package io.jans.as.server.authorize.ws.rs;

import io.jans.as.common.model.registration.Client;
import io.jans.as.model.authzdetails.AuthzDetail;
import io.jans.as.model.authzdetails.AuthzDetails;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.error.IErrorType;
import io.jans.as.model.token.TokenErrorResponseType;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.service.external.ExternalAuthzDetailTypeService;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/authorize/ws/rs/AuthzDetailsService.class */
public class AuthzDetailsService {

    @Inject
    private Logger log;

    @Inject
    private ExternalAuthzDetailTypeService externalAuthzDetailTypeService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    public AuthzDetails validateAuthorizationDetails(String str, ExecutionContext executionContext) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        AuthzDetails ofSilently = AuthzDetails.ofSilently(str);
        if (ofSilently == null) {
            this.log.debug("Unable to parse 'authorization_details' {}", str);
            throw new WebApplicationException(error(400, TokenErrorResponseType.INVALID_AUTHORIZATION_DETAILS, "Unable to parse 'authorization_details'").build());
        }
        if (ofSilently.getDetails() == null || ofSilently.getDetails().isEmpty()) {
            return null;
        }
        Set types = ofSilently.getTypes();
        Set<String> supportedAuthzDetailsTypes = this.externalAuthzDetailTypeService.getSupportedAuthzDetailsTypes();
        if (!supportedAuthzDetailsTypes.containsAll(types)) {
            this.log.debug("Not all authorization_details type are supported. Requested {}. AS supports: {}", types, supportedAuthzDetailsTypes);
            throw new WebApplicationException(error(400, TokenErrorResponseType.INVALID_AUTHORIZATION_DETAILS, "Found not supported 'authorization_details' type.").build());
        }
        Client client = executionContext.getClient();
        if (!client.getAttributes().getAuthorizationDetailsTypes().containsAll(types)) {
            this.log.debug("Client does not support all authorization_details types' {}. Client supports {}", types, client.getAttributes().getAuthorizationDetailsTypes());
            throw new WebApplicationException(error(400, TokenErrorResponseType.UNAUTHORIZED_CLIENT, "Client does not support authorization_details type'").build());
        }
        executionContext.setAuthzDetails(ofSilently);
        this.externalAuthzDetailTypeService.externalValidateAuthzDetails(executionContext);
        return ofSilently;
    }

    public Response.ResponseBuilder error(int i, IErrorType iErrorType, String str) {
        return Response.status(i).type(MediaType.APPLICATION_JSON_TYPE).entity(this.errorResponseFactory.errorAsJson(iErrorType, str));
    }

    public AuthzDetails checkAuthzDetails(AuthzDetails authzDetails, AuthzDetails authzDetails2) {
        if (AuthzDetails.isEmpty(authzDetails2) || AuthzDetails.isEmpty(authzDetails)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (AuthzDetail authzDetail : authzDetails2.getDetails()) {
            Iterator it = authzDetails.getDetails().iterator();
            while (true) {
                if (it.hasNext()) {
                    if (authzDetail.getJsonObject().similar(((AuthzDetail) it.next()).getJsonObject()) && !arrayList.contains(authzDetail)) {
                        arrayList.add(authzDetail);
                        break;
                    }
                }
            }
        }
        return new AuthzDetails(arrayList);
    }

    public AuthzDetails checkAuthzDetailsAndSave(AuthzDetails authzDetails, AuthorizationGrant authorizationGrant) {
        AuthzDetails checkAuthzDetails = checkAuthzDetails(authzDetails, authorizationGrant.getAuthzDetails());
        authorizationGrant.setAuthzDetails(checkAuthzDetails);
        authorizationGrant.save();
        return checkAuthzDetails;
    }
}
