package io.jans.as.server.par.ws.rs;

import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.persistence.model.Par;
import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
import io.jans.orm.PersistenceEntryManager;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/par/ws/rs/ParService.class */
public class ParService {

    @Inject
    private Logger log;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private PersistenceEntryManager entryManager;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    public static String toPersistenceId(String str) {
        return StringUtils.replace(str, "urn:ietf:params:oauth:request_uri:", "par:");
    }

    public static String toOutsideId(String str) {
        return StringUtils.replace(str, "par:", "urn:ietf:params:oauth:request_uri:");
    }

    public void persist(Par par) {
        setIdAndDnIfNeeded(par);
        this.entryManager.persist(par);
    }

    public Par getPar(String str) {
        return getParByDn(dn(str));
    }

    public Par getParByDn(String str) {
        try {
            return (Par) this.entryManager.find(Par.class, str);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return null;
        }
    }

    private void setIdAndDnIfNeeded(Par par) {
        if (StringUtils.isBlank(par.getId())) {
            par.setId("par:" + UUID.randomUUID().toString());
        }
        if (StringUtils.isBlank(par.getDn())) {
            par.setDn(dn(par.getId()));
        }
    }

    public String dn(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("PAR id is null or blank.");
        }
        return String.format("jansId=%s,%s", toPersistenceId(str), branchBaseDn());
    }

    public String branchBaseDn() {
        return this.staticConfiguration.getBaseDn().getPar();
    }

    public Par getParAndValidateForAuthorizationRequest(String str, String str2, String str3) {
        Par par = getPar(str);
        if (par == null) {
            this.log.debug("Failed to find PAR by request_uri (id): {}", str);
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, str2, "Failed to find par by request_uri")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
        if (StringUtils.isBlank(str3) || !str3.equals(par.getAttributes().getClientId())) {
            this.log.debug("client_id does not match to PAR's client_id (used during PAR registration). Reject request. PAR clientId: {}, request's clientId: {}", par.getAttributes().getClientId(), str3);
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, str2, "client_id does not match to PAR's client_id")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
        validate(par, str2);
        return par;
    }

    private void validate(Par par, String str) {
        Date date = new Date();
        if (par.isExpired(date)) {
            this.log.debug("PAR is expired, id: {}, exp: {}, now: {}", new Object[]{par.getId(), par.getExpirationDate(), date});
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST_URI, str, "PAR is expired")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
        try {
            JwtAuthorizationRequest.validateExp(Integer.valueOf((int) (par.getExpirationDate().getTime() / 1000)));
            JwtAuthorizationRequest.validateNbf(par.getAttributes().getNbf());
        } catch (InvalidJwtException e) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, str, "Failed to validate exp or nbf")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
    }
}
