package com.adobe.cq.adobeims.impl;

import com.adobe.cq.adobeims.impl.util.JwtPayloadUtil;
import com.adobe.granite.auth.oauth.AccessTokenProvider;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {IMSConfigurationProvider.class})
/* loaded from: input_file:com/adobe/cq/adobeims/impl/IMSConfigurationProviderImpl.class */
public class IMSConfigurationProviderImpl implements IMSConfigurationProvider {

    @Reference
    private ConfigurationAdmin configurationAdmin;

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference(service = AccessTokenProvider.class, policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MULTIPLE, bind = "bindAccessTokenProvider", unbind = "unbindAccessTokenProvider")
    private volatile List<?> tokenProviders;
    private volatile ServiceReference<?> ref;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private Map<String, String> unboundConfigs = new HashMap();
    private final Map<String, AccessTokenProvider> availableTokenProviders = new ConcurrentHashMap();

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.ref = componentContext.getServiceReference();
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    @Nonnull
    public String createConfiguration(@Nonnull Map<String, String> map) throws Exception {
        verifySettings(map);
        try {
            IMSConfiguration create = IMSConfiguration.create(this.configurationAdmin, this.cryptoSupport, map, this.ref);
            this.log.debug("AccessTokenProvider configuration created successfully. (pid={})", create.getId());
            return create.getId();
        } catch (Exception e) {
            this.log.error("Error occured while creating OSGi configurations. Changes reverted. (error={})", e.getMessage());
            throw e;
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public void createUpdateConfiguration(Resource resource, Set<String> set) throws Exception {
        String name = resource.getName();
        String obj = resource.getValueMap().get(IMSConfigurationProperties.TITLE).toString();
        this.log.info("Creating/Updating IMS configuration with imsConfigId : {}, title: {}", name, obj);
        ValueMap valueMap = (ValueMap) resource.adaptTo(ValueMap.class);
        HashMap hashMap = new HashMap();
        for (String str : valueMap.keySet()) {
            String str2 = (String) valueMap.get(str, String.class);
            if (str.equals(IMSConfigurationProperties.CLIENT_SECRET)) {
                str2 = this.cryptoSupport.unprotect(str2);
            }
            hashMap.put(str, str2);
        }
        hashMap.put("name", name);
        if (!set.contains(name)) {
            createConfiguration(hashMap);
            this.log.info("IMS configuration created from mutable storage successfully! imsConfigId={}, imsConfigtitle={}", name, obj);
            return;
        }
        String iMSConfigurationPid = getIMSConfigurationPid(hashMap.get(IMSConfigurationProperties.CLOUD_SERVICE_NAME), name);
        if (iMSConfigurationPid != null) {
            updateConfiguration(iMSConfigurationPid, hashMap);
            this.log.info("IMS configuration updated from mutable storage successfully! imsConfigId={}, imsConfigtitle={}", name, obj);
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public void updateConfiguration(@Nonnull String str, @Nonnull Map<String, String> map) throws Exception {
        verifyArgs(str);
        verifySettingsBasic(map);
        try {
            IMSConfiguration.update(this.configurationAdmin, this.cryptoSupport, str, map, this.ref);
            this.log.debug("AccessTokenProvider configuration updated successfully. (pid={})", str);
        } catch (Exception e) {
            this.log.error("Error occured while updating OSGi configurations. Changes rolled back. (error={})", e.getMessage());
            throw e;
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public void deleteConfiguration(@Nonnull String str) throws Exception {
        verifyArgs(str);
        try {
            IMSConfiguration.delete(this.configurationAdmin, this.cryptoSupport, str, this.ref);
            this.log.debug("AccessTokenProvider configuration deleted successfully. (pid={})", str);
        } catch (IOException e) {
            this.log.error("Error occured while deleting OSGi configurations. (error={})", e.getMessage());
            throw e;
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public Set<String> getConfigurations(ConfigContext configContext) throws IOException {
        if (configContext == null) {
            return null;
        }
        HashSet hashSet = null;
        try {
            this.log.info("Getting configurations for cloud service : {}", configContext.getCloudServiceName());
            Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=" + configContext.getCloudServiceName() + "*))");
            if (listConfigurations != null) {
                hashSet = new HashSet();
                for (Configuration configuration : listConfigurations) {
                    hashSet.add(configuration.getPid());
                }
            }
            return hashSet;
        } catch (InvalidSyntaxException e) {
            this.log.error(e.getMessage(), e);
            throw new IOException((Throwable) e);
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public IMSConfiguration getConfiguration(@Nonnull String str) throws Exception {
        verifyArgs(str);
        return IMSConfiguration.get(this.configurationAdmin, this.cryptoSupport, str, this.ref);
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public String getAccessToken(ResourceResolver resourceResolver, String str) throws IOException, CryptoException {
        verifyArgs(str);
        if (resourceResolver == null) {
            throw new IllegalArgumentException("Invalid arguments for retrieving access token!");
        }
        AccessTokenProvider accessTokenProvider = this.availableTokenProviders.get(str);
        if (accessTokenProvider == null) {
            throw new IllegalArgumentException("Invalid access token provider!");
        }
        return accessTokenProvider.getAccessToken(resourceResolver, resourceResolver.getUserID(), (Map) null);
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public void removeCachedToken(ResourceResolver resourceResolver, String str) {
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        try {
            if (userManager == null) {
                throw new Exception("Internal error: could not get UserManager instance");
            }
            User authorizable = userManager.getAuthorizable(resourceResolver.getUserID());
            if (authorizable instanceof User) {
                authorizable.removeProperty(String.format("oauth/oauthid-%s", str));
            }
        } catch (Exception e) {
            this.log.error("Error while removing cahced access token for the user: {} (error={})", resourceResolver.getUserID(), e.getMessage());
        }
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public Set<String> getIMSConfigurationIds(ConfigContext configContext) throws Exception {
        Set<String> configurations = getConfigurations(configContext);
        HashSet hashSet = new HashSet();
        if (configurations != null) {
            Iterator<String> it = configurations.iterator();
            while (it.hasNext()) {
                try {
                    IMSConfiguration configuration = getConfiguration(it.next());
                    if (configuration != null) {
                        hashSet.add(configuration.getName());
                    }
                } catch (Exception e) {
                    this.log.error("error in getting osgiConfig", e);
                }
            }
        }
        return hashSet;
    }

    @Override // com.adobe.cq.adobeims.impl.IMSConfigurationProvider
    public String getIMSConfigurationPid(String str, String str2) throws Exception {
        for (Configuration configuration : this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=" + str + "*))")) {
            if (configuration.getProcessedProperties(this.ref).get("name").equals(str2)) {
                return configuration.getPid();
            }
        }
        return null;
    }

    void bindAccessTokenProvider(AccessTokenProvider accessTokenProvider, Map<?, ?> map) {
        String propertiesUtil = PropertiesUtil.toString(map.get("service.pid"), "");
        try {
            IMSConfiguration configuration = getConfiguration(propertiesUtil);
            if (configuration == null) {
                this.log.error("Cannot retrieve bound IMS configuration {}", propertiesUtil);
                return;
            }
            this.availableTokenProviders.put(configuration.getName(), accessTokenProvider);
            this.log.debug("AccessTokenProvider service bound: {}", configuration.getName());
            if (configuration.isOwn()) {
                if (convertConfigIfLegacy(configuration)) {
                } else {
                    deleteConfigIfResurrected(configuration);
                }
            }
        } catch (Exception e) {
            this.log.error("Cannot retrieve bound IMS configuration {}! Error: {}", propertiesUtil, e.getMessage());
        }
    }

    void unbindAccessTokenProvider(AccessTokenProvider accessTokenProvider, Map<?, ?> map) {
        String propertiesUtil = PropertiesUtil.toString(map.get("name"), "");
        this.availableTokenProviders.remove(propertiesUtil);
        this.log.debug("AccessTokenProvider service unbound:; {}", propertiesUtil);
        trackConfigForResurrection(map);
    }

    private void verifyArgs(String... strArr) {
        for (String str : strArr) {
            if (StringUtils.isBlank(str)) {
                throw new IllegalArgumentException("Invalid arguments (empty or null)!");
            }
        }
    }

    private void verifySettings(Map<String, String> map) {
        verifySettingsBasic(map);
        verifyArgs(map.get(IMSConfigurationProperties.CLIENT_SECRET));
    }

    private void verifySettingsBasic(Map<String, String> map) {
        if (map == null) {
            this.log.debug("Null settings detected");
            throw new IllegalArgumentException("Invalid settings");
        }
        verifyArgs(map.get(IMSConfigurationProperties.API_KEY), map.get(IMSConfigurationProperties.TITLE), map.get(IMSConfigurationProperties.AUTH_SERVER_URL), map.get(IMSConfigurationProperties.CLAIMS), map.get(IMSConfigurationProperties.KEYPAIR_ALIAS));
        if (!map.get(IMSConfigurationProperties.AUTH_SERVER_URL).startsWith("https://")) {
            throw new IllegalArgumentException("Auth server URL must use 'https://'!");
        }
        try {
            if (JwtPayloadUtil.getJwtClaims(map.get(IMSConfigurationProperties.CLAIMS)).isEmpty()) {
                throw new IllegalArgumentException("Invalid JWT claims!");
            }
        } catch (JSONException e) {
            this.log.error("Invalid JSON formatting for JWT claims. (error={})", e.getMessage());
            throw new IllegalArgumentException((Throwable) e);
        }
    }

    private boolean convertConfigIfLegacy(IMSConfiguration iMSConfiguration) {
        boolean z = false;
        try {
            if (iMSConfiguration.isLegacy()) {
                this.log.info("Convert legacy IMS configuration '{}'", iMSConfiguration.getName());
                iMSConfiguration.update(iMSConfiguration.getProperties());
                z = true;
            }
        } catch (Exception e) {
            this.log.error("Cannot convert legacy IMS configuration '{}'. Error: {}", iMSConfiguration.getName(), e.getMessage());
        }
        return z;
    }

    private void deleteConfigIfResurrected(IMSConfiguration iMSConfiguration) {
        String name = iMSConfiguration.getName();
        if (this.unboundConfigs.containsKey(name)) {
            try {
                if (!iMSConfiguration.isValid()) {
                    this.log.info("Force cleanup of resurrected IMS configuration '{}'", name);
                    iMSConfiguration.delete();
                }
            } catch (Exception e) {
                this.log.error("Could not cleanup the resurrected IMS configuration '{}'. Error: {}", name, e.getMessage());
            }
            this.unboundConfigs.remove(name);
        }
    }

    private void trackConfigForResurrection(Map<?, ?> map) {
        String propertiesUtil = PropertiesUtil.toString(map.get("name"), "");
        if (IMSConfiguration.isOwn(this.configurationAdmin, propertiesUtil, PropertiesUtil.toString(map.get(AccessTokenProviderProperties.TOKEN_REQUEST_CUSTOMIZER_TYPE), ""), PropertiesUtil.toString(map.get(AccessTokenProviderProperties.TOKEN_VALIDATOR_TYPE), ""), this.ref)) {
            this.unboundConfigs.put(propertiesUtil, PropertiesUtil.toString(map.get("service.pid"), ""));
        }
    }
}
