package io.jans.ca.server.rest;

import io.jans.as.model.util.Util;
import io.jans.ca.common.Command;
import io.jans.ca.common.CommandType;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.Jackson2;
import io.jans.ca.common.params.HasRpIdParams;
import io.jans.ca.common.params.IParams;
import io.jans.ca.common.response.POJOResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Processor;
import io.jans.ca.server.configuration.ApiAppConfiguration;
import io.jans.ca.server.configuration.model.Rp;
import io.jans.ca.server.persistence.service.MainPersistenceService;
import io.jans.ca.server.service.RpSyncService;
import io.jans.ca.server.service.ValidationService;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.List;
import org.slf4j.Logger;

/* loaded from: input_file:io/jans/ca/server/rest/BaseResource.class */
public class BaseResource {

    @Inject
    Logger logger;

    @Inject
    MainPersistenceService jansConfigurationService;

    @Inject
    RpSyncService rpSyncService;

    @Inject
    ValidationService validationService;

    @Inject
    Processor processor;

    @Context
    private HttpServletRequest httpRequest;
    private static final String LOCALHOST_IP_ADDRESS = "127.0.0.1";

    public <T> T read(String str, Class<T> cls) {
        try {
            return (T) Jackson2.createJsonMapper().readValue(str, cls);
        } catch (IOException e) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("Invalid parameters. Message: " + e.getMessage()).build());
        }
    }

    public <T extends IParams> String process(CommandType commandType, String str, Class<T> cls, String str2, String str3) {
        this.logger.info("Endpoint: {}", this.httpRequest.getRequestURL().toString());
        this.logger.info("Request parameters: {}", str);
        this.logger.info("CommandType: {}", commandType);
        validateIpAddressAllowed(this.httpRequest.getRemoteAddr());
        Object objectForJsonConversion = getObjectForJsonConversion(commandType, str, cls, str2, str3);
        String str4 = null;
        if (commandType.getReturnType().equalsIgnoreCase("application/json")) {
            str4 = Jackson2.asJsonSilently(objectForJsonConversion);
        } else if (commandType.getReturnType().equalsIgnoreCase("text/plain")) {
            str4 = objectForJsonConversion.toString();
        }
        this.logger.trace("Send back response: {}", str4);
        return str4;
    }

    private void validateIpAddressAllowed(String str) {
        this.logger.trace("Checking if caller ipAddress : {} is allowed to make request to jans_client_api.", str);
        List<String> bindIpAddresses = this.jansConfigurationService.find().getBindIpAddresses();
        if ((bindIpAddresses == null || bindIpAddresses.isEmpty()) && LOCALHOST_IP_ADDRESS.equalsIgnoreCase(str)) {
            return;
        }
        if (bindIpAddresses == null || bindIpAddresses.isEmpty()) {
            this.logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration.");
            throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED);
        }
        if (bindIpAddresses.contains("*") || bindIpAddresses.contains(str)) {
            return;
        }
        this.logger.error("The caller is not allowed to make request to jans_client_api. To allow add ip_address of caller in `bind_ip_addresses` array of configuration.");
        throw new HttpException(ErrorResponseCode.RP_ACCESS_DENIED);
    }

    private <T extends IParams> Object getObjectForJsonConversion(CommandType commandType, String str, Class<T> cls, String str2, String str3) {
        this.logger.trace("Command: {}", str);
        IParams iParams = (IParams) read(safeToJson(str), cls);
        ApiAppConfiguration find = this.jansConfigurationService.find();
        if (commandType.isAuthorizationRequired()) {
            validateAuthorizationRpId(find, str3);
            validateAccessToken(str2, safeToRpId((HasRpIdParams) iParams, str3));
        }
        Object process = this.processor.process(new Command(commandType, iParams));
        Object obj = process;
        if (process instanceof POJOResponse) {
            obj = ((POJOResponse) process).getNode();
        }
        return obj;
    }

    private void validateAuthorizationRpId(ApiAppConfiguration apiAppConfiguration, String str) {
        if (Util.isNullOrEmpty(str)) {
            return;
        }
        Rp rp = this.rpSyncService.getRp(str);
        if (rp == null || Util.isNullOrEmpty(rp.getRpId())) {
            this.logger.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api.");
            throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND);
        }
        if (apiAppConfiguration.getProtectCommandsWithRpId() == null || apiAppConfiguration.getProtectCommandsWithRpId().isEmpty() || apiAppConfiguration.getProtectCommandsWithRpId().contains(str)) {
            return;
        }
        this.logger.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml.");
        throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID);
    }

    private void validateAccessToken(String str, String str2) {
        ApiAppConfiguration find = this.jansConfigurationService.find();
        if (find.getProtectCommandsWithAccessToken() != null && !find.getProtectCommandsWithAccessToken().booleanValue()) {
            this.logger.debug("Skip protection because protect_commands_with_access_token: false in configuration file.");
            return;
        }
        if (Util.isNullOrEmpty(str)) {
            this.logger.debug("No access token provided in Authorization header. Forbidden.");
            throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN);
        }
        String substring = str.substring("Bearer ".length());
        if (Util.isNullOrEmpty(substring)) {
            this.logger.debug("No access token provided in Authorization header. Forbidden.");
            throw new HttpException(ErrorResponseCode.BLANK_ACCESS_TOKEN);
        }
        this.validationService.validateAccessToken(substring, str2);
    }

    private String safeToRpId(HasRpIdParams hasRpIdParams, String str) {
        return Util.isNullOrEmpty(str) ? hasRpIdParams.getRpId() : str;
    }

    private String safeToJson(String str) {
        return Util.isNullOrEmpty(str) ? "{}" : str;
    }
}
