package io.jans.ca.server;

import io.dropwizard.util.Strings;
import io.jans.ca.common.Command;
import io.jans.ca.common.CommandType;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.Jackson2;
import io.jans.ca.common.params.AuthorizationCodeFlowParams;
import io.jans.ca.common.params.CheckAccessTokenParams;
import io.jans.ca.common.params.CheckIdTokenParams;
import io.jans.ca.common.params.GetAccessTokenByRefreshTokenParams;
import io.jans.ca.common.params.GetAuthorizationCodeParams;
import io.jans.ca.common.params.GetAuthorizationUrlParams;
import io.jans.ca.common.params.GetClientTokenParams;
import io.jans.ca.common.params.GetDiscoveryParams;
import io.jans.ca.common.params.GetIssuerParams;
import io.jans.ca.common.params.GetJwksParams;
import io.jans.ca.common.params.GetLogoutUrlParams;
import io.jans.ca.common.params.GetRequestObjectUriParams;
import io.jans.ca.common.params.GetRpParams;
import io.jans.ca.common.params.GetTokensByCodeParams;
import io.jans.ca.common.params.GetUserInfoParams;
import io.jans.ca.common.params.HasRpIdParams;
import io.jans.ca.common.params.IParams;
import io.jans.ca.common.params.IntrospectAccessTokenParams;
import io.jans.ca.common.params.IntrospectRptParams;
import io.jans.ca.common.params.RegisterSiteParams;
import io.jans.ca.common.params.RemoveSiteParams;
import io.jans.ca.common.params.RpGetClaimsGatheringUrlParams;
import io.jans.ca.common.params.RpGetRptParams;
import io.jans.ca.common.params.RsCheckAccessParams;
import io.jans.ca.common.params.RsModifyParams;
import io.jans.ca.common.params.RsProtectParams;
import io.jans.ca.common.params.StringParam;
import io.jans.ca.common.params.UpdateSiteParams;
import io.jans.ca.common.response.POJOResponse;
import io.jans.ca.server.service.ConfigurationService;
import io.jans.ca.server.service.Rp;
import io.jans.ca.server.service.RpSyncService;
import io.jans.ca.server.service.ValidationService;
import io.opentracing.Scope;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.List;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
/* loaded from: input_file:io/jans/ca/server/RestResource.class */
public class RestResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RestResource.class);

    @Context
    private HttpServletRequest httpRequest;
    private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1";

    @Produces({"application/json"})
    @GET
    @Path("/health-check")
    public String healthCheck() {
        validateIpAddressAllowed(this.httpRequest.getRemoteAddr());
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("application", "oxd");
        jSONObject.put("version", Utils.getOxdVersion());
        jSONObject.put("status", "running");
        return jSONObject.toString(3);
    }

    @Produces({"text/plain"})
    @GET
    @Path("/get-request-object/{request_object_id}")
    public String getRequestObject(@PathParam("request_object_id") String str) {
        return process(CommandType.GET_REQUEST_OBJECT_JWT, new StringParam(str).toJsonString(), StringParam.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @GET
    @Path("/get-rp-jwks")
    public String getRpJwks() {
        return process(CommandType.GET_RP_JWKS, null, GetJwksParams.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-client-token")
    @Consumes({"application/json"})
    public String getClientToken(String str) {
        return process(CommandType.GET_CLIENT_TOKEN, str, GetClientTokenParams.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/introspect-access-token")
    @Consumes({"application/json"})
    public String introspectAccessToken(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.INTROSPECT_ACCESS_TOKEN, str3, IntrospectAccessTokenParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/introspect-rpt")
    @Consumes({"application/json"})
    public String introspectRpt(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.INTROSPECT_RPT, str3, IntrospectRptParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/register-site")
    @Consumes({"application/json"})
    public String registerSite(String str) {
        return process(CommandType.REGISTER_SITE, str, RegisterSiteParams.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/update-site")
    @Consumes({"application/json"})
    public String updateSite(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.UPDATE_SITE, str3, UpdateSiteParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/remove-site")
    @Consumes({"application/json"})
    public String removeSite(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.REMOVE_SITE, str3, RemoveSiteParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-authorization-url")
    @Consumes({"application/json"})
    public String getAuthorizationUrl(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_AUTHORIZATION_URL, str3, GetAuthorizationUrlParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-authorization-code")
    @Consumes({"application/json"})
    public String getAuthorizationCode(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_AUTHORIZATION_CODE, str3, GetAuthorizationCodeParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-tokens-by-code")
    @Consumes({"application/json"})
    public String getTokenByCode(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_TOKENS_BY_CODE, str3, GetTokensByCodeParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-user-info")
    @Consumes({"application/json"})
    public String getUserInfo(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_USER_INFO, str3, GetUserInfoParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-logout-uri")
    @Consumes({"application/json"})
    public String getLogoutUri(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_LOGOUT_URI, str3, GetLogoutUrlParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-access-token-by-refresh-token")
    @Consumes({"application/json"})
    public String getAccessTokenByRefreshToken(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_ACCESS_TOKEN_BY_REFRESH_TOKEN, str3, GetAccessTokenByRefreshTokenParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/uma-rs-protect")
    @Consumes({"application/json"})
    public String umaRsProtect(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.RS_PROTECT, str3, RsProtectParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/uma-rs-modify")
    @Consumes({"application/json"})
    public String umaRsModify(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.RS_MODIFY, str3, RsModifyParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/uma-rs-check-access")
    @Consumes({"application/json"})
    public String umaRsCheckAccess(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.RS_CHECK_ACCESS, str3, RsCheckAccessParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/uma-rp-get-rpt")
    @Consumes({"application/json"})
    public String umaRpGetRpt(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.RP_GET_RPT, str3, RpGetRptParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/uma-rp-get-claims-gathering-url")
    @Consumes({"application/json"})
    public String umaRpGetClaimsGatheringUrl(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.RP_GET_CLAIMS_GATHERING_URL, str3, RpGetClaimsGatheringUrlParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/authorization-code-flow")
    @Consumes({"application/json"})
    public String authorizationCodeFlow(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.AUTHORIZATION_CODE_FLOW, str3, AuthorizationCodeFlowParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/check-access-token")
    @Consumes({"application/json"})
    public String checkAccessToken(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.CHECK_ACCESS_TOKEN, str3, CheckAccessTokenParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/check-id-token")
    @Consumes({"application/json"})
    public String checkIdToken(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.CHECK_ID_TOKEN, str3, CheckIdTokenParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-rp")
    @Consumes({"application/json"})
    public String getRp(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_RP, str3, GetRpParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-jwks")
    @Consumes({"application/json"})
    public String getJwks(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_JWKS, str3, GetJwksParams.class, str, str2, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-discovery")
    @Consumes({"application/json"})
    public String getDiscovery(String str) {
        return process(CommandType.GET_DISCOVERY, str, GetDiscoveryParams.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-issuer")
    @Consumes({"application/json"})
    public String getIssuer(String str) {
        return process(CommandType.ISSUER_DISCOVERY, str, GetIssuerParams.class, null, null, this.httpRequest);
    }

    @Produces({"application/json"})
    @POST
    @Path("/get-request-object-uri")
    @Consumes({"application/json"})
    public String getRequestObjectUri(@HeaderParam("Authorization") String str, @HeaderParam("AuthorizationRpId") String str2, String str3) {
        return process(CommandType.GET_REQUEST_URI, str3, GetRequestObjectUriParams.class, str, str2, this.httpRequest);
    }

    public static <T> T read(String str, Class<T> cls) {
        try {
            return (T) Jackson2.createJsonMapper().readValue(str, cls);
        } catch (IOException e) {
            TracingUtil.errorLog(e);
            LOG.error("Invalid params: " + str, (Throwable) e);
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build());
        }
    }

    private static <T extends IParams> String process(CommandType commandType, String str, Class<T> cls, String str2, String str3, HttpServletRequest httpServletRequest) {
        Scope buildSpan = TracingUtil.buildSpan(commandType.toString(), true);
        try {
            TracingUtil.setTag("end-point", httpServletRequest.getRequestURL().toString());
            TracingUtil.log("Request parameters: " + str);
            TracingUtil.log("CommandType: " + commandType);
            validateIpAddressAllowed(httpServletRequest.getRemoteAddr());
            Object objectForJsonConversion = getObjectForJsonConversion(commandType, str, cls, str2, str3);
            String str4 = null;
            if (commandType.getReturnType().equalsIgnoreCase("application/json")) {
                str4 = Jackson2.asJsonSilently(objectForJsonConversion);
            } else if (commandType.getReturnType().equalsIgnoreCase("text/plain")) {
                str4 = objectForJsonConversion.toString();
            }
            TracingUtil.log("Send back response: " + str4);
            LOG.trace("Send back response: {}", str4);
            String str5 = str4;
            if (buildSpan != null) {
                buildSpan.close();
            }
            return str5;
        } catch (Throwable th) {
            if (buildSpan != null) {
                try {
                    buildSpan.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void validateIpAddressAllowed(String str) {
        LOG.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", str);
        List<String> bindIpAddresses = ((ConfigurationService) ServerLauncher.getInjector().getInstance(ConfigurationService.class)).get().getBindIpAddresses();
        if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && "127.0.0.1".equalsIgnoreCase(str)) {
            return;
        }
        if (bindIpAddresses == null || bindIpAddresses.isEmpty()) {
            LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of `client-api-server.yml`.");
            throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED);
        }
        if (bindIpAddresses.contains("*") || bindIpAddresses.contains(str)) {
            return;
        }
        LOG.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of `client-api-server.yml`.");
        throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED);
    }

    private static <T extends IParams> Object getObjectForJsonConversion(CommandType commandType, String str, Class<T> cls, String str2, String str3) {
        LOG.trace("Command: {}", str);
        IParams iParams = (IParams) read(safeToJson(str), cls);
        RpServerConfiguration rpServerConfiguration = ((ConfigurationService) ServerLauncher.getInjector().getInstance(ConfigurationService.class)).get();
        if (commandType.isAuthorizationRequired()) {
            validateAuthorizationRpId(rpServerConfiguration, str3);
            validateAccessToken(str2, safeToRpId((HasRpIdParams) iParams, str3));
        }
        Object process = ((Processor) ServerLauncher.getInjector().getInstance(Processor.class)).process(new Command(commandType, iParams));
        Object obj = process;
        if (process instanceof POJOResponse) {
            obj = ((POJOResponse) process).getNode();
        }
        return obj;
    }

    private static void validateAuthorizationRpId(RpServerConfiguration rpServerConfiguration, String str) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        Rp rp = ((RpSyncService) ServerLauncher.getInjector().getInstance(RpSyncService.class)).getRp(str);
        if (rp == null || Strings.isNullOrEmpty(rp.getRpId())) {
            LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api.");
            throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND);
        }
        if (rpServerConfiguration.getProtectCommandsWithRpId() == null || rpServerConfiguration.getProtectCommandsWithRpId().isEmpty() || rpServerConfiguration.getProtectCommandsWithRpId().contains(str)) {
            return;
        }
        LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml.");
        throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID);
    }

    private static void validateAccessToken(String str, String str2) {
        RpServerConfiguration rpServerConfiguration = ((ConfigurationService) ServerLauncher.getInjector().getInstance(ConfigurationService.class)).get();
        if (rpServerConfiguration.getProtectCommandsWithAccessToken() != null && !rpServerConfiguration.getProtectCommandsWithAccessToken().booleanValue()) {
            LOG.debug("Skip protection because protect_commands_with_access_token: false in configuration file.");
            return;
        }
        if (Strings.isNullOrEmpty(str)) {
            LOG.debug("No access token provided in Authorization header. Forbidden.");
            throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN);
        }
        String substring = str.substring("Bearer ".length());
        if (Strings.isNullOrEmpty(substring)) {
            LOG.debug("No access token provided in Authorization header. Forbidden.");
            throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN);
        }
        ((ValidationService) ServerLauncher.getInjector().getInstance(ValidationService.class)).validateAccessToken(substring, str2);
    }

    private static String safeToRpId(HasRpIdParams hasRpIdParams, String str) {
        return Strings.isNullOrEmpty(str) ? hasRpIdParams.getRpId() : str;
    }

    private static String safeToJson(String str) {
        return Strings.isNullOrEmpty(str) ? "{}" : str;
    }
}
