package com.liferay.portal.security.sso.openid.connect.internal.configuration.instance.lifecycle;

import com.liferay.oauth.client.persistence.constants.OAuthClientEntryConstants;
import com.liferay.oauth.client.persistence.model.OAuthClientASLocalMetadata;
import com.liferay.oauth.client.persistence.model.OAuthClientEntry;
import com.liferay.oauth.client.persistence.service.OAuthClientASLocalMetadataLocalService;
import com.liferay.oauth.client.persistence.service.OAuthClientEntryLocalService;
import com.liferay.petra.lang.SafeCloseable;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.instance.lifecycle.BasePortalInstanceLifecycleListener;
import com.liferay.portal.instance.lifecycle.EveryNodeEveryStartup;
import com.liferay.portal.instance.lifecycle.PortalInstanceLifecycleListener;
import com.liferay.portal.kernel.cluster.ClusterMasterExecutor;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.json.JSONArray;
import com.liferay.portal.kernel.json.JSONFactory;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.json.JSONUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.openid.connect.internal.util.OpenIdConnectProviderUtil;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest;
import java.net.URI;
import java.security.MessageDigest;
import java.util.Dictionary;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ManagedServiceFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Deprecated
@Component(service = {PortalInstanceLifecycleListener.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/configuration/instance/lifecycle/OpenIdConnectProviderPortalInstanceLifecycleListener.class */
public class OpenIdConnectProviderPortalInstanceLifecycleListener extends BasePortalInstanceLifecycleListener implements EveryNodeEveryStartup {
    private static final String _CLIENT_TO = "Client to ";
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectProviderPortalInstanceLifecycleListener.class);

    @Reference
    private ClusterMasterExecutor _clusterMasterExecutor;

    @Reference
    private CompanyLocalService _companyLocalService;

    @Reference
    private JSONFactory _jsonFactory;

    @Reference
    private OAuthClientASLocalMetadataLocalService _oAuthClientASLocalMetadataLocalService;

    @Reference
    private OAuthClientEntryLocalService _oAuthClientEntryLocalService;
    private final Map<String, Dictionary<String, ?>> _properties = new ConcurrentHashMap();
    private ServiceRegistration<ManagedServiceFactory> _serviceRegistration;

    @Reference
    private UserLocalService _userLocalService;

    /* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/configuration/instance/lifecycle/OpenIdConnectProviderPortalInstanceLifecycleListener$OpenIdConnectProviderManagedServiceFactory.class */
    private class OpenIdConnectProviderManagedServiceFactory implements ManagedServiceFactory {
        private OpenIdConnectProviderManagedServiceFactory() {
        }

        public void deleted(String str) {
            Dictionary dictionary = (Dictionary) OpenIdConnectProviderPortalInstanceLifecycleListener.this._properties.remove(str);
            long j = GetterUtil.getLong(dictionary.get("companyId"));
            if (j == 0) {
                OpenIdConnectProviderPortalInstanceLifecycleListener.this._deleteOAuthClientEntries(dictionary);
                return;
            }
            SafeCloseable withSafeCloseable = CompanyThreadLocal.setWithSafeCloseable(Long.valueOf(j));
            Throwable th = null;
            try {
                try {
                    OpenIdConnectProviderPortalInstanceLifecycleListener.this._deleteOAuthClientEntry(j, dictionary);
                    if (withSafeCloseable != null) {
                        if (0 == 0) {
                            withSafeCloseable.close();
                            return;
                        }
                        try {
                            withSafeCloseable.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (withSafeCloseable != null) {
                    if (th != null) {
                        try {
                            withSafeCloseable.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        withSafeCloseable.close();
                    }
                }
                throw th4;
            }
        }

        public String getName() {
            return "OpenId Connect Provider Managed Service Factory";
        }

        public void updated(String str, Dictionary<String, ?> dictionary) {
            long j = GetterUtil.getLong(dictionary.get("companyId"));
            Dictionary dictionary2 = (Dictionary) OpenIdConnectProviderPortalInstanceLifecycleListener.this._properties.put(str, dictionary);
            if (j == 0) {
                try {
                    OpenIdConnectProviderPortalInstanceLifecycleListener.this._companyLocalService.forEachCompanyId(l -> {
                        OpenIdConnectProviderPortalInstanceLifecycleListener.this._updateOAuthClientEntry(l.longValue(), dictionary2, dictionary);
                    });
                    return;
                } catch (Exception e) {
                    if (OpenIdConnectProviderPortalInstanceLifecycleListener._log.isDebugEnabled()) {
                        OpenIdConnectProviderPortalInstanceLifecycleListener._log.debug(e);
                        return;
                    }
                    return;
                }
            }
            SafeCloseable withSafeCloseable = CompanyThreadLocal.setWithSafeCloseable(Long.valueOf(j));
            Throwable th = null;
            try {
                try {
                    OpenIdConnectProviderPortalInstanceLifecycleListener.this._updateOAuthClientEntry(j, dictionary2, dictionary);
                    if (withSafeCloseable != null) {
                        if (0 == 0) {
                            withSafeCloseable.close();
                            return;
                        }
                        try {
                            withSafeCloseable.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (withSafeCloseable != null) {
                    if (th != null) {
                        try {
                            withSafeCloseable.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        withSafeCloseable.close();
                    }
                }
                throw th4;
            }
        }
    }

    public void portalInstanceRegistered(Company company) throws Exception {
        if (this._clusterMasterExecutor.isMaster()) {
            this._properties.forEach((str, dictionary) -> {
                if (GetterUtil.getLong(dictionary.get("companyId")) == 0) {
                    _updateOAuthClientEntry(company.getCompanyId(), null, dictionary);
                }
            });
        }
    }

    @Activate
    protected void activate(BundleContext bundleContext, Map<String, Object> map) {
        this._serviceRegistration = bundleContext.registerService(ManagedServiceFactory.class, new OpenIdConnectProviderManagedServiceFactory(), MapUtil.singletonDictionary("service.pid", "com.liferay.portal.security.sso.openid.connect.internal.configuration.OpenIdConnectProviderConfiguration"));
    }

    @Deactivate
    protected void deactivate() {
        this._serviceRegistration.unregister();
    }

    private void _addOAuthClientEntry(Dictionary<String, ?> dictionary, long j) throws Exception {
        this._oAuthClientEntryLocalService.addOAuthClientEntry(j, _generateAuthRequestParametersJSON(dictionary), _updateOAuthClientASLocalMetadata(j, dictionary), _generateInfoJSON(dictionary), OAuthClientEntryConstants.OIDC_USER_INFO_MAPPER_JSON, _generateTokenRequestParametersJSON(dictionary));
    }

    private String _deleteOAuthClientASLocalMetadata(Dictionary<String, ?> dictionary) throws Exception {
        String _getPropertyAsString = _getPropertyAsString("discoveryEndPoint", dictionary);
        if (Validator.isNotNull(_getPropertyAsString)) {
            return _getPropertyAsString;
        }
        String _generateLocalWellKnownURI = _generateLocalWellKnownURI(_getPropertyAsString("issuerURL", dictionary), _getPropertyAsString("tokenEndPoint", dictionary));
        this._oAuthClientASLocalMetadataLocalService.deleteOAuthClientASLocalMetadata(_generateLocalWellKnownURI);
        return _generateLocalWellKnownURI;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void _deleteOAuthClientEntries(Dictionary<String, ?> dictionary) {
        try {
            this._companyLocalService.forEachCompanyId(l -> {
                _deleteOAuthClientEntry(l.longValue(), dictionary);
            });
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void _deleteOAuthClientEntry(long j, Dictionary<String, ?> dictionary) {
        OpenIdConnectProviderUtil.removeOAuthClientEntryIdsByCompanyId(j);
        try {
            this._oAuthClientEntryLocalService.deleteOAuthClientEntry(j, _deleteOAuthClientASLocalMetadata(dictionary), _getPropertyAsString("openIdConnectClientId", dictionary));
        } catch (Exception e) {
            if (_log.isWarnEnabled()) {
                _log.warn(e);
            }
        }
    }

    private String _generateAuthRequestParametersJSON(Dictionary<String, ?> dictionary) {
        return _generateRequestParametersJSONObject("customAuthorizationRequestParameters", dictionary).put("response_type", "code").toString();
    }

    private String _generateClientName(Dictionary<String, ?> dictionary) {
        String _getPropertyAsString = _getPropertyAsString("providerName", dictionary);
        if (Validator.isNull(_getPropertyAsString)) {
            return null;
        }
        return _CLIENT_TO + _getPropertyAsString;
    }

    private String _generateInfoJSON(Dictionary<String, ?> dictionary) {
        return JSONUtil.put("client_id", _getPropertyAsString("openIdConnectClientId", dictionary)).put("client_name", _generateClientName(dictionary)).put("client_secret", _getPropertyAsString("openIdConnectClientSecret", dictionary)).put("grant_types", JSONUtil.putAll(new Object[]{"authorization_code", "refresh_token"})).put("id_token_signed_response_alg", _getPropertyAsString("registeredIdTokenSigningAlg", dictionary)).put("response_types", JSONUtil.put("code")).put("scope", _getPropertyAsString("scopes", dictionary)).toString();
    }

    private String _generateLocalWellKnownURI(String str, String str2) throws Exception {
        URI create = URI.create(str);
        return StringBundler.concat(new Object[]{create.getScheme(), "://", create.getAuthority(), OIDCProviderConfigurationRequest.OPENID_PROVIDER_WELL_KNOWN_PATH, create.getPath(), '/', Base64.encodeToURL(MessageDigest.getInstance("MD5").digest(str2.getBytes())), "/local"});
    }

    private String _generateMetadataJSON(Dictionary<String, ?> dictionary) {
        return JSONUtil.put("authorization_endpoint", _getPropertyAsString("authorizationEndPoint", dictionary)).put("id_token_signing_alg_values_supported", _getPropertyAsJSONArray("idTokenSigningAlgValues", dictionary)).put("issuer", _getPropertyAsString("issuerURL", dictionary)).put("jwks_uri", _getPropertyAsString("jwksURI", dictionary)).put("scopes_supported", _getPropertyAsJSONArray("scopes", dictionary)).put("subject_types_supported", _getPropertyAsJSONArray("subjectTypes", dictionary)).put("token_endpoint", _getPropertyAsString("tokenEndPoint", dictionary)).put("userinfo_endpoint", _getPropertyAsString("userInfoEndPoint", dictionary)).toString();
    }

    private JSONObject _generateRequestParametersJSONObject(String str, Dictionary<String, ?> dictionary) {
        JSONObject put = JSONUtil.put("scope", _getPropertyAsString("scopes", dictionary));
        String[] stringValues = GetterUtil.getStringValues(dictionary.get(str));
        if (stringValues.length < 1) {
            return put;
        }
        for (String str2 : stringValues) {
            String[] split = str2.split("=");
            if (split.length != 2) {
                if (_log.isDebugEnabled()) {
                    _log.debug("Parameter: " + str2 + " is not valid");
                }
            } else if (split[0].equals("resource")) {
                JSONArray jSONArray = put.getJSONArray(split[0]);
                if (jSONArray != null) {
                    for (String str3 : split[1].split(StringUtils.SPACE)) {
                        jSONArray.put(str3);
                    }
                } else {
                    put.put(split[0], JSONUtil.putAll(split[1].split(StringUtils.SPACE)));
                }
            } else {
                JSONObject jSONObject = put.getJSONObject("custom_request_parameters");
                if (jSONObject == null) {
                    jSONObject = this._jsonFactory.createJSONObject();
                    put.put("custom_request_parameters", jSONObject);
                }
                JSONArray jSONArray2 = jSONObject.getJSONArray(split[0]);
                if (jSONArray2 != null) {
                    for (String str4 : split[1].split(StringUtils.SPACE)) {
                        jSONArray2.put(str4);
                    }
                } else {
                    jSONObject.put(split[0], JSONUtil.putAll(split[1].split(StringUtils.SPACE)));
                }
            }
        }
        return put;
    }

    private String _generateTokenRequestParametersJSON(Dictionary<String, ?> dictionary) {
        return _generateRequestParametersJSONObject("customTokenRequestParameters", dictionary).put("grant_type", "authorization_code").toString();
    }

    private JSONArray _getPropertyAsJSONArray(String str, Dictionary<String, ?> dictionary) {
        if (dictionary.get(str) == null) {
            return null;
        }
        String[] split = str.equals("scopes") ? _getPropertyAsString("scopes", dictionary).split(StringUtils.SPACE) : GetterUtil.getStringValues(dictionary.get(str));
        if (split.length < 1) {
            return null;
        }
        return JSONUtil.putAll(split);
    }

    private String _getPropertyAsString(String str, Dictionary<String, ?> dictionary) {
        String str2 = (String) dictionary.get(str);
        if (str2 == null || str2.equals("")) {
            return null;
        }
        return str2;
    }

    private String _updateOAuthClientASLocalMetadata(long j, Dictionary<String, ?> dictionary) throws Exception {
        String _getPropertyAsString = _getPropertyAsString("discoveryEndPoint", dictionary);
        if (Validator.isNotNull(_getPropertyAsString)) {
            return _getPropertyAsString;
        }
        String _generateLocalWellKnownURI = _generateLocalWellKnownURI(_getPropertyAsString("issuerURL", dictionary), _getPropertyAsString("tokenEndPoint", dictionary));
        OAuthClientASLocalMetadata fetchOAuthClientASLocalMetadata = this._oAuthClientASLocalMetadataLocalService.fetchOAuthClientASLocalMetadata(_generateLocalWellKnownURI);
        if (fetchOAuthClientASLocalMetadata == null) {
            this._oAuthClientASLocalMetadataLocalService.addOAuthClientASLocalMetadata(j, _generateMetadataJSON(dictionary), "openid-configuration");
        } else {
            this._oAuthClientASLocalMetadataLocalService.updateOAuthClientASLocalMetadata(fetchOAuthClientASLocalMetadata.getOAuthClientASLocalMetadataId(), _generateMetadataJSON(dictionary), "openid-configuration");
        }
        return _generateLocalWellKnownURI;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void _updateOAuthClientEntry(long j, Dictionary<String, ?> dictionary, Dictionary<String, ?> dictionary2) {
        long j2 = 0;
        try {
            j2 = this._userLocalService.getGuestUserId(j);
        } catch (PortalException e) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to get guest user ID for company " + j, e);
            }
        }
        try {
            if (dictionary != null) {
                OAuthClientEntry fetchOAuthClientEntry = this._oAuthClientEntryLocalService.fetchOAuthClientEntry(j, _updateOAuthClientASLocalMetadata(j2, dictionary), _getPropertyAsString("openIdConnectClientId", dictionary));
                if (fetchOAuthClientEntry != null) {
                    this._oAuthClientEntryLocalService.updateOAuthClientEntry(fetchOAuthClientEntry.getOAuthClientEntryId(), _generateAuthRequestParametersJSON(dictionary2), _updateOAuthClientASLocalMetadata(j2, dictionary2), _generateInfoJSON(dictionary2), fetchOAuthClientEntry.getOIDCUserInfoMapperJSON(), _generateTokenRequestParametersJSON(dictionary2));
                } else {
                    _addOAuthClientEntry(dictionary2, j2);
                }
            } else {
                _addOAuthClientEntry(dictionary2, j2);
            }
            OpenIdConnectProviderUtil.removeOAuthClientEntryIdsByCompanyId(j);
        } catch (Exception e2) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to update OAuth client entry", e2);
            }
        }
    }
}
