package com.adobe.granite.auth.ims.impl;

import com.adobe.granite.auth.ims.IMSInstance;
import com.adobe.granite.auth.ims.IMSOrg;
import com.adobe.granite.auth.ims.ImsConfigProvider;
import com.adobe.granite.auth.ims.impl.group.GroupMapping;
import com.adobe.granite.auth.ims.impl.group.GroupMembersService;
import com.adobe.granite.auth.ims.impl.group.IMSGroupJsonParser;
import com.adobe.granite.auth.ims.impl.group.LicenseGroupId;
import com.adobe.granite.auth.oauth.AuthorizationCodeAcceptor;
import com.adobe.granite.auth.oauth.LogoutProvider;
import com.adobe.granite.auth.oauth.Provider;
import com.adobe.granite.auth.oauth.ProviderConfig;
import com.adobe.granite.auth.oauth.ProviderExtension;
import com.adobe.granite.auth.oauth.ProviderType;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.osgi.services.HttpClientBuilderFactory;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTReader;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.commons.json.JSONArray;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.json.JSONTokener;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.commons.osgi.ServiceUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.ComponentException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.AttributeType;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.scribe.builder.api.Api;
import org.scribe.model.OAuthConfig;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Verb;
import org.scribe.utils.OAuthEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {Provider.class}, property = {"service.description=Default IMS OAuth Provider"})
/* loaded from: input_file:com/adobe/granite/auth/ims/impl/IMSProviderImpl.class */
public class IMSProviderImpl implements Provider, LogoutProvider, AuthorizationCodeAcceptor, IMSConstants {
    static final String SERVICE_DESCRIPTION = "Default IMS OAuth Provider";
    private static final String VALIDATE_URL = "?client_id=%s&token=%s&type=%s";
    private static final String ERROR_DESCRIPTION = "error_description";
    private static final String VALID = "valid";
    private static final String REASON = "reason";

    @Reference
    private TokenProviderProxy tokenProviderProxy;

    @Reference
    private HttpClientBuilderFactory httpClientBuilderFactory;

    @Reference
    private ImsConfigProvider imsConfigProvider;
    private PoolingHttpClientConnectionManager connectionManager;
    private String name;
    private String id;
    private String detailsURL;
    private String[] extendedDetailsURLs;
    private String sessionProperty;
    private IMSServiceToken imsServiceToken;
    private String authorizationUrl;
    private String tokenUrl;
    private String validateTokenUrl;
    private String logoutUrl;
    private IMSGroupJsonParser imsGroupJsonParser;
    private String orgID;
    private String authSrc;
    private String organizationUrl;
    private boolean syncOnlyLicenseGroup;
    private boolean imsLogout;
    private CloseableHttpClient httpClient;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private ProviderType type = ProviderType.OAUTH2;
    private IMSApi imsApi = new IMSApi();
    private Set<GroupMapping> groupMappings = new LinkedHashSet();
    private SortedMap<Comparable<Object>, ProviderExtension> registeredProviderExtensionHandlers = new TreeMap(Collections.reverseOrder());
    private final ReadWriteLock lock = new ReentrantReadWriteLock();

    @ObjectClassDefinition(name = "Adobe Granite OAuth IMS Provider", description = IMSProviderImpl.SERVICE_DESCRIPTION)
    /* loaded from: input_file:com/adobe/granite/auth/ims/impl/IMSProviderImpl$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Provider ID", description = "Assign a unique Provider ID")
        String oauth_provider_id() default "ims";

        @AttributeDefinition(name = "Authorization Endpoint", description = "The URL of the IMS Authorization Endpoint")
        String oauth_provider_ims_authorization_url();

        @AttributeDefinition(name = "Token Endpoint", description = "The URL of the IMS Token Endpoint")
        String oauth_provider_ims_token_url();

        @AttributeDefinition(name = "Profile Endpoint", description = "The URL of the IMS Profile Endpoint")
        String oauth_provider_ims_profile_url();

        @AttributeDefinition(name = "Extended Details URLs", description = "The list of URLs used to fetch additional data")
        String[] oauth_provider_ims_extended_details_urls() default {};

        @AttributeDefinition(name = "Validation URL", description = "The URL of the IMS API - validate token (e.g. <ENV>/ims/validate_token/v1)")
        String oauth_provider_ims_validate_token_url();

        @AttributeDefinition(name = "Session Data Property", description = "The name of the property that defines the session data url")
        String oauth_provider_ims_session_property();

        @AttributeDefinition(name = "Service Token Client Id", description = "The Service Token Client Id")
        String oauth_provider_ims_service_token_client_id();

        @AttributeDefinition(name = "Service Token Client Secret", description = "The Service Token Client Secret", type = AttributeType.PASSWORD)
        String oauth_provider_ims_service_token_client_secret();

        @AttributeDefinition(name = "Service Token", description = "The Service Token", type = AttributeType.PASSWORD)
        String oauth_provider_ims_service_token();

        @AttributeDefinition(name = "Organization", description = "IMS organization to sync from, in the form of <orgID> (with AdobeOrg as default auth source) or <orgID>@<authSrc> to specify the auth source as well. Optional, if not set will not sync groups.")
        String ims_org_ref();

        @AttributeDefinition(name = "Group Mappings", description = "Mappings of IMS groups to local groups. Each entry is one group mapping, with the form: '<groupName>:<groupRole>=<localGroupID>', for example: 'Administrators:GRP_ADMIN=my-administrators'. Wildcards (* = all chars, ? = single char) are supported, for example: '*:GRP_ADMIN=my-administrators'. Requires organization (ims.org_ref) to be set.")
        String[] ims_group_mapping() default {};

        @AttributeDefinition(name = "Sync Only License Group", description = "Sync Only The Group Member of the License Group", type = AttributeType.BOOLEAN)
        boolean oauth_provider_ims_only_license_group() default false;

        @AttributeDefinition(name = "Call IMS Logout", description = "Call IMS Logout API on AEM Logout event", type = AttributeType.BOOLEAN)
        boolean oauth_provider_ims_logout() default true;
    }

    @Activate
    protected void activate(Map<String, Object> map, Config config) throws Exception {
        this.name = OsgiUtil.toString(map.get("service.description"), "");
        this.id = config.oauth_provider_id();
        this.authorizationUrl = config.oauth_provider_ims_authorization_url();
        this.tokenUrl = config.oauth_provider_ims_token_url();
        this.detailsURL = config.oauth_provider_ims_profile_url();
        this.extendedDetailsURLs = config.oauth_provider_ims_extended_details_urls();
        this.validateTokenUrl = config.oauth_provider_ims_validate_token_url();
        this.syncOnlyLicenseGroup = config.oauth_provider_ims_only_license_group();
        this.sessionProperty = config.oauth_provider_ims_session_property();
        this.imsServiceToken = new IMSServiceToken(config.oauth_provider_ims_service_token_client_id(), config.oauth_provider_ims_service_token_client_secret(), config.oauth_provider_ims_service_token());
        this.imsGroupJsonParser = new IMSGroupJsonParser();
        handleOrgRef(config);
        handleGroupMapping(config);
        this.imsApi.setAuthorizationUrl(this.authorizationUrl);
        this.imsApi.setAccessTokenEndpoint(this.tokenUrl);
        this.imsLogout = config.oauth_provider_ims_logout();
        if (!this.imsLogout || StringUtils.isEmpty(this.detailsURL)) {
            return;
        }
        this.logoutUrl = IMSUtil.getBaseUrl(this.detailsURL).append(IMSConstants.LOGOUT_API).toString();
        this.log.info("initializing http client for logout API {}", Boolean.valueOf(this.imsLogout));
        HttpClientBuilder newBuilder = this.httpClientBuilderFactory.newBuilder();
        newBuilder.setConnectionManager(this.connectionManager);
        this.httpClient = newBuilder.build();
    }

    @Deactivate
    protected void deactivate() {
        this.lock.writeLock().lock();
        try {
            this.registeredProviderExtensionHandlers.clear();
            if (this.imsLogout) {
                this.log.info("close http client for logout");
                HttpClientUtils.closeQuietly(this.httpClient);
                if (this.connectionManager != null) {
                    try {
                        this.log.debug("deactivate: closing connection manager");
                        this.connectionManager.close();
                    } catch (Exception e) {
                    }
                    this.connectionManager = null;
                }
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public String getAccessTokenPropertyPath(String str) {
        return "profile/app-" + str;
    }

    public Api getApi() {
        return this.imsApi;
    }

    public String getDetailsURL() {
        return this.detailsURL;
    }

    public String[] getExtendedDetailsURLs(String str) {
        return this.organizationUrl != null ? (String[]) ArrayUtils.add(this.extendedDetailsURLs, this.organizationUrl) : this.extendedDetailsURLs;
    }

    public String[] getExtendedDetailsURLs(String str, String str2, Map<String, Object> map) {
        Object value;
        ArrayList arrayList = new ArrayList();
        if (!StringUtils.isEmpty(this.sessionProperty)) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                if (this.sessionProperty.equals(entry.getKey()) && (value = entry.getValue()) != null) {
                    arrayList.add(String.valueOf(value));
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String getId() {
        return this.id;
    }

    public String getName() {
        return this.name;
    }

    public ProviderType getType() {
        return this.type;
    }

    public String getUserFolderPath(String str, String str2, Map<String, Object> map) {
        String userFolderPath;
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null && (userFolderPath = providerExtension.getUserFolderPath(str, str2, map)) != null) {
            return userFolderPath;
        }
        return getDefaultUserFolderPath(str, str2, map);
    }

    public Map<String, Object> mapProperties(String str, String str2, Map<String, Object> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            String mapProperty = mapProperty(key);
            Object obj = null;
            try {
                obj = mapValue(str2, hashMap, mapProperty, value);
            } catch (JSONException e) {
                this.log.warn("Issue while mapping a value", e);
            }
            if (mapProperty != null && obj != null) {
                hashMap.put(mapProperty, obj);
            }
        }
        return hashMap;
    }

    public String mapUserId(String str, Map<String, Object> map) {
        String mapUserId;
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null && (mapUserId = providerExtension.mapUserId(str, map)) != null) {
            return mapUserId;
        }
        return getDefaultUserId(str, map);
    }

    public void onUserCreate(User user) {
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null) {
            providerExtension.onUserCreate(user);
        }
    }

    public void onUserUpdate(User user) {
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null) {
            providerExtension.onUserUpdate(user);
        }
    }

    public String getOAuthIdPropertyPath(String str) {
        return "oauth/oauthid-" + str;
    }

    public User getCurrentUser(SlingHttpServletRequest slingHttpServletRequest) {
        User user = (Authorizable) slingHttpServletRequest.adaptTo(Authorizable.class);
        if (user == null || user.isGroup()) {
            return null;
        }
        return user;
    }

    public OAuthRequest getProtectedDataRequest(String str) {
        OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, str);
        oAuthRequest.setConnectionKeepAlive(true);
        return oAuthRequest;
    }

    public Map<String, String> parseProfileDataResponse(Response response) throws IOException {
        if (response == null) {
            this.log.error("parseProfileDataResponse: Null response. No debug header available.");
            throw new IOException("parseProfileDataResponse: Null response.");
        }
        try {
            String body = response.getBody();
            HashMap hashMap = new HashMap();
            if (StringUtils.isEmpty(body)) {
                this.log.warn("parseProfileDataResponse: Response body is empty: {}", body);
                this.log.warn("parseProfileDataResponse: x-debug-id = {}", getDebugHeader(response));
                return hashMap;
            }
            if (IMSUtil.isJSONObject(new JSONTokener(body))) {
                JSONObject jSONObject = new JSONObject(body);
                Iterator keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String str = (String) keys.next();
                    hashMap.put(str, jSONObject.optString(str));
                }
            } else if (IMSUtil.isJSONArray(new JSONTokener(body))) {
                JSONArray jSONArray = new JSONArray(body);
                if (this.imsGroupJsonParser.isOrganizationResponse(jSONArray)) {
                    this.log.debug("parseProfileDataResponse: parsing Organization Response");
                    hashMap.put(IMSConstants.ORGS, body);
                    this.imsGroupJsonParser.handleOrganizationResponse(jSONArray, hashMap, this.orgID, this.authSrc, this.groupMappings);
                }
            } else {
                this.log.warn("parseProfileDataResponse: Unable to parse JSON in response body: {}", body);
                this.log.warn("parseProfileDataResponse: x-debug-id = {}", getDebugHeader(response));
            }
            this.log.debug("parseProfileDataResponse: Successful parse of IMS response: {}", body);
            this.log.warn("parseProfileDataResponse: x-debug-id = {}", getDebugHeader(response));
            this.log.trace("parseProfileDataResponse: Full body: {}", body);
            return hashMap;
        } catch (JSONException e) {
            this.log.error("parseProfileDataResponse: problem parsing JSON; response body was: {}", (Object) null);
            this.log.error("parseProfileDataResponse: x-debug-id = {}", getDebugHeader(response));
            throw new IOException(e.toString());
        } catch (Exception e2) {
            this.log.error("parseProfileDataResponse: Exception while parsing profile data");
            this.log.error("parseProfileDataResponse: x-debug-id = {}", getDebugHeader(response));
            throw new IOException(e2.toString());
        }
    }

    public String getUserIdProperty() {
        return IMSConstants.USER_ID;
    }

    public String getValidateTokenUrl(String str, String str2) {
        String str3 = this.validateTokenUrl;
        if (this.validateTokenUrl != null && !StringUtils.isEmpty(this.validateTokenUrl)) {
            str3 = this.validateTokenUrl + String.format(VALIDATE_URL, OAuthEncoder.encode(str), str2, IMSConstants.ACCESS_TOKEN);
        } else if (StringUtils.isEmpty(this.validateTokenUrl)) {
            str3 = null;
        }
        return str3;
    }

    public boolean isValidToken(String str, String str2, String str3) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            if (!jSONObject.optBoolean(VALID)) {
                this.log.debug("isValidToken: the provided token is invalid for the following reason {}", jSONObject.optString(REASON));
                return false;
            }
            JSONObject optJSONObject = jSONObject.optJSONObject(IMSConstants.JSON_TOKEN);
            String optString = optJSONObject.optString(IMSConstants.CLIENT_ID);
            boolean equals = optString.equals(str2);
            if (equals) {
                String optString2 = optJSONObject.optString(IMSConstants.TYPE);
                equals = optString2.equals(str3);
                if (!equals) {
                    this.log.debug("the provided token type {} doesn't match the one contained in the response body {}", str3, optString2);
                }
            } else {
                this.log.debug("the provided client id {} doesn't match the one contained in the response body {}", str2, optString);
            }
            return equals;
        } catch (JSONException e) {
            this.log.error("isValidToken: error while parsing response body", e);
            return false;
        }
    }

    public String getUserIdFromValidateTokenResponseBody(String str) {
        String str2 = null;
        try {
            JSONObject optJSONObject = new JSONObject(str).optJSONObject(IMSConstants.JSON_TOKEN);
            if (optJSONObject != null) {
                str2 = optJSONObject.optString(IMSConstants.JSON_USER_ID);
                if (StringUtils.isEmpty(str2)) {
                    str2 = null;
                }
            }
            return str2;
        } catch (JSONException e) {
            this.log.error("getUserIdFromValidateTokenResponseBody: error while parsing response body", e);
            return null;
        }
    }

    public String getErrorDescriptionFromValidateTokenResponseBody(String str) {
        try {
            return new JSONObject(str).optString(ERROR_DESCRIPTION);
        } catch (JSONException e) {
            this.log.error("getValidateTokenErrorFromResponseBody: Failed to parse response body {} as json", str, e);
            return null;
        }
    }

    public boolean acceptsCodeRequest(HttpServletRequest httpServletRequest, OAuthConfig oAuthConfig) {
        String parameter = httpServletRequest.getParameter("code");
        if (parameter == null) {
            return false;
        }
        try {
            JWT jwt = (JWT) new JWTReader().read(parameter);
            if (fieldDoesNotMatch(jwt, IMSConstants.TYPE, "authorization_code")) {
                return false;
            }
            return !fieldDoesNotMatch(jwt, IMSConstants.CLIENT_ID, oAuthConfig.getApiKey());
        } catch (Exception e) {
            this.log.debug("'{}' request parameter is not a json web token, ignoring code request", "code");
            return false;
        }
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    protected void bindProviderExtension(ProviderExtension providerExtension, Map<String, Object> map) {
        this.lock.writeLock().lock();
        try {
            this.registeredProviderExtensionHandlers.put(ServiceUtil.getComparableForServiceRanking(map), providerExtension);
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    protected void unbindProviderExtension(ProviderExtension providerExtension, Map<String, Object> map) {
        this.lock.writeLock().lock();
        try {
            this.registeredProviderExtensionHandlers.remove(ServiceUtil.getComparableForServiceRanking(map));
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    String mapProperty(String str) {
        return IMSConstants.USER_ID.equals(str) ? IMSConstants.PROFILE_ID : IMSConstants.FIRST_NAME.equals(str) ? IMSConstants.PROFILE_GIVEN_NAME : IMSConstants.LAST_NAME.equals(str) ? IMSConstants.PROFILE_FAMILY_NAME : (IMSConstants.PROJECTED_PRODUCT_CONTEXT.equals(str) || IMSConstants.GROUPS_REF_KEY.equals(str) || IMSConstants.ORIGINAL_GROUPS_REF_KEY.equals(str) || IMSConstants.LICENSE_GROUP_ID_KEY.equals(str)) ? str : IMSConstants.PROFILE + str;
    }

    Object mapValue(String str, Map<String, Object> map, String str2, String str3) throws JSONException {
        if (IMSConstants.GROUPS_REF_KEY.equals(str2)) {
            String str4 = (String) map.get(IMSConstants.PROFILE_ID);
            if (str4 != null) {
                str4 = mapUserId(str4, map);
            }
            return this.imsGroupJsonParser.mapValue(map, str, str4, str3);
        }
        if (IMSConstants.PROJECTED_PRODUCT_CONTEXT.equals(str2)) {
            Set<IMSInstance> handleProductContext = handleProductContext(map, new JSONArray(str3));
            if (handleProductContext == null || handleProductContext.isEmpty()) {
                return null;
            }
            return handleProductContext;
        }
        if (!IMSConstants.PROFILE_ORGS.equals(str2)) {
            return str3;
        }
        Set<IMSOrg> handleOrgs = handleOrgs(new JSONArray(str3));
        if (handleOrgs == null || handleOrgs.isEmpty()) {
            return null;
        }
        return handleOrgs;
    }

    private ProviderExtension getProviderExtension() {
        this.lock.readLock().lock();
        try {
            for (ProviderExtension providerExtension : this.registeredProviderExtensionHandlers.values()) {
                if (providerExtension.getId() != null && providerExtension.getId().equals(getId())) {
                    return providerExtension;
                }
            }
            this.lock.readLock().unlock();
            return null;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    private boolean fieldDoesNotMatch(JWT jwt, String str, String str2) {
        String str3 = (String) jwt.getClaimsSet().getCustomField(str, String.class);
        if (str2.equals(str3)) {
            return false;
        }
        this.log.debug("'{}' request parameter has an incorrect {}, ignoring code request: {}", new Object[]{"code", str, str3});
        return true;
    }

    private String getDefaultUserFolderPath(String str, String str2, Map<String, Object> map) {
        StringBuilder sb = new StringBuilder(getId());
        if (str != null) {
            sb.append("/").append((CharSequence) str, 0, 4);
        }
        return sb.toString();
    }

    private String getDefaultUserId(String str, Map<String, Object> map) {
        return getId() + "-" + str;
    }

    private Set<IMSOrg> handleOrgs(JSONArray jSONArray) {
        HashSet hashSet = new HashSet();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject optJSONObject = jSONArray.optJSONObject(i);
            String optString = optJSONObject.optString(IMSConstants.JSON_ORG_NAME);
            JSONObject optJSONObject2 = optJSONObject.optJSONObject(IMSConstants.JSON_ORG_REF);
            if (optString != null && optJSONObject2 != null) {
                hashSet.add(new IMSOrg(optString, optJSONObject2.optString(IMSConstants.JSON_IDENT), optJSONObject2.optString(IMSConstants.JSON_AUTH_SRC)));
            }
        }
        return hashSet;
    }

    private Set<IMSInstance> handleProductContext(Map<String, Object> map, JSONArray jSONArray) {
        int length;
        JSONObject optJSONObject;
        HashSet hashSet = null;
        if (jSONArray != null && (length = jSONArray.length()) > 0) {
            hashSet = new HashSet();
            for (int i = 0; i < length; i++) {
                JSONObject optJSONObject2 = jSONArray.optJSONObject(i);
                if (optJSONObject2 != null && (optJSONObject = optJSONObject2.optJSONObject(IMSConstants.JSON_PROD_CTX)) != null) {
                    String optString = optJSONObject.optString("serviceCode", (String) null);
                    IMSInstance iMSInstance = null;
                    if (IMSConstants.DMA_AEM_AMS.equals(optString)) {
                        this.log.debug("Handling dma_aem_ams product context");
                        iMSInstance = IMSUtil.parseAMSProductContext(optJSONObject);
                    } else if (IMSConstants.DMA_AEM_CLOUD.equals(optString)) {
                        this.log.debug("Handling dma_aem_cloud product context");
                        iMSInstance = IMSUtil.parseCloudProductContext(optJSONObject);
                    } else if (IMSConstants.DMA_MEDIA_LIBRARY.equals(optString)) {
                        this.log.debug("Handling dma_media_library product context");
                        iMSInstance = IMSUtil.parseCloudProductContext(optJSONObject);
                    }
                    if (iMSInstance != null) {
                        hashSet.add(iMSInstance);
                        if (iMSInstance.equals(this.imsConfigProvider.currentIMSInstance())) {
                            String optString2 = optJSONObject.optString(IMSConstants.JSON_GROUP_ID);
                            String optString3 = optJSONObject.optString(IMSConstants.JSON_IDENT);
                            if (optString2 == null || optString3 == null) {
                                this.log.info("handleProductContext: The received prodCtx is missing ident");
                            } else {
                                IMSUtil.handleLicenseGroupReferences(map, new LicenseGroupId(optString2, optString3));
                            }
                        }
                    } else {
                        this.log.debug("handleProductContext: The received prodCtx has an unknown service code or an incomplete prodCtx");
                    }
                }
            }
        }
        return hashSet;
    }

    private void handleOrgRef(Config config) throws URISyntaxException {
        this.organizationUrl = null;
        this.imsGroupJsonParser.setLicenseGroupService(null);
        String ims_org_ref = config.ims_org_ref();
        if (StringUtils.isNotEmpty(ims_org_ref) && StringUtils.isNotEmpty(this.detailsURL)) {
            String[] split = ims_org_ref.split("@", 2);
            this.orgID = split[0];
            if (split.length >= 2) {
                this.authSrc = split[1];
            } else {
                this.authSrc = IMSConstants.ADOBE_ORG;
            }
            setOrganizationURL(this.detailsURL);
            if (!this.syncOnlyLicenseGroup) {
                this.log.info("Sync Only License Group is unchecked, not handling");
            } else {
                this.log.info("Sync Only License Group is checked, handling");
                setLicenseGroupUrl(this.orgID + "@" + this.authSrc, this.detailsURL);
            }
        }
    }

    private void setLicenseGroupUrl(String str, String str2) throws URISyntaxException {
        StringBuilder baseUrl = IMSUtil.getBaseUrl(str2);
        baseUrl.append(IMSConstants.GROUP_API).append(str).append(IMSConstants.GROUP_API_PATH).append("%s").append(IMSConstants.GROUP_API_PATH_MEMBERS).append("?").append(IMSConstants.CLIENT_ID).append("=").append("%s");
        this.imsGroupJsonParser.setLicenseGroupService(new GroupMembersService(this.tokenProviderProxy, this.imsServiceToken, this.tokenUrl, baseUrl.toString()));
    }

    private void setOrganizationURL(String str) throws URISyntaxException {
        StringBuilder baseUrl = IMSUtil.getBaseUrl(str);
        baseUrl.append(IMSConstants.ORGANIZATIONS_API);
        this.organizationUrl = baseUrl.toString();
    }

    private void handleGroupMapping(Config config) {
        for (String str : config.ims_group_mapping()) {
            if (!str.isEmpty()) {
                if (StringUtils.isEmpty(this.orgID)) {
                    throw new ComponentException("Config ims.group.mapping requires ims.org.ref to be set.");
                }
                String[] split = str.split("=", 2);
                if (split.length < 2 || StringUtils.isEmpty(split[1])) {
                    throw new ComponentException("Config ims.group.mapping includes invalid mapping: " + str);
                }
                String[] split2 = split[0].split(":", 2);
                if (split2.length < 2) {
                    addGroupMapping(split2[0], "*", split[1]);
                } else {
                    addGroupMapping(split2[0], split2[1], split[1]);
                }
            }
        }
    }

    private void addGroupMapping(String str, String str2, String str3) {
        this.groupMappings.add(new GroupMapping(str3, str, str2, "*"));
    }

    @Nullable
    public String logout(@Nullable HttpServletRequest httpServletRequest, @Nullable ProviderConfig providerConfig) {
        if (!logoutParametersSufficient(this.imsLogout, this.logoutUrl, httpServletRequest, providerConfig)) {
            this.log.debug("logout: Invalid parameters to perform an IMS logout.");
            return null;
        }
        HttpPost httpPost = null;
        try {
            try {
                HttpPost httpPost2 = new HttpPost(this.logoutUrl);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair(IMSConstants.CLIENT_ID, providerConfig.getClientId()));
                arrayList.add(new BasicNameValuePair(IMSConstants.CLIENT_SECRET, providerConfig.getClientSecret()));
                arrayList.add(new BasicNameValuePair(IMSConstants.REDIRECT_URI, buildCallBackUrl(httpServletRequest, providerConfig)));
                httpPost2.setEntity(new UrlEncodedFormEntity(arrayList, Consts.UTF_8));
                CloseableHttpResponse execute = this.httpClient.execute(httpPost2);
                if (302 != execute.getStatusLine().getStatusCode()) {
                    this.log.info("logout: IMS logout API returned a response different than 302");
                    HttpClientUtils.closeQuietly(execute);
                    if (httpPost2 != null) {
                        httpPost2.releaseConnection();
                    }
                    return null;
                }
                Header firstHeader = execute.getFirstHeader(IMSConstants.LOCATION_HEADER);
                if (firstHeader == null) {
                    this.log.info("logout: IMS returned a null location header");
                    HttpClientUtils.closeQuietly(execute);
                    if (httpPost2 != null) {
                        httpPost2.releaseConnection();
                    }
                    return null;
                }
                String value = firstHeader.getValue();
                this.log.info("logout: returning location {}", value);
                HttpClientUtils.closeQuietly(execute);
                if (httpPost2 != null) {
                    httpPost2.releaseConnection();
                }
                return value;
            } catch (IOException e) {
                this.log.error("logout: error while calling the logout IMS API", e);
                HttpClientUtils.closeQuietly((CloseableHttpResponse) null);
                if (0 != 0) {
                    httpPost.releaseConnection();
                }
                return null;
            }
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((CloseableHttpResponse) null);
            if (0 != 0) {
                httpPost.releaseConnection();
            }
            throw th;
        }
    }

    private boolean logoutParametersSufficient(boolean z, @Nullable String str, @Nullable HttpServletRequest httpServletRequest, @Nullable ProviderConfig providerConfig) {
        int i = 0;
        if (!z) {
            this.log.debug("logout: IMS logout not enabled");
            i = 0 + 1;
        }
        if (str == null) {
            this.log.error("logout: logout enabled but logout URL is null");
            i++;
        }
        if (StringUtils.isEmpty(str)) {
            this.log.error("logout: logout enabled but logout URL is empty");
            i++;
        }
        if (httpServletRequest == null) {
            this.log.error("logout: unexpected null logout request");
            i++;
        }
        if (providerConfig == null) {
            this.log.error("logout: unexpected null providerConfig");
            i++;
        }
        return i <= 0;
    }

    @NotNull
    String buildCallBackUrl(@NotNull HttpServletRequest httpServletRequest, @NotNull ProviderConfig providerConfig) {
        String sb;
        String callBackUrl = providerConfig.getCallBackUrl();
        if (callBackUrl == null || callBackUrl.startsWith("/")) {
            StringBuilder rootURL = getRootURL(httpServletRequest);
            this.log.debug("buildCallbackUrl: Request Root URL: {}", rootURL);
            if (callBackUrl != null && callBackUrl.startsWith("/")) {
                if (callBackUrl.endsWith("/")) {
                    rootURL.append((CharSequence) callBackUrl, 0, callBackUrl.length() - 1);
                } else {
                    rootURL.append(callBackUrl);
                }
            }
            rootURL.append(IMSConstants.CALLBACK_SUFFIX_LOGOUT);
            sb = rootURL.toString();
        } else {
            sb = callBackUrl;
        }
        try {
            new URL(sb);
            this.log.debug("buildCallBackUrl: URL built: {}", sb);
            return sb;
        } catch (MalformedURLException e) {
            this.log.error("buildCallBackUrl: malformed URL, failure to build the callback URL, review the callback setting.");
            return "";
        }
    }

    @NotNull
    StringBuilder getRootURL(@NotNull HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName());
        int serverPort = httpServletRequest.getServerPort();
        if (serverPort > 0) {
            String scheme = httpServletRequest.getScheme();
            boolean z = -1;
            switch (scheme.hashCode()) {
                case 3213448:
                    if (scheme.equals("http")) {
                        z = false;
                        break;
                    }
                    break;
                case 99617003:
                    if (scheme.equals("https")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (serverPort != 80) {
                        sb.append(':').append(serverPort);
                        break;
                    }
                    break;
                case true:
                    if (serverPort != 443) {
                        sb.append(':').append(serverPort);
                        break;
                    }
                    break;
                default:
                    sb.append(':').append(serverPort);
                    break;
            }
        }
        return sb;
    }

    @Nullable
    private String getDebugHeader(@NotNull Response response) {
        return response.getHeader("x-debug-id");
    }
}
