package io.jans.as.server.register.ws.rs.action;

import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.register.RegisterErrorResponseType;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.model.registration.RegisterParamsValidator;
import io.jans.as.server.register.ws.rs.RegisterJsonService;
import io.jans.as.server.register.ws.rs.RegisterService;
import io.jans.as.server.register.ws.rs.RegisterValidator;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.external.ExternalDynamicClientRegistrationService;
import io.jans.as.server.service.token.TokenService;
import io.jans.as.server.util.ServerUtil;
import io.jans.util.security.StringEncrypter;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import org.apache.commons.lang3.BooleanUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/register/ws/rs/action/RegisterReadAction.class */
public class RegisterReadAction {

    @Inject
    private Logger log;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private ClientService clientService;

    @Inject
    private TokenService tokenService;

    @Inject
    private ExternalDynamicClientRegistrationService externalDynamicClientRegistrationService;

    @Inject
    private RegisterParamsValidator registerParamsValidator;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private RegisterValidator registerValidator;

    @Inject
    private RegisterService registerService;

    @Inject
    private RegisterJsonService registerJsonService;

    public Response readClient(String str, String str2, HttpServletRequest httpServletRequest, SecurityContext securityContext) {
        String token = this.tokenService.getToken(str2);
        this.log.debug("Attempting to read client: clientId = {}, registrationAccessToken = {} isSecure = {}", new Object[]{str, token, Boolean.valueOf(securityContext.isSecure())});
        this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.REGISTRATION);
        Response.ResponseBuilder ok = Response.ok();
        OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), Action.CLIENT_READ);
        oAuth2AuditLog.setClientId(str);
        try {
            if (!this.registerParamsValidator.validateParamsClientRead(str, token)) {
                this.log.trace("Client ID or Access Token is not valid.");
                throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Client ID or Access Token is not valid.");
            }
            if (BooleanUtils.isTrue(this.appConfiguration.getDcrAuthorizationWithClientCredentials())) {
                this.registerValidator.validateAuthorizationAccessToken(token, str);
            }
            Client client = this.clientService.getClient(str, token);
            if (client != null) {
                oAuth2AuditLog.setScope(this.registerService.clientScopesToString(client));
                oAuth2AuditLog.setSuccess(true);
                ok.entity(this.registerJsonService.jsonObjectToString(modifyReadScript(this.registerJsonService.getJSONObject(client), new ExecutionContext(httpServletRequest, null).setClient(client))));
            } else {
                this.log.trace("The Access Token is not valid for the Client ID, returns invalid_token error.");
                ok = Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).type(MediaType.APPLICATION_JSON_TYPE);
                ok.entity(this.errorResponseFactory.errorAsJson(RegisterErrorResponseType.INVALID_TOKEN, "The Access Token is not valid for the Client"));
            }
            ok.cacheControl(ServerUtil.cacheControl(true, false));
            ok.header("Pragma", "no-cache");
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
            return ok.build();
        } catch (StringEncrypter.EncryptionException e) {
            this.log.error(e.getMessage(), e);
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Encryption exception occurred.");
        } catch (JSONException e2) {
            this.log.error(e2.getMessage(), e2);
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Failed to parse json.");
        }
    }

    private JSONObject modifyReadScript(JSONObject jSONObject, ExecutionContext executionContext) throws StringEncrypter.EncryptionException {
        return !this.externalDynamicClientRegistrationService.modifyReadResponse(jSONObject, executionContext) ? this.registerJsonService.getJSONObject(executionContext.getClient()) : jSONObject;
    }
}
