package io.jans.configapi.security.api;

import com.google.common.base.Preconditions;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.ScopeType;
import io.jans.as.persistence.model.Scope;
import io.jans.ca.rs.protect.Condition;
import io.jans.ca.rs.protect.RsResource;
import io.jans.ca.rs.protect.RsResourceList;
import io.jans.configapi.configuration.ConfigurationFactory;
import io.jans.configapi.core.util.Jackson;
import io.jans.configapi.service.auth.ClientService;
import io.jans.configapi.service.auth.ScopeService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/security/api/ApiProtectionService.class */
public class ApiProtectionService {
    public static final String PROTECTION_CONFIGURATION_FILE_NAME = "config-api-rs-protect.json";

    @Inject
    Logger log;

    @Inject
    ScopeService scopeService;

    @Inject
    ClientService clientService;

    @Inject
    ConfigurationFactory configurationFactory;
    Collection<RsResource> rsResourceList;

    public Collection<RsResource> getResourceList() {
        return this.rsResourceList;
    }

    public void verifyResources(String str, String str2) throws IOException {
        this.log.debug("ApiProtectionService::verifyResources() - apiProtectionType:{}, clientId:{}, configurationFactory:{} ", new Object[]{str, str2, this.configurationFactory});
        this.rsResourceList = ((RsResourceList) Jackson.createJsonMapper().readValue(Thread.currentThread().getContextClassLoader().getResourceAsStream(PROTECTION_CONFIGURATION_FILE_NAME), RsResourceList.class)).getResources();
        this.log.debug("verifyResources() - rsResourceList{} ", this.rsResourceList);
        Preconditions.checkNotNull(this.rsResourceList, "Config Api Resource list cannot be null !!!");
        createScopeIfNeeded(str);
        this.log.trace("ApiProtectionService:::verifyResources() - allScopes:{}, allResources:{} ", ApiProtectionCache.getAllScopes(), ApiProtectionCache.getAllResources());
        updateScopeForClientIfNeeded(str2);
    }

    private void createScopeIfNeeded(String str) {
        this.log.debug("ApiProtectionService:::createScopeIfNeeded() - apiProtectionType:{}", str);
        List<Scope> arrayList = new ArrayList();
        for (RsResource rsResource : this.rsResourceList) {
            for (Condition condition : rsResource.getConditions()) {
                String str2 = condition.getHttpMethods() + ":::" + rsResource.getPath();
                List scopes = condition.getScopes();
                this.log.trace("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, rsScopes:{} ", str2, scopes);
                if (scopes != null && !scopes.isEmpty()) {
                    Iterator it = scopes.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            String str3 = (String) it.next();
                            this.log.debug("ApiProtectionService:::createScopeIfNeeded() - scopeName:{} ", str3);
                            Scope scope = ApiProtectionCache.getScope(str3);
                            this.log.debug("ApiProtectionService:::createScopeIfNeeded() - ApiProtectionCache.getScope(scopeName):{}", ApiProtectionCache.getScope(str3));
                            if (scope != null) {
                                this.log.debug("Scope - '{}' exists in cache.", str3);
                                arrayList.add(scope);
                                break;
                            }
                            arrayList = validateScope(str3);
                        }
                    }
                    ApiProtectionCache.putResource(str2, arrayList);
                    this.log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, scopeList:{}", str2, arrayList);
                }
            }
        }
    }

    private List<Scope> validateScope(String str) {
        ArrayList arrayList = new ArrayList();
        Scope scope = null;
        this.log.debug("Verify Scope in DB - {} ", str);
        List<Scope> searchScopesById = this.scopeService.searchScopesById(str);
        this.log.debug("Scopes from DB - {}'", searchScopesById);
        if (searchScopesById != null && !searchScopesById.isEmpty()) {
            scope = searchScopesById.get(0);
            this.log.debug("Scope from DB is - {}", scope.getId());
            arrayList.add(scope);
            if (searchScopesById.size() > 1) {
                this.log.error("{} Scope with same name - {} ", Integer.valueOf(searchScopesById.size()), str);
                throw new WebApplicationException("Multiple Scope with same name - " + str, Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
            }
        }
        ScopeType scopeType = ScopeType.OAUTH;
        this.log.trace("Scope details - scopes:{}, scopeName:{}, exclusiveAuthScopes:{}, isConfigApiScope(scopeName):{} '", new Object[]{searchScopesById, str, this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes(), Boolean.valueOf(isConfigApiScope(str))});
        if (isConfigApiScope(str)) {
            if (searchScopesById == null || searchScopesById.isEmpty()) {
                this.log.debug("Scope - '{}' does not exist, hence creating it.", str);
                scope = new Scope();
                String uuid = UUID.randomUUID().toString();
                scope.setId(str);
                scope.setDisplayName(str);
                scope.setInum(uuid);
                scope.setDn(this.scopeService.getDnForScope(uuid));
                scope.setScopeType(scopeType);
                this.scopeService.addScope(scope);
            }
            if (scope != null) {
                this.log.debug("Scope - '{}' already exists, hence updating it.", str);
                scope.setId(str);
                scope.setScopeType(scopeType);
                this.scopeService.updateScope(scope);
            }
        }
        if (scope != null) {
            arrayList.add(scope);
            ApiProtectionCache.putScope(scope);
        }
        return arrayList;
    }

    private boolean isConfigApiScope(String str) {
        return this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes() == null || !this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes().contains(str);
    }

    private void updateScopeForClientIfNeeded(String str) {
        this.log.debug(" Internal clientId:{} ", str);
        if (StringUtils.isBlank(str)) {
            return;
        }
        try {
            Client clientByInum = this.clientService.getClientByInum(str);
            this.log.debug("updateScopeForClientIfNeeded() - Verify client:{} ", clientByInum);
            if (clientByInum != null) {
                List<String> scopeWithDn = getScopeWithDn(getAllScopes());
                this.log.trace("updateScopeForClientIfNeeded() - All scopes:{}", scopeWithDn);
                if (clientByInum.getScopes() != null) {
                    List asList = Arrays.asList(clientByInum.getScopes());
                    this.log.trace("updateScopeForClientIfNeeded() - Clients existing scopes:{} ", asList);
                    if (scopeWithDn == null) {
                        scopeWithDn = new ArrayList();
                    }
                    scopeWithDn.addAll(asList);
                }
                List<String> emptyList = scopeWithDn == null ? Collections.emptyList() : (List) scopeWithDn.stream().distinct().collect(Collectors.toList());
                this.log.debug("updateScopeForClientIfNeeded() - Distinct scopes to add:{} ", emptyList);
                String[] allScopesArray = getAllScopesArray(emptyList);
                this.log.debug("All Scope to assign to client:{}", Arrays.asList(allScopesArray));
                clientByInum.setScopes(allScopesArray);
                this.clientService.updateClient(clientByInum);
            }
            this.log.debug(" Verify scopes post assignment, clientId:{}, scopes:{}", str, Arrays.asList(this.clientService.getClientByInum(str).getScopes()));
        } catch (Exception e) {
            this.log.error("Error while searching internal client", e);
        }
    }

    private List<String> getAllScopes() {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = ApiProtectionCache.getAllScopes().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add(ApiProtectionCache.getScope(it.next()).getInum());
        }
        return arrayList;
    }

    private String[] getAllScopesArray(List<String> list) {
        String[] strArr = null;
        if (list != null && !list.isEmpty()) {
            strArr = new String[list.size()];
            for (int i = 0; i < list.size(); i++) {
                strArr[i] = list.get(i);
            }
        }
        return strArr;
    }

    private List<String> getScopeWithDn(List<String> list) {
        ArrayList arrayList = null;
        if (list != null && !list.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.scopeService.getDnForScope(it.next()));
            }
        }
        return arrayList;
    }
}
