package io.jans.ca.server.op;

import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.inject.Injector;
import io.jans.as.client.uma.UmaClientFactory;
import io.jans.as.client.uma.UmaResourceService;
import io.jans.as.model.uma.JsonLogic;
import io.jans.as.model.uma.JsonLogicNode;
import io.jans.as.model.uma.JsonLogicNodeParser;
import io.jans.as.model.uma.UmaMetadata;
import io.jans.as.model.util.Util;
import io.jans.ca.common.Command;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.RsProtectParams;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.common.response.RsProtectResponse;
import io.jans.ca.rs.protect.Condition;
import io.jans.ca.rs.protect.ResourceValidator;
import io.jans.ca.rs.protect.RsResource;
import io.jans.ca.rs.protect.resteasy.Key;
import io.jans.ca.rs.protect.resteasy.PatProvider;
import io.jans.ca.rs.protect.resteasy.ResourceRegistrar;
import io.jans.ca.rs.protect.resteasy.ServiceProvider;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.model.UmaResource;
import io.jans.ca.server.service.Rp;
import jakarta.ws.rs.ClientErrorException;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/RsProtectOperation.class */
public class RsProtectOperation extends BaseOperation<RsProtectParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RsProtectOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public RsProtectOperation(Command command, Injector injector) {
        super(command, injector, RsProtectParams.class);
    }

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(final RsProtectParams rsProtectParams) throws Exception {
        validate(rsProtectParams);
        Rp rp = getRp();
        ResourceRegistrar createResourceRegistrar = getOpClientFactory().createResourceRegistrar(new PatProvider() { // from class: io.jans.ca.server.op.RsProtectOperation.1
            @Override // io.jans.ca.rs.protect.resteasy.PatProvider
            public String getPatToken() {
                return RsProtectOperation.this.getUmaTokenService().getPat(rsProtectParams.getRpId()).getToken();
            }

            @Override // io.jans.ca.rs.protect.resteasy.PatProvider
            public void clearPat() {
            }
        }, new ServiceProvider(rp.getOpHost()));
        try {
            createResourceRegistrar.register(rsProtectParams.getResources());
        } catch (ClientErrorException e) {
            LOG.debug("Failed to register resource. Entity: " + ((String) e.getResponse().readEntity(String.class)) + ", status: " + e.getResponse().getStatus(), (Throwable) e);
            if (e.getResponse().getStatus() != 400 && e.getResponse().getStatus() != 401) {
                throw e;
            }
            LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and re-try ...");
            getUmaTokenService().obtainPat(rsProtectParams.getRpId());
            createResourceRegistrar.register(rsProtectParams.getResources());
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
            throw e2;
        }
        persist(createResourceRegistrar, rp);
        return new RsProtectResponse(rp.getRpId());
    }

    private void persist(ResourceRegistrar resourceRegistrar, Rp rp) throws IOException {
        Map<Key, RsResource> resourceMapCopy = resourceRegistrar.getResourceMapCopy();
        for (Map.Entry<Key, String> entry : resourceRegistrar.getIdMapCopy().entrySet()) {
            UmaResource umaResource = new UmaResource();
            umaResource.setId(entry.getValue());
            umaResource.setPath(entry.getKey().getPath());
            umaResource.setHttpMethods(entry.getKey().getHttpMethods());
            HashSet newHashSet = Sets.newHashSet();
            HashSet newHashSet2 = Sets.newHashSet();
            HashSet newHashSet3 = Sets.newHashSet();
            RsResource rsResource = resourceMapCopy.get(entry.getKey());
            for (String str : entry.getKey().getHttpMethods()) {
                List<String> scopes = rsResource.scopes(str);
                if (scopes != null) {
                    newHashSet.addAll(scopes);
                }
                newHashSet2.addAll(rsResource.getScopesForTicket(str));
                JsonNode scopeExpression = rsResource.getScopeExpression(str);
                if (scopeExpression != null) {
                    newHashSet3.add(scopeExpression.toString());
                }
            }
            umaResource.setScopes(Lists.newArrayList(newHashSet));
            umaResource.setTicketScopes(Lists.newArrayList(newHashSet2));
            umaResource.setScopeExpressions(Lists.newArrayList(newHashSet3));
            if (rsResource.getIat() != null && rsResource.getIat().intValue() > 0) {
                umaResource.setIat(rsResource.getIat());
            }
            if (rsResource.getExp() != null && rsResource.getExp().intValue() > 0) {
                umaResource.setExp(rsResource.getExp());
            }
            rp.getUmaProtectedResources().add(umaResource);
        }
        getRpService().update(rp);
    }

    private void validate(RsProtectParams rsProtectParams) {
        if (rsProtectParams.getResources() == null || rsProtectParams.getResources().isEmpty()) {
            throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
        }
        if (!ResourceValidator.isHttpMethodUniqueInPath(rsProtectParams.getResources())) {
            throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
        }
        if (rsProtectParams.getResources() != null) {
            for (RsResource rsResource : rsProtectParams.getResources()) {
                if (rsResource.getConditions() != null) {
                    for (Condition condition : rsResource.getConditions()) {
                        if (condition.getScopeExpression() != null) {
                            String jsonNode = condition.getScopeExpression().toString();
                            if (StringUtils.isNotBlank(jsonNode) && !jsonNode.equalsIgnoreCase("null")) {
                                boolean isNodeValid = JsonLogicNodeParser.isNodeValid(jsonNode);
                                LOG.trace("Scope expression validator - Valid: " + isNodeValid + ", expression: " + jsonNode);
                                if (!isNodeValid) {
                                    throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
                                }
                                validateScopeExpression(jsonNode);
                            }
                        }
                    }
                }
            }
        }
        Rp rp = getRp();
        List<UmaResource> umaProtectedResources = rp.getUmaProtectedResources();
        if (umaProtectedResources == null || umaProtectedResources.isEmpty()) {
            return;
        }
        if (rsProtectParams.getOverwrite() == null || !rsProtectParams.getOverwrite().booleanValue()) {
            throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
        }
        UmaMetadata umaDiscoveryByRpId = getDiscoveryService().getUmaDiscoveryByRpId(rsProtectParams.getRpId());
        String token = getUmaTokenService().getPat(rsProtectParams.getRpId()).getToken();
        UmaResourceService createResourceService = UmaClientFactory.instance().createResourceService(umaDiscoveryByRpId, getHttpService().getClientEngine());
        for (UmaResource umaResource : umaProtectedResources) {
            LOG.trace("Removing existing resource " + umaResource.getId() + " ...");
            createResourceService.deleteResource("Bearer " + token, umaResource.getId());
            LOG.trace("Removed existing resource " + umaResource.getId() + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
        }
        rp.getUmaProtectedResources().clear();
        getRpService().updateSilently(rp);
    }

    public static void validateScopeExpression(String str) {
        JsonLogicNode parseNode = JsonLogicNodeParser.parseNode(str);
        try {
            Object applyObject = JsonLogic.applyObject(parseNode.getRule().toString(), Util.asJsonSilently(parseNode.getData()));
            if (applyObject == null || !parseNode.getData().contains(applyObject.toString())) {
                throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
            }
        } catch (Exception e) {
            LOG.trace("The scope expression is invalid. Please check the documentation and make sure it is a valid JsonLogic expression.", (Throwable) e);
            throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
        }
    }
}
