package io.jans.configapi.rest.resource;

import com.github.fge.jsonpatch.JsonPatchException;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.service.common.EncryptionService;
import io.jans.configapi.filters.ProtectedApi;
import io.jans.configapi.service.ClientService;
import io.jans.configapi.util.ApiAccessConstants;
import io.jans.configapi.util.ApiConstants;
import io.jans.configapi.util.Jackson;
import io.jans.util.security.StringEncrypter;
import java.io.IOException;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.PATCH;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;

@Path("/openid/clients")
@Consumes({"application/json"})
@Produces({"application/json"})
@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/rest/resource/ClientsResource.class */
public class ClientsResource extends BaseResource {
    private static final String OPENID_CONNECT_CLIENT = "openid connect client";

    @Inject
    Logger log;

    @Inject
    ClientService clientService;

    @Inject
    EncryptionService encryptionService;

    @GET
    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_READ_ACCESS})
    public Response getOpenIdConnectClients(@QueryParam("limit") @DefaultValue("50") int i, @QueryParam("pattern") @DefaultValue("") String str) throws Exception {
        return Response.ok(getClients((str.isEmpty() || str.length() < 2) ? this.clientService.getAllClients(i) : this.clientService.searchClients(str, i))).build();
    }

    @GET
    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_READ_ACCESS})
    @Path(ApiConstants.INUM_PATH)
    public Response getOpenIdClientByInum(@PathParam("inum") @NotNull String str) {
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        return Response.ok(clientByInum).build();
    }

    @POST
    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_WRITE_ACCESS})
    public Response createOpenIdConnect(@Valid Client client) throws StringEncrypter.EncryptionException {
        this.log.debug("Client details to be added - client = " + client);
        String clientId = client.getClientId();
        if (clientId == null || clientId.isEmpty() || clientId.isBlank()) {
            clientId = this.clientService.generateInumForNewClient();
            client.setClientId(clientId);
        }
        checkNotNull(client.getClientName(), "displayName");
        if (client.getClientSecret() != null) {
            client.setClientSecret(this.encryptionService.encrypt(client.getClientSecret()));
        }
        client.setDn(this.clientService.getDnForClient(clientId));
        client.setDeletable(Boolean.valueOf(client.getClientSecretExpiresAt() != null));
        this.clientService.addClient(client);
        Client clientByInum = this.clientService.getClientByInum(clientId);
        if (clientByInum.getClientSecret() != null) {
            clientByInum.setClientSecret(this.encryptionService.encrypt(clientByInum.getClientSecret()));
        }
        return Response.status(Response.Status.CREATED).entity(clientByInum).build();
    }

    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_WRITE_ACCESS})
    @PUT
    public Response updateClient(@Valid Client client) throws StringEncrypter.EncryptionException {
        this.log.debug("Client details to be updated - client = " + client);
        String clientId = client.getClientId();
        checkNotNull(clientId, "inum");
        checkNotNull(client.getClientName(), "displayName");
        Client clientByInum = this.clientService.getClientByInum(clientId);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        client.setClientId(clientByInum.getClientId());
        client.setBaseDn(this.clientService.getDnForClient(clientId));
        client.setDeletable(Boolean.valueOf(client.getExpirationDate() != null));
        if (client.getClientSecret() != null) {
            client.setClientSecret(this.encryptionService.encrypt(client.getClientSecret()));
        }
        this.clientService.updateClient(client);
        Client clientByInum2 = this.clientService.getClientByInum(clientByInum.getClientId());
        if (clientByInum2.getClientSecret() != null) {
            clientByInum2.setClientSecret(this.encryptionService.decrypt(client.getClientSecret()));
        }
        return Response.ok(clientByInum2).build();
    }

    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_WRITE_ACCESS})
    @Path(ApiConstants.INUM_PATH)
    @Consumes({MediaType.APPLICATION_JSON_PATCH_JSON})
    @PATCH
    public Response patchClient(@PathParam("inum") @NotNull String str, @NotNull String str2) throws JsonPatchException, IOException {
        this.log.debug("Client details to be patched - inum = " + str + " , pathString = " + str2);
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        Client client = (Client) Jackson.applyPatch(str2, clientByInum);
        this.clientService.updateClient(client);
        return Response.ok(client).build();
    }

    @ProtectedApi(scopes = {ApiAccessConstants.OPENID_CLIENTS_DELETE_ACCESS})
    @Path(ApiConstants.INUM_PATH)
    @DELETE
    public Response deleteClient(@PathParam("inum") @NotNull String str) {
        this.log.debug("Client to be deleted - inum = " + str);
        Client clientByInum = this.clientService.getClientByInum(str);
        checkResourceNotNull(clientByInum, OPENID_CONNECT_CLIENT);
        this.clientService.removeClient(clientByInum);
        return Response.noContent().build();
    }

    private List<Client> getClients(List<Client> list) throws Exception {
        if (list != null && !list.isEmpty()) {
            for (Client client : list) {
                if (client.getClientSecret() != null) {
                    try {
                        client.setClientSecret(this.encryptionService.decrypt(client.getClientSecret()));
                    } catch (StringEncrypter.EncryptionException e) {
                        this.log.error("Error while client([" + client + "]) secret decryption - " + e + "!");
                    }
                }
            }
        }
        return list;
    }
}
