package io.jans.as.server.service;

import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.server.model.common.DeviceAuthorizationCacheControl;
import io.jans.as.server.model.common.DeviceAuthorizationStatus;
import io.jans.service.CacheService;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.io.Serializable;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/service/DeviceAuthorizationService.class */
public class DeviceAuthorizationService implements Serializable {
    public static final String SESSION_ATTEMPTS = "attemps";
    public static final String SESSION_LAST_ATTEMPT = "last_attempt";
    public static final String SESSION_USER_CODE = "user_code";

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private CacheService cacheService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private SessionIdService sessionIdService;

    public void saveInCache(DeviceAuthorizationCacheControl deviceAuthorizationCacheControl, boolean z, boolean z2) {
        if (z) {
            this.cacheService.put(deviceAuthorizationCacheControl.getExpiresIn(), deviceAuthorizationCacheControl.getDeviceCode(), deviceAuthorizationCacheControl);
        }
        if (z2) {
            this.cacheService.put(deviceAuthorizationCacheControl.getExpiresIn(), deviceAuthorizationCacheControl.getUserCode(), deviceAuthorizationCacheControl);
        }
        this.log.trace("Device request saved in cache, userCode: {}, deviceCode: {}, clientId: {}", new Object[]{deviceAuthorizationCacheControl.getUserCode(), deviceAuthorizationCacheControl.getDeviceCode(), deviceAuthorizationCacheControl.getClient().getClientId()});
    }

    public DeviceAuthorizationCacheControl getDeviceAuthzByUserCode(String str) {
        Object obj = this.cacheService.get(str);
        if (obj == null) {
            obj = this.cacheService.get(str);
            this.log.trace("Failed to fetch DeviceAuthorizationCacheControl request from cache, cacheKey: {}", str);
        }
        if (obj instanceof DeviceAuthorizationCacheControl) {
            return (DeviceAuthorizationCacheControl) obj;
        }
        return null;
    }

    public DeviceAuthorizationCacheControl getDeviceAuthzByDeviceCode(String str) {
        Object obj = this.cacheService.get(str);
        if (obj == null) {
            obj = this.cacheService.get(str);
            this.log.trace("Failed to fetch DeviceAuthorizationCacheControl request from cache, cacheKey: {}", str);
        }
        if (obj instanceof DeviceAuthorizationCacheControl) {
            return (DeviceAuthorizationCacheControl) obj;
        }
        return null;
    }

    public boolean hasDeviceCodeCompatibility(Client client) {
        for (GrantType grantType : client.getGrantTypes()) {
            if (grantType.getValue().equals(GrantType.DEVICE_CODE.getValue())) {
                return true;
            }
        }
        return false;
    }

    public String getDeviceAuthorizationPage(DeviceAuthorizationCacheControl deviceAuthorizationCacheControl, Client client, String str, HttpServletRequest httpServletRequest) {
        if (deviceAuthorizationCacheControl == null) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, str, "Request not processed.")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
        if (deviceAuthorizationCacheControl.getStatus() != DeviceAuthorizationStatus.PENDING) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, str, "Request already processed.")).type(MediaType.APPLICATION_JSON_TYPE).build());
        }
        if (deviceAuthorizationCacheControl.getClient().getClientId().equals(client.getClientId())) {
            return UriBuilder.fromPath(this.appConfiguration.getIssuer()).path(httpServletRequest.getContextPath()).path("/device_authorization.htm").build(new Object[0]).toString();
        }
        throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(this.errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.UNAUTHORIZED_CLIENT, str, "Client doesn't match.")).type(MediaType.APPLICATION_JSON_TYPE).build());
    }

    public void removeDeviceAuthRequestInCache(String str, String str2) {
        try {
            if (StringUtils.isNotBlank(str)) {
                this.cacheService.remove(str);
            }
            if (StringUtils.isNotBlank(str2)) {
                this.cacheService.remove(str2);
            }
            this.log.debug("Removed from cache device authorization using user_code: {}, device_code: {}", str, str2);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public String getUserCodeFromSession(HttpServletRequest httpServletRequest) {
        SessionId sessionId = this.sessionIdService.getSessionId(httpServletRequest);
        if (sessionId == null) {
            return null;
        }
        Map sessionAttributes = sessionId.getSessionAttributes();
        if (sessionAttributes.containsKey(SESSION_USER_CODE)) {
            return (String) sessionAttributes.get(SESSION_USER_CODE);
        }
        return null;
    }
}
