package io.jans.as.server.service.external.context;

import io.jans.as.client.RegisterRequest;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.error.IErrorType;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.register.RegisterErrorResponseType;
import io.jans.as.model.util.CertUtils;
import io.jans.model.SimpleCustomProperty;
import io.jans.model.custom.script.conf.CustomScriptConfiguration;
import io.jans.service.cdi.util.CdiUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.core.Response;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/server/service/external/context/DynamicClientRegistrationContext.class */
public class DynamicClientRegistrationContext extends ExternalScriptContext {
    private static final Logger log = LoggerFactory.getLogger(DynamicClientRegistrationContext.class);
    private CustomScriptConfiguration script;
    private JSONObject registerRequestJson;
    private RegisterRequest registerRequest;
    private Jwt softwareStatement;
    private Jwt dcr;
    private Client client;
    private ErrorResponseFactory errorResponseFactory;
    private X509Certificate certificate;

    public DynamicClientRegistrationContext(HttpServletRequest httpServletRequest, JSONObject jSONObject, CustomScriptConfiguration customScriptConfiguration) {
        this(httpServletRequest, jSONObject, customScriptConfiguration, null);
    }

    public DynamicClientRegistrationContext(HttpServletRequest httpServletRequest, JSONObject jSONObject, CustomScriptConfiguration customScriptConfiguration, Client client) {
        super(httpServletRequest);
        this.script = customScriptConfiguration;
        this.registerRequestJson = jSONObject;
        this.client = client;
    }

    public Jwt getDcr() {
        return this.dcr;
    }

    public void setDcr(Jwt jwt) {
        this.dcr = jwt;
    }

    public Jwt getSoftwareStatement() {
        return this.softwareStatement;
    }

    public void setSoftwareStatement(Jwt jwt) {
        this.softwareStatement = jwt;
    }

    public CustomScriptConfiguration getScript() {
        return this.script;
    }

    public void setScript(CustomScriptConfiguration customScriptConfiguration) {
        this.script = customScriptConfiguration;
    }

    public JSONObject getRegisterRequestJson() {
        return this.registerRequestJson;
    }

    public void setRegisterRequestJson(JSONObject jSONObject) {
        this.registerRequestJson = jSONObject;
    }

    public RegisterRequest getRegisterRequest() {
        return this.registerRequest;
    }

    public void setRegisterRequest(RegisterRequest registerRequest) {
        this.registerRequest = registerRequest;
    }

    public Map<String, SimpleCustomProperty> getConfigurationAttibutes() {
        Map configurationAttributes = this.script.getConfigurationAttributes();
        if (this.httpRequest != null) {
            String header = this.httpRequest.getHeader("X-ClientCert");
            if (StringUtils.isNotBlank(header)) {
                SimpleCustomProperty simpleCustomProperty = new SimpleCustomProperty();
                simpleCustomProperty.setValue1(header);
                configurationAttributes.put("certProperty", simpleCustomProperty);
            }
        }
        return configurationAttributes != null ? new HashMap(configurationAttributes) : new HashMap();
    }

    public Client getClient() {
        return this.client;
    }

    public void setClient(Client client) {
        this.client = client;
    }

    public void validateSSA() {
        validateSSANotNull();
        validateSSARedirectUri();
        validateSoftwareId();
        validateCertSubjectHasCNAndOU();
        validateCNEqualsSoftwareId();
        validateOUEqualsOrgId();
        validateIssuer();
    }

    public void validateIssuer() {
        List dcrIssuers = ((AppConfiguration) CdiUtil.bean(AppConfiguration.class)).getDcrIssuers();
        if (dcrIssuers.isEmpty()) {
            return;
        }
        if (!dcrIssuers.contains(this.softwareStatement.getClaims().getClaimAsString("iss"))) {
            throwWebApplicationException("SSA Issuer is not allowed.", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        }
        if (dcrIssuers.contains(this.certificate.getIssuerX500Principal().getName())) {
            return;
        }
        throwWebApplicationException("Certificate Issuer is not allowed.", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
    }

    public void validateCertSubjectHasCNAndOU() {
        validateCNIsNotBlank();
        validateOUIsNotBlank();
    }

    public String validateOUIsNotBlank() {
        String attr = CertUtils.getAttr(this.certificate, BCStyle.OU);
        if (StringUtils.isBlank(attr)) {
            throwWebApplicationException("OU of certificate is not set.", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        }
        return attr;
    }

    public String validateCNIsNotBlank() {
        String attr = CertUtils.getAttr(this.certificate, BCStyle.CN);
        if (StringUtils.isBlank(attr)) {
            throwWebApplicationException("CN of certificate is not set.", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        }
        return attr;
    }

    public void throwWebApplicationException(String str, IErrorType iErrorType) {
        log.error(str);
        throwWebApplicationExceptionIfSet();
        throw createWebApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), this.errorResponseFactory.getErrorAsJson(iErrorType));
    }

    public void validateCNEqualsSoftwareId() {
        String validateCNIsNotBlank = validateCNIsNotBlank();
        String claimAsString = this.softwareStatement.getClaims().getClaimAsString("software_id");
        if (StringUtils.isBlank(claimAsString)) {
            throwWebApplicationException("softwareId is not set in SSA", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        } else {
            if (validateCNIsNotBlank.equals(claimAsString)) {
                return;
            }
            throwWebApplicationException("CN does not equals to softwareId in SSA. CN: " + validateCNIsNotBlank + ", softwareId: " + claimAsString, RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        }
    }

    public void validateOUEqualsOrgId() {
        String validateOUIsNotBlank = validateOUIsNotBlank();
        String claimAsString = this.softwareStatement.getClaims().getClaimAsString("org_id");
        if (StringUtils.isBlank(claimAsString)) {
            throwWebApplicationException("orgId is not set in SSA", RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        } else {
            if (validateOUIsNotBlank.equals(claimAsString)) {
                return;
            }
            throwWebApplicationException("OU does not equals to orgId in SSA. OU: " + validateOUIsNotBlank + ", orgId: " + claimAsString, RegisterErrorResponseType.INVALID_CLIENT_METADATA);
        }
    }

    public void validateSSARedirectUri() {
        validateSSARedirectUri("software_redirect_uris");
    }

    public void validateSSARedirectUri(String str) {
        if (this.softwareStatement.getClaims().hasClaim(str)) {
            List claimAsStringList = this.softwareStatement.getClaims().getClaimAsStringList(str);
            List redirectUris = this.registerRequest.getRedirectUris();
            if (claimAsStringList.containsAll(redirectUris)) {
                return;
            }
            throwWebApplicationException("SSA redirect_uris does not match redirect_uris of the request. SSA redirect_uris: " + claimAsStringList + ", request redirectUris: " + redirectUris, RegisterErrorResponseType.INVALID_REDIRECT_URI);
        }
    }

    public void validateSSANotNull() {
        if (this.softwareStatement == null) {
            throwWebApplicationException("SSA is null", RegisterErrorResponseType.INVALID_SOFTWARE_STATEMENT);
        }
    }

    public void validateSoftwareId() {
        String softwareId = this.registerRequest.getSoftwareId();
        if (StringUtils.isBlank(softwareId)) {
            return;
        }
        String claimAsString = this.softwareStatement.getClaims().getClaimAsString("software_id");
        if (softwareId.equals(claimAsString)) {
            return;
        }
        throwWebApplicationException(String.format("SSA softwareId (%s), does not match to softwareId in request (%s)", claimAsString, softwareId), RegisterErrorResponseType.INVALID_CLIENT_METADATA);
    }

    public ErrorResponseFactory getErrorResponseFactory() {
        return this.errorResponseFactory;
    }

    public void setErrorResponseFactory(ErrorResponseFactory errorResponseFactory) {
        this.errorResponseFactory = errorResponseFactory;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    public String toString() {
        return "DynamicClientRegistrationContext{softwareStatement=" + this.softwareStatement + "registerRequest=" + this.registerRequestJson + "script=" + this.script + "} " + super/*java.lang.Object*/.toString();
    }
}
