequestError("Invalid ClientID provided for update.");
            }
            if (!StringUtils.equals(oAuthApplicationData.getOauthConsumerSecret(), openIDConnectConfiguration.getClientSecret())) {
                throw Utils.buildBadRequestError("Invalid ClientSecret provided for update.");
            }
            OAuthConsumerAppDTO apply = new ApiModelToOAuthConsumerApp().apply(serviceProvider.getApplicationName(), openIDConnectConfiguration);
            ApplicationManagementServiceHolder.getOAuthAdminService().updateConsumerApplication(apply);
            return createInboundAuthRequestConfig(apply.getOauthConsumerKey());
        } catch (CORSManagementServiceException e) {
            throw handleException(e);
        } catch (IdentityOAuthAdminException e2) {
            try {
                ApplicationManagementServiceHolder.getCorsManagementService().setCORSOrigins(serviceProvider.getApplicationResourceId(), (List) null, tenantDomainFromContext);
                throw handleException(e2);
            } catch (CORSManagementServiceException e3) {
                throw handleException(e2);
            }
        }
    }

    private static APIError handleException(Exception exc) {
        String str = "Error while updating OpenIDConnect configuration. " + exc.getMessage();
        return exc instanceof IdentityOAuthClientException ? Utils.buildBadRequestError(((IdentityOAuthClientException) exc).getErrorCode(), str) : exc instanceof CORSManagementServiceClientException ? Utils.buildBadRequestError(str) : Utils.buildServerError(str, exc);
    }

    @Deprecated
    public static InboundAuthenticationRequestConfig createOAuthInbound(OpenIDConnectConfiguration openIDConnectConfiguration) {
        return createOAuthInbound(UUID.randomUUID().toString(), openIDConnectConfiguration);
    }

    public static InboundAuthenticationRequestConfig createOAuthInbound(String str, OpenIDConnectConfiguration openIDConnectConfiguration) {
        try {
            return createInboundAuthRequestConfig(ApplicationManagementServiceHolder.getOAuthAdminService().registerAndRetrieveOAuthApplicationData(new ApiModelToOAuthConsumerApp().apply(str, openIDConnectConfiguration)).getOauthConsumerKey());
        } catch (IdentityOAuthAdminException e) {
            throw handleException(e);
        }
    }

    private static InboundAuthenticationRequestConfig createInboundAuthRequestConfig(String str) {
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
        inboundAuthenticationRequestConfig.setInboundAuthKey(str);
        return inboundAuthenticationRequestConfig;
    }

    public static OpenIDConnectConfiguration getOAuthConfiguration(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
        try {
            OpenIDConnectConfiguration apply = new OAuthConsumerAppToApiModel().apply(ApplicationManagementServiceHolder.getOAuthAdminService().getOAuthApplicationData(inboundAuthKey));
            String tenantDomainFromContext = ContextLoader.getTenantDomainFromContext();
            apply.setAllowedOrigins((List) ApplicationManagementServiceHolder.getCorsManagementService().getApplicationCORSOrigins(ApplicationManagementServiceHolder.getApplicationManagementService().getServiceProviderByClientId(inboundAuthKey, "oauth2", tenantDomainFromContext).getApplicationResourceId(), tenantDomainFromContext).stream().map((v0) -> {
                return v0.getOrigin();
            }).collect(Collectors.toList()));
            return apply;
        } catch (IdentityOAuthAdminException | IdentityApplicationManagementException | CORSManagementServiceException e) {
            throw Utils.buildServerError("Error while retrieving oauth application for clientId: " + inboundAuthKey, e);
        }
    }

    public static void deleteOAuthInbound(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        try {
            ApplicationManagementServiceHolder.getOAuthAdminService().removeOAuthApplicationData(inboundAuthenticationRequestConfig.getInboundAuthKey());
        } catch (IdentityOAuthAdminException e) {
            throw Utils.buildServerError("Error while trying to rollback OAuth2/OpenIDConnect configuration." + e.getMessage(), e);
        }
    }

    public static OpenIDConnectConfiguration regenerateClientSecret(String str) {
        try {
            return new OAuthConsumerAppToApiModel().apply(ApplicationManagementServiceHolder.getOAuthAdminService().updateAndRetrieveOauthSecretKey(str));
        } catch (IdentityOAuthAdminException e) {
            throw Utils.buildServerError("Error while regenerating client secret of oauth application.", e);
        }
    }

    public static void revokeOAuthClient(String str) {
        try {
            ApplicationManagementServiceHolder.getOAuthAdminService().updateConsumerAppState(str, "REVOKED");
        } catch (IdentityOAuthAdminException e) {
            throw Utils.buildServerError("Error while revoking oauth application.", e);
        }
    }

    public static void updateCorsOrigins(String str, OpenIDConnectConfiguration openIDConnectConfiguration) throws CORSManagementServiceException {
        String tenantDomainFromContext = ContextLoader.getTenantDomainFromContext();
        List<String> allowedOrigins = openIDConnectConfiguration.getAllowedOrigins();
        if (CollectionUtils.isEmpty(allowedOrigins)) {
            return;
        }
        ApplicationManagementServiceHolder.getCorsManagementService().setCORSOrigins(str, allowedOrigins, tenantDomainFromContext);
    }
}
