package io.jans.as.server.register.ws.rs.action;

import io.jans.as.client.RegisterRequest;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.register.RegisterErrorResponseType;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.ciba.CIBARegisterParamsValidatorService;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.model.registration.RegisterParamsValidator;
import io.jans.as.server.register.ws.rs.RegisterJsonService;
import io.jans.as.server.register.ws.rs.RegisterService;
import io.jans.as.server.register.ws.rs.RegisterValidator;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.external.ExternalDynamicClientRegistrationService;
import io.jans.as.server.service.token.TokenService;
import io.jans.as.server.util.ServerUtil;
import io.jans.util.security.StringEncrypter;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import org.apache.commons.lang3.BooleanUtils;
import org.json.JSONObject;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/register/ws/rs/action/RegisterUpdateAction.class */
public class RegisterUpdateAction {

    @Inject
    private Logger log;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private TokenService tokenService;

    @Inject
    private RegisterValidator registerValidator;

    @Inject
    private RegisterService registerService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private RegisterParamsValidator registerParamsValidator;

    @Inject
    private CIBARegisterParamsValidatorService cibaRegisterParamsValidatorService;

    @Inject
    private ClientService clientService;

    @Inject
    private ExternalDynamicClientRegistrationService externalDynamicClientRegistrationService;

    @Inject
    private RegisterJsonService registerJsonService;

    private String validateAccessToken(String str, String str2) {
        String token = this.tokenService.getToken(str);
        this.registerValidator.validateNotBlank(token, "access token is blank");
        this.registerValidator.validateAuthorizationAccessToken(token, str2);
        return token;
    }

    public Response updateClient(String str, String str2, String str3, HttpServletRequest httpServletRequest, SecurityContext securityContext) {
        this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.REGISTRATION);
        OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), Action.CLIENT_UPDATE);
        oAuth2AuditLog.setClientId(str2);
        try {
            this.log.debug("Attempting to UPDATE client, client_id: {}, requestParams = {}, isSecure = {}", new Object[]{str2, str, Boolean.valueOf(securityContext.isSecure())});
            this.registerValidator.validateNotBlank(str3, "Authorization header is blank");
            this.registerValidator.validateNotBlank(str2, "clientId is blank");
            this.registerValidator.validateNotBlank(str, "requestParams is blank");
            String validateAccessToken = validateAccessToken(str3, str2);
            this.registerValidator.validateAuthorizationAccessToken(validateAccessToken, str2);
            JSONObject parseRequestObjectWithoutValidation = this.registerService.parseRequestObjectWithoutValidation(str);
            JSONObject validateSoftwareStatement = this.registerValidator.validateSoftwareStatement(httpServletRequest, parseRequestObjectWithoutValidation);
            if (validateSoftwareStatement != null) {
                this.log.trace("Override request parameters by software_statement");
                for (String str4 : validateSoftwareStatement.keySet()) {
                    parseRequestObjectWithoutValidation.putOpt(str4, validateSoftwareStatement.get(str4));
                }
            }
            if (BooleanUtils.isTrue(this.appConfiguration.getDcrSignatureValidationEnabled())) {
                this.registerValidator.validateRequestObject(str, validateSoftwareStatement, httpServletRequest);
            }
            RegisterRequest fromJson = RegisterRequest.fromJson(str);
            validateRedirectUris(fromJson);
            validateCiba(fromJson);
            validateSubjectType(fromJson);
            Client client = this.clientService.getClient(str2, validateAccessToken);
            validateClientNotNull(client);
            this.registerService.updateClientFromRequestObject(client, fromJson, true);
            if (!(this.externalDynamicClientRegistrationService.isEnabled() ? this.externalDynamicClientRegistrationService.executeExternalUpdateClientMethods(httpServletRequest, fromJson, client) : true)) {
                this.clientService.removeFromCache(client);
                this.log.trace("The Access Token is not valid for the Client ID, returns invalid_token error, client_id: {}", str2);
                this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
                return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(this.errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "External registration script returned false.")).build();
            }
            this.clientService.merge(client);
            Response build = Response.ok().entity(this.registerJsonService.jsonObjectToString(modifyPutScript(this.registerJsonService.getJSONObject(client), new ExecutionContext(httpServletRequest, null).setClient(client)))).build();
            oAuth2AuditLog.setScope(this.registerService.clientScopesToString(client));
            oAuth2AuditLog.setSuccess(true);
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
            return build;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
            return this.registerService.createInternalErrorResponse("Unknown.").build();
        } catch (WebApplicationException e2) {
            if (this.log.isErrorEnabled()) {
                this.log.error(e2.getMessage(), e2);
            }
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
            throw e2;
        }
    }

    private void validateClientNotNull(Client client) {
        if (client != null) {
            return;
        }
        this.log.trace("The Access Token is not valid for the Client ID, returns invalid_token error.");
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, RegisterErrorResponseType.INVALID_TOKEN, "The Access Token is not valid for the Client ID.");
    }

    private void validateSubjectType(RegisterRequest registerRequest) {
        if (registerRequest.getSubjectType() == null || this.appConfiguration.getSubjectTypesSupported().contains(registerRequest.getSubjectType().toString())) {
            return;
        }
        this.log.debug("Failed to perform client action, reason: subject_type is invalid.");
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "subject_type is invalid");
    }

    private void validateCiba(RegisterRequest registerRequest) {
        if (this.cibaRegisterParamsValidatorService.validateParams(registerRequest.getBackchannelTokenDeliveryMode(), registerRequest.getBackchannelClientNotificationEndpoint(), registerRequest.getBackchannelAuthenticationRequestSigningAlg(), registerRequest.getGrantTypes(), registerRequest.getSubjectType(), registerRequest.getSectorIdentifierUri(), registerRequest.getJwks(), registerRequest.getJwksUri())) {
            return;
        }
        this.log.debug("Failed to perform client action, reason: unable to validate CIBA parameters");
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Invalid Client Metadata registering to use CIBA.");
    }

    private void validateRedirectUris(RegisterRequest registerRequest) {
        boolean z = true;
        if (registerRequest.getRedirectUris() != null && !registerRequest.getRedirectUris().isEmpty()) {
            z = this.registerParamsValidator.validateRedirectUris(registerRequest.getGrantTypes(), registerRequest.getResponseTypes(), registerRequest.getApplicationType(), registerRequest.getSubjectType(), registerRequest.getRedirectUris(), registerRequest.getSectorIdentifierUri());
        }
        if (z) {
            return;
        }
        this.log.debug("Failed to perform client action, reason: unable to validate redirectUris");
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "");
    }

    private JSONObject modifyPutScript(JSONObject jSONObject, ExecutionContext executionContext) throws StringEncrypter.EncryptionException {
        return !this.externalDynamicClientRegistrationService.modifyPutResponse(jSONObject, executionContext) ? this.registerJsonService.getJSONObject(executionContext.getClient()) : jSONObject;
    }
}
