package io.jans.ca.server.op;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.jans.as.client.RegisterRequest;
import io.jans.as.client.RegisterResponse;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.SubjectType;
import io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm;
import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.UpdateSiteParams;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.common.response.UpdateSiteResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.configuration.model.Rp;
import io.jans.ca.server.mapper.RegisterRequestMapper;
import io.jans.ca.server.service.RpService;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/ca/server/op/UpdateSiteOperation.class */
public class UpdateSiteOperation extends BaseOperation<UpdateSiteParams> {
    private static final Logger LOG = LoggerFactory.getLogger(UpdateSiteOperation.class);
    private Rp rp;

    @Inject
    RpService rpService;

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(UpdateSiteParams updateSiteParams, HttpServletRequest httpServletRequest) {
        this.rp = getRp(updateSiteParams);
        LOG.info("Updating rp ... rp: " + this.rp);
        persistRp(this.rp, updateSiteParams);
        UpdateSiteResponse updateSiteResponse = new UpdateSiteResponse();
        updateSiteResponse.setRpId(this.rp.getRpId());
        return updateSiteResponse;
    }

    @Override // io.jans.ca.server.op.IOperation
    public Class<UpdateSiteParams> getParameterClass() {
        return UpdateSiteParams.class;
    }

    @Override // io.jans.ca.server.op.IOperation
    public String getReturnType() {
        return "application/json";
    }

    private void persistRp(Rp rp, UpdateSiteParams updateSiteParams) {
        try {
            RegisterRequest createRegisterClientRequest = createRegisterClientRequest(rp, updateSiteParams);
            updateRegisteredClient(rp, createRegisterClientRequest);
            RegisterRequestMapper.fillRp(rp, createRegisterClientRequest);
            this.rpService.update(rp);
            LOG.info("RP updated: " + rp);
        } catch (Exception e) {
            throw new RuntimeException("Failed to persist RP, params: " + updateSiteParams, e);
        }
    }

    private void updateRegisteredClient(Rp rp, RegisterRequest registerRequest) {
        if (StringUtils.isBlank(rp.getClientRegistrationClientUri())) {
            LOG.error("Registration client url is blank.");
            throw new HttpException(ErrorResponseCode.INVALID_REGISTRATION_CLIENT_URL);
        }
        RegisterResponse exec = this.rpService.createRegisterClient(rp.getClientRegistrationClientUri(), registerRequest).exec();
        if (exec == null) {
            LOG.error("RegisterClient response is null.");
        } else {
            if (exec.getStatus() == 200) {
                LOG.trace("Client updated successfully. for rp - client_id: " + rp.getClientId());
                return;
            }
            LOG.error("Response is not OK (200).");
        }
        if (!Strings.isNullOrEmpty(exec.getErrorDescription())) {
            LOG.error(exec.getErrorDescription());
        }
        throw new RuntimeException("Failed to update client for rp. Details:" + exec.getEntity());
    }

    private RegisterRequest createRegisterClientRequest(Rp rp, UpdateSiteParams updateSiteParams) {
        RegisterRequest createRegisterRequest = RegisterRequestMapper.createRegisterRequest(rp);
        createRegisterRequest.setHttpMethod("PUT");
        if (updateSiteParams.getResponseTypes() != null && !updateSiteParams.getResponseTypes().isEmpty()) {
            createRegisterRequest.setResponseTypesStrings(updateSiteParams.getResponseTypes());
        }
        if (updateSiteParams.getRptAsJwt() != null) {
            createRegisterRequest.setRptAsJwt(updateSiteParams.getRptAsJwt());
        }
        if (updateSiteParams.getGrantType() != null && !updateSiteParams.getGrantType().isEmpty()) {
            createRegisterRequest.setGrantTypes((List) updateSiteParams.getGrantType().stream().map(str -> {
                return GrantType.fromString(str);
            }).collect(Collectors.toList()));
        }
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        if (updateSiteParams.getRedirectUris() != null && !updateSiteParams.getRedirectUris().isEmpty()) {
            if (!updateSiteParams.getRedirectUris().stream().allMatch(str2 -> {
                return Utils.isValidUrl(str2);
            })) {
                throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
            }
            newLinkedHashSet.addAll(updateSiteParams.getRedirectUris());
            createRegisterRequest.setRedirectUris(Lists.newArrayList(newLinkedHashSet));
        }
        if (updateSiteParams.getAcrValues() != null && !updateSiteParams.getAcrValues().isEmpty()) {
            createRegisterRequest.setDefaultAcrValues(updateSiteParams.getAcrValues());
        }
        if (updateSiteParams.getClaimsRedirectUri() != null && !updateSiteParams.getClaimsRedirectUri().isEmpty()) {
            createRegisterRequest.setClaimsRedirectUris(updateSiteParams.getClaimsRedirectUri());
        }
        if (updateSiteParams.getAccessTokenAsJwt() != null) {
            createRegisterRequest.setAccessTokenAsJwt(updateSiteParams.getAccessTokenAsJwt());
        }
        if (updateSiteParams.getAccessTokenSigningAlg() != null) {
            SignatureAlgorithm fromString = SignatureAlgorithm.fromString(updateSiteParams.getAccessTokenSigningAlg());
            if (fromString == null) {
                LOG.error("Received invalid algorithm in `access_token_signing_alg` property. Value: " + updateSiteParams.getAccessTokenSigningAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            createRegisterRequest.setAccessTokenSigningAlg(fromString);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getClientJwksUri())) {
            createRegisterRequest.setJwksUri(updateSiteParams.getClientJwksUri());
        }
        if (updateSiteParams.getPostLogoutRedirectUris() != null && !updateSiteParams.getPostLogoutRedirectUris().isEmpty()) {
            createRegisterRequest.setPostLogoutRedirectUris(Lists.newArrayList(updateSiteParams.getPostLogoutRedirectUris()));
        }
        if (updateSiteParams.getContacts() != null) {
            createRegisterRequest.setContacts(updateSiteParams.getContacts());
        }
        if (updateSiteParams.getScope() != null) {
            createRegisterRequest.setScope(updateSiteParams.getScope());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getClientSectorIdentifierUri())) {
            createRegisterRequest.setSectorIdentifierUri(updateSiteParams.getClientSectorIdentifierUri());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getClientFrontchannelLogoutUri())) {
            createRegisterRequest.setFrontChannelLogoutUri(updateSiteParams.getClientFrontchannelLogoutUri());
        }
        if (updateSiteParams.getClientRequestUris() != null && !updateSiteParams.getClientRequestUris().isEmpty()) {
            createRegisterRequest.setRequestUris(updateSiteParams.getClientRequestUris());
        }
        if (updateSiteParams.getClientTokenEndpointAuthSigningAlg() != null) {
            if (SignatureAlgorithm.fromString(updateSiteParams.getClientTokenEndpointAuthSigningAlg()) == null) {
                LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + updateSiteParams.getClientTokenEndpointAuthSigningAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            createRegisterRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.fromString(updateSiteParams.getClientTokenEndpointAuthSigningAlg()));
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getClientName())) {
            createRegisterRequest.setClientName(updateSiteParams.getClientName());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getLogoUri())) {
            createRegisterRequest.setLogoUri(updateSiteParams.getLogoUri());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getClientUri())) {
            createRegisterRequest.setClientUri(updateSiteParams.getClientUri());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getPolicyUri())) {
            createRegisterRequest.setPolicyUri(updateSiteParams.getPolicyUri());
        }
        if (updateSiteParams.getFrontChannelLogoutSessionRequired() != null) {
            createRegisterRequest.setFrontChannelLogoutSessionRequired(updateSiteParams.getFrontChannelLogoutSessionRequired());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getTosUri())) {
            createRegisterRequest.setTosUri(updateSiteParams.getTosUri());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getJwks())) {
            createRegisterRequest.setJwks(updateSiteParams.getJwks());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getIdTokenBindingCnf())) {
            createRegisterRequest.setIdTokenTokenBindingCnf(updateSiteParams.getIdTokenBindingCnf());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getTlsClientAuthSubjectDn())) {
            createRegisterRequest.setTlsClientAuthSubjectDn(updateSiteParams.getTlsClientAuthSubjectDn());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getSubjectType())) {
            SubjectType fromString2 = SubjectType.fromString(updateSiteParams.getSubjectType());
            if (fromString2 == null) {
                LOG.error("Received invalid values in `subject_type` property. Value: " + updateSiteParams.getSubjectType());
                throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
            }
            createRegisterRequest.setSubjectType(fromString2);
        }
        if (updateSiteParams.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
            createRegisterRequest.setRunIntrospectionScriptBeforeJwtCreation(updateSiteParams.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getIdTokenSignedResponseAlg())) {
            SignatureAlgorithm fromString3 = SignatureAlgorithm.fromString(updateSiteParams.getIdTokenSignedResponseAlg());
            if (fromString3 == null) {
                LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + updateSiteParams.getIdTokenSignedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            if (fromString3 == SignatureAlgorithm.NONE && !getJansConfigurationService().find().getAcceptIdTokenWithoutSignature().booleanValue()) {
                LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
                throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
            }
            createRegisterRequest.setIdTokenSignedResponseAlg(fromString3);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getIdTokenEncryptedResponseAlg())) {
            KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(updateSiteParams.getIdTokenEncryptedResponseAlg());
            if (fromName == null) {
                LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + updateSiteParams.getIdTokenEncryptedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setIdTokenEncryptedResponseAlg(fromName);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getIdTokenEncryptedResponseEnc())) {
            BlockEncryptionAlgorithm fromName2 = BlockEncryptionAlgorithm.fromName(updateSiteParams.getIdTokenEncryptedResponseEnc());
            if (fromName2 == null) {
                LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + updateSiteParams.getIdTokenEncryptedResponseEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setIdTokenEncryptedResponseEnc(fromName2);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getUserInfoSignedResponseAlg())) {
            SignatureAlgorithm fromString4 = SignatureAlgorithm.fromString(updateSiteParams.getUserInfoSignedResponseAlg());
            if (fromString4 == null) {
                LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + updateSiteParams.getUserInfoSignedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            createRegisterRequest.setUserInfoSignedResponseAlg(fromString4);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getUserInfoEncryptedResponseAlg())) {
            KeyEncryptionAlgorithm fromName3 = KeyEncryptionAlgorithm.fromName(updateSiteParams.getUserInfoEncryptedResponseAlg());
            if (fromName3 == null) {
                LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + updateSiteParams.getUserInfoEncryptedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setUserInfoEncryptedResponseAlg(fromName3);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getUserInfoEncryptedResponseEnc())) {
            BlockEncryptionAlgorithm fromName4 = BlockEncryptionAlgorithm.fromName(updateSiteParams.getUserInfoEncryptedResponseEnc());
            if (fromName4 == null) {
                LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + updateSiteParams.getUserInfoEncryptedResponseEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setUserInfoEncryptedResponseEnc(fromName4);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getRequestObjectSigningAlg())) {
            SignatureAlgorithm fromString5 = SignatureAlgorithm.fromString(updateSiteParams.getRequestObjectSigningAlg());
            if (fromString5 == null) {
                LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + updateSiteParams.getRequestObjectSigningAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            createRegisterRequest.setRequestObjectSigningAlg(fromString5);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getRequestObjectEncryptionAlg())) {
            KeyEncryptionAlgorithm fromName5 = KeyEncryptionAlgorithm.fromName(updateSiteParams.getRequestObjectEncryptionAlg());
            if (fromName5 == null) {
                LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + updateSiteParams.getRequestObjectEncryptionAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setRequestObjectEncryptionAlg(fromName5);
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getRequestObjectEncryptionEnc())) {
            BlockEncryptionAlgorithm fromName6 = BlockEncryptionAlgorithm.fromName(updateSiteParams.getRequestObjectEncryptionEnc());
            if (fromName6 == null) {
                LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + updateSiteParams.getRequestObjectEncryptionEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            createRegisterRequest.setRequestObjectEncryptionEnc(fromName6);
        }
        if (updateSiteParams.getDefaultMaxAge() != null && NumberUtils.isNumber(updateSiteParams.getDefaultMaxAge().toString())) {
            createRegisterRequest.setDefaultMaxAge(updateSiteParams.getDefaultMaxAge());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getInitiateLoginUri())) {
            createRegisterRequest.setInitiateLoginUri(updateSiteParams.getInitiateLoginUri());
        }
        if (updateSiteParams.getAuthorizedOrigins() != null && !updateSiteParams.getAuthorizedOrigins().isEmpty()) {
            createRegisterRequest.setAuthorizedOrigins(updateSiteParams.getAuthorizedOrigins());
        }
        if (updateSiteParams.getAccessTokenLifetime() != null && NumberUtils.isNumber(updateSiteParams.getAccessTokenLifetime().toString())) {
            createRegisterRequest.setAccessTokenLifetime(updateSiteParams.getAccessTokenLifetime());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getSoftwareId())) {
            createRegisterRequest.setSoftwareId(updateSiteParams.getSoftwareId());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getSoftwareVersion())) {
            createRegisterRequest.setSoftwareVersion(updateSiteParams.getSoftwareVersion());
        }
        if (!Strings.isNullOrEmpty(updateSiteParams.getSoftwareStatement())) {
            createRegisterRequest.setSoftwareStatement(updateSiteParams.getSoftwareStatement());
        }
        if (updateSiteParams.getAllowSpontaneousScopes() != null) {
            createRegisterRequest.setAllowSpontaneousScopes(updateSiteParams.getAllowSpontaneousScopes());
        }
        if (CollectionUtils.isNotEmpty(updateSiteParams.getSpontaneousScopes())) {
            createRegisterRequest.setSpontaneousScopes(updateSiteParams.getSpontaneousScopes());
        }
        if (updateSiteParams.getCustomAttributes() != null && !updateSiteParams.getCustomAttributes().isEmpty()) {
            updateSiteParams.getCustomAttributes().entrySet().removeIf(entry -> {
                return ((String) entry.getKey()).contains("oxAuthTrustedClient");
            });
            updateSiteParams.getCustomAttributes().entrySet().stream().forEach(entry2 -> {
                createRegisterRequest.addCustomAttribute((String) entry2.getKey(), (String) entry2.getValue());
            });
        }
        if (StringUtils.isNotBlank(rp.getRpId())) {
            createRegisterRequest.addCustomAttribute("rp_id", rp.getRpId());
        }
        return createRegisterRequest;
    }
}
