package com.adobe.cq.adobeims.impl;

import com.adobe.cq.adobeims.impl.util.JwtPayloadUtil;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/cq/adobeims/impl/IMSConfiguration.class */
public class IMSConfiguration {
    private static final String TOKEN_EXCHANGE_API_SUFFIX = "/ims/exchange/jwt";
    public static final String PREFIX = "imsconsole-";
    private String providerPid;
    private String customizerPid;
    private String validatorPid;
    private Map<String, String> properties;
    private String customizerID;
    private String validatorID;
    private ConfigurationAdmin configurationAdmin;
    private CryptoSupport cryptoSupport;
    private volatile ServiceReference<?> ref;
    private String name = "";
    private boolean forceLegacy = false;
    final Logger log = LoggerFactory.getLogger(getClass());

    public IMSConfiguration(ConfigurationAdmin configurationAdmin, CryptoSupport cryptoSupport, ServiceReference<?> serviceReference) {
        this.configurationAdmin = configurationAdmin;
        this.cryptoSupport = cryptoSupport;
        this.ref = serviceReference;
    }

    public boolean isValid() {
        if (this.providerPid == null || this.customizerPid == null || this.validatorPid == null || !isOwn()) {
            return false;
        }
        try {
            return (getProperties(this.customizerPid) == null || getProperties(this.validatorPid) == null) ? false : true;
        } catch (IOException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isOwn() {
        return isOwn(this.configurationAdmin, getName(), this.customizerID, this.validatorID, this.ref);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isOwn(ConfigurationAdmin configurationAdmin, String str, String str2, String str3, ServiceReference<?> serviceReference) {
        return isOwnName(configurationAdmin, str, serviceReference) && isOwnCustomizerID(str2) && isOwnValidatorID(str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLegacy() {
        return this.customizerID.startsWith(AccessTokenProviderProperties.TOKEN_CUSTOMIZER_FACTORY_PID) && this.validatorID.startsWith(AccessTokenProviderProperties.TOKEN_VALIDATOR_FACTORY_PID);
    }

    private static boolean isOwnName(ConfigurationAdmin configurationAdmin, String str, ServiceReference<?> serviceReference) {
        try {
            Iterator<ConfigContext> it = ConfigContext.getAllContexts(configurationAdmin, serviceReference).iterator();
            while (it.hasNext()) {
                if (str.startsWith(it.next().getCloudServiceName())) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean isOwnCustomizerID(String str) {
        return str.startsWith(PREFIX) || str.startsWith(AccessTokenProviderProperties.TOKEN_CUSTOMIZER_FACTORY_PID);
    }

    private static boolean isOwnValidatorID(String str) {
        return str.startsWith(PREFIX) || str.startsWith(AccessTokenProviderProperties.TOKEN_VALIDATOR_FACTORY_PID);
    }

    @Nonnull
    public Map<String, String> getProperties() {
        return this.properties;
    }

    @Nonnull
    public String getId() {
        return this.providerPid;
    }

    @Nonnull
    public String getName() {
        return PropertiesUtil.toString(this.properties.get("name"), this.name);
    }

    @Nonnull
    public String getTitle() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.TITLE), "");
    }

    @Nonnull
    public String getCertAlias() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.KEYPAIR_ALIAS), "");
    }

    @Nonnull
    public String getClientId() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.API_KEY), "");
    }

    @Nonnull
    public String getCloudServiceName() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.CLOUD_SERVICE_NAME), "");
    }

    @Nonnull
    public String getClaims() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.CLAIMS), "");
    }

    @Nonnull
    public String getClientSecret() {
        return PropertiesUtil.toString(this.properties.get(IMSConfigurationProperties.CLIENT_SECRET), "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static IMSConfiguration create(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull Map<String, String> map, @Nonnull ServiceReference<?> serviceReference) throws Exception {
        IMSConfiguration iMSConfiguration = new IMSConfiguration(configurationAdmin, cryptoSupport, serviceReference);
        try {
            iMSConfiguration.create(map);
            return iMSConfiguration;
        } catch (Exception e) {
            iMSConfiguration.delete();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void update(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull String str, @Nonnull Map<String, String> map, @Nonnull ServiceReference<?> serviceReference) throws Exception {
        IMSConfiguration iMSConfiguration = get(configurationAdmin, cryptoSupport, str, serviceReference);
        try {
            iMSConfiguration.update(map);
        } catch (Exception e) {
            iMSConfiguration.restore();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void delete(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull String str, @Nonnull ServiceReference<?> serviceReference) throws Exception {
        get(configurationAdmin, cryptoSupport, str, serviceReference).delete();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static IMSConfiguration get(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull String str, @Nonnull ServiceReference<?> serviceReference) throws Exception {
        IMSConfiguration iMSConfiguration = new IMSConfiguration(configurationAdmin, cryptoSupport, serviceReference);
        iMSConfiguration.get(str);
        return iMSConfiguration;
    }

    private void create(@Nonnull Map<String, String> map) throws Exception {
        update(map);
    }

    private void get(@Nonnull String str) throws Exception {
        JSONObject claimsAsJson;
        this.providerPid = str;
        Dictionary<String, ?> properties = getProperties(this.providerPid);
        this.customizerID = PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.TOKEN_REQUEST_CUSTOMIZER_TYPE), "");
        this.validatorID = PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.TOKEN_VALIDATOR_TYPE), "");
        if (isLegacy()) {
            this.customizerPid = this.customizerID;
            this.validatorPid = this.validatorID;
        } else {
            this.customizerPid = getCustomizerPid(this.customizerID);
            this.validatorPid = getValidatorPid(this.validatorID);
        }
        this.properties = new HashMap();
        this.properties.put(IMSConfigurationProperties.TITLE, PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.TITLE), ""));
        this.properties.put(IMSConfigurationProperties.API_KEY, PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.CLIENT_ID), ""));
        this.properties.put(IMSConfigurationProperties.AUTH_SERVER_URL, PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.END_POINT), ""));
        this.properties.put(IMSConfigurationProperties.KEYPAIR_ALIAS, PropertiesUtil.toString(properties.get(AccessTokenProviderProperties.KEYPAIR_ALIAS), ""));
        String propertiesUtil = PropertiesUtil.toString(properties.get("name"), "");
        this.properties.put("name", propertiesUtil);
        Matcher matcher = Pattern.compile("([^(]+)").matcher(propertiesUtil);
        if (matcher.find()) {
            this.properties.put(IMSConfigurationProperties.CLOUD_SERVICE_NAME, matcher.group(1));
        }
        try {
            String[] stringArray = PropertiesUtil.toStringArray(properties.get(AccessTokenProviderProperties.CLAIMS));
            if (stringArray != null && (claimsAsJson = JwtPayloadUtil.claimsAsJson(stringArray)) != null) {
                this.properties.put(IMSConfigurationProperties.CLAIMS, claimsAsJson.toString(4));
            }
            Dictionary<String, ?> properties2 = getProperties(this.customizerPid);
            if (properties2 != null) {
                this.properties.put(IMSConfigurationProperties.CLIENT_SECRET, PropertiesUtil.toString(properties2.get(AccessTokenProviderProperties.TOKEN_CUSTOMIZER_CLIENT_SECRET), ""));
            }
        } catch (JSONException e) {
            throw new InvalidObjectException("Invalid JWT claims!");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void delete() throws IOException {
        delete(this.customizerPid);
        delete(this.validatorPid);
        delete(this.providerPid);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void update(@Nonnull Map<String, String> map) throws Exception {
        this.forceLegacy = PropertiesUtil.toBoolean(map.get("forceLegacy"), false);
        updateAccessTokenValidator();
        updateAccessTokenRequestCustomizer(map);
        updateAccessTokenProvider(map);
        this.forceLegacy = false;
        this.properties = map;
    }

    private void restore() throws Exception {
        updateAccessTokenRequestCustomizer(this.properties);
        updateAccessTokenProvider(this.properties);
    }

    private void updateAccessTokenValidator() throws IOException {
        Configuration createFactoryConfiguration = this.validatorPid == null ? this.configurationAdmin.createFactoryConfiguration(AccessTokenProviderProperties.TOKEN_VALIDATOR_FACTORY_PID, (String) null) : this.configurationAdmin.getConfiguration(this.validatorPid, (String) null);
        Dictionary hashtable = (this.validatorPid == null || createFactoryConfiguration.getProperties() == null) ? new Hashtable() : createFactoryConfiguration.getProcessedProperties(this.ref);
        String str = PREFIX + UUID.randomUUID().toString();
        hashtable.put(AccessTokenProviderProperties.TOKEN_VALIDATOR_TYPE, this.forceLegacy ? createFactoryConfiguration.getPid() : str);
        createFactoryConfiguration.update(hashtable);
        this.validatorPid = createFactoryConfiguration.getPid();
        this.validatorID = this.forceLegacy ? this.validatorPid : str;
    }

    private void updateAccessTokenProvider(@Nonnull Map<String, String> map) throws Exception {
        Configuration createFactoryConfiguration = this.providerPid == null ? this.configurationAdmin.createFactoryConfiguration(AccessTokenProviderProperties.FACTORY_PID, (String) null) : this.configurationAdmin.getConfiguration(this.providerPid, (String) null);
        Dictionary hashtable = this.providerPid == null ? new Hashtable() : createFactoryConfiguration.getProcessedProperties(this.ref);
        String str = map.get(IMSConfigurationProperties.AUTH_SERVER_URL);
        hashtable.put(AccessTokenProviderProperties.TITLE, map.get(IMSConfigurationProperties.TITLE));
        hashtable.put(AccessTokenProviderProperties.CLIENT_ID, map.get(IMSConfigurationProperties.API_KEY));
        hashtable.put(AccessTokenProviderProperties.END_POINT, str);
        hashtable.put(AccessTokenProviderProperties.ACCESS_TOKEN_REQ_FORMAT, str + TOKEN_EXCHANGE_API_SUFFIX);
        hashtable.put(AccessTokenProviderProperties.CLAIMS, JwtPayloadUtil.getJwtClaims(map.get(IMSConfigurationProperties.CLAIMS)));
        hashtable.put(AccessTokenProviderProperties.TOKEN_REQUEST_CUSTOMIZER_TYPE, this.customizerID);
        if (hashtable.get("name") == null && map.get("name") != null) {
            hashtable.put("name", map.get("name"));
        }
        String str2 = map.get(IMSConfigurationProperties.CLOUD_SERVICE_NAME);
        String propertiesUtil = PropertiesUtil.toString(hashtable.get("name"), "");
        this.log.info("Existing name for IMS to be created/updated: {}", propertiesUtil);
        if (this.providerPid == null || !propertiesUtil.startsWith(str2)) {
            this.name = generateNameFromContext(str2, propertiesUtil);
            hashtable.put("name", this.name);
            this.log.info("Resolved name for IMS to be created/updated: {}", propertiesUtil);
        }
        String str3 = map.get(IMSConfigurationProperties.KEYPAIR_ALIAS);
        if (StringUtils.isNotBlank(str3)) {
            hashtable.put(AccessTokenProviderProperties.KEYPAIR_ALIAS, str3);
        }
        if ("true".equals(map.get(IMSConfigurationProperties.RELAXED_SSL))) {
            hashtable.put(AccessTokenProviderProperties.RELAXED_SSL, true);
        }
        if (this.validatorPid != null) {
            hashtable.put(AccessTokenProviderProperties.TOKEN_VALIDATOR_TYPE, this.validatorID);
        }
        createFactoryConfiguration.update(hashtable);
        this.providerPid = createFactoryConfiguration.getPid();
    }

    private void updateAccessTokenRequestCustomizer(@Nonnull Map<String, String> map) throws IOException, CryptoException {
        Configuration createFactoryConfiguration = this.customizerPid == null ? this.configurationAdmin.createFactoryConfiguration(AccessTokenProviderProperties.TOKEN_CUSTOMIZER_FACTORY_PID, (String) null) : this.configurationAdmin.getConfiguration(this.customizerPid, (String) null);
        String str = map.get(IMSConfigurationProperties.CLIENT_SECRET);
        if (str != null) {
            Dictionary hashtable = (this.customizerPid == null || createFactoryConfiguration.getProperties() == null) ? new Hashtable() : createFactoryConfiguration.getProcessedProperties(this.ref);
            String str2 = PREFIX + UUID.randomUUID().toString();
            hashtable.put("customizer.type", this.forceLegacy ? createFactoryConfiguration.getPid() : str2);
            hashtable.put(AccessTokenProviderProperties.TOKEN_CUSTOMIZER_CLIENT_SECRET, this.cryptoSupport.isProtected(str) ? str : this.cryptoSupport.protect(str));
            createFactoryConfiguration.update(hashtable);
            this.customizerID = this.forceLegacy ? createFactoryConfiguration.getPid() : str2;
        }
        this.customizerPid = createFactoryConfiguration.getPid();
    }

    private Dictionary<String, ?> getProperties(String str) throws IOException {
        if (str == null) {
            return null;
        }
        Configuration configuration = this.configurationAdmin.getConfiguration(str, (String) null);
        if (configuration == null) {
            throw new IOException("Could not get the OSGI configuration properties!");
        }
        return configuration.getProcessedProperties(this.ref);
    }

    private void delete(String str) throws IOException {
        Configuration configuration;
        if (str == null || (configuration = this.configurationAdmin.getConfiguration(str, (String) null)) == null) {
            return;
        }
        configuration.delete();
    }

    @Nonnull
    private String generateNameFromContext(@Nonnull String str, String str2) throws Exception {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=" + str + "*))");
        String str3 = str2;
        if (listConfigurations != null && listConfigurations.length != 0) {
            int length = listConfigurations.length + 1;
            if (str3.isEmpty() || !str3.startsWith(str)) {
                str3 = String.format("%s(%d)", str, Integer.valueOf(length));
                length++;
            }
            HashSet hashSet = new HashSet();
            for (Configuration configuration : listConfigurations) {
                String propertiesUtil = PropertiesUtil.toString(configuration.getProcessedProperties(this.ref).get("name"), "");
                if (!propertiesUtil.isEmpty()) {
                    hashSet.add(propertiesUtil);
                }
            }
            while (hashSet.contains(str3)) {
                str3 = String.format("%s(%d)", str, Integer.valueOf(length));
                length++;
            }
        } else if (!str2.startsWith(str)) {
            this.log.info("Naming the first IMS config as cloudServiceName: {}", str);
            return str;
        }
        return str3;
    }

    @Nullable
    private String getCustomizerPid(@Nonnull String str) throws Exception {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl)(customizer.type=" + str + "*))");
        if (listConfigurations == null || listConfigurations.length <= 0) {
            return null;
        }
        return listConfigurations[0].getPid();
    }

    @Nullable
    private String getValidatorPid(@Nonnull String str) throws Exception {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.ims.impl.IMSTokenValidatorImpl)(auth.token.validator.type=" + str + "*))");
        if (listConfigurations == null || listConfigurations.length <= 0) {
            return null;
        }
        return listConfigurations[0].getPid();
    }
}
