package io.jans.configapi.rest.resource.auth;

import com.github.fge.jsonpatch.JsonPatch;
import com.github.fge.jsonpatch.JsonPatchException;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.service.common.EncryptionService;
import io.jans.as.common.service.common.InumService;
import io.jans.as.model.util.Util;
import io.jans.as.persistence.model.Scope;
import io.jans.configapi.core.model.SearchRequest;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.core.util.Jackson;
import io.jans.configapi.service.auth.ClientService;
import io.jans.configapi.service.auth.ConfigurationService;
import io.jans.configapi.service.auth.ScopeService;
import io.jans.configapi.util.AuthUtil;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.exception.EntryPersistenceException;
import io.jans.orm.model.PagedResult;
import io.jans.util.StringHelper;
import io.jans.util.security.StringEncrypter;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;

@ApplicationScoped
@Produces({"application/json"})
@Path("/openid/clients")
@Consumes({"application/json"})
/* loaded from: input_file:io/jans/configapi/rest/resource/auth/ClientsResource.class */
public class ClientsResource extends ConfigBaseResource {
    private static final String OPENID_CONNECT_CLIENT = "openid connect client";

    @Inject
    ClientService clientService;

    @Inject
    ConfigurationService configurationService;

    @Inject
    private InumService inumService;

    @Inject
    EncryptionService encryptionService;

    @Inject
    AuthUtil authUtil;

    @Inject
    ScopeService scopeService;

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.readonly"})
    @Operation(summary = "Gets list of OpenID Connect clients", description = "Gets list of OpenID Connect clients", operationId = "get-oauth-openid-clients", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.readonly"})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = PagedResult.class), examples = {@ExampleObject(name = "Response json example", value = "example/openid-clients/openid-clients-get-all.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getOpenIdConnectClients(@QueryParam("limit") @DefaultValue("50") int i, @QueryParam("pattern") @DefaultValue("") String str, @QueryParam("startIndex") @DefaultValue("1") int i2, @QueryParam("sortBy") String str2, @QueryParam("sortOrder") String str3) throws StringEncrypter.EncryptionException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client serach param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}", new Object[]{Util.escapeLog(Integer.valueOf(i)), Util.escapeLog(str), Util.escapeLog(Integer.valueOf(i2)), Util.escapeLog(str2), Util.escapeLog(str3)});
        }
        return Response.ok(doSearch(createSearchRequest(this.clientService.getDnForClient(null), str, str2, str3, Integer.valueOf(i2), Integer.valueOf(i), null, null, getMaxCount()))).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.readonly"})
    @Operation(summary = "Get OpenId Connect Client by Inum", description = "Get OpenId Connect Client by Inum", operationId = "get-oauth-openid-clients-by-inum", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.readonly"})})
    @GET
    @Path("{inum}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Response json example", value = "example/openid-clients/openid-clients-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getOpenIdClientByInum(@NotNull @PathParam("inum") String str) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client serach by inum:{}", Util.escapeLog(str));
        }
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        return Response.ok(clientByInum).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.write"})
    @Operation(summary = "Create new OpenId Connect client", description = "Create new OpenId Connect client", operationId = "post-oauth-openid-client", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.write"})})
    @POST
    @RequestBody(description = "OpenID Connect Client object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Request json example", value = "example/openid-clients/openid-clients-post.json")})})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "Created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Response json example", value = "example/openid-clients/openid-clients-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response createOpenIdConnect(@Valid Client client) throws StringEncrypter.EncryptionException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client to be added - client:{}, client.getAttributes():{}, client.getCustomAttributes():{}", new Object[]{Util.escapeLog(client), Util.escapeLog(client.getAttributes()), Util.escapeLog(client.getCustomAttributes())});
        }
        String clientId = client.getClientId();
        if (clientId == null || clientId.isEmpty() || clientId.isBlank()) {
            clientId = this.inumService.generateClientInum();
            client.setClientId(clientId);
        }
        checkNotNull(client.getRedirectUris(), "redirectUris");
        checkScopeFormat(client);
        String clientSecret = client.getClientSecret();
        if (StringHelper.isEmpty(clientSecret)) {
            clientSecret = generatePassword();
        }
        client.setClientSecret(this.encryptionService.encrypt(clientSecret));
        client.setDn(this.clientService.getDnForClient(clientId));
        client.setDeletable(Boolean.valueOf(client.getClientSecretExpiresAt() != null));
        ignoreCustomObjectClassesForNonLDAP(client);
        this.logger.trace("Final Client details to be added - client:{}, client.getAttributes():{}, client.getCustomAttributes():{}", new Object[]{client, client.getAttributes(), client.getCustomAttributes()});
        this.clientService.addClient(client);
        Client clientByInum = this.clientService.getClientByInum(clientId);
        clientByInum.setClientSecret(this.encryptionService.decrypt(clientByInum.getClientSecret()));
        return Response.status(Response.Status.CREATED).entity(clientByInum).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.write"})
    @Operation(summary = "Update OpenId Connect client", description = "Update OpenId Connect client", operationId = "put-oauth-openid-client", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.write"})})
    @PUT
    @RequestBody(description = "OpenID Connect Client object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Request json example", value = "example/openid-clients/openid-clients-put.json")})})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Response json example", value = "example/openid-clients/openid-clients-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response updateClient(@Valid Client client) throws StringEncrypter.EncryptionException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client details to be updated - client:{}", Util.escapeLog(client));
        }
        String clientId = client.getClientId();
        checkNotNull(clientId, "inum");
        checkNotNull(client.getRedirectUris(), "redirectUris");
        Client clientByInum = this.clientService.getClientByInum(clientId);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        checkScopeFormat(client);
        client.setClientId(clientByInum.getClientId());
        client.setBaseDn(this.clientService.getDnForClient(clientId));
        client.setDeletable(Boolean.valueOf(client.getExpirationDate() != null));
        if (client.getClientSecret() != null) {
            client.setClientSecret(this.encryptionService.encrypt(client.getClientSecret()));
        }
        ignoreCustomObjectClassesForNonLDAP(client);
        this.logger.debug("Final Client details to be updated - client:{}", client);
        this.clientService.updateClient(client);
        Client clientByInum2 = this.clientService.getClientByInum(clientByInum.getClientId());
        clientByInum2.setClientSecret(this.encryptionService.decrypt(client.getClientSecret()));
        return Response.ok(clientByInum2).build();
    }

    @Operation(summary = "Patch OpenId Connect client", description = "Patch OpenId Connect client", operationId = "patch-oauth-openid-client-by-inum", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.write"})})
    @RequestBody(description = "String representing patch-document.", content = {@Content(mediaType = "application/json-patch+json", array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)), examples = {@ExampleObject(name = "Request json example", value = "example/openid-clients/openid-clients-patch.json")})})
    @Path("{inum}")
    @Consumes({"application/json-patch+json"})
    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.write"})
    @PATCH
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Client.class), examples = {@ExampleObject(name = "Response json example", value = "example/openid-clients/openid-clients-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response patchClient(@NotNull @PathParam("inum") String str, @NotNull String str2) throws JsonPatchException, IOException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client details to be patched - inum:{}, jsonPatchString:{}", Util.escapeLog(str), Util.escapeLog(str2));
        }
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        Client client = (Client) Jackson.applyPatch(str2, clientByInum);
        this.clientService.updateClient(client);
        return Response.ok(client).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/openid/clients.delete"})
    @Operation(summary = "Delete OpenId Connect client", description = "Delete OpenId Connect client", operationId = "delete-oauth-openid-client-by-inum", tags = {"OAuth - OpenID Connect - Clients"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/openid/clients.delete"})})
    @DELETE
    @Path("{inum}")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response deleteClient(@NotNull @PathParam("inum") String str) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client to be deleted - inum:{} ", Util.escapeLog(str));
        }
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        this.clientService.removeClient(clientByInum);
        return Response.noContent().build();
    }

    private List<Client> getClients(List<Client> list) throws StringEncrypter.EncryptionException {
        if (list != null && !list.isEmpty()) {
            for (Client client : list) {
                client.setClientSecret(this.encryptionService.decrypt(client.getClientSecret()));
            }
        }
        return list;
    }

    private String generatePassword() {
        return UUID.randomUUID().toString();
    }

    private PagedResult<Client> doSearch(SearchRequest searchRequest) throws StringEncrypter.EncryptionException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Client search params - searchReq:{} ", Util.escapeLog(searchRequest));
        }
        PagedResult<Client> clients = this.clientService.getClients(searchRequest);
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("PagedResult  - pagedResult:{}", clients);
        }
        if (clients != null) {
            this.logger.debug("Client fetched  - pagedResult.getTotalEntriesCount():{}, pagedResult.getEntriesCount():{}, pagedResult.getEntries():{}", new Object[]{Integer.valueOf(clients.getTotalEntriesCount()), Integer.valueOf(clients.getEntriesCount()), clients.getEntries()});
            List<Client> entries = clients.getEntries();
            getClients(entries);
            this.logger.debug("Clients fetched  - clients:{}", entries);
            clients.setEntries(entries);
        }
        this.logger.debug("Clients pagedResult:{}", clients);
        return clients;
    }

    private Client ignoreCustomObjectClassesForNonLDAP(Client client) {
        String persistenceType = this.configurationService.getPersistenceType();
        this.logger.debug("persistenceType: {}", persistenceType);
        if (!PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceType)) {
            this.logger.debug("Setting CustomObjectClasses :{} to null as its used only for LDAP and current persistenceType is {} ", client.getCustomObjectClasses(), persistenceType);
            client.setCustomObjectClasses((String[]) null);
        }
        return client;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Client checkScopeFormat(Client client) {
        if (client == null) {
            return client;
        }
        this.logger.debug("Checking client.getScopes():{}", client.getScopes());
        if (client.getScopes() == null || client.getScopes().length == 0) {
            return client;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str : client.getScopes()) {
            this.logger.debug("Is scope:{} valid:{}", str, Boolean.valueOf(this.authUtil.isValidDn(str)));
            List arrayList3 = new ArrayList();
            if (this.authUtil.isValidDn(str)) {
                Scope findScopeByDn = findScopeByDn(str);
                if (findScopeByDn != null) {
                    arrayList3.add(findScopeByDn);
                }
            } else {
                arrayList3 = this.scopeService.searchScopesById(str);
            }
            this.logger.debug("Scopes from DB - {}'", arrayList3);
            if (arrayList3.isEmpty()) {
                arrayList2.add(str);
            } else {
                arrayList.add(((Scope) arrayList3.get(0)).getDn());
            }
        }
        this.logger.debug("Scope validation result - validScopes:{}, invalidScopes:{} ", arrayList, arrayList2);
        if (!arrayList2.isEmpty()) {
            thorwBadRequestException("Invalid scope in request -> " + arrayList2.toString());
        }
        if (!arrayList.isEmpty()) {
            client.setScopes((String[]) arrayList.stream().toArray(i -> {
                return new String[i];
            }));
        }
        return client;
    }

    private Scope findScopeByDn(String str) {
        try {
            return this.scopeService.getScopeByDn(str);
        } catch (EntryPersistenceException e) {
            return null;
        }
    }
}
