package io.jans.configapi.rest.resource.auth;

import com.github.fge.jsonpatch.JsonPatch;
import com.github.fge.jsonpatch.JsonPatchException;
import io.jans.as.model.config.Conf;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.core.util.Jackson;
import io.jans.configapi.service.auth.ConfigurationService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAcceptableException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import org.slf4j.Logger;

@Produces({"application/json"})
@Path("/config/jwks")
@Consumes({"application/json"})
/* loaded from: input_file:io/jans/configapi/rest/resource/auth/JwksResource.class */
public class JwksResource extends ConfigBaseResource {

    @Inject
    Logger log;

    @Inject
    ConfigurationService configurationService;

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.readonly"}, groupScopes = {"https://jans.io/oauth/config/jwks.write"}, superScopes = {"https://jans.io/oauth/config/read-all"})
    @Operation(summary = "Gets list of JSON Web Key (JWK) used by server", description = "Gets list of JSON Web Key (JWK) used by server", operationId = "get-config-jwks", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.readonly"})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = WebKeysConfiguration.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/web-keys-all.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response get() {
        String webKeysConfiguration = this.configurationService.findConf().getWebKeys().toString();
        this.log.debug("JWKS json :{}", webKeysConfiguration);
        return Response.ok(webKeysConfiguration).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.write"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @Operation(summary = "Replaces JSON Web Keys", description = "Replaces JSON Web Keys", operationId = "put-config-jwks", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.write"})})
    @PUT
    @RequestBody(description = "JSON Web Keys object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = WebKeysConfiguration.class), examples = {@ExampleObject(name = "Request json example", value = "example/auth/jwks/web-keys-all.json")})})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = WebKeysConfiguration.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/web-keys-all.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response put(WebKeysConfiguration webKeysConfiguration) {
        this.log.debug("JWKS details to be updated - webkeys:{}", webKeysConfiguration);
        Conf findConf = this.configurationService.findConf();
        findConf.setWebKeys(webKeysConfiguration);
        this.configurationService.merge(findConf);
        return Response.ok(this.configurationService.findConf().getWebKeys().toString()).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.write"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @Operation(summary = "Patches JSON Web Keys", description = "Patches JSON Web Keys", operationId = "patch-config-jwks", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.write"})})
    @RequestBody(description = "JsonPatch object", content = {@Content(mediaType = "application/json-patch+json", array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)), examples = {@ExampleObject(name = "Request json example", value = "example/auth/jwks/web-keys-patch.json")})})
    @PATCH
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = WebKeysConfiguration.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/web-keys-all.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    @Consumes({"application/json-patch+json"})
    public Response patch(String str) throws JsonPatchException, IOException {
        this.log.debug("JWKS details to be patched - requestString:{}", str);
        Conf findConf = this.configurationService.findConf();
        findConf.setWebKeys((WebKeysConfiguration) Jackson.applyPatch(str, findConf.getWebKeys()));
        this.configurationService.merge(findConf);
        return Response.ok(this.configurationService.findConf().getWebKeys().toString()).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.write"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @Operation(summary = "Configuration – JWK - JSON Web Key (JWK)", description = "Configuration – JWK - JSON Web Key (JWK)", operationId = "post-config-jwks-key", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.write"})})
    @POST
    @RequestBody(description = "JSONWebKey object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = JSONWebKey.class), examples = {@ExampleObject(name = "Request json example", value = "example/auth/jwks/jwks-post.json")})})
    @Path("/key")
    @ApiResponses({@ApiResponse(responseCode = "201", description = "Created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = JSONWebKey.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/jwks-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "406", description = "Not Acceptable"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getKeyById(@NotNull JSONWebKey jSONWebKey) {
        this.log.debug("Add a new Key to the JWKS:{}", jSONWebKey);
        Conf findConf = this.configurationService.findConf();
        WebKeysConfiguration webKeys = this.configurationService.findConf().getWebKeys();
        this.log.debug("WebKeysConfiguration before addding new key:{} ", webKeys);
        if (getJSONWebKey(webKeys, jSONWebKey.getKid()) != null) {
            throw new NotAcceptableException(getNotAcceptableException("JWK with same kid - '" + jSONWebKey.getKid() + "' already exists!"));
        }
        webKeys.getKeys().add(jSONWebKey);
        findConf.setWebKeys(webKeys);
        this.configurationService.merge(findConf);
        return Response.status(Response.Status.CREATED).entity(jSONWebKey).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.readonly"}, groupScopes = {"https://jans.io/oauth/config/jwks.write"}, superScopes = {"https://jans.io/oauth/config/read-all"})
    @Operation(summary = "Get a JSON Web Key based on kid", description = "Get a JSON Web Key based on kid", operationId = "get-jwk-by-kid", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.readonly"})})
    @GET
    @Path("/{kid}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = JSONWebKey.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/jwks-get.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getKeyById(@NotNull @PathParam("kid") String str) {
        this.log.debug("Fetch JWK details by kid:{}", str);
        WebKeysConfiguration webKeys = this.configurationService.findConf().getWebKeys();
        this.log.debug("WebKeysConfiguration before addding new key:{}", webKeys);
        return Response.ok(getJSONWebKey(webKeys, str)).build();
    }

    @Operation(summary = "Patch a specific JSON Web Key based on kid", description = "Patch a specific JSON Web Key based on kid", operationId = "patch-config-jwk-kid", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.write"})})
    @RequestBody(description = "JsonPatch object", content = {@Content(mediaType = "application/json-patch+json", array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)), examples = {@ExampleObject(name = "Request json example", value = "example/auth/jwks/jwks-patch.json")})})
    @Path("/{kid}")
    @Consumes({"application/json-patch+json"})
    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.write"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @PATCH
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = JSONWebKey.class), examples = {@ExampleObject(name = "Response json example", value = "example/auth/jwks/jwks-patch-response.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response patch(@NotNull @PathParam("kid") String str, @NotNull String str2) throws JsonPatchException, IOException {
        this.log.debug("JWKS details to be patched for kid:{}, requestString:{}", str, str2);
        Conf findConf = this.configurationService.findConf();
        JSONWebKey jSONWebKey = getJSONWebKey(this.configurationService.findConf().getWebKeys(), str);
        if (jSONWebKey == null) {
            throw new NotFoundException(getNotFoundError("JWK with kid - '" + str + "' does not exist!"));
        }
        JSONWebKey jSONWebKey2 = (JSONWebKey) Jackson.applyPatch(str2, jSONWebKey);
        this.log.debug("JWKS details patched - jwk:{}", jSONWebKey2);
        findConf.getWebKeys().getKeys().removeIf(jSONWebKey3 -> {
            return jSONWebKey3.getKid() != null && jSONWebKey3.getKid().equals(str);
        });
        this.log.debug("WebKeysConfiguration after removing old key:{}", findConf.getWebKeys().getKeys());
        findConf.getWebKeys().getKeys().add(jSONWebKey2);
        this.configurationService.merge(findConf);
        return Response.ok(jSONWebKey2).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/jwks.delete"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/delete-all"})
    @Operation(summary = "Delete a JSON Web Key based on kid", description = "Delete a JSON Web Key based on kid", operationId = "delete-config-jwk-kid", tags = {"Configuration – JWK - JSON Web Key (JWK)"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/jwks.delete"})})
    @DELETE
    @Path("/{kid}")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "406", description = "Not Acceptable"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response deleteKey(@NotNull @PathParam("kid") String str) {
        this.log.debug("Key to be to be deleted - kid:{}", str);
        Conf findConf = this.configurationService.findConf();
        if (getJSONWebKey(this.configurationService.findConf().getWebKeys(), str) == null) {
            throw new NotFoundException(getNotFoundError("JWK with kid - '" + str + "' does not exist!"));
        }
        findConf.getWebKeys().getKeys().removeIf(jSONWebKey -> {
            return jSONWebKey.getKid() != null && jSONWebKey.getKid().equals(str);
        });
        this.configurationService.merge(findConf);
        return Response.noContent().build();
    }

    private JSONWebKey getJSONWebKey(WebKeysConfiguration webKeysConfiguration, String str) {
        if (str == null || webKeysConfiguration.getKeys() == null || webKeysConfiguration.getKeys().isEmpty()) {
            return null;
        }
        return (JSONWebKey) webKeysConfiguration.getKeys().stream().filter(jSONWebKey -> {
            return jSONWebKey.getKid() != null && jSONWebKey.getKid().equals(str);
        }).findAny().orElse(null);
    }
}
