package org.wso2.carbon.apimgt.gateway.handlers.security.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.util.DateUtils;
import io.swagger.v3.oas.models.OpenAPI;
import java.io.IOException;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.cache.Cache;
import net.minidev.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.json.JSONException;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.MethodStats;
import org.wso2.carbon.apimgt.gateway.MethodTimeLogger;
import org.wso2.carbon.apimgt.gateway.dto.JWTInfoDto;
import org.wso2.carbon.apimgt.gateway.dto.JWTTokenPayloadInfo;
import org.wso2.carbon.apimgt.gateway.handlers.WebsocketUtil;
import org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext;
import org.wso2.carbon.apimgt.gateway.handlers.security.jwt.generator.AbstractAPIMgtGatewayJWTGenerator;
import org.wso2.carbon.apimgt.gateway.handlers.security.jwt.transformer.JWTTransformer;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.gateway.jwt.RevokedJWTDataHolder;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils;
import org.wso2.carbon.apimgt.gateway.utils.OpenAPIUtils;
import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.JWTConfigurationDto;
import org.wso2.carbon.apimgt.impl.dto.TokenIssuerDto;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator.class */
public class JWTValidator {
    private static final Log log;
    private String apiLevelPolicy;
    private APIKeyValidator apiKeyValidator;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;
    private static final JoinPoint.StaticPart ajc$tjp_7 = null;
    private static final JoinPoint.StaticPart ajc$tjp_8 = null;
    private static final JoinPoint.StaticPart ajc$tjp_9 = null;
    private static final JoinPoint.StaticPart ajc$tjp_10 = null;
    private static final JoinPoint.StaticPart ajc$tjp_11 = null;
    private static final JoinPoint.StaticPart ajc$tjp_12 = null;
    private static final JoinPoint.StaticPart ajc$tjp_13 = null;
    private static final JoinPoint.StaticPart ajc$tjp_14 = null;
    private boolean isGatewayTokenCacheEnabled = GatewayUtils.isGatewayTokenCacheEnabled();
    JWTConfigurationDto jwtConfigurationDto = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getJwtConfigurationDto();
    private boolean jwtGenerationEnabled = this.jwtConfigurationDto.isEnabled();
    private AbstractAPIMgtGatewayJWTGenerator apiMgtGatewayJWTGenerator = ServiceReferenceHolder.getInstance().getApiMgtGatewayJWTGenerator().get(this.jwtConfigurationDto.getGatewayJWTGeneratorImpl());

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.authenticate_aroundBody0((JWTValidator) objArr2[0], (String) objArr2[1], (MessageContext) objArr2[2], (OpenAPI) objArr2[3], (JoinPoint) objArr2[4]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            JWTValidator.checkTokenWithTheScope_aroundBody10((JWTValidator) objArr2[0], (String) objArr2[1], (String) objArr2[2], (JWTClaimsSet) objArr2[3], (JoinPoint) objArr2[4]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            JWTValidator.checkTokenExpiration_aroundBody12((JWTValidator) objArr2[0], (String) objArr2[1], (JWTClaimsSet) objArr2[2], (String) objArr2[3], (JoinPoint) objArr2[4]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure15.class */
    public class AjcClosure15 extends AroundClosure {
        public AjcClosure15(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.transformJWTClaims_aroundBody14((JWTValidator) objArr2[0], (JWTClaimsSet) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure17.class */
    public class AjcClosure17 extends AroundClosure {
        public AjcClosure17(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getGatewayTokenCache_aroundBody16((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure19.class */
    public class AjcClosure19 extends AroundClosure {
        public AjcClosure19(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getInvalidTokenCache_aroundBody18((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure21.class */
    public class AjcClosure21 extends AroundClosure {
        public AjcClosure21(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getGatewayKeyCache_aroundBody20((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure23.class */
    public class AjcClosure23 extends AroundClosure {
        public AjcClosure23(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getGatewayJWTTokenCache_aroundBody22((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure25.class */
    public class AjcClosure25 extends AroundClosure {
        public AjcClosure25(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getApiLevelPolicy_aroundBody24((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure27.class */
    public class AjcClosure27 extends AroundClosure {
        public AjcClosure27(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(JWTValidator.verifyTokenSignature_aroundBody26((JWTValidator) objArr2[0], (SignedJWT) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure29.class */
    public class AjcClosure29 extends AroundClosure {
        public AjcClosure29(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.getJWKSCache_aroundBody28((JWTValidator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.generateAndRetrieveJWTToken_aroundBody2((JWTValidator) objArr2[0], (String) objArr2[1], (JWTInfoDto) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.validateSubscriptionUsingKeyManager_aroundBody4((JWTValidator) objArr2[0], (MessageContext) objArr2[1], (JWTClaimsSet) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTValidator.authenticateForWebSocket_aroundBody6((JWTValidator) objArr2[0], (String) objArr2[1], (String) objArr2[2], (String) objArr2[3], (JoinPoint) objArr2[4]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/jwt/JWTValidator$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            JWTValidator.validateScopes_aroundBody8((JWTValidator) objArr2[0], (MessageContext) objArr2[1], (OpenAPI) objArr2[2], (JWTClaimsSet) objArr2[3], (JoinPoint) objArr2[4]);
            return null;
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(JWTValidator.class);
    }

    public JWTValidator(String str, APIKeyValidator aPIKeyValidator) {
        this.apiLevelPolicy = str;
        this.apiKeyValidator = aPIKeyValidator;
    }

    @MethodStats
    public AuthenticationContext authenticate(String str, MessageContext messageContext, OpenAPI openAPI) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, new Object[]{str, messageContext, openAPI});
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || MethodTimeLogger.isConfigEnabled()) ? (AuthenticationContext) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, str, messageContext, openAPI, makeJP}).linkClosureAndJoinPoint(69648)) : authenticate_aroundBody0(this, str, messageContext, openAPI, makeJP);
    }

    private String generateAndRetrieveJWTToken(String str, JWTInfoDto jWTInfoDto) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, str, jWTInfoDto);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, str, jWTInfoDto, makeJP}).linkClosureAndJoinPoint(69648)) : generateAndRetrieveJWTToken_aroundBody2(this, str, jWTInfoDto, makeJP);
    }

    private APIKeyValidationInfoDTO validateSubscriptionUsingKeyManager(MessageContext messageContext, JWTClaimsSet jWTClaimsSet) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, messageContext, jWTClaimsSet);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (APIKeyValidationInfoDTO) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, messageContext, jWTClaimsSet, makeJP}).linkClosureAndJoinPoint(69648)) : validateSubscriptionUsingKeyManager_aroundBody4(this, messageContext, jWTClaimsSet, makeJP);
    }

    @MethodStats
    public AuthenticationContext authenticateForWebSocket(String str, String str2, String str3) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, new Object[]{str, str2, str3});
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || MethodTimeLogger.isConfigEnabled()) ? (AuthenticationContext) MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, str, str2, str3, makeJP}).linkClosureAndJoinPoint(69648)) : authenticateForWebSocket_aroundBody6(this, str, str2, str3, makeJP);
    }

    private void validateScopes(MessageContext messageContext, OpenAPI openAPI, JWTClaimsSet jWTClaimsSet) throws APISecurityException, ParseException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, new Object[]{messageContext, openAPI, jWTClaimsSet});
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, messageContext, openAPI, jWTClaimsSet, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            validateScopes_aroundBody8(this, messageContext, openAPI, jWTClaimsSet, makeJP);
        }
    }

    private void checkTokenWithTheScope(String str, String str2, JWTClaimsSet jWTClaimsSet) throws APISecurityException, ParseException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, new Object[]{str, str2, jWTClaimsSet});
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{this, str, str2, jWTClaimsSet, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            checkTokenWithTheScope_aroundBody10(this, str, str2, jWTClaimsSet, makeJP);
        }
    }

    private void checkTokenExpiration(String str, JWTClaimsSet jWTClaimsSet, String str2) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this, new Object[]{str, jWTClaimsSet, str2});
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure13(new Object[]{this, str, jWTClaimsSet, str2, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            checkTokenExpiration_aroundBody12(this, str, jWTClaimsSet, str2, makeJP);
        }
    }

    private JWTClaimsSet transformJWTClaims(JWTClaimsSet jWTClaimsSet) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_7, this, this, jWTClaimsSet);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (JWTClaimsSet) MethodTimeLogger.aspectOf().log(new AjcClosure15(new Object[]{this, jWTClaimsSet, makeJP}).linkClosureAndJoinPoint(69648)) : transformJWTClaims_aroundBody14(this, jWTClaimsSet, makeJP);
    }

    private Cache getGatewayTokenCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_8, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure17(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getGatewayTokenCache_aroundBody16(this, makeJP);
    }

    private Cache getInvalidTokenCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_9, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure19(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getInvalidTokenCache_aroundBody18(this, makeJP);
    }

    private Cache getGatewayKeyCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_10, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure21(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getGatewayKeyCache_aroundBody20(this, makeJP);
    }

    private Cache getGatewayJWTTokenCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_11, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure23(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getGatewayJWTTokenCache_aroundBody22(this, makeJP);
    }

    private String getApiLevelPolicy() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_12, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure25(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getApiLevelPolicy_aroundBody24(this, makeJP);
    }

    private boolean verifyTokenSignature(SignedJWT signedJWT, String str) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_13, this, this, signedJWT, str);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure27(new Object[]{this, signedJWT, str, makeJP}).linkClosureAndJoinPoint(69648))) : verifyTokenSignature_aroundBody26(this, signedJWT, str, makeJP);
    }

    private Cache getJWKSCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_14, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure29(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getJWKSCache_aroundBody28(this, makeJP);
    }

    static final AuthenticationContext authenticate_aroundBody0(JWTValidator jWTValidator, String str, MessageContext messageContext, OpenAPI openAPI, JoinPoint joinPoint) {
        String[] split = str.split("\\.");
        JWTClaimsSet jWTClaimsSet = null;
        boolean z = false;
        String str2 = split[2];
        String str3 = (String) messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT);
        String str4 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String accessTokenCacheKey = GatewayUtils.getAccessTokenCacheKey(str2, str3, str4, (String) messageContext.getProperty(APIMgtGatewayConstants.API_ELECTED_RESOURCE), (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(ThreatProtectorConstants.HTTP_METHOD));
        String tenantDomain = GatewayUtils.getTenantDomain();
        JWTTokenPayloadInfo jWTTokenPayloadInfo = null;
        if (jWTValidator.isGatewayTokenCacheEnabled) {
            if (((String) jWTValidator.getGatewayTokenCache().get(str2)) != null) {
                log.debug("Token retrieved from the token cache.");
                if (jWTValidator.getGatewayKeyCache().get(accessTokenCacheKey) != null) {
                    jWTTokenPayloadInfo = (JWTTokenPayloadInfo) jWTValidator.getGatewayKeyCache().get(accessTokenCacheKey);
                    z = jWTTokenPayloadInfo.getRawPayload().equals(split[1]);
                }
            } else {
                if (jWTValidator.getInvalidTokenCache().get(str2) != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token retrieved from the invalid token cache. Token: " + GatewayUtils.getMaskedToken(split[0]));
                    }
                    log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
                if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(str2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
                    }
                    log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
            }
        } else if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
            }
            log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
        }
        if (!z) {
            log.debug("Token not found in the caches and revoked jwt token map.");
            try {
                SignedJWT signedJWT = (SignedJWT) JWTParser.parse(str);
                JWSHeader header = signedJWT.getHeader();
                jWTClaimsSet = jWTValidator.transformJWTClaims(signedJWT.getJWTClaimsSet());
                log.debug("Verifying signature of JWT");
                z = jWTValidator.verifyTokenSignature(signedJWT, header.getKeyID() != null ? header.getKeyID() : "gateway_certificate_alias");
                if (jWTValidator.isGatewayTokenCacheEnabled) {
                    if (z) {
                        jWTValidator.getGatewayTokenCache().put(str2, tenantDomain);
                    } else {
                        jWTValidator.getInvalidTokenCache().put(str2, tenantDomain);
                    }
                    if (!"carbon.super".equals(tenantDomain)) {
                        try {
                            PrivilegedCarbonContext.startTenantFlow();
                            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super", true);
                            if (z) {
                                jWTValidator.getGatewayTokenCache().put(str2, tenantDomain);
                            } else {
                                jWTValidator.getInvalidTokenCache().put(str2, tenantDomain);
                            }
                        } finally {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                    }
                }
            } catch (IllegalArgumentException | ParseException | JSONException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid JWT token. Token: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid JWT token. Failed to decode the token.");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token. Failed to decode the token.", e);
            }
        }
        if (!z) {
            if (log.isDebugEnabled()) {
                log.debug("Token signature verification failure. Token: " + GatewayUtils.getMaskedToken(split[0]));
            }
            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token. Signature verification failed.");
        }
        log.debug("Token signature is verified.");
        if (!jWTValidator.isGatewayTokenCacheEnabled || jWTTokenPayloadInfo == null) {
            log.debug("Token payload not found in the cache.");
            if (jWTClaimsSet == null) {
                try {
                    jWTClaimsSet = jWTValidator.transformJWTClaims(JWTParser.parse(str).getJWTClaimsSet());
                } catch (IllegalArgumentException | ParseException | JSONException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token decryption failure when retrieving payload. Token: " + GatewayUtils.getMaskedToken(split[0]), e2);
                    }
                    log.error("Invalid JWT token. Failed to decode the token");
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
            }
            jWTValidator.checkTokenExpiration(str2, jWTClaimsSet, tenantDomain);
            try {
                jWTValidator.validateScopes(messageContext, openAPI, jWTClaimsSet);
                if (jWTValidator.isGatewayTokenCacheEnabled) {
                    JWTTokenPayloadInfo jWTTokenPayloadInfo2 = new JWTTokenPayloadInfo();
                    jWTTokenPayloadInfo2.setPayload(jWTClaimsSet);
                    jWTTokenPayloadInfo2.setRawPayload(split[1]);
                    jWTValidator.getGatewayKeyCache().put(accessTokenCacheKey, jWTTokenPayloadInfo2);
                }
            } catch (ParseException unused) {
                throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
            }
        } else {
            jWTClaimsSet = jWTTokenPayloadInfo.getPayload();
            jWTValidator.checkTokenExpiration(str2, jWTClaimsSet, tenantDomain);
        }
        JSONObject validateAPISubscription = GatewayUtils.validateAPISubscription(str3, str4, jWTClaimsSet, split, true);
        if (validateAPISubscription != null) {
            messageContext.setProperty(APIMgtGatewayConstants.API_PUBLISHER, validateAPISubscription.get("publisher"));
        } else {
            if (Boolean.parseBoolean(ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("JWTAuthentication.EnableSubscriptionValidationViaKeyManager"))) {
                log.debug("Begin subscription validation via Key Manager");
                APIKeyValidationInfoDTO validateSubscriptionUsingKeyManager = jWTValidator.validateSubscriptionUsingKeyManager(messageContext, jWTClaimsSet);
                if (log.isDebugEnabled()) {
                    log.debug("Subscription validation via Key Manager. Status: " + validateSubscriptionUsingKeyManager.isAuthorized());
                }
                if (!validateSubscriptionUsingKeyManager.isAuthorized()) {
                    log.debug("User is NOT authorized to access the Resource. API Subscription validation failed.");
                    throw new APISecurityException(validateSubscriptionUsingKeyManager.getValidationStatus(), "User is NOT authorized to access the Resource. API Subscription validation failed.");
                }
                messageContext.setProperty(APIMgtGatewayConstants.API_PUBLISHER, validateSubscriptionUsingKeyManager.getApiPublisher());
                log.debug("JWT authentication successful.");
                if (jWTValidator.jwtGenerationEnabled) {
                    try {
                        return GatewayUtils.generateAuthenticationContext(str2, jWTClaimsSet, null, validateSubscriptionUsingKeyManager, jWTValidator.getApiLevelPolicy(), jWTValidator.generateAndRetrieveJWTToken(str2, GatewayUtils.generateJWTInfoDto(jWTClaimsSet, validateAPISubscription, validateSubscriptionUsingKeyManager, messageContext)), true);
                    } catch (ParseException unused2) {
                        throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
                    }
                }
            }
            log.debug("Ignored subscription validation");
        }
        log.debug("JWT authentication successful.");
        String str5 = null;
        try {
            if (jWTValidator.jwtGenerationEnabled) {
                str5 = jWTValidator.generateAndRetrieveJWTToken(str2, GatewayUtils.generateJWTInfoDto(jWTClaimsSet, validateAPISubscription, null, messageContext));
            }
            return GatewayUtils.generateAuthenticationContext(str2, jWTClaimsSet, validateAPISubscription, null, jWTValidator.getApiLevelPolicy(), str5, true);
        } catch (ParseException unused3) {
            throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
        }
    }

    static final String generateAndRetrieveJWTToken_aroundBody2(JWTValidator jWTValidator, String str, JWTInfoDto jWTInfoDto, JoinPoint joinPoint) {
        String str2 = null;
        boolean z = false;
        String concat = jWTInfoDto.getApicontext().concat(":").concat(jWTInfoDto.getVersion()).concat(":").concat(str);
        if (jWTValidator.isGatewayTokenCacheEnabled) {
            Object obj = jWTValidator.getGatewayJWTTokenCache().get(concat);
            if (obj != null) {
                str2 = (String) obj;
                z = new org.json.JSONObject(new String(Base64.getUrlDecoder().decode(((String) obj).split("\\.")[1]))).getLong("exp") - System.currentTimeMillis() > OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
            }
            if (StringUtils.isEmpty(str2) || !z) {
                try {
                    str2 = jWTValidator.apiMgtGatewayJWTGenerator.generateToken(jWTInfoDto);
                    jWTValidator.getGatewayJWTTokenCache().put(concat, str2);
                } catch (APIManagementException e) {
                    log.error("Error while Generating Backend JWT", e);
                    throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
                }
            }
        } else {
            try {
                str2 = jWTValidator.apiMgtGatewayJWTGenerator.generateToken(jWTInfoDto);
            } catch (APIManagementException e2) {
                log.error("Error while Generating Backend JWT", e2);
                throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e2);
            }
        }
        return str2;
    }

    static final APIKeyValidationInfoDTO validateSubscriptionUsingKeyManager_aroundBody4(JWTValidator jWTValidator, MessageContext messageContext, JWTClaimsSet jWTClaimsSet, JoinPoint joinPoint) {
        String str = (String) messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT);
        String str2 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        try {
            String str3 = null;
            if (jWTClaimsSet.getClaim("consumerKey") != null) {
                str3 = jWTClaimsSet.getStringClaim("consumerKey");
            } else if (jWTClaimsSet.getClaim("azp") != null) {
                str3 = jWTClaimsSet.getStringClaim("azp");
            }
            if (str3 != null) {
                return jWTValidator.apiKeyValidator.validateSubscription(str, str2, str3);
            }
            log.debug("Cannot call Key Manager to validate subscription. Payload of the token does not contain the Authorized party - the party to which the ID Token was issued");
            throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, APISecurityConstants.API_AUTH_FORBIDDEN_MESSAGE);
        } catch (ParseException unused) {
            throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
        }
    }

    static final AuthenticationContext authenticateForWebSocket_aroundBody6(JWTValidator jWTValidator, String str, String str2, String str3, JoinPoint joinPoint) {
        String[] split = str.split("\\.");
        JWTClaimsSet jWTClaimsSet = null;
        boolean z = false;
        String str4 = split[2];
        String tenantDomain = GatewayUtils.getTenantDomain();
        JWTTokenPayloadInfo jWTTokenPayloadInfo = null;
        String accessTokenCacheKey = WebsocketUtil.getAccessTokenCacheKey(str4, str2);
        if (jWTValidator.isGatewayTokenCacheEnabled) {
            if (((String) jWTValidator.getGatewayTokenCache().get(str4)) != null) {
                log.debug("Token retrieved from the token cache.");
                if (jWTValidator.getGatewayKeyCache().get(accessTokenCacheKey) != null) {
                    jWTTokenPayloadInfo = (JWTTokenPayloadInfo) jWTValidator.getGatewayKeyCache().get(accessTokenCacheKey);
                    z = jWTTokenPayloadInfo.getRawPayload().equals(split[1]);
                }
            } else {
                if (jWTValidator.getInvalidTokenCache().get(str4) != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token retrieved from the invalid token cache. Token: " + GatewayUtils.getMaskedToken(split[0]));
                    }
                    log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
                if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(str4)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
                    }
                    log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
            }
        } else if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(str4)) {
            if (log.isDebugEnabled()) {
                log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
            }
            log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
        }
        if (!z) {
            log.debug("Token not found in the caches and revoked jwt token map.");
            try {
                SignedJWT signedJWT = (SignedJWT) JWTParser.parse(str);
                jWTClaimsSet = signedJWT.getJWTClaimsSet();
                log.debug("Verifying signature of JWT");
                z = jWTValidator.verifyTokenSignature(signedJWT, "gateway_certificate_alias");
                if (jWTValidator.isGatewayTokenCacheEnabled) {
                    if (z) {
                        jWTValidator.getGatewayTokenCache().put(str4, tenantDomain);
                    } else {
                        jWTValidator.getInvalidTokenCache().put(str4, tenantDomain);
                    }
                    if (!"carbon.super".equals(tenantDomain)) {
                        try {
                            PrivilegedCarbonContext.startTenantFlow();
                            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super", true);
                            if (z) {
                                jWTValidator.getGatewayTokenCache().put(str4, tenantDomain);
                            } else {
                                jWTValidator.getInvalidTokenCache().put(str4, tenantDomain);
                            }
                        } finally {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                    }
                }
            } catch (IllegalArgumentException | ParseException | JSONException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid JWT token. Token: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid JWT token. Failed to decode the token.");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token. Failed to decode the token.", e);
            }
        }
        if (!z) {
            if (log.isDebugEnabled()) {
                log.debug("Token signature verification failure. Token: " + GatewayUtils.getMaskedToken(split[0]));
            }
            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token. Signature verification failed.");
        }
        log.debug("Token signature is verified.");
        if (!jWTValidator.isGatewayTokenCacheEnabled || jWTTokenPayloadInfo == null) {
            log.debug("Token payload not found in the cache.");
            if (jWTClaimsSet == null) {
                try {
                    jWTClaimsSet = JWTParser.parse(str).getJWTClaimsSet();
                } catch (IllegalArgumentException | ParseException | JSONException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Token decryption failure when retrieving payload. Token: " + GatewayUtils.getMaskedToken(split[0]), e2);
                    }
                    log.error("Invalid JWT token. Failed to decode the token");
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
                }
            }
            jWTValidator.checkTokenExpiration(str4, jWTClaimsSet, tenantDomain);
            if (jWTValidator.isGatewayTokenCacheEnabled) {
                JWTTokenPayloadInfo jWTTokenPayloadInfo2 = new JWTTokenPayloadInfo();
                jWTTokenPayloadInfo2.setPayload(jWTClaimsSet);
                jWTTokenPayloadInfo2.setRawPayload(split[1]);
                jWTValidator.getGatewayKeyCache().put(accessTokenCacheKey, jWTTokenPayloadInfo2);
            }
        } else {
            jWTClaimsSet = jWTTokenPayloadInfo.getPayload();
            jWTValidator.checkTokenExpiration(str4, jWTClaimsSet, tenantDomain);
        }
        JSONObject validateAPISubscription = GatewayUtils.validateAPISubscription(str2, str3, jWTClaimsSet, split, true);
        log.debug("JWT authentication successful.");
        String str5 = null;
        try {
            if (jWTValidator.jwtGenerationEnabled) {
                str5 = jWTValidator.generateAndRetrieveJWTToken(str4, GatewayUtils.generateJWTInfoDto(jWTClaimsSet, validateAPISubscription, null, str2, str3));
            }
            return GatewayUtils.generateAuthenticationContext(str4, jWTClaimsSet, validateAPISubscription, null, jWTValidator.getApiLevelPolicy(), str5, true);
        } catch (ParseException unused) {
            throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
        }
    }

    static final void validateScopes_aroundBody8(JWTValidator jWTValidator, MessageContext messageContext, OpenAPI openAPI, JWTClaimsSet jWTClaimsSet, JoinPoint joinPoint) {
        if (!"GRAPHQL".equals(messageContext.getProperty("API_TYPE"))) {
            jWTValidator.checkTokenWithTheScope((String) messageContext.getProperty(APIMgtGatewayConstants.API_ELECTED_RESOURCE), OpenAPIUtils.getScopesOfResource(openAPI, messageContext), jWTClaimsSet);
            return;
        }
        HashMap hashMap = (HashMap) messageContext.getProperty("ScopeOperationMapping");
        for (String str : ((String) messageContext.getProperty(APIMgtGatewayConstants.API_ELECTED_RESOURCE)).split(APIMgtGatewayConstants.CUSTOM_ANALYTICS_PROPERTY_SEPARATOR)) {
            jWTValidator.checkTokenWithTheScope(str, (String) hashMap.get(str), jWTClaimsSet);
        }
    }

    static final void checkTokenWithTheScope_aroundBody10(JWTValidator jWTValidator, String str, String str2, JWTClaimsSet jWTClaimsSet, JoinPoint joinPoint) {
        if (StringUtils.isNotBlank(str2)) {
            if (jWTClaimsSet.getClaim("scope") == null) {
                log.error("Scopes not found in the token.");
                throw new APISecurityException(APISecurityConstants.INVALID_SCOPE, "Scope validation failed");
            }
            String[] split = jWTClaimsSet.getStringClaim("scope").split(" ");
            boolean z = false;
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (split[i].trim().equals(str2)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                if (log.isDebugEnabled()) {
                    log.debug("Scope validation failed. User: " + jWTClaimsSet.getSubject());
                }
                log.error("Scope validation failed.");
                throw new APISecurityException(APISecurityConstants.INVALID_SCOPE, "Scope validation failed");
            }
            if (log.isDebugEnabled()) {
                log.debug("Scope validation successful for the resource: " + str + ", Resource Scope: " + str2 + ", User: " + jWTClaimsSet.getSubject());
            }
        }
        log.debug("No scopes assigned to the resource: " + str);
    }

    static final void checkTokenExpiration_aroundBody12(JWTValidator jWTValidator, String str, JWTClaimsSet jWTClaimsSet, String str2, JoinPoint joinPoint) {
        long timeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds();
        Date date = new Date();
        Date expirationTime = jWTClaimsSet.getExpirationTime();
        if (expirationTime == null || DateUtils.isAfter(expirationTime, date, timeStampSkewInSeconds)) {
            return;
        }
        if (jWTValidator.isGatewayTokenCacheEnabled) {
            jWTValidator.getGatewayTokenCache().remove(str);
            jWTValidator.getGatewayJWTTokenCache().remove(str);
            jWTValidator.getInvalidTokenCache().put(str, str2);
        }
        log.error("JWT token is expired :" + GatewayUtils.getMaskedToken(str));
        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
    }

    static final JWTClaimsSet transformJWTClaims_aroundBody14(JWTValidator jWTValidator, JWTClaimsSet jWTClaimsSet, JoinPoint joinPoint) {
        String issuer = jWTClaimsSet.getIssuer();
        JWTTransformer jWTTransformer = null;
        if (StringUtils.isNotEmpty(issuer)) {
            jWTTransformer = ServiceReferenceHolder.getInstance().getJwtTransformerMap().get(issuer);
        }
        if (jWTTransformer == null) {
            jWTTransformer = ServiceReferenceHolder.getInstance().getJwtTransformerMap().get("default");
        }
        return jWTTransformer.transform(jWTClaimsSet);
    }

    static final Cache getGatewayTokenCache_aroundBody16(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return CacheProvider.getGatewayTokenCache();
    }

    static final Cache getInvalidTokenCache_aroundBody18(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return CacheProvider.getInvalidTokenCache();
    }

    static final Cache getGatewayKeyCache_aroundBody20(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return CacheProvider.getGatewayKeyCache();
    }

    static final Cache getGatewayJWTTokenCache_aroundBody22(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return CacheProvider.getGatewayJWTTokenCache();
    }

    static final String getApiLevelPolicy_aroundBody24(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return jWTValidator.apiLevelPolicy;
    }

    static final boolean verifyTokenSignature_aroundBody26(JWTValidator jWTValidator, SignedJWT signedJWT, String str, JoinPoint joinPoint) {
        TokenIssuerDto tokenIssuerDto;
        JWKSet parse;
        try {
            Map tokenIssuerDtoMap = jWTValidator.jwtConfigurationDto.getTokenIssuerDtoMap();
            String issuer = signedJWT.getJWTClaimsSet().getIssuer();
            if (StringUtils.isNotEmpty(issuer) && (tokenIssuerDto = (TokenIssuerDto) tokenIssuerDtoMap.get(issuer)) != null && tokenIssuerDto.getJwksConfigurationDTO().isEnabled() && StringUtils.isNotEmpty(tokenIssuerDto.getJwksConfigurationDTO().getUrl())) {
                Object obj = jWTValidator.getJWKSCache().get(tokenIssuerDto.getIssuer());
                if (obj != null) {
                    parse = (JWKSet) obj;
                } else {
                    parse = JWKSet.parse(GatewayUtils.retrieveJWKSConfiguration(tokenIssuerDto.getJwksConfigurationDTO().getUrl()));
                    jWTValidator.getJWKSCache().put(tokenIssuerDto.getIssuer(), parse);
                }
                if (!(parse.getKeyByKeyId(str) instanceof RSAKey)) {
                    throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, "Key Algoritm not supported");
                }
                RSAPublicKey rSAPublicKey = parse.getKeyByKeyId(str).toRSAPublicKey();
                if (rSAPublicKey != null) {
                    return GatewayUtils.verifyTokenSignature(signedJWT, rSAPublicKey);
                }
            }
        } catch (ParseException | JOSEException | IOException e) {
            log.error("Error while parsing JWT", e);
        }
        return GatewayUtils.verifyTokenSignature(signedJWT, str);
    }

    static final Cache getJWKSCache_aroundBody28(JWTValidator jWTValidator, JoinPoint joinPoint) {
        return CacheProvider.getJWKSCache();
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("JWTValidator.java", JWTValidator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "java.lang.String:org.apache.synapse.MessageContext:io.swagger.v3.oas.models.OpenAPI", "jwtToken:synCtx:openAPI", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext"), 110);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "generateAndRetrieveJWTToken", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "java.lang.String:org.wso2.carbon.apimgt.gateway.dto.JWTInfoDto", "tokenSignature:jwtInfoDto", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "java.lang.String"), 336);
        ajc$tjp_10 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getGatewayKeyCache", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 689);
        ajc$tjp_11 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getGatewayJWTTokenCache", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 693);
        ajc$tjp_12 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getApiLevelPolicy", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "java.lang.String"), 697);
        ajc$tjp_13 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "verifyTokenSignature", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "com.nimbusds.jwt.SignedJWT:java.lang.String", "parsedJWTToken:certificateAlias", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "boolean"), 701);
        ajc$tjp_14 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getJWKSCache", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 742);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "validateSubscriptionUsingKeyManager", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "org.apache.synapse.MessageContext:com.nimbusds.jwt.JWTClaimsSet", "synCtx:payload", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO"), 375);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticateForWebSocket", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "java.lang.String:java.lang.String:java.lang.String", "jwtToken:apiContext:apiVersion", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext"), 413);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "validateScopes", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "org.apache.synapse.MessageContext:io.swagger.v3.oas.models.OpenAPI:com.nimbusds.jwt.JWTClaimsSet", "synCtx:openAPI:payload", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:java.text.ParseException", "void"), 588);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "checkTokenWithTheScope", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "java.lang.String:java.lang.String:com.nimbusds.jwt.JWTClaimsSet", "resource:resourceScope:payload", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:java.text.ParseException", "void"), 605);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "checkTokenExpiration", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "java.lang.String:com.nimbusds.jwt.JWTClaimsSet:java.lang.String", "tokenSignature:payload:tenantDomain", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "void"), 646);
        ajc$tjp_7 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "transformJWTClaims", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", "com.nimbusds.jwt.JWTClaimsSet", "body", APIMgtGatewayConstants.EMPTY, "com.nimbusds.jwt.JWTClaimsSet"), 665);
        ajc$tjp_8 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getGatewayTokenCache", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 681);
        ajc$tjp_9 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getInvalidTokenCache", "org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 685);
    }
}
