package org.wso2.carbon.apimgt.keymgt;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import org.apache.axis2.util.URL;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.AccessTokenRequest;
import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClient;
import org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClientPool;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtDataHolder;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtUtil;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/AMDefaultKeyManagerImpl.class */
public class AMDefaultKeyManagerImpl extends AbstractKeyManager {
    private static final String OAUTH_RESPONSE_ACCESSTOKEN = "access_token";
    private static final String OAUTH_RESPONSE_EXPIRY_TIME = "expires_in";
    private static final String GRANT_TYPE_VALUE = "client_credentials";
    private static final String GRANT_TYPE_PARAM_VALIDITY = "validity_period";
    private KeyManagerConfiguration configuration;
    private static final Log log = LogFactory.getLog(AMDefaultKeyManagerImpl.class);

    public OAuthApplicationInfo createApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String str = (String) oAuthApplicationInfo.getParameter("username");
        String clientName = oAuthApplicationInfo.getClientName();
        if (log.isDebugEnabled()) {
            log.debug("Trying to create OAuth application :" + clientName);
        }
        String callBackURL = oAuthApplicationInfo.getCallBackURL();
        oAuthApplicationInfo.addParameter("tokenScope", new String[]{(String) oAuthApplicationInfo.getParameter("tokenScope")});
        org.wso2.carbon.apimgt.api.model.xsd.OAuthApplicationInfo oAuthApplicationInfo2 = null;
        SubscriberKeyMgtClient subscriberKeyMgtClient = null;
        try {
            try {
                subscriberKeyMgtClient = SubscriberKeyMgtClientPool.getInstance().get();
                oAuthApplicationInfo2 = subscriberKeyMgtClient.createOAuthApplication(str, clientName, callBackURL);
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            } catch (Exception e) {
                handleException("Can not create OAuth application  : " + clientName, e);
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            if (oAuthApplicationInfo2 == null || oAuthApplicationInfo2.getJsonString() == null) {
                handleException("OAuth app does not contains required data  : " + clientName, new APIManagementException("OAuth app does not contains required data"));
            }
            oAuthApplicationInfo.setClientName(oAuthApplicationInfo2.getClientName());
            oAuthApplicationInfo.setClientId(oAuthApplicationInfo2.getClientId());
            oAuthApplicationInfo.setCallBackURL(oAuthApplicationInfo2.getCallBackURL());
            oAuthApplicationInfo.setClientSecret(oAuthApplicationInfo2.getClientSecret());
            try {
                JSONObject jSONObject = new JSONObject(oAuthApplicationInfo2.getJsonString());
                if (jSONObject.has("redirect_uris")) {
                    oAuthApplicationInfo.addParameter("redirect_uris", jSONObject.get("redirect_uris"));
                }
                if (jSONObject.has("client_name")) {
                    oAuthApplicationInfo.addParameter("client_name", jSONObject.get("client_name"));
                }
                if (jSONObject.has("grant_types")) {
                    oAuthApplicationInfo.addParameter("grant_types", jSONObject.get("grant_types"));
                }
            } catch (JSONException e2) {
                handleException("Can not retrieve information of the created OAuth application", e2);
            }
            return oAuthApplicationInfo;
        } catch (Throwable th) {
            SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            throw th;
        }
    }

    public OAuthApplicationInfo updateApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        SubscriberKeyMgtClient subscriberKeyMgtClient = null;
        try {
            try {
                subscriberKeyMgtClient = SubscriberKeyMgtClientPool.getInstance().get();
                String str = (String) oAuthApplicationInfo.getParameter("username");
                String clientName = oAuthApplicationInfo.getClientName();
                log.debug("Updating OAuth Client with ID : " + oAuthApplicationInfo.getClientId());
                if (log.isDebugEnabled() && oAuthApplicationInfo.getCallBackURL() != null) {
                    log.debug("CallBackURL : " + oAuthApplicationInfo.getCallBackURL());
                }
                if (log.isDebugEnabled() && oAuthApplicationInfo.getClientName() != null) {
                    log.debug("Client Name : " + oAuthApplicationInfo.getClientName());
                }
                org.wso2.carbon.apimgt.api.model.xsd.OAuthApplicationInfo updateOAuthApplication = subscriberKeyMgtClient.updateOAuthApplication(str, clientName, oAuthApplicationInfo.getCallBackURL(), oAuthApplicationInfo.getClientId(), (String[]) null);
                OAuthApplicationInfo oAuthApplicationInfo2 = new OAuthApplicationInfo();
                oAuthApplicationInfo2.setClientId(updateOAuthApplication.getClientId());
                oAuthApplicationInfo2.setCallBackURL(updateOAuthApplication.getCallBackURL());
                oAuthApplicationInfo2.setClientSecret(updateOAuthApplication.getClientSecret());
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
                return oAuthApplicationInfo2;
            } catch (Exception e) {
                handleException("Error occurred while updating OAuth Client : ", e);
                if (subscriberKeyMgtClient == null) {
                    return null;
                }
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                return null;
            }
        } catch (Throwable th) {
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            throw th;
        }
    }

    public void deleteApplication(String str) throws APIManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Trying to delete OAuth application for consumer key :" + str);
        }
        SubscriberKeyMgtClient subscriberKeyMgtClient = null;
        try {
            try {
                subscriberKeyMgtClient = SubscriberKeyMgtClientPool.getInstance().get();
                subscriberKeyMgtClient.deleteOAuthApplication(str);
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
            } catch (Exception e) {
                handleException("Can not remove service provider for the given consumer key : " + str, e);
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
            }
        } catch (Throwable th) {
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            throw th;
        }
    }

    public OAuthApplicationInfo retrieveApplication(String str) throws APIManagementException {
        org.wso2.carbon.apimgt.api.model.xsd.OAuthApplicationInfo oAuthApplication;
        SubscriberKeyMgtClient subscriberKeyMgtClient = null;
        if (log.isDebugEnabled()) {
            log.debug("Trying to retrieve OAuth application for consumer key :" + str);
        }
        OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
        try {
            try {
                subscriberKeyMgtClient = SubscriberKeyMgtClientPool.getInstance().get();
                oAuthApplication = subscriberKeyMgtClient.getOAuthApplication(str);
            } catch (Exception e) {
                handleException("Can not retrieve OAuth application for the given consumer key : " + str, e);
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
            }
            if (oAuthApplication == null || oAuthApplication.getClientId() == null) {
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
                return null;
            }
            oAuthApplicationInfo.setClientName(oAuthApplication.getClientName());
            oAuthApplicationInfo.setClientId(oAuthApplication.getClientId());
            oAuthApplicationInfo.setCallBackURL(oAuthApplication.getCallBackURL());
            oAuthApplicationInfo.setClientSecret(oAuthApplication.getClientSecret());
            JSONObject jSONObject = new JSONObject(oAuthApplication.getJsonString());
            if (jSONObject.has("redirect_uris")) {
                oAuthApplicationInfo.addParameter("redirect_uris", jSONObject.get("redirect_uris"));
            }
            if (jSONObject.has("client_name")) {
                oAuthApplicationInfo.addParameter("client_name", jSONObject.get("client_name"));
            }
            if (jSONObject.has("grant_types")) {
                oAuthApplicationInfo.addParameter("grant_types", jSONObject.get("grant_types"));
            }
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            return oAuthApplicationInfo;
        } catch (Throwable th) {
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            throw th;
        }
    }

    public AccessTokenInfo getNewApplicationAccessToken(AccessTokenRequest accessTokenRequest) throws APIManagementException {
        HttpResponse execute;
        HttpEntity entity;
        AccessTokenInfo accessTokenInfo = null;
        if (accessTokenRequest == null) {
            log.warn("No information available to generate Token.");
            return null;
        }
        String parameter = this.configuration.getParameter("TokenURL");
        String parameter2 = this.configuration.getParameter("RevokeURL");
        URL url = new URL(parameter);
        int port = url.getPort();
        String protocol = url.getProtocol();
        try {
            if (accessTokenRequest.getTokenToRevoke() != null) {
                URL url2 = new URL(parameter2);
                HttpClient httpClient = APIKeyMgtUtil.getHttpClient(url2.getPort(), url2.getProtocol());
                HttpPost httpPost = new HttpPost(parameter2);
                ArrayList arrayList = new ArrayList(3);
                arrayList.add(new BasicNameValuePair(ResourceConstants.CLIENT_ID_PARAM_NAME, accessTokenRequest.getClientId()));
                arrayList.add(new BasicNameValuePair("client_secret", accessTokenRequest.getClientSecret()));
                arrayList.add(new BasicNameValuePair(ResourceConstants.AUTH_TOKEN_PARAM_NAME, accessTokenRequest.getTokenToRevoke()));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, ResourceConstants.UTF8_PARAM_NAME));
                HttpResponse execute2 = httpClient.execute(httpPost);
                if (execute2.getStatusLine().getStatusCode() != 200) {
                    throw new RuntimeException("Token revoke failed : HTTP error code : " + execute2.getStatusLine().getStatusCode());
                }
                if (log.isDebugEnabled()) {
                    log.debug("Successfully submitted revoke request for old application token. HTTP status : 200");
                }
            }
            String applicationTokenScope = APIKeyMgtDataHolder.getApplicationTokenScope();
            if (accessTokenRequest.getValidityPeriod() == -1) {
                accessTokenRequest.setValidityPeriod(-2L);
            }
            HttpClient httpClient2 = APIKeyMgtUtil.getHttpClient(port, protocol);
            HttpPost httpPost2 = new HttpPost(parameter);
            ArrayList arrayList2 = new ArrayList(3);
            arrayList2.add(new BasicNameValuePair("grant_type", GRANT_TYPE_VALUE));
            arrayList2.add(new BasicNameValuePair(GRANT_TYPE_PARAM_VALIDITY, Long.toString(accessTokenRequest.getValidityPeriod())));
            arrayList2.add(new BasicNameValuePair(ResourceConstants.CLIENT_ID_PARAM_NAME, accessTokenRequest.getClientId()));
            arrayList2.add(new BasicNameValuePair("client_secret", accessTokenRequest.getClientSecret()));
            StringBuilder sb = new StringBuilder();
            sb.append(applicationTokenScope);
            for (String str : accessTokenRequest.getScope()) {
                sb.append(" " + str);
            }
            arrayList2.add(new BasicNameValuePair("scope", sb.toString()));
            httpPost2.setEntity(new UrlEncodedFormEntity(arrayList2, ResourceConstants.UTF8_PARAM_NAME));
            execute = httpClient2.execute(httpPost2);
            entity = execute.getEntity();
        } catch (ClientProtocolException e) {
            handleException("Error while creating token - Invalid protocol used", e);
        } catch (JSONException e2) {
            handleException("Error while parsing response from token api", e2);
        } catch (UnsupportedEncodingException e3) {
            handleException("Error while preparing request for token/revoke APIs", e3);
        } catch (IOException e4) {
            handleException("Error while creating tokens - " + e4.getMessage(), e4);
        }
        if (execute.getStatusLine().getStatusCode() != 200) {
            throw new RuntimeException("Error occurred while calling token endpoint: HTTP error code : " + execute.getStatusLine().getStatusCode());
        }
        accessTokenInfo = new AccessTokenInfo();
        JSONObject jSONObject = new JSONObject(EntityUtils.toString(entity));
        String obj = jSONObject.get(OAUTH_RESPONSE_ACCESSTOKEN).toString();
        long parseLong = Long.parseLong(jSONObject.get(OAUTH_RESPONSE_EXPIRY_TIME).toString());
        if (jSONObject.has("scope")) {
            accessTokenInfo.setScope(((String) jSONObject.get("scope")).split(" "));
        }
        accessTokenInfo.setAccessToken(obj);
        accessTokenInfo.setValidityPeriod(parseLong);
        return accessTokenInfo;
    }

    public AccessTokenInfo getTokenMetaData(String str) throws APIManagementException {
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        OAuth2TokenValidationService oAuth2TokenValidationService = new OAuth2TokenValidationService();
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setIdentifier(str);
        oAuth2AccessToken.setTokenType("bearer");
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam = new OAuth2TokenValidationRequestDTO.TokenValidationContextParam(oAuth2TokenValidationRequestDTO);
        tokenValidationContextParam.setKey("dummy");
        tokenValidationContextParam.setValue("dummy");
        oAuth2TokenValidationRequestDTO.setContext(new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[]{tokenValidationContextParam});
        OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid = oAuth2TokenValidationService.findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO);
        OAuth2TokenValidationResponseDTO accessTokenValidationResponse = findOAuthConsumerIfTokenIsValid.getAccessTokenValidationResponse();
        if (!accessTokenValidationResponse.isValid()) {
            accessTokenInfo.setTokenValid(accessTokenValidationResponse.isValid());
            log.error("Invalid OAuth Token : " + accessTokenValidationResponse.getErrorMsg());
            accessTokenInfo.setErrorcode(900901);
            return accessTokenInfo;
        }
        accessTokenInfo.setTokenValid(accessTokenValidationResponse.isValid());
        accessTokenInfo.setEndUserName(accessTokenValidationResponse.getAuthorizedUser());
        accessTokenInfo.setConsumerKey(findOAuthConsumerIfTokenIsValid.getConsumerKey());
        if (accessTokenValidationResponse.getExpiryTime() == Long.MAX_VALUE) {
            accessTokenInfo.setValidityPeriod(Long.MAX_VALUE);
        } else {
            accessTokenInfo.setValidityPeriod(accessTokenValidationResponse.getExpiryTime() * 1000);
        }
        accessTokenInfo.setIssuedTime(System.currentTimeMillis());
        accessTokenInfo.setScope(accessTokenValidationResponse.getScope());
        String[] scope = accessTokenValidationResponse.getScope();
        String applicationTokenScope = APIKeyMgtDataHolder.getApplicationTokenScope();
        if (scope != null && applicationTokenScope != null && !applicationTokenScope.isEmpty() && Arrays.asList(scope).contains(applicationTokenScope)) {
            accessTokenInfo.setApplicationToken(true);
        }
        if (APIUtil.checkAccessTokenPartitioningEnabled() && APIUtil.checkUserNameAssertionEnabled()) {
            accessTokenInfo.setConsumerKey(ApiMgtDAO.getConsumerKeyForTokenWhenTokenPartitioningEnabled(str));
        }
        return accessTokenInfo;
    }

    public KeyManagerConfiguration getKeyManagerConfiguration() throws APIManagementException {
        return this.configuration;
    }

    public OAuthApplicationInfo buildFromJSON(String str) throws APIManagementException {
        return null;
    }

    public OAuthApplicationInfo mapOAuthApplication(OAuthAppRequest oAuthAppRequest) throws APIManagementException {
        OAuthApplicationInfo oAuthApplicationInfo = oAuthAppRequest.getOAuthApplicationInfo();
        String clientId = oAuthApplicationInfo.getClientId();
        String[] strArr = {(String) oAuthApplicationInfo.getParameter("tokenScope")};
        String str = (String) oAuthApplicationInfo.getParameter("client_secret");
        oAuthApplicationInfo.setClientSecret(str);
        SubscriberKeyMgtClient subscriberKeyMgtClient = null;
        org.wso2.carbon.apimgt.api.model.xsd.OAuthApplicationInfo oAuthApplicationInfo2 = null;
        try {
            try {
                subscriberKeyMgtClient = SubscriberKeyMgtClientPool.getInstance().get();
                oAuthApplicationInfo2 = subscriberKeyMgtClient.getOAuthApplication(oAuthApplicationInfo.getClientId());
            } catch (Exception e) {
                handleException("Some thing went wrong while getting OAuth application for given consumer key " + oAuthApplicationInfo.getClientId(), e);
                if (subscriberKeyMgtClient != null) {
                    SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
                }
            }
            if (!str.equals(oAuthApplicationInfo2.getClientSecret())) {
                throw new APIManagementException("The secret key is wrong for the given consumer key " + clientId);
            }
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            if (oAuthApplicationInfo2.getClientId() == null) {
                return null;
            }
            oAuthApplicationInfo.addParameter("tokenScope", strArr);
            if (log.isDebugEnabled()) {
                log.debug("Creating semi-manual application for consumer id  :  " + oAuthApplicationInfo.getClientId());
            }
            return oAuthApplicationInfo;
        } catch (Throwable th) {
            if (subscriberKeyMgtClient != null) {
                SubscriberKeyMgtClientPool.getInstance().release(subscriberKeyMgtClient);
            }
            throw th;
        }
    }

    public void loadConfiguration(KeyManagerConfiguration keyManagerConfiguration) throws APIManagementException {
        if (keyManagerConfiguration != null) {
            this.configuration = keyManagerConfiguration;
        } else {
            APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
            if (this.configuration == null) {
                this.configuration = new KeyManagerConfiguration();
                this.configuration.setManualModeSupported(true);
                this.configuration.setResourceRegistrationEnabled(true);
                this.configuration.setTokenValidityConfigurable(true);
                this.configuration.addParameter("ServerURL", aPIManagerConfiguration.getFirstProperty("APIKeyValidator.ServerURL"));
                this.configuration.addParameter("Username", aPIManagerConfiguration.getFirstProperty("APIKeyValidator.Username"));
                this.configuration.addParameter("Password", aPIManagerConfiguration.getFirstProperty("APIKeyValidator.Password"));
                this.configuration.addParameter("RevokeURL", aPIManagerConfiguration.getFirstProperty("APIKeyValidator.RevokeAPIURL"));
                String firstProperty = aPIManagerConfiguration.getFirstProperty("APIKeyValidator.RevokeAPIURL");
                this.configuration.addParameter("TokenURL", firstProperty != null ? firstProperty.replace("revoke", ResourceConstants.AUTH_TOKEN_PARAM_NAME) : null);
            }
        }
        SubscriberKeyMgtClientPool.getInstance().setConfiguration(this.configuration);
    }

    public boolean registerNewResource(API api, Map map) throws APIManagementException {
        return true;
    }

    public Map getResourceByApiId(String str) throws APIManagementException {
        return null;
    }

    public boolean updateRegisteredResource(API api, Map map) throws APIManagementException {
        return false;
    }

    public void deleteRegisteredResourceByAPIId(String str) throws APIManagementException {
    }

    public void deleteMappedApplication(String str) throws APIManagementException {
    }

    public Set<String> getActiveTokensByConsumerKey(String str) throws APIManagementException {
        return new ApiMgtDAO().getActiveTokensOfConsumerKey(str);
    }

    public AccessTokenInfo getAccessTokenByConsumerKey(String str) throws APIManagementException {
        return null;
    }

    private void handleException(String str, Exception exc) throws APIManagementException {
        log.error(str, exc);
        throw new APIManagementException(str, exc);
    }
}
