package io.jans.as.server.service.token;

import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtType;
import io.jans.as.model.token.JsonWebResponse;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.model.token.JwtSigner;
import io.jans.as.server.service.DiscoveryService;
import io.jans.as.server.service.cluster.StatusIndexPoolService;
import io.jans.model.token.StatusIndexPool;
import io.jans.model.tokenstatus.StatusList;
import io.jans.model.tokenstatus.TokenStatus;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.json.JSONObject;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/service/token/StatusListService.class */
public class StatusListService {

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private DiscoveryService discoveryService;

    @Inject
    private StatusIndexPoolService statusTokenPoolService;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    public Response requestStatusList(String str) {
        this.log.debug("Attempting to request status_list, acceptHeader: {} ...", str);
        this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.STATUS_LIST);
        try {
            StatusList join = join(this.statusTokenPoolService.getAllPools());
            boolean equalsIgnoreCase = "application/statuslist+json".equalsIgnoreCase(str);
            String createEntity = createEntity(equalsIgnoreCase, join);
            String str2 = equalsIgnoreCase ? "application/statuslist+json" : "application/statuslist+jwt";
            if (this.log.isTraceEnabled()) {
                this.log.trace("Response entity {}, responseType {}", createEntity, str2);
            }
            return Response.status(Response.Status.OK).entity(createEntity).type(str2).build();
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (WebApplicationException e2) {
            if (this.log.isTraceEnabled()) {
                this.log.trace(e2.getMessage(), e2);
            }
            throw e2;
        }
    }

    private String createEntity(boolean z, StatusList statusList) throws Exception {
        JSONObject jSONObject = new JSONObject(statusList.encodeAsJSON());
        return z ? jSONObject.toString() : createResponseJwt(jSONObject);
    }

    public StatusList join(List<StatusIndexPool> list) {
        int statusListBitSize = this.appConfiguration.getStatusListBitSize();
        StatusList statusList = new StatusList(statusListBitSize);
        for (StatusIndexPool statusIndexPool : list) {
            try {
                String data = statusIndexPool.getData();
                if (!StringUtils.isBlank(data)) {
                    StatusList fromEncoded = StatusList.fromEncoded(data, statusListBitSize);
                    for (int i = 0; i < fromEncoded.getBitSetLength(); i++) {
                        int i2 = fromEncoded.get(i);
                        if (i2 != TokenStatus.VALID.getValue()) {
                            statusList.set(i, i2);
                        }
                    }
                }
            } catch (Exception e) {
                this.log.error(String.format("Failed to process status list from pool: %s, nodeId: %s", statusIndexPool.getId(), statusIndexPool.getNodeId()), e);
            }
        }
        return statusList;
    }

    public void addStatusClaimWithIndex(JsonWebResponse jsonWebResponse, ExecutionContext executionContext) {
        if (!this.errorResponseFactory.isFeatureFlagEnabled(FeatureFlagType.STATUS_LIST)) {
            this.log.trace("Skipped status claim addition because {} feature flag is disabled.", FeatureFlagType.STATUS_LIST.getValue());
            return;
        }
        Integer statusListIndex = executionContext.getStatusListIndex();
        if (statusListIndex == null || statusListIndex.intValue() < 0) {
            return;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("idx", statusListIndex);
        jSONObject.put("uri", getSub());
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("status_list", jSONObject);
        jsonWebResponse.getClaims().setClaim("status", jSONObject2);
    }

    public String getSub() {
        return this.discoveryService.getTokenStatusListEndpoint();
    }

    public String createResponseJwt(JSONObject jSONObject) throws Exception {
        this.log.trace("Creating status list JWT response {} ...", jSONObject);
        JwtSigner newJwtSigner = newJwtSigner();
        Jwt newJwt = newJwtSigner.newJwt();
        newJwt.getHeader().setType(JwtType.STATUS_LIST_JWT);
        fillPayload(newJwt, jSONObject);
        String jwt = newJwtSigner.sign().toString();
        this.log.trace("Created status list JWT response {}", jwt);
        return jwt;
    }

    private JwtSigner newJwtSigner() {
        SignatureAlgorithm fromString = SignatureAlgorithm.fromString(this.appConfiguration.getDefaultSignatureAlgorithm());
        if (this.appConfiguration.getStatusListResponseJwtSignatureAlgorithm() != null) {
            fromString = SignatureAlgorithm.fromString(this.appConfiguration.getStatusListResponseJwtSignatureAlgorithm());
        }
        return new JwtSigner(this.appConfiguration, this.webKeysConfiguration, fromString, "", null);
    }

    public void fillPayload(JsonWebResponse jsonWebResponse, JSONObject jSONObject) throws InvalidJwtException {
        int statusListResponseJwtLifetime = this.appConfiguration.getStatusListResponseJwtLifetime();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(13, statusListResponseJwtLifetime);
        jsonWebResponse.getClaims().setExpirationTime(calendar.getTime());
        jsonWebResponse.getClaims().setIssuedAt(time);
        jsonWebResponse.getClaims().setClaim("ttl", Integer.valueOf(statusListResponseJwtLifetime));
        jsonWebResponse.getClaims().setClaim("sub", getSub());
        try {
            jsonWebResponse.getClaims().setClaim("status_list", jSONObject);
        } catch (Exception e) {
            this.log.error("Failed to put claims into status list jwt. Key: status_list, response: " + jSONObject.toString(), e);
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("Response before signing: {}", jsonWebResponse.getClaims().toJsonString());
        }
    }
}
