package io.jans.configapi.security.api;

import com.google.common.base.Preconditions;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.ScopeType;
import io.jans.configapi.configuration.ConfigurationFactory;
import io.jans.configapi.core.protect.Condition;
import io.jans.configapi.core.protect.RsResource;
import io.jans.configapi.core.protect.RsResourceList;
import io.jans.configapi.core.protect.Scope;
import io.jans.configapi.core.util.Jackson;
import io.jans.configapi.core.util.ProtectionScopeType;
import io.jans.configapi.service.auth.ClientService;
import io.jans.configapi.service.auth.ScopeService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/security/api/ApiProtectionService.class */
public class ApiProtectionService {
    public static final String PROTECTION_CONFIGURATION_FILE_NAME = "config-api-rs-protect.json";

    @Inject
    Logger log;

    @Inject
    ScopeService scopeService;

    @Inject
    ClientService clientService;

    @Inject
    ConfigurationFactory configurationFactory;
    Collection<RsResource> rsResourceList;

    public Collection<RsResource> getResourceList() {
        return this.rsResourceList;
    }

    public void verifyResources(String str, String str2) throws IOException {
        this.log.debug("ApiProtectionService::verifyResources() - apiProtectionType:{}, clientId:{}, configurationFactory:{} ", new Object[]{str, str2, this.configurationFactory});
        this.rsResourceList = ((RsResourceList) Jackson.createJsonMapper().readValue(Thread.currentThread().getContextClassLoader().getResourceAsStream(PROTECTION_CONFIGURATION_FILE_NAME), RsResourceList.class)).getResources();
        this.log.debug("verifyResources() - rsResourceList{} ", this.rsResourceList);
        Preconditions.checkNotNull(this.rsResourceList, "Config Api Resource list cannot be null !!!");
        createScopeIfNeeded(str);
        this.log.trace(" *** ApiProtectionService:::verifyResources() -  getAllResources:{}, getScopes():{}, getGroupScopes():{}, getSuperScopes():{}, getAllTypesOfScopes():{}", new Object[]{ApiProtectionCache.getAllResources(), ApiProtectionCache.getScopes(), ApiProtectionCache.getGroupScopes(), ApiProtectionCache.getSuperScopes(), ApiProtectionCache.getAllTypesOfScopes()});
        updateScopeForClientIfNeeded(str2);
    }

    private void createScopeIfNeeded(String str) {
        this.log.debug("ApiProtectionService:::createScopeIfNeeded() - apiProtectionType:{}", str);
        ArrayList arrayList = new ArrayList();
        for (RsResource rsResource : this.rsResourceList) {
            for (Condition condition : rsResource.getConditions()) {
                String str2 = condition.getHttpMethods() + ":::" + rsResource.getPath();
                this.log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, condition.getScopes():{}, condition.getGroupScopes():{}, condition.getSuperScopes():{}", new Object[]{str2, condition.getScopes(), condition.getGroupScopes(), condition.getSuperScopes()});
                List<Scope> scopes = condition.getScopes();
                if (scopes != null && !scopes.isEmpty()) {
                    processScope(str2, ProtectionScopeType.SCOPE, scopes);
                }
                List<Scope> groupScopes = condition.getGroupScopes();
                if (groupScopes != null && !groupScopes.isEmpty()) {
                    processScope(str2, ProtectionScopeType.GROUP, groupScopes);
                }
                List<Scope> superScopes = condition.getSuperScopes();
                if (superScopes != null && !superScopes.isEmpty()) {
                    processScope(str2, ProtectionScopeType.SUPER, superScopes);
                }
                this.log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, scopeList:{}", str2, arrayList);
            }
        }
    }

    private void processScope(String str, ProtectionScopeType protectionScopeType, List<Scope> list) {
        this.log.debug("ApiProtectionService:::processScope() - resourceName:{}, protectionScopeType:{}, scopeList:{}", new Object[]{str, protectionScopeType, list});
        if (list == null || list.isEmpty()) {
            return;
        }
        for (Scope scope : list) {
            String inum = scope.getInum();
            String name = scope.getName();
            this.log.debug("ApiProtectionService:::processScope() - resourceName:{}, inum:{}, scopeName:{}", new Object[]{str, inum, name});
            if (StringUtils.isBlank(inum) || StringUtils.isBlank(name)) {
                return;
            } else {
                ApiProtectionCache.putResourceScopeByType(str, protectionScopeType, validateScope(str, protectionScopeType, scope));
            }
        }
    }

    private List<io.jans.as.persistence.model.Scope> validateScope(String str, ProtectionScopeType protectionScopeType, Scope scope) {
        this.log.debug("Verify Scope in DB - protectionScopeType:{}, rsScope:{} ", protectionScopeType, scope);
        HashSet hashSet = new HashSet();
        io.jans.as.persistence.model.Scope scope2 = this.scopeService.getScope(scope.getInum());
        this.log.debug("Scopes from DB - {}'", scope2);
        if (scope2 != null) {
            this.log.debug("Scope from DB is not null scope.getInum():{}, scope.getId():{}", scope2.getInum(), scope2.getId());
            hashSet.add(scope2);
        }
        ScopeType scopeType = ScopeType.OAUTH;
        this.log.debug("Scope details - scope:{}, rsScope.getName():{}, exclusiveAuthScopes:{}, isConfigApiScope(scopeName):{} '", new Object[]{scope2, scope.getName(), this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes(), Boolean.valueOf(isConfigApiScope(scope.getName()))});
        if (isConfigApiScope(scope.getName())) {
            scope2 = this.scopeService.getScope(scope.getInum());
            this.log.debug("Re-verify ConfigApiScope rsScope.getName():{} with rsScope.getInum():{} in DB - scope:{} ", new Object[]{scope.getName(), scope.getInum(), scope2});
            if (scope2 == null) {
                this.log.info("Scope - '{}' does not exist, hence creating it.", scope2);
                scope2 = new io.jans.as.persistence.model.Scope();
                String inum = scope.getInum();
                scope2.setId(scope.getName());
                scope2.setDisplayName(scope.getName());
                scope2.setInum(inum);
                scope2.setDn(this.scopeService.getDnForScope(inum));
                scope2.setScopeType(scopeType);
                this.scopeService.addScope(scope2);
            } else {
                this.log.info("Scope - '{}' already exists, hence updating it.", scope.getName());
                scope2.setId(scope.getName());
                scope2.setScopeType(scopeType);
                this.scopeService.updateScope(scope2);
            }
        }
        if (scope2 != null) {
            hashSet.add(scope2);
            ApiProtectionCache.addScope(str, protectionScopeType, scope2);
        }
        return (List) hashSet.stream().collect(Collectors.toList());
    }

    private boolean isConfigApiScope(String str) {
        return this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes() == null || !this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes().contains(str);
    }

    private void updateScopeForClientIfNeeded(String str) {
        this.log.debug(" Internal clientId:{} ", str);
        if (StringUtils.isBlank(str)) {
            return;
        }
        try {
            Client clientByInum = this.clientService.getClientByInum(str);
            this.log.debug("updateScopeForClientIfNeeded() - Verify client:{} ", clientByInum);
            if (clientByInum != null) {
                this.log.info("updateScopeForClientIfNeeded() - 1 - client.getClientSecret():{} ", clientByInum.getClientSecret());
                List<String> scopeWithDn = getScopeWithDn(getAllScopes());
                this.log.debug("updateScopeForClientIfNeeded() - All scopes:{}", scopeWithDn);
                if (clientByInum.getScopes() != null) {
                    List asList = Arrays.asList(clientByInum.getScopes());
                    this.log.debug("updateScopeForClientIfNeeded() - Clients existing scopes:{} ", asList);
                    if (scopeWithDn == null) {
                        scopeWithDn = new ArrayList();
                    }
                    scopeWithDn.addAll(asList);
                }
                List<String> emptyList = scopeWithDn == null ? Collections.emptyList() : (List) scopeWithDn.stream().distinct().collect(Collectors.toList());
                this.log.debug("updateScopeForClientIfNeeded() - Distinct scopes to add:{} ", emptyList);
                String[] allScopesArray = getAllScopesArray(emptyList);
                this.log.debug("All Scope to assign to client:{}", Arrays.asList(allScopesArray));
                clientByInum.setScopes(allScopesArray);
                this.clientService.updateClient(clientByInum);
            }
            Client clientByInum2 = this.clientService.getClientByInum(str);
            this.log.debug(" Verify scopes post assignment, clientId:{}, scopes:{}", str, Arrays.asList(clientByInum2.getScopes()));
            this.log.info("updateScopeForClientIfNeeded() - 2 - client.getClientSecret():{} ", clientByInum2.getClientSecret());
        } catch (Exception e) {
            this.log.error("Error while searching internal client", e);
        }
    }

    private List<String> getAllScopes() {
        ArrayList arrayList = new ArrayList();
        Map<String, io.jans.as.persistence.model.Scope> allTypesOfScopes = ApiProtectionCache.getAllTypesOfScopes();
        Set<String> keySet = allTypesOfScopes.keySet();
        this.log.debug(" All Scopes scopeMap:{}, keys:{}", allTypesOfScopes, keySet);
        Iterator<String> it = keySet.iterator();
        while (it.hasNext()) {
            io.jans.as.persistence.model.Scope scope = allTypesOfScopes.get(it.next());
            this.log.trace(" All Scopes scopeMap:{}, keys:{}", allTypesOfScopes, keySet);
            arrayList.add(scope.getInum());
        }
        this.log.debug(" All Scopes being returned scopes:{}", arrayList);
        return arrayList;
    }

    private String[] getAllScopesArray(List<String> list) {
        String[] strArr = null;
        if (list != null && !list.isEmpty()) {
            strArr = new String[list.size()];
            for (int i = 0; i < list.size(); i++) {
                strArr[i] = list.get(i);
            }
        }
        return strArr;
    }

    private List<String> getScopeWithDn(List<String> list) {
        ArrayList arrayList = null;
        if (list != null && !list.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.scopeService.getDnForScope(it.next()));
            }
        }
        return arrayList;
    }
}
