package io.jans.configapi.util;

import com.unboundid.ldap.sdk.DN;
import io.jans.as.client.RevokeSessionResponse;
import io.jans.as.client.TokenResponse;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.ScopeType;
import io.jans.as.model.uma.wrapper.Token;
import io.jans.as.model.util.Util;
import io.jans.configapi.configuration.ConfigurationFactory;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.core.service.ConfService;
import io.jans.configapi.core.util.ProtectionScopeType;
import io.jans.configapi.model.configuration.AgamaConfiguration;
import io.jans.configapi.model.configuration.AuditLogConf;
import io.jans.configapi.model.configuration.DataFormatConversionConf;
import io.jans.configapi.model.configuration.PluginConf;
import io.jans.configapi.security.api.ApiProtectionCache;
import io.jans.configapi.security.client.AuthClientFactory;
import io.jans.configapi.service.auth.ClientService;
import io.jans.configapi.service.auth.ConfigurationService;
import io.jans.configapi.service.auth.ScopeService;
import io.jans.service.EncryptionService;
import io.jans.util.security.StringEncrypter;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.container.ResourceInfo;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections4.CollectionUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/util/AuthUtil.class */
public class AuthUtil {

    @Inject
    Logger log;

    @Inject
    ConfigurationFactory configurationFactory;

    @Inject
    ConfigurationService configurationService;

    @Inject
    ClientService clientService;

    @Inject
    ScopeService scopeService;

    @Inject
    EncryptionService encryptionService;

    @Inject
    ConfService confService;

    public String getOpenIdConfigurationEndpoint() {
        return this.configurationService.find().getOpenIdConfigurationEndpoint();
    }

    public String getAuthOpenidConfigurationUrl() {
        return this.configurationFactory.getApiAppConfiguration().getAuthOpenidConfigurationUrl();
    }

    public AuditLogConf getAuditLogConf() {
        return this.configurationFactory.getApiAppConfiguration().getAuditLogConf();
    }

    public DataFormatConversionConf getDataFormatConversionConf() {
        return this.configurationFactory.getApiAppConfiguration().getDataFormatConversionConf();
    }

    public List<PluginConf> getPluginConf() {
        return this.configurationFactory.getApiAppConfiguration().getPlugins();
    }

    public String getIssuer() {
        return this.configurationService.find().getIssuer();
    }

    public String getIntrospectionEndpoint() {
        return this.configurationService.find().getIntrospectionEndpoint();
    }

    public String getTokenEndpoint() {
        return this.configurationService.find().getTokenEndpoint();
    }

    public String getEndSessionEndpoint() {
        return this.configurationService.find().getEndSessionEndpoint();
    }

    public String getServiceUrl(String str) {
        return getIssuer() + str;
    }

    public String getClientId() {
        return this.configurationFactory.getApiClientId();
    }

    public List<String> getUserExclusionAttributes() {
        return this.configurationFactory.getApiAppConfiguration().getUserExclusionAttributes();
    }

    public String getUserExclusionAttributesAsString() {
        List<String> userExclusionAttributes = getUserExclusionAttributes();
        if (userExclusionAttributes == null) {
            return null;
        }
        return (String) userExclusionAttributes.stream().collect(Collectors.joining(","));
    }

    public List<String> getUserMandatoryAttributes() {
        return this.configurationFactory.getApiAppConfiguration().getUserMandatoryAttributes();
    }

    public AgamaConfiguration getAgamaConfiguration() {
        return this.configurationFactory.getApiAppConfiguration().getAgamaConfiguration();
    }

    public String getTokenUrl() {
        return this.configurationService.find().getTokenEndpoint();
    }

    public String getTokenRevocationEndpoint() {
        return this.configurationService.find().getTokenRevocationEndpoint();
    }

    public Client getClient(String str) {
        return this.clientService.getClientByInum(str);
    }

    public String getClientPassword(String str) {
        return getClient(str).getClientSecret();
    }

    public String getClientDecryptPassword(String str) {
        return decryptPassword(getClientPassword(str));
    }

    public String decryptPassword(String str) {
        String str2 = null;
        if (str != null) {
            try {
                str2 = this.encryptionService.decrypt(str);
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decrypt password", e);
            }
        }
        return str2;
    }

    public String encryptPassword(String str) {
        String str2 = null;
        if (str != null) {
            try {
                str2 = this.encryptionService.encrypt(str);
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decrypt password", e);
            }
        }
        return str2;
    }

    public Map<ProtectionScopeType, List<String>> getRequestedScopes(ResourceInfo resourceInfo) {
        this.log.info("Requested scopes for resourceInfo:{} ", resourceInfo);
        Class resourceClass = resourceInfo.getResourceClass();
        ProtectedApi annotation = resourceClass.getAnnotation(ProtectedApi.class);
        HashMap hashMap = new HashMap();
        this.log.debug("Requested scopes for resourceClass:{}, typeAnnotation:{} ", resourceClass, annotation);
        if (annotation == null) {
            this.log.debug("Requested scopes for resourceClass:{}, typeAnnotation == null ", resourceClass);
            addMethodScopes(resourceInfo, hashMap);
        } else {
            this.log.debug("Requested scopes for resourceClass:{}, typeAnnotation is not null ", resourceClass);
            hashMap.put(ProtectionScopeType.SCOPE, (List) Stream.of((Object[]) annotation.scopes()).collect(Collectors.toList()));
            hashMap.put(ProtectionScopeType.GROUP, (List) Stream.of((Object[]) annotation.groupScopes()).collect(Collectors.toList()));
            hashMap.put(ProtectionScopeType.SUPER, (List) Stream.of((Object[]) annotation.superScopes()).collect(Collectors.toList()));
            this.log.trace("ProtectionScopeType.SCOPE:{}, ProtectionScopeType.GROUP:{} ,  ProtectionScopeType.SUPER:{} ", new Object[]{Stream.of((Object[]) annotation.scopes()).collect(Collectors.toList()), Stream.of((Object[]) annotation.groupScopes()).collect(Collectors.toList()), Stream.of((Object[]) annotation.superScopes()).collect(Collectors.toList())});
            this.log.debug("All scopes:{} ", hashMap);
            addMethodScopes(resourceInfo, hashMap);
        }
        this.log.info("*** Final Requested scopes:{} for resourceInfo:{} ", hashMap, resourceInfo);
        return hashMap;
    }

    public boolean validateScope(List<String> list, List<String> list2) {
        this.log.info("Validate Scopes for authScopes:{}, resourceScopes:{} ", list, list2);
        return new HashSet(list).containsAll(new HashSet(list2));
    }

    private void addMethodScopes(ResourceInfo resourceInfo, Map<ProtectionScopeType, List<String>> map) {
        this.log.info("Method Scopes for resourceInfo:{}, scopes:{} ", resourceInfo, map);
        ProtectedApi annotation = resourceInfo.getResourceMethod().getAnnotation(ProtectedApi.class);
        if (annotation != null) {
            map.put(ProtectionScopeType.SCOPE, (List) Stream.of((Object[]) annotation.scopes()).collect(Collectors.toList()));
            map.put(ProtectionScopeType.GROUP, (List) Stream.of((Object[]) annotation.groupScopes()).collect(Collectors.toList()));
            map.put(ProtectionScopeType.SUPER, (List) Stream.of((Object[]) annotation.superScopes()).collect(Collectors.toList()));
        }
        this.log.info("Final Method Scopes for resourceInfo:{}, scopes:{} ", resourceInfo, map);
    }

    public String requestAccessToken(String str, List<String> list) {
        this.log.info("Request for AccessToken - clientId:{}, scope:{} ", str, list);
        Token accessToken = getAccessToken(getTokenEndpoint(), str, list);
        this.log.debug("oAuth AccessToken response - token:{}", accessToken);
        if (accessToken != null) {
            return accessToken.getAccessToken();
        }
        return null;
    }

    public Token getAccessToken(String str, String str2, List<String> list) {
        this.log.info("Access Token Request - tokenUrl:{}, clientId:{}, scopes:{}", new Object[]{str, str2, list});
        String clientDecryptPassword = getClientDecryptPassword(str2);
        HashSet hashSet = new HashSet(list);
        StringBuilder sb = new StringBuilder(ScopeType.OPENID.getValue());
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            sb.append(" ").append((String) it.next());
        }
        this.log.debug("Scope required  - {}", sb);
        TokenResponse requestAccessToken = AuthClientFactory.requestAccessToken(str, str2, clientDecryptPassword, sb.toString());
        if (requestAccessToken == null) {
            return null;
        }
        this.log.debug("Token Response - tokenScope: {}, tokenAccessToken: {} ", requestAccessToken.getScope(), requestAccessToken.getAccessToken());
        String accessToken = requestAccessToken.getAccessToken();
        Integer expiresIn = requestAccessToken.getExpiresIn();
        if (Util.allNotBlank(new String[]{accessToken})) {
            return new Token((String) null, (String) null, accessToken, ScopeType.OPENID.getValue(), expiresIn);
        }
        return null;
    }

    public void assignAllScope(String str) {
        this.log.info("Client to be assigned all scope - {} ", str);
        Client clientByInum = this.clientService.getClientByInum(str);
        if (clientByInum == null) {
            return;
        }
        String[] allScopesArray = getAllScopesArray(getScopeWithDn(getAllScopes()));
        this.log.debug(" scope to be assigned - {} ", Arrays.asList(allScopesArray));
        clientByInum.setScopes(allScopesArray);
        this.clientService.updateClient(clientByInum);
        this.log.debug(" Verify scopes post assignment, clientId: {} , scopes: {}", str, Arrays.asList(this.clientService.getClientByInum(str).getScopes()));
    }

    public List<String> getAllScopes() {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = ApiProtectionCache.getAllTypesOfScopes().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add(ApiProtectionCache.getScope(it.next()).getInum());
        }
        return arrayList;
    }

    public String[] getAllScopesArray(List<String> list) {
        String[] strArr = null;
        if (list != null && !list.isEmpty()) {
            strArr = new String[list.size()];
            for (int i = 0; i < list.size(); i++) {
                strArr[i] = list.get(i);
            }
        }
        return strArr;
    }

    public List<String> getScopeWithDn(List<String> list) {
        ArrayList arrayList = null;
        if (list != null && !list.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.scopeService.getDnForScope(it.next()));
            }
        }
        return arrayList;
    }

    public boolean isValidIssuer(String str) {
        this.log.info("Is issuer:{} present in approvedIssuer list ? {} ", str, Boolean.valueOf(this.configurationFactory.getApiApprovedIssuer().contains(str)));
        return this.configurationFactory.getApiApprovedIssuer().contains(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.util.List] */
    public List<String> getAuthSpecificScopeRequired(ResourceInfo resourceInfo) {
        this.log.info("Fetch Auth server specific scope for resourceInfo:{} ", resourceInfo);
        List<String> allScopeList = getAllScopeList(getRequestedScopes(resourceInfo));
        this.log.debug(" resource:{} has these scopes:{} and configured exclusiveAuthScopes are {}", new Object[]{resourceInfo, allScopeList, this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes()});
        ArrayList arrayList = new ArrayList();
        if (allScopeList != null && !allScopeList.isEmpty() && this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes() != null && !this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes().isEmpty()) {
            arrayList = (List) allScopeList.stream().filter(str -> {
                return this.configurationFactory.getApiAppConfiguration().getExclusiveAuthScopes().contains(str);
            }).collect(Collectors.toList());
        }
        this.log.info("Applicable exclusiveAuthScopes for resourceInfo:{} are {} ", resourceInfo, arrayList);
        return arrayList;
    }

    public List<String> findMissingElements(List<String> list, List<String> list2) {
        return (list == null || list.isEmpty() || list2 == null || list2.isEmpty()) ? Collections.emptyList() : (List) list.stream().filter(str -> {
            return !list2.contains(str);
        }).collect(Collectors.toList());
    }

    public boolean containsAnyElement(List<String> list, List<String> list2) {
        if (list == null || list.isEmpty() || list2 == null || list2.isEmpty()) {
            return false;
        }
        Stream<String> stream = list.stream();
        Objects.requireNonNull(list2);
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    public boolean isEqualCollection(List<String> list, List<String> list2) {
        if (list == null || list.isEmpty() || list2 == null || list2.isEmpty()) {
            return false;
        }
        return CollectionUtils.isEqualCollection(list, list2);
    }

    public boolean containsField(List<Field> list, String str) {
        this.log.debug("allFields:{},  attribute:{}, allFields.contains(attribute):{} ", new Object[]{list, str, Boolean.valueOf(list.stream().anyMatch(field -> {
            return field.getName().equals(str);
        }))});
        return list.stream().anyMatch(field2 -> {
            return field2.getName().equals(str);
        });
    }

    public List<Field> getAllFields(Class<?> cls) {
        List<Field> allFields = getAllFields(new ArrayList(), cls);
        this.log.debug("Fields:{} of type:{}  ", allFields, cls);
        return allFields;
    }

    public List<Field> getAllFields(List<Field> list, Class<?> cls) {
        this.log.debug("fields:{} of type:{} ", list, cls);
        list.addAll(Arrays.asList(cls.getDeclaredFields()));
        if (cls.getSuperclass() != null) {
            getAllFields(list, cls.getSuperclass());
        }
        this.log.debug("Final fields:{} of type:{} ", list, cls);
        return list;
    }

    public boolean isValidDn(String str) {
        return isValidDn(str, false);
    }

    public boolean isValidDn(String str, boolean z) {
        return DN.isValidDN(str, z);
    }

    public RevokeSessionResponse revokeSession(String str, String str2, String str3) {
        this.log.debug("Revoke session Request - url:{}, token:{}, userId:{}", new Object[]{str, str2, str3});
        RevokeSessionResponse revokeSession = AuthClientFactory.revokeSession(str, str2, str3);
        this.log.debug("revokeSessionResponse:{}", revokeSession);
        if (revokeSession != null) {
            this.log.debug("revokeSessionResponse.getEntity():{}, revokeSessionResponse.getStatus():{} ", revokeSession.getEntity(), Integer.valueOf(revokeSession.getStatus()));
        }
        return revokeSession;
    }

    public List<String> getAllScopeList(Map<ProtectionScopeType, List<String>> map) {
        ArrayList arrayList = new ArrayList();
        this.log.debug("Get all scopeMap:{} ", map);
        if (map == null || map.isEmpty()) {
            return arrayList;
        }
        List<String> list = map.get(ProtectionScopeType.SCOPE);
        this.log.debug("Get all scopeList:{} ", list);
        return list;
    }

    public Date parseStringToDateObj(String str) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        this.log.debug("parseStringToDateObj:{} ", str);
        Date date = null;
        try {
            date = simpleDateFormat.parse(str);
        } catch (ParseException e) {
            this.log.error("Error in parsing string to date. Allowed Date Format : {},  Date-String : {} ", "yyyy-MM-dd", str);
        }
        return date;
    }

    public ByteArrayOutputStream getByteArrayOutputStream(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (inputStream == null) {
            return byteArrayOutputStream;
        }
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= -1) {
                byteArrayOutputStream.flush();
                return byteArrayOutputStream;
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public InputStream getInputStream(ByteArrayOutputStream byteArrayOutputStream) {
        if (byteArrayOutputStream == null) {
            return null;
        }
        return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
    }
}
