package org.mule.runtime.module.extension.internal.runtime.connectivity.oauth;

import java.lang.reflect.Field;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiConsumer;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.mule.runtime.api.exception.MuleException;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.lifecycle.Startable;
import org.mule.runtime.api.lifecycle.Stoppable;
import org.mule.runtime.api.message.Message;
import org.mule.runtime.api.util.LazyValue;
import org.mule.runtime.core.DefaultEventContext;
import org.mule.runtime.core.api.Event;
import org.mule.runtime.core.api.MuleContext;
import org.mule.runtime.core.api.construct.Flow;
import org.mule.runtime.core.api.lifecycle.LifecycleUtils;
import org.mule.runtime.core.api.store.ListableObjectStore;
import org.mule.runtime.core.api.util.Pair;
import org.mule.runtime.core.api.util.SystemUtils;
import org.mule.runtime.core.internal.util.LazyLookup;
import org.mule.runtime.core.util.store.LazyObjectStoreToMapAdapter;
import org.mule.runtime.dsl.api.component.config.DefaultComponentLocation;
import org.mule.runtime.extension.api.connectivity.oauth.AuthorizationCodeGrantType;
import org.mule.runtime.extension.api.connectivity.oauth.AuthorizationCodeState;
import org.mule.runtime.http.api.HttpService;
import org.mule.runtime.http.api.server.HttpServer;
import org.mule.runtime.http.api.server.ServerNotFoundException;
import org.mule.runtime.oauth.api.AuthorizationCodeOAuthDancer;
import org.mule.runtime.oauth.api.AuthorizationCodeRequest;
import org.mule.runtime.oauth.api.OAuthService;
import org.mule.runtime.oauth.api.builder.AuthorizationCodeDanceCallbackContext;
import org.mule.runtime.oauth.api.builder.OAuthAuthorizationCodeDancerBuilder;
import org.mule.runtime.oauth.api.state.ResourceOwnerOAuthContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mule/runtime/module/extension/internal/runtime/connectivity/oauth/DefaultExtensionsOAuthManager.class */
public class DefaultExtensionsOAuthManager implements Initialisable, Startable, Stoppable, ExtensionsOAuthManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultExtensionsOAuthManager.class);
    private static final String DANCE_CALLBACK_EVENT_KEY = "event";

    @Inject
    private MuleContext muleContext;
    private LazyValue<HttpService> httpService;
    private LazyValue<OAuthService> oauthService;
    private final Map<String, AuthorizationCodeOAuthDancer> dancers = new ConcurrentHashMap();
    private boolean started = false;

    public void initialise() throws InitialisationException {
        this.httpService = new LazyLookup(HttpService.class, this.muleContext);
        this.oauthService = new LazyLookup(OAuthService.class, this.muleContext);
    }

    public void start() throws MuleException {
        Iterator<AuthorizationCodeOAuthDancer> it = this.dancers.values().iterator();
        while (it.hasNext()) {
            start(it.next());
        }
        this.started = true;
    }

    @Override // org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.ExtensionsOAuthManager
    public void register(OAuthConfig oAuthConfig) throws MuleException {
        this.dancers.computeIfAbsent(oAuthConfig.getOwnerConfigName(), str -> {
            return createDancer(oAuthConfig);
        });
    }

    @Override // org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.ExtensionsOAuthManager
    public void invalidate(String str, String str2) {
        AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = this.dancers.get(str);
        if (authorizationCodeOAuthDancer == null) {
            return;
        }
        authorizationCodeOAuthDancer.invalidateContext(str2);
    }

    private void disable(String str, AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer) {
        try {
            try {
                LifecycleUtils.stopIfNeeded(authorizationCodeOAuthDancer);
                LifecycleUtils.disposeIfNeeded(authorizationCodeOAuthDancer, LOGGER);
            } catch (Exception e) {
                LOGGER.warn("Found exception trying to Stop OAuth dancer for config " + str, e);
                LifecycleUtils.disposeIfNeeded(authorizationCodeOAuthDancer, LOGGER);
            }
        } catch (Throwable th) {
            LifecycleUtils.disposeIfNeeded(authorizationCodeOAuthDancer, LOGGER);
            throw th;
        }
    }

    public void stop() throws MuleException {
        this.dancers.forEach((str, authorizationCodeOAuthDancer) -> {
            try {
                disable(str, authorizationCodeOAuthDancer);
            } catch (Exception e) {
                LOGGER.warn("Found exception while trying to stop OAuth callback for config " + str, e);
            }
        });
        this.dancers.clear();
    }

    @Override // org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.ExtensionsOAuthManager
    public void refreshToken(String str, String str2, OAuthConnectionProviderWrapper oAuthConnectionProviderWrapper) {
        try {
            this.dancers.get(str).refreshToken(str2).get();
            oAuthConnectionProviderWrapper.updateAuthState();
        } catch (Exception e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Could not refresh token for resourceOwnerId '%s' using config '%s'", str2, str)), e);
        }
    }

    @Override // org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.ExtensionsOAuthManager
    public Optional<ResourceOwnerOAuthContext> getOAuthContext(OAuthConfig oAuthConfig) {
        AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = this.dancers.get(oAuthConfig.getOwnerConfigName());
        if (authorizationCodeOAuthDancer == null) {
            return Optional.empty();
        }
        ResourceOwnerOAuthContext contextForResourceOwner = authorizationCodeOAuthDancer.getContextForResourceOwner(oAuthConfig.getAuthCodeConfig().getResourceOwnerId());
        return (contextForResourceOwner == null || contextForResourceOwner.getAccessToken() == null) ? Optional.empty() : Optional.of(contextForResourceOwner);
    }

    private AuthorizationCodeOAuthDancer createDancer(OAuthConfig oAuthConfig) throws MuleException {
        OAuthAuthorizationCodeDancerBuilder authorizationCodeGrantTypeDancerBuilder = ((OAuthService) this.oauthService.get()).authorizationCodeGrantTypeDancerBuilder(str -> {
            return this.muleContext.getLockFactory().createLock(str);
        }, new LazyObjectStoreToMapAdapter(getObjectStoreSupplier(oAuthConfig)), this.muleContext.getExpressionManager());
        AuthCodeConfig authCodeConfig = oAuthConfig.getAuthCodeConfig();
        AuthorizationCodeGrantType grantType = oAuthConfig.getGrantType();
        OAuthCallbackConfig callbackConfig = oAuthConfig.getCallbackConfig();
        authorizationCodeGrantTypeDancerBuilder.encoding(SystemUtils.getDefaultEncoding(this.muleContext)).clientCredentials(authCodeConfig.getConsumerKey(), authCodeConfig.getConsumerSecret()).tokenUrl(authCodeConfig.getAccessTokenUrl()).responseExpiresInExpr(grantType.getExpirationRegex()).responseRefreshTokenExpr(grantType.getRefreshTokenExpr()).responseAccessTokenExpr(grantType.getAccessTokenExpr()).resourceOwnerIdTransformer(str2 -> {
            return str2 + "-" + oAuthConfig.getOwnerConfigName();
        });
        String orElseGet = authCodeConfig.getScope().orElseGet(() -> {
            return (String) grantType.getDefaultScope().orElse(null);
        });
        if (orElseGet != null) {
            authorizationCodeGrantTypeDancerBuilder.scopes(orElseGet);
        }
        try {
            HttpServer lookup = ((HttpService) this.httpService.get()).getServerFactory().lookup(callbackConfig.getListenerConfig());
            authorizationCodeGrantTypeDancerBuilder.localCallback(lookup, callbackConfig.getCallbackPath()).externalCallbackUrl(getExternalCallback(lookup, callbackConfig)).authorizationUrl(authCodeConfig.getAuthorizationUrl()).localAuthorizationUrlPath(callbackConfig.getLocalAuthorizePath()).localAuthorizationUrlResourceOwnerId("#[if (attributes.queryParams.resourceOwnerId != null) attributes.queryParams.resourceOwnerId else '']").state("#[if (attributes.queryParams.state != null) attributes.queryParams.state else '']").customParameters(oAuthConfig.getCustomParameters()).customParametersExtractorsExprs(getParameterExtractors(oAuthConfig));
            Pair<Optional<Flow>, Optional<Flow>> listenerFlows = getListenerFlows(oAuthConfig);
            ((Optional) listenerFlows.getFirst()).ifPresent(flow -> {
                authorizationCodeGrantTypeDancerBuilder.beforeDanceCallback(beforeCallback(oAuthConfig, flow));
            });
            ((Optional) listenerFlows.getSecond()).ifPresent(flow2 -> {
                authorizationCodeGrantTypeDancerBuilder.afterDanceCallback(afterCallback(oAuthConfig, flow2));
            });
            AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = (AuthorizationCodeOAuthDancer) authorizationCodeGrantTypeDancerBuilder.build();
            if (this.started) {
                start(authorizationCodeOAuthDancer);
            }
            return authorizationCodeOAuthDancer;
        } catch (ServerNotFoundException e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Connector '%s' defines '%s' as the http:listener-config to use for provisioning callbacks, but no such definition exists in the application configuration", oAuthConfig.getOwnerConfigName(), callbackConfig.getListenerConfig())), e);
        }
    }

    private String getExternalCallback(HttpServer httpServer, OAuthCallbackConfig oAuthCallbackConfig) {
        return oAuthCallbackConfig.getExternalCallbackUrl().orElseGet(() -> {
            try {
                return new URL(httpServer.getProtocol().getScheme(), httpServer.getServerAddress().getIp(), httpServer.getServerAddress().getPort(), oAuthCallbackConfig.getCallbackPath()).toExternalForm();
            } catch (MalformedURLException e) {
                throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Could not derive a external callback url from <http:listener-config> '%s'", oAuthCallbackConfig.getListenerConfig())), e);
            }
        });
    }

    private void start(AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer) throws MuleException {
        LifecycleUtils.initialiseIfNeeded(authorizationCodeOAuthDancer, this.muleContext);
        LifecycleUtils.startIfNeeded(authorizationCodeOAuthDancer);
    }

    private Supplier<ListableObjectStore> getObjectStoreSupplier(OAuthConfig oAuthConfig) {
        String str = (String) oAuthConfig.getStoreConfig().map((v0) -> {
            return v0.getObjectStoreName();
        }).orElse("_defaultUserObjectStore");
        return () -> {
            ListableObjectStore objectStore = this.muleContext.getObjectStoreManager().getObjectStore(str);
            if (objectStore instanceof ListableObjectStore) {
                return objectStore;
            }
            throw new IllegalArgumentException(String.format("ObjectStore '%s' is not suitable for use in config '%s'. A %s is required", str, oAuthConfig.getOwnerConfigName(), ListableObjectStore.class.getSimpleName()));
        };
    }

    private URL url(String str, int i, String str2) {
        try {
            return new URL("http", str, i, str2);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(Arrays.asList(str, Integer.valueOf(i), str2) + " do not constitute a valid URL", e);
        }
    }

    private Map<String, String> getParameterExtractors(OAuthConfig oAuthConfig) {
        return (Map) oAuthConfig.getParameterExtractors().entrySet().stream().collect(Collectors.toMap(entry -> {
            return ((Field) entry.getKey()).getName();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    private Pair<Optional<Flow>, Optional<Flow>> getListenerFlows(OAuthConfig oAuthConfig) {
        AuthCodeConfig authCodeConfig = oAuthConfig.getAuthCodeConfig();
        try {
            return new Pair<>(lookupFlow(authCodeConfig.getBefore()), lookupFlow(authCodeConfig.getAfter()));
        } catch (Exception e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage("Could not obtain 'before' and 'after' OAuth flows defined by config " + oAuthConfig.getOwnerConfigName(), new Object[]{e}));
        }
    }

    private Optional<Flow> lookupFlow(Optional<String> optional) {
        return optional.map(this::lookupFlow);
    }

    private Flow lookupFlow(String str) {
        try {
            Flow lookupFlowConstruct = this.muleContext.getRegistry().lookupFlowConstruct(str);
            if (lookupFlowConstruct == null) {
                throw new IllegalArgumentException("Flow " + str + " doesn't exist");
            }
            return lookupFlowConstruct;
        } catch (Exception e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage("Could not obtain flow " + str, new Object[]{e}));
        }
    }

    private Function<AuthorizationCodeRequest, AuthorizationCodeDanceCallbackContext> beforeCallback(OAuthConfig oAuthConfig, Flow flow) {
        return authorizationCodeRequest -> {
            Event runFlow = runFlow(flow, createEvent(new ImmutableAuthCodeRequest(authorizationCodeRequest.getResourceOwnerId(), authorizationCodeRequest.getScopes(), (String) authorizationCodeRequest.getState().orElse(null), oAuthConfig.getCallbackConfig().getExternalCallbackUrl()), oAuthConfig, flow), oAuthConfig, "before");
            return str -> {
                return DANCE_CALLBACK_EVENT_KEY.equals(str) ? Optional.of(runFlow) : Optional.empty();
            };
        };
    }

    private BiConsumer<AuthorizationCodeDanceCallbackContext, ResourceOwnerOAuthContext> afterCallback(OAuthConfig oAuthConfig, Flow flow) {
        return (authorizationCodeDanceCallbackContext, resourceOwnerOAuthContext) -> {
            AuthorizationCodeState authorizationCodeState = ExtensionsOAuthUtils.toAuthorizationCodeState(oAuthConfig, resourceOwnerOAuthContext);
            runFlow(flow, Event.builder((Event) authorizationCodeDanceCallbackContext.getParameter(DANCE_CALLBACK_EVENT_KEY).orElseGet(() -> {
                return createEvent(authorizationCodeState, oAuthConfig, flow);
            })).message(Message.builder().payload(authorizationCodeState).build()).build(), oAuthConfig, "after");
        };
    }

    private Event createEvent(Object obj, OAuthConfig oAuthConfig, Flow flow) {
        return Event.builder(DefaultEventContext.create(flow, DefaultComponentLocation.fromSingleComponent(oAuthConfig.getOwnerConfigName()))).message(Message.builder().payload(obj).build()).build();
    }

    private Event runFlow(Flow flow, Event event, OAuthConfig oAuthConfig, String str) {
        try {
            return flow.process(event);
        } catch (MuleException e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Error found while execution flow '%s' which is configured in the '%s' parameter of the '%s' config", flow.getName(), str, oAuthConfig.getOwnerConfigName()), new Object[]{e}));
        }
    }
}
