package com.adobe.granite.ims.yamlloader;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.ims.yamlloader.model.Integration;
import com.adobe.granite.keystore.KeyStoreService;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.serviceusermapping.Mapping;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true, service = {ImsYamlLoader.class}, property = {"label = ImsYamlLoader", "description = ImsYamlLoader"})
/* loaded from: input_file:com/adobe/granite/ims/yamlloader/ImsYamlLoader.class */
public class ImsYamlLoader {
    private static final String ADOBEIO_INTEGRATION_BUNDLE_NAME = "com.adobe.cq.adobeims.core";
    private static final String AEM_LAUNCH_PARAM_IMS_CONFIG_YAML = "ims.config.yaml";

    @Reference
    private KeyStoreService keyStoreService;

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private ConfigurationAdmin configurationAdmin;

    @Reference
    private ServiceUserMapper serviceUserMapper;
    private static final Logger LOG = LoggerFactory.getLogger(ImsYamlLoader.class);
    private static final String KEYSTORE_WRITE_SERVICE_USER = "keystorewriter";
    private static final Map<String, Object> AUTH_INFO = Collections.singletonMap("sling.service.subservice", KEYSTORE_WRITE_SERVICE_USER);

    @Activate
    protected void activate(BundleContext bundleContext) {
        String property = bundleContext.getProperty(AEM_LAUNCH_PARAM_IMS_CONFIG_YAML);
        if (StringUtils.isEmpty(property)) {
            LOG.info("No yaml file&folder is specified for loading Ims configuration");
            return;
        }
        File file = new File(property);
        if (!file.isDirectory()) {
            if (file.isFile() && file.getName().toLowerCase().endsWith(".yaml")) {
                loadImsYaml(file, bundleContext);
                return;
            } else {
                LOG.warn("We only accept yaml file with name like 'userId.yaml' other than '{}'", property);
                return;
            }
        }
        File[] listFiles = file.listFiles();
        if (listFiles.length == 0) {
            LOG.warn("The specified folder '{}' is empty", property);
            return;
        }
        for (File file2 : listFiles) {
            if (file2.isFile() && file2.getName().toLowerCase().endsWith(".yaml")) {
                loadImsYaml(file2, bundleContext);
            } else {
                LOG.warn("We only accept yaml file with name like 'userId.yaml' other than '{}'", file2.getPath());
            }
        }
    }

    private void loadImsYaml(File file, BundleContext bundleContext) {
        String path = file.getPath();
        LOG.info("Trying to load Adobe IO Ims configuration from '{}'.", path);
        String substring = file.getName().substring(0, file.getName().lastIndexOf(46));
        String subServiceName = getSubServiceName(bundleContext, substring);
        if (StringUtils.isEmpty(subServiceName)) {
            LOG.warn("Failed to get service name by user id '{}'", substring);
            return;
        }
        LOG.info("Get the service name '{}' by the user id '{}'", subServiceName, substring);
        try {
            ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
            objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
            Integration integration = (Integration) objectMapper.readValue(new FileInputStream(file), Integration.class);
            createUpdateKeystore(integration, substring);
            createUpdateImsConfig(getImsConfigurationFromIntegration(integration, subServiceName, substring), substring);
        } catch (IOException e) {
            LOG.warn("Failed to load yaml file '{}'.", path, e);
        }
    }

    private void createUpdateKeystore(Integration integration, String str) {
        String privateKey = integration.getTechnicalAccount().getPrivateKey();
        String publicKey = integration.getTechnicalAccount().getPublicKey();
        String keypairAlias = integration.getTechnicalAccount().getKeypairAlias();
        if (StringUtils.isEmpty(keypairAlias)) {
            keypairAlias = str;
        }
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(keypairAlias) || StringUtils.isEmpty(privateKey) || StringUtils.isEmpty(publicKey)) {
            LOG.warn("Required fields for keystore missed, make sure it include: userId, alias, privateKey and publicKey");
            return;
        }
        String randomAlphabetic = RandomStringUtils.randomAlphabetic(8);
        ResourceResolver resourceResolver = null;
        try {
            try {
                resourceResolver = this.resolverFactory.getServiceResourceResolver(AUTH_INFO);
                if (this.keyStoreService.keyStoreExists(resourceResolver, str)) {
                    LOG.info("Keystore already exists for user '{}'", str);
                } else {
                    LOG.info("Create keystore '{}' for user '{}'", keypairAlias, str);
                    this.keyStoreService.createKeyStore(resourceResolver, str, randomAlphabetic.toCharArray());
                }
                this.keyStoreService.addKeyStoreKeyEntry(resourceResolver, str, keypairAlias, Utils.generatePrivateKey(privateKey), Utils.generateCertificateChain(publicKey));
                resourceResolver.commit();
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            } catch (Exception e) {
                LOG.error("Failed to create keystore from yaml file for user '{}'", str, e);
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            }
        } catch (Throwable th) {
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            throw th;
        }
    }

    private void createUpdateImsConfig(Map<String, String> map, String str) {
        if (Utils.verifyImsConfigurations(map)) {
            String str2 = map.get(Utils.KEY_IMS_CLOUD_SERVICE_NAME);
            try {
                String providerPidByName = getProviderPidByName(str2);
                if (StringUtils.isEmpty(providerPidByName)) {
                    LOG.info("No existing Ims configuration found, create IMS configuration for '{}'", str2);
                    IMSConfiguration.create(this.configurationAdmin, this.cryptoSupport, map, str);
                } else {
                    LOG.info("Found existing Ims configuration, update IMS configuration for '{}'", str2);
                    IMSConfiguration.update(this.configurationAdmin, this.cryptoSupport, providerPidByName, map, str);
                }
            } catch (IOException | InvalidSyntaxException | CryptoException | JSONException e) {
                LOG.error("Failed to create IMS configuration from yaml file for '{}'", str2, e);
            }
        }
    }

    private String getProviderPidByName(String str) throws IOException, InvalidSyntaxException {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=" + str + "*))");
        if (listConfigurations == null) {
            return null;
        }
        for (Configuration configuration : listConfigurations) {
            if (configuration != null && configuration.getProperties() != null && configuration.getProperties().get("name") != null && configuration.getProperties().get("name").equals(str)) {
                return configuration.getPid();
            }
        }
        return null;
    }

    private Map<String, String> getImsConfigurationFromIntegration(Integration integration, String str, String str2) {
        String imsEndpoint = integration.getImsEndpoint();
        HashMap hashMap = new HashMap();
        hashMap.put(Utils.KEY_IMS_TITLE, str);
        hashMap.put(Utils.KEY_IMS_AUTH_SERVER_URL, imsEndpoint);
        hashMap.put(Utils.KEY_IMS_API_KEY, integration.getTechnicalAccount().getClientId());
        hashMap.put(Utils.KEY_IMS_JWT_CLAIMS, getJwtClaims(integration));
        hashMap.put(Utils.KEY_IMS_CLIENT_SECRET, integration.getTechnicalAccount().getClientSecret());
        String keypairAlias = integration.getTechnicalAccount().getKeypairAlias();
        if (StringUtils.isEmpty(keypairAlias)) {
            keypairAlias = str2;
        }
        hashMap.put(Utils.KEY_IMS_KEYPAIR_ALIAS, keypairAlias);
        hashMap.put(Utils.KEY_IMS_CLOUD_SERVICE_NAME, str);
        if (StringUtils.isNotBlank(imsEndpoint) && imsEndpoint.matches("^https:\\/\\/localhost($|:[0-9]+$)")) {
            hashMap.put(Utils.KEY_IMS_RELAXED_SSL, "true");
        }
        return hashMap;
    }

    private String getSubServiceName(BundleContext bundleContext, String str) {
        Bundle bundle = null;
        Bundle[] bundles = bundleContext.getBundles();
        int length = bundles.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Bundle bundle2 = bundles[i];
            if (ADOBEIO_INTEGRATION_BUNDLE_NAME.equals(bundle2.getSymbolicName())) {
                bundle = bundle2;
                break;
            }
            i++;
        }
        for (Mapping mapping : this.serviceUserMapper.getActiveMappings()) {
            if (mapping.getServiceName().equals(ADOBEIO_INTEGRATION_BUNDLE_NAME)) {
                String subServiceName = mapping.getSubServiceName();
                if (this.serviceUserMapper.getServicePrincipalNames(bundle, subServiceName) == null) {
                    LOG.info("Could not find the service user '{}'", subServiceName);
                } else {
                    Iterator it = this.serviceUserMapper.getServicePrincipalNames(bundle, subServiceName).iterator();
                    while (it.hasNext()) {
                        if (str.equals((String) it.next())) {
                            return subServiceName;
                        }
                    }
                }
            }
        }
        return null;
    }

    private String getJwtClaims(Integration integration) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("exp", System.currentTimeMillis() + 30000);
            jSONObject.put("iss", integration.getTechnicalAccount().getOrg());
            jSONObject.put("sub", integration.getTechnicalAccount().getId());
            for (String str : integration.getMetascopes()) {
                jSONObject.put(integration.getImsEndpoint() + "/s/" + str, true);
            }
            jSONObject.put("aud", integration.getImsEndpoint() + "/c/" + integration.getTechnicalAccount().getClientId());
        } catch (JSONException e) {
            LOG.error("Failed to create jwtClaims from integration '{}'", integration.toString(), e);
        }
        return jSONObject.toString();
    }
}
