package io.jans.as.server.authorize.ws.rs;

import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.token.TokenErrorResponseType;
import io.jans.as.model.util.StringUtils;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.model.authorize.ScopeChecker;
import io.jans.as.server.model.common.DeviceAuthorizationCacheControl;
import io.jans.as.server.model.common.DeviceAuthorizationStatus;
import io.jans.as.server.model.session.SessionClient;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.DeviceAuthorizationService;
import io.jans.as.server.util.ServerUtil;
import io.jans.util.StringHelper;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriBuilder;
import java.net.URI;
import java.util.ArrayList;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;

@Path("/")
/* loaded from: input_file:io/jans/as/server/authorize/ws/rs/DeviceAuthorizationRestWebServiceImpl.class */
public class DeviceAuthorizationRestWebServiceImpl implements DeviceAuthorizationRestWebService {

    @Inject
    private Logger log;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private Identity identity;

    @Inject
    private ScopeChecker scopeChecker;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private DeviceAuthorizationService deviceAuthorizationService;

    @Inject
    private ClientService clientService;

    @Context
    private HttpServletRequest servletRequest;

    @Override // io.jans.as.server.authorize.ws.rs.DeviceAuthorizationRestWebService
    public Response deviceAuthorization(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityContext securityContext) {
        String urlDecode = ServerUtil.urlDecode(str2);
        OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), Action.DEVICE_CODE_AUTHORIZATION);
        oAuth2AuditLog.setClientId(str);
        oAuth2AuditLog.setScope(urlDecode);
        try {
            this.log.debug("Attempting to request device codes: clientId = {}, scope = {}", str, urlDecode);
            this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.DEVICE_AUTHZ);
            SessionClient sessionClient = this.identity.getSessionClient();
            Client client = sessionClient != null ? sessionClient.getClient() : null;
            if (client == null) {
                client = this.clientService.getClient(str);
                if (!this.clientService.isPublic(client)) {
                    this.log.trace("Client is not public and not authenticated. Skip device authorization, clientId: {}", str);
                    throw this.errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.INVALID_CLIENT, "");
                }
            }
            if (client == null) {
                this.log.trace("Client is not unknown. Skip revoking.");
                throw this.errorResponseFactory.createWebApplicationException(Response.Status.UNAUTHORIZED, TokenErrorResponseType.INVALID_CLIENT, "");
            }
            if (!this.deviceAuthorizationService.hasDeviceCodeCompatibility(client)) {
                throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, TokenErrorResponseType.INVALID_GRANT, "");
            }
            ArrayList arrayList = new ArrayList();
            if (StringHelper.isNotEmpty(urlDecode)) {
                arrayList.addAll(this.scopeChecker.checkScopesPolicy(client, urlDecode));
            }
            String generateRandomReadableCode = StringUtils.generateRandomReadableCode((byte) 8);
            String generateRandomCode = StringUtils.generateRandomCode((byte) 24);
            URI build = UriBuilder.fromUri(this.appConfiguration.getIssuer()).path("device-code").build(new Object[0]);
            int deviceAuthzRequestExpiresIn = this.appConfiguration.getDeviceAuthzRequestExpiresIn();
            int deviceAuthzTokenPollInterval = this.appConfiguration.getDeviceAuthzTokenPollInterval();
            DeviceAuthorizationCacheControl deviceAuthorizationCacheControl = new DeviceAuthorizationCacheControl(generateRandomReadableCode, generateRandomCode, client, arrayList, build, deviceAuthzRequestExpiresIn, deviceAuthzTokenPollInterval, System.currentTimeMillis(), DeviceAuthorizationStatus.PENDING);
            this.deviceAuthorizationService.saveInCache(deviceAuthorizationCacheControl, true, true);
            this.log.info("Device authorization flow initiated, userCode: {}, deviceCode: {}, clientId: {}, verificationUri: {}, expiresIn: {}, interval: {}", new Object[]{generateRandomReadableCode, generateRandomCode, str, build, Integer.valueOf(deviceAuthzRequestExpiresIn), Integer.valueOf(deviceAuthzTokenPollInterval)});
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
            return Response.ok().entity(getResponseJSONObject(deviceAuthorizationCacheControl).toString(4).replace("\\/", "/")).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (Exception e) {
            this.log.error("Problems processing device authorization init flow, clientId: {}, scope: {}", new Object[]{str, urlDecode, e});
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        } catch (WebApplicationException e2) {
            throw e2;
        }
    }

    private JSONObject getResponseJSONObject(DeviceAuthorizationCacheControl deviceAuthorizationCacheControl) throws JSONException {
        URI build = UriBuilder.fromUri(deviceAuthorizationCacheControl.getVerificationUri()).queryParam(DeviceAuthorizationService.SESSION_USER_CODE, new Object[]{deviceAuthorizationCacheControl.getUserCode()}).build(new Object[0]);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("device_code", deviceAuthorizationCacheControl.getDeviceCode());
        jSONObject.put(DeviceAuthorizationService.SESSION_USER_CODE, deviceAuthorizationCacheControl.getUserCode());
        jSONObject.put("verification_uri", deviceAuthorizationCacheControl.getVerificationUri());
        jSONObject.put("verification_uri_complete", build.toString());
        jSONObject.put("expires_in", deviceAuthorizationCacheControl.getExpiresIn());
        jSONObject.put("interval", deviceAuthorizationCacheControl.getInterval());
        return jSONObject;
    }
}
