package io.jans.as.server.ssa.ws.rs;

import io.jans.as.common.model.ssa.Ssa;
import io.jans.as.common.model.ssa.SsaState;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.jwk.KeyOpsType;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtType;
import io.jans.as.model.ssa.SsaErrorResponseType;
import io.jans.as.model.ssa.SsaRequestParam;
import io.jans.as.model.ssa.SsaScopeType;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.exception.EntryPersistenceException;
import io.jans.orm.search.filter.Filter;
import io.jans.util.StringHelper;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/ssa/ws/rs/SsaService.class */
public class SsaService {

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager persistenceEntryManager;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    @Inject
    private AbstractCryptoProvider cryptoProvider;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    public void persist(Ssa ssa) {
        this.persistenceEntryManager.persist(ssa);
    }

    public void merge(Ssa ssa) {
        this.persistenceEntryManager.merge(ssa);
    }

    public Ssa findSsaByJti(String str) {
        try {
            return (Ssa) this.persistenceEntryManager.find(Ssa.class, getDnForSsa(str));
        } catch (EntryPersistenceException e) {
            return null;
        }
    }

    public List<Ssa> getSsaList(String str, String str2, SsaState ssaState, String str3, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        if (hasDeveloperScope(Arrays.asList(strArr))) {
            arrayList.add(Filter.createEqualityFilter("creatorId", str3));
        }
        if (str != null) {
            arrayList.add(Filter.createEqualityFilter("inum", str));
        }
        if (str2 != null) {
            arrayList.add(Filter.createEqualityFilter("o", str2));
        }
        if (ssaState != null) {
            arrayList.add(Filter.createEqualityFilter("jansState", ssaState));
        }
        Filter filter = null;
        if (!arrayList.isEmpty()) {
            filter = Filter.createANDFilter(arrayList);
            this.log.trace("Filter with AND created: " + arrayList);
        }
        return this.persistenceEntryManager.findEntries(getDnForSsa(null), Ssa.class, filter);
    }

    public Jwt generateJwt(Ssa ssa, ExecutionContext executionContext) throws Exception {
        Jwt generateJwt = generateJwt(ssa);
        if (executionContext.getPostProcessor() != null) {
            executionContext.getPostProcessor().apply(generateJwt);
        }
        return generateJwt;
    }

    public Jwt generateJwt(Ssa ssa) throws Exception {
        SignatureAlgorithm fromString = SignatureAlgorithm.fromString(this.appConfiguration.getSsaConfiguration().getSsaSigningAlg());
        if (fromString == null) {
            this.log.error("Invalid signature algorithm, not found: {}", this.appConfiguration.getSsaConfiguration().getSsaSigningAlg());
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, SsaErrorResponseType.INVALID_SIGNATURE, "Invalid signature error");
        }
        String keyId = this.cryptoProvider.getKeyId(this.webKeysConfiguration, fromString.getAlg(), Use.SIGNATURE, KeyOpsType.SSA);
        if (keyId == null) {
            this.log.error("Invalid keyId, not found: {}", this.appConfiguration.getSsaConfiguration().getSsaSigningAlg());
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, SsaErrorResponseType.INVALID_SIGNATURE, "Invalid signature error");
        }
        Jwt jwt = new Jwt();
        jwt.getHeader().setType(JwtType.JWT);
        jwt.getHeader().setAlgorithm(fromString);
        jwt.getHeader().setKeyId(keyId);
        jwt.getClaims().setJwtId(ssa.getId());
        jwt.getClaims().setIssuedAt(ssa.getCreationDate());
        jwt.getClaims().setExpirationTime(ssa.getExpirationDate());
        jwt.getClaims().setIssuer(this.appConfiguration.getIssuer());
        jwt.getClaims().setClaim(SsaRequestParam.SOFTWARE_ID.getName(), ssa.getAttributes().getSoftwareId());
        jwt.getClaims().setClaim(SsaRequestParam.ORG_ID.getName(), ssa.getOrgId());
        jwt.getClaims().setClaim(SsaRequestParam.SOFTWARE_ROLES.getName(), ssa.getAttributes().getSoftwareRoles());
        jwt.getClaims().setClaim(SsaRequestParam.GRANT_TYPES.getName(), ssa.getAttributes().getGrantTypes());
        jwt.getClaims().setClaim(SsaRequestParam.LIFETIME.getName(), ssa.getAttributes().getLifetime());
        if (!ssa.getAttributes().getCustomAttributes().isEmpty()) {
            ssa.getAttributes().getCustomAttributes().forEach((str, str2) -> {
                jwt.getClaims().setClaim(str, str2);
            });
        }
        jwt.setEncodedSignature(this.cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), (String) null, fromString));
        return jwt;
    }

    public Response.ResponseBuilder createUnprocessableEntityResponse() {
        return Response.status(422).type(MediaType.APPLICATION_JSON_TYPE);
    }

    public Response.ResponseBuilder createNotAcceptableResponse() {
        return Response.status(406).type(MediaType.APPLICATION_JSON_TYPE);
    }

    private boolean hasDeveloperScope(List<String> list) {
        boolean z = false;
        for (String str : list) {
            if (str.equals(SsaScopeType.SSA_ADMIN.getValue()) || str.equals(SsaScopeType.SSA_PORTAL.getValue())) {
                return false;
            }
            if (str.equals(SsaScopeType.SSA_DEVELOPER.getValue())) {
                z = true;
            }
        }
        return z;
    }

    private String getDnForSsa(String str) {
        String ssa = this.staticConfiguration.getBaseDn().getSsa();
        return StringHelper.isEmpty(str) ? ssa : String.format("inum=%s,%s", str, ssa);
    }
}
