package org.wso2.carbon.apimgt.keymanager;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.keymanager.dto.ErrorDTO;
import org.wso2.carbon.apimgt.keymanager.dto.OAuth2IntrospectionResponse;
import org.wso2.carbon.apimgt.keymanager.dto.OAuthApplication;
import org.wso2.carbon.apimgt.keymanager.dto.OAuthTokenResponse;
import org.wso2.carbon.apimgt.keymanager.exception.KeyManagerException;
import org.wso2.carbon.apimgt.keymanager.util.KeyManagerUtil;
import org.wso2.msf4j.Microservice;
import org.wso2.msf4j.formparam.FormDataParam;

@Path("/keyserver")
@Component(name = "org.wso2.carbon.apimgt.keymanager.KeymanagerService", service = {Microservice.class}, immediate = true)
/* loaded from: input_file:org/wso2/carbon/apimgt/keymanager/KeymanagerService.class */
public class KeymanagerService implements Microservice {
    private static final String DEFAULT_TOKEN_VALIDITY = "3600";
    private static final Logger log = LoggerFactory.getLogger(KeymanagerService.class);
    private static Map<String, OAuthApplication> applications = new HashMap();
    private static Map<String, OAuthApplication> appsByClientId = new HashMap();

    @Activate
    protected void activate(BundleContext bundleContext) {
        KeyManagerUtil.addUsersAndScopes();
        getData();
        OAuthApplication oAuthApplication = new OAuthApplication();
        oAuthApplication.setClientId("publisher");
        oAuthApplication.setClientSecret("1234-5678-9101");
        appsByClientId.put("publisher", oAuthApplication);
        OAuthApplication oAuthApplication2 = new OAuthApplication();
        oAuthApplication2.setClientId("store");
        oAuthApplication2.setClientSecret("1234-5678-9101");
        appsByClientId.put("store", oAuthApplication2);
    }

    @Deactivate
    protected void deactivate(BundleContext bundleContext) {
        KeyManagerUtil.backUpOauthData(applications, appsByClientId);
        KeyManagerUtil.backUpTokenData();
    }

    @Path("/oauth2/token")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @POST
    @Produces({"application/json"})
    public Response getNewAccessToken(@FormDataParam("username") String str, @FormDataParam("password") String str2, @FormDataParam("grant_type") String str3, @FormDataParam("refresh_token") String str4, @FormDataParam("validity_period") String str5, @HeaderParam("Authorization") String str6) throws KeyManagerException {
        if (!"client_credentials".equals(str3) && !"password".equals(str3) && !"refresh_token".equals(str3)) {
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode("900501");
            errorDTO.setMessage("Unsupported Grant Type");
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorDTO).build();
        }
        if (str6 == null || str6.isEmpty()) {
            ErrorDTO errorDTO2 = new ErrorDTO();
            errorDTO2.setCode("900401");
            errorDTO2.setMessage("Unauthorized. Authorization header not provided");
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO2).build();
        }
        String[] extractCredentialsFromAuthzHeader = KeyManagerUtil.extractCredentialsFromAuthzHeader(str6);
        String str7 = extractCredentialsFromAuthzHeader[0];
        String str8 = extractCredentialsFromAuthzHeader[1];
        Long valueOf = str5 == null ? Long.valueOf(Long.parseLong(DEFAULT_TOKEN_VALIDITY)) : Long.valueOf(Long.parseLong(str5));
        if (!appsByClientId.containsKey(str7) || !appsByClientId.get(str7).getClientSecret().equals(str8)) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        if (!appsByClientId.get(str7).getClientSecret().equals(str8)) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        OAuthTokenResponse oAuthTokenResponse = new OAuthTokenResponse();
        if ("password".equals(str3)) {
            return KeyManagerUtil.getLoginAccessToken(oAuthTokenResponse, str, str2, valueOf) ? Response.status(Response.Status.OK).entity(oAuthTokenResponse).build() : Response.status(Response.Status.UNAUTHORIZED).build();
        }
        if ("client_credentials".equals(str3)) {
            return KeyManagerUtil.getAccessTokenForClientCredentials(oAuthTokenResponse, appsByClientId.get(str7).getAppOwner(), valueOf) ? Response.status(Response.Status.OK).entity(oAuthTokenResponse).build() : Response.status(Response.Status.UNAUTHORIZED).build();
        }
        if ("refresh_token".equals(str3)) {
            return KeyManagerUtil.getRefreshedAccessToken(oAuthTokenResponse, str4, valueOf.longValue()) ? Response.status(Response.Status.OK).entity(oAuthTokenResponse).build() : Response.status(Response.Status.UNAUTHORIZED).build();
        }
        OAuthApplication oAuthApplication = appsByClientId.get(str7);
        OAuthTokenResponse oAuthTokenResponse2 = new OAuthTokenResponse();
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        if (oAuthApplication.getAccessToken() != null) {
            uuid = oAuthApplication.getAccessToken();
            uuid2 = oAuthApplication.getRefreshToken();
        }
        oAuthTokenResponse2.setToken(uuid);
        oAuthTokenResponse2.setRefreshToken(uuid2);
        oAuthTokenResponse2.setExpiresTimestamp(KeyManagerUtil.getExpiresTime(valueOf));
        oAuthTokenResponse2.setExpiresIn(valueOf.longValue());
        oAuthApplication.setAccessToken(uuid);
        oAuthApplication.setRefreshToken(uuid2);
        appsByClientId.put(str7, oAuthApplication);
        return Response.status(Response.Status.OK).entity(oAuthTokenResponse2).build();
    }

    @POST
    @Path("/oauth2/revoke")
    public Response revokeAccessToken() {
        return Response.ok().build();
    }

    @Path("/identity/connect/register")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response registerClient(OAuthApplication oAuthApplication, @HeaderParam("Authorization") String str) throws KeyManagerException {
        if (str == null || str.isEmpty()) {
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode("900401");
            errorDTO.setMessage("Unauthorized. Authorization header not provided");
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
        }
        if (applications.containsKey(oAuthApplication.getClientName())) {
            OAuthApplication oAuthApplication2 = applications.get(oAuthApplication.getClientName());
            oAuthApplication.setClientId(oAuthApplication2.getClientId());
            oAuthApplication.setClientSecret(oAuthApplication2.getClientSecret());
            return Response.status(Response.Status.CREATED).entity(oAuthApplication).build();
        }
        String[] extractCredentialsFromAuthzHeader = KeyManagerUtil.extractCredentialsFromAuthzHeader(str);
        String str2 = extractCredentialsFromAuthzHeader[0];
        if (!KeyManagerUtil.validateUser(str2, extractCredentialsFromAuthzHeader[1])) {
            ErrorDTO errorDTO2 = new ErrorDTO();
            errorDTO2.setCode("900401");
            errorDTO2.setMessage("Unauthorized. Wrong Authorization header provided");
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO2).build();
        }
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        oAuthApplication.setClientId(uuid);
        oAuthApplication.setClientSecret(uuid2);
        oAuthApplication.setAppOwner(str2);
        applications.put(oAuthApplication.getClientName(), oAuthApplication);
        appsByClientId.put(uuid, oAuthApplication);
        return Response.status(Response.Status.CREATED).entity(oAuthApplication).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/identity/connect/register/{clientId}")
    public Response clientRead(@PathParam("clientId") String str) {
        if (appsByClientId.containsKey(str)) {
            return Response.status(Response.Status.OK).entity(appsByClientId.get(str)).build();
        }
        ErrorDTO errorDTO = new ErrorDTO();
        errorDTO.setCode("900404");
        errorDTO.setMessage("Client not found with id " + str);
        return Response.status(Response.Status.NOT_FOUND).entity(errorDTO).build();
    }

    @Path("/oauth2/introspect")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @POST
    @Produces({"application/json"})
    public Response introspect(@FormParam("token") String str, @FormParam("token_type_hint") String str2) {
        OAuth2IntrospectionResponse oAuth2IntrospectionResponse = new OAuth2IntrospectionResponse();
        if (str2 == null) {
        }
        return (str == null || str.isEmpty()) ? Response.status(Response.Status.BAD_REQUEST).entity("{\"error\": \"Invalid input\"}").build() : KeyManagerUtil.validateToken(str, oAuth2IntrospectionResponse) ? Response.status(Response.Status.OK).entity(oAuth2IntrospectionResponse).build() : Response.status(Response.Status.OK).entity("{\"active\":false}").build();
    }

    private static void getData() {
        applications = KeyManagerUtil.getBackedUpData("applications.data");
        appsByClientId = KeyManagerUtil.getBackedUpData("appsByClientId.data");
        KeyManagerUtil.getBackedUpTokenData();
    }
}
