package com.adobe.granite.ims.yamlloader;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/ims/yamlloader/IMSConfiguration.class */
public class IMSConfiguration {
    public static final String ACCESS_TOKEN_PROVIDER_FACTORY_PID = "com.adobe.granite.auth.oauth.accesstoken.provider";
    public static final String ACCESS_TOKEN_PROVIDER_NAME = "name";
    public static final String ACCESS_TOKEN_PROVIDER_TITLE = "auth.token.provider.title";
    public static final String ACCESS_TOKEN_PROVIDER_CLAIMS = "auth.token.provider.default.claims";
    public static final String ACCESS_TOKEN_PROVIDER_END_POINT = "auth.token.provider.endpoint";
    public static final String ACCESS_TOKEN_PROVIDER_ACCESS_TOKEN_REQ_FORMAT = "auth.access.token.request";
    public static final String ACCESS_TOKEN_PROVIDER_KEYPAIR_ALIAS = "auth.token.provider.keypair.alias";
    public static final String ACCESS_TOKEN_PROVIDER_CLIENT_ID = "auth.token.provider.client.id";
    public static final String ACCESS_TOKEN_PROVIDER_TOKEN_REQUEST_CUSTOMIZER_TYPE = "token.request.customizer.type";
    public static final String ACCESS_TOKEN_PROVIDER_TOKEN_VALIDATOR_TYPE = "auth.token.validator.type";
    public static final String ACCESS_TOKEN_PROVIDER_RELAXED_SSL = "auth.token.provider.relaxed.ssl";
    public static final String TOKEN_CUSTOMIZER_FACTORY_PID = "com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl";
    public static final String TOKEN_VALIDATOR_FACTORY_PID = "com.adobe.granite.auth.ims.impl.IMSTokenValidatorImpl";
    public static final String TOKEN_CUSTOMIZER_CLIENT_SECRET = "auth.ims.client.secret";
    public static final String TOKEN_REQUEST_CUSTOMIZER_TYPE = "token.request.customizer.type";
    public static final String TOKEN_VALIDATOR_TYPE = "auth.token.validator.type";
    public static final String TOKEN_EXCHANGE_API_SUFFIX = "/ims/exchange/jwt";
    public static final String PREFIX = "imsconsole-";
    private static final Logger log = LoggerFactory.getLogger(IMSConfiguration.class);
    private String providerPid;
    private String customizerPid;
    private String validatorPid;
    private Map<String, String> properties;
    private String customizerID;
    private String validatorID;
    private String userId;
    private ConfigurationAdmin configurationAdmin;
    private CryptoSupport cryptoSupport;
    private String name = "";
    private boolean forceLegacy = false;

    public IMSConfiguration(ConfigurationAdmin configurationAdmin, CryptoSupport cryptoSupport) {
        this.configurationAdmin = configurationAdmin;
        this.cryptoSupport = cryptoSupport;
    }

    public boolean isLegacy() {
        return this.customizerID.startsWith(TOKEN_CUSTOMIZER_FACTORY_PID) && this.validatorID.startsWith(TOKEN_VALIDATOR_FACTORY_PID);
    }

    @Nonnull
    public String getId() {
        return this.providerPid;
    }

    @Nonnull
    public String getName() {
        return PropertiesUtil.toString(this.properties.get("name"), this.name);
    }

    @Nonnull
    public String getTitle() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_TITLE), "");
    }

    @Nonnull
    public String getCertAlias() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_KEYPAIR_ALIAS), "");
    }

    @Nonnull
    public String getClientId() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_API_KEY), "");
    }

    @Nonnull
    public String getCloudServiceName() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_CLOUD_SERVICE_NAME), "");
    }

    @Nonnull
    public String getClaims() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_JWT_CLAIMS), "");
    }

    @Nonnull
    public String getClientSecret() {
        return PropertiesUtil.toString(this.properties.get(Utils.KEY_IMS_CLIENT_SECRET), "");
    }

    @Nonnull
    public static IMSConfiguration create(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull Map<String, String> map, String str) throws IOException, CryptoException, JSONException, InvalidSyntaxException {
        IMSConfiguration iMSConfiguration = new IMSConfiguration(configurationAdmin, cryptoSupport);
        try {
            iMSConfiguration.userId = str;
            iMSConfiguration.create(map);
            return iMSConfiguration;
        } catch (InvalidSyntaxException | CryptoException | JSONException | IOException e) {
            iMSConfiguration.delete();
            throw e;
        }
    }

    public static void update(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull String str, @Nonnull Map<String, String> map, String str2) throws IOException, InvalidSyntaxException, CryptoException, JSONException {
        IMSConfiguration iMSConfiguration = get(configurationAdmin, cryptoSupport, str);
        log.info("existing config name {} and id {}, to overwrite", iMSConfiguration.getTitle(), iMSConfiguration.getName());
        try {
            iMSConfiguration.userId = str2;
            iMSConfiguration.update(map);
        } catch (InvalidSyntaxException | CryptoException | JSONException | IOException e) {
            iMSConfiguration.restore();
            throw e;
        }
    }

    @Nonnull
    public static IMSConfiguration get(@Nonnull ConfigurationAdmin configurationAdmin, @Nonnull CryptoSupport cryptoSupport, @Nonnull String str) throws IOException, InvalidSyntaxException {
        IMSConfiguration iMSConfiguration = new IMSConfiguration(configurationAdmin, cryptoSupport);
        iMSConfiguration.get(str);
        return iMSConfiguration;
    }

    private void create(@Nonnull Map<String, String> map) throws InvalidSyntaxException, CryptoException, JSONException, IOException {
        update(map);
    }

    private void get(@Nonnull String str) throws IOException, InvalidSyntaxException {
        JSONObject claimsAsJson;
        this.providerPid = str;
        Dictionary<String, ?> properties = getProperties(this.providerPid);
        this.customizerID = PropertiesUtil.toString(properties.get("token.request.customizer.type"), "");
        this.validatorID = PropertiesUtil.toString(properties.get("auth.token.validator.type"), "");
        if (isLegacy()) {
            this.customizerPid = this.customizerID;
            this.validatorPid = this.validatorID;
        } else {
            this.customizerPid = getCustomizerPid(this.customizerID);
            this.validatorPid = getValidatorPid(this.validatorID);
        }
        this.properties = new HashMap();
        this.properties.put(Utils.KEY_IMS_TITLE, PropertiesUtil.toString(properties.get(ACCESS_TOKEN_PROVIDER_TITLE), ""));
        this.properties.put(Utils.KEY_IMS_API_KEY, PropertiesUtil.toString(properties.get(ACCESS_TOKEN_PROVIDER_CLIENT_ID), ""));
        this.properties.put(Utils.KEY_IMS_AUTH_SERVER_URL, PropertiesUtil.toString(properties.get(ACCESS_TOKEN_PROVIDER_END_POINT), ""));
        this.properties.put(Utils.KEY_IMS_KEYPAIR_ALIAS, PropertiesUtil.toString(properties.get(ACCESS_TOKEN_PROVIDER_KEYPAIR_ALIAS), ""));
        String propertiesUtil = PropertiesUtil.toString(properties.get("name"), "");
        this.properties.put("name", propertiesUtil);
        Matcher matcher = Pattern.compile("([^(]+)").matcher(propertiesUtil);
        if (matcher.find()) {
            this.properties.put(Utils.KEY_IMS_CLOUD_SERVICE_NAME, matcher.group(1));
        }
        try {
            String[] stringArray = PropertiesUtil.toStringArray(properties.get(ACCESS_TOKEN_PROVIDER_CLAIMS));
            if (stringArray != null && (claimsAsJson = Utils.claimsAsJson(stringArray)) != null) {
                this.properties.put(Utils.KEY_IMS_JWT_CLAIMS, claimsAsJson.toString(4));
            }
            Dictionary<String, ?> properties2 = getProperties(this.customizerPid);
            if (properties2 != null) {
                this.properties.put(Utils.KEY_IMS_CLIENT_SECRET, PropertiesUtil.toString(properties2.get(TOKEN_CUSTOMIZER_CLIENT_SECRET), ""));
            }
        } catch (JSONException e) {
            throw new InvalidObjectException("Invalid JWT claims!");
        }
    }

    private void delete() throws IOException {
        deleteConfigByPid(this.customizerPid);
        deleteConfigByPid(this.validatorPid);
        deleteConfigByPid(this.providerPid);
    }

    private void update(@Nonnull Map<String, String> map) throws IOException, CryptoException, JSONException, InvalidSyntaxException {
        this.forceLegacy = PropertiesUtil.toBoolean(map.get("forceLegacy"), false);
        updateAccessTokenValidator();
        updateAccessTokenRequestCustomizer(map);
        updateAccessTokenProvider(map);
        this.forceLegacy = false;
        this.properties = map;
    }

    private void restore() throws IOException, CryptoException, JSONException, InvalidSyntaxException {
        updateAccessTokenRequestCustomizer(this.properties);
        updateAccessTokenProvider(this.properties);
    }

    private Configuration getAccessTokenValidatorConfig() throws IOException {
        if (this.validatorPid != null) {
            return this.configurationAdmin.getConfiguration(this.validatorPid, (String) null);
        }
        try {
            Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.ims.impl.IMSTokenValidatorImpl)(auth.token.validator.type=imsconsole-" + this.userId + "))");
            if (listConfigurations == null || listConfigurations.length <= 0) {
                return null;
            }
            return listConfigurations[0];
        } catch (InvalidSyntaxException e) {
            log.error("Failed to search for token validator for " + this.userId, e);
            return null;
        }
    }

    private void updateAccessTokenValidator() throws IOException {
        String str;
        Configuration accessTokenValidatorConfig = getAccessTokenValidatorConfig();
        if (accessTokenValidatorConfig == null || accessTokenValidatorConfig.getProperties() == null || accessTokenValidatorConfig.getProperties().get("auth.token.validator.type") == null) {
            accessTokenValidatorConfig = this.configurationAdmin.createFactoryConfiguration(TOKEN_VALIDATOR_FACTORY_PID, (String) null);
            Dictionary hashtable = (this.validatorPid == null || accessTokenValidatorConfig.getProperties() == null) ? new Hashtable() : accessTokenValidatorConfig.getProperties();
            str = PREFIX + UUID.randomUUID().toString();
            hashtable.put("auth.token.validator.type", this.forceLegacy ? accessTokenValidatorConfig.getPid() : str);
            accessTokenValidatorConfig.update(hashtable);
        } else {
            str = (String) accessTokenValidatorConfig.getProperties().get("auth.token.validator.type");
        }
        this.validatorPid = accessTokenValidatorConfig.getPid();
        this.validatorID = this.forceLegacy ? this.validatorPid : str;
    }

    private void updateAccessTokenProvider(@Nonnull Map<String, String> map) throws JSONException, IOException, InvalidSyntaxException {
        Configuration createFactoryConfiguration = this.providerPid == null ? this.configurationAdmin.createFactoryConfiguration(ACCESS_TOKEN_PROVIDER_FACTORY_PID, (String) null) : this.configurationAdmin.getConfiguration(this.providerPid, (String) null);
        Dictionary hashtable = this.providerPid == null ? new Hashtable() : createFactoryConfiguration.getProperties();
        String str = map.get(Utils.KEY_IMS_AUTH_SERVER_URL);
        hashtable.put(ACCESS_TOKEN_PROVIDER_TITLE, map.get(Utils.KEY_IMS_TITLE));
        hashtable.put(ACCESS_TOKEN_PROVIDER_CLIENT_ID, map.get(Utils.KEY_IMS_API_KEY));
        hashtable.put(ACCESS_TOKEN_PROVIDER_END_POINT, str);
        hashtable.put(ACCESS_TOKEN_PROVIDER_ACCESS_TOKEN_REQ_FORMAT, str + TOKEN_EXCHANGE_API_SUFFIX);
        hashtable.put(ACCESS_TOKEN_PROVIDER_CLAIMS, Utils.getJwtClaims(map.get(Utils.KEY_IMS_JWT_CLAIMS)));
        hashtable.put("token.request.customizer.type", this.customizerID);
        String str2 = map.get(Utils.KEY_IMS_CLOUD_SERVICE_NAME);
        String propertiesUtil = PropertiesUtil.toString(hashtable.get("name"), "");
        if (this.providerPid == null || !propertiesUtil.startsWith(str2)) {
            this.name = generateNameFromContext(str2);
            log.info("New IMS name for {} is {}", map.get(Utils.KEY_IMS_TITLE), this.name);
            hashtable.put("name", this.name);
        }
        String str3 = map.get(Utils.KEY_IMS_KEYPAIR_ALIAS);
        if (StringUtils.isNotEmpty(str3)) {
            hashtable.put(ACCESS_TOKEN_PROVIDER_KEYPAIR_ALIAS, str3);
        }
        if ("true".equals(map.get(Utils.KEY_IMS_RELAXED_SSL))) {
            hashtable.put(ACCESS_TOKEN_PROVIDER_RELAXED_SSL, true);
        }
        if (this.validatorPid != null) {
            hashtable.put("auth.token.validator.type", this.validatorID);
        }
        createFactoryConfiguration.update(hashtable);
        this.providerPid = createFactoryConfiguration.getPid();
    }

    private void updateAccessTokenRequestCustomizer(@Nonnull Map<String, String> map) throws IOException, CryptoException {
        Configuration createFactoryConfiguration = this.customizerPid == null ? this.configurationAdmin.createFactoryConfiguration(TOKEN_CUSTOMIZER_FACTORY_PID, (String) null) : this.configurationAdmin.getConfiguration(this.customizerPid, (String) null);
        String str = map.get(Utils.KEY_IMS_CLIENT_SECRET);
        if (str != null) {
            Dictionary hashtable = (this.customizerPid == null || createFactoryConfiguration.getProperties() == null) ? new Hashtable() : createFactoryConfiguration.getProperties();
            String str2 = PREFIX + UUID.randomUUID().toString();
            hashtable.put("customizer.type", this.forceLegacy ? createFactoryConfiguration.getPid() : str2);
            hashtable.put(TOKEN_CUSTOMIZER_CLIENT_SECRET, this.cryptoSupport.isProtected(str) ? str : this.cryptoSupport.protect(str));
            createFactoryConfiguration.update(hashtable);
            this.customizerID = this.forceLegacy ? createFactoryConfiguration.getPid() : str2;
        }
        this.customizerPid = createFactoryConfiguration.getPid();
    }

    private Dictionary<String, ?> getProperties(String str) throws IOException {
        if (str == null) {
            return null;
        }
        Configuration configuration = this.configurationAdmin.getConfiguration(str, (String) null);
        if (configuration == null) {
            throw new IOException("Could not get the OSGI configuration properties!");
        }
        return configuration.getProperties();
    }

    private void deleteConfigByPid(String str) throws IOException {
        Configuration configuration;
        if (str == null || (configuration = this.configurationAdmin.getConfiguration(str, (String) null)) == null) {
            return;
        }
        configuration.delete();
    }

    @Nonnull
    private String generateNameFromContext(@Nonnull String str) throws IOException, InvalidSyntaxException {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=" + str + "*))");
        if (listConfigurations == null || listConfigurations.length == 0) {
            return str;
        }
        HashSet hashSet = new HashSet();
        for (Configuration configuration : listConfigurations) {
            if (configuration != null && configuration.getProperties() != null && configuration.getProperties().get("name") != null) {
                hashSet.add(configuration.getProperties().get("name").toString());
            }
        }
        return !hashSet.contains(str) ? str : String.format("%s(%d)", str, Integer.valueOf(listConfigurations.length + 1));
    }

    @Nullable
    private String getCustomizerPid(@Nonnull String str) throws IOException, InvalidSyntaxException {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl)(customizer.type=" + str + "*))");
        if (listConfigurations == null || listConfigurations.length <= 0) {
            return null;
        }
        return listConfigurations[0].getPid();
    }

    @Nullable
    private String getValidatorPid(@Nonnull String str) throws IOException, InvalidSyntaxException {
        Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(&(service.factoryPid=com.adobe.granite.auth.ims.impl.IMSTokenValidatorImpl)(auth.token.validator.type=" + str + "*))");
        if (listConfigurations == null || listConfigurations.length <= 0) {
            return null;
        }
        return listConfigurations[0].getPid();
    }
}
