package io.jans.configapi.auth.util;

import io.jans.as.client.TokenResponse;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.service.common.EncryptionService;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.ScopeType;
import io.jans.as.model.uma.PermissionTicket;
import io.jans.as.model.uma.UmaPermission;
import io.jans.as.model.uma.UmaPermissionList;
import io.jans.as.model.uma.UmaScopeType;
import io.jans.as.model.uma.wrapper.Token;
import io.jans.as.model.util.Util;
import io.jans.as.persistence.model.Scope;
import io.jans.configapi.auth.ConfigApiProtectionCache;
import io.jans.configapi.auth.client.AuthClientFactory;
import io.jans.configapi.auth.service.UmaService;
import io.jans.configapi.configuration.ConfigurationFactory;
import io.jans.configapi.filters.ProtectedApi;
import io.jans.configapi.service.ClientService;
import io.jans.configapi.service.ConfigurationService;
import io.jans.configapi.service.ScopeService;
import io.jans.util.security.StringEncrypter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/configapi/auth/util/AuthUtil.class */
public class AuthUtil {

    @Inject
    Logger log;

    @Inject
    ConfigurationFactory configurationFactory;

    @Inject
    ConfigurationService configurationService;

    @Inject
    ClientService clientService;

    @Inject
    ScopeService scopeService;

    @Inject
    UmaService umaService;

    @Inject
    EncryptionService encryptionService;

    public String getClientId() {
        ConfigurationFactory configurationFactory = this.configurationFactory;
        return ConfigurationFactory.getApiClientId();
    }

    public String getTokenUrl() {
        return this.configurationService.find().getTokenEndpoint();
    }

    public String getTokenRevocationEndpoint() {
        return this.configurationService.find().getTokenRevocationEndpoint();
    }

    public Client getClient(String str) {
        return this.clientService.getClientByInum(str);
    }

    public String getClientPassword(String str) {
        return getClient(str).getClientSecret();
    }

    public String getClientDecryptPassword(String str) {
        return decryptPassword(getClientPassword(str));
    }

    public String decryptPassword(String str) {
        String str2 = null;
        if (str != null) {
            try {
                str2 = this.encryptionService.decrypt(str);
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decrypt password", e);
            }
        }
        return str2;
    }

    public String encryptPassword(String str) {
        String str2 = null;
        if (str != null) {
            try {
                str2 = this.encryptionService.encrypt(str);
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decrypt password", e);
            }
        }
        return str2;
    }

    public List<Scope> getResourceScopeList(String str, String str2) {
        this.log.trace(" AuthUtil::getResourceScopeList() method = " + str + " , path = " + str2 + "\n");
        List list = (List) ConfigApiProtectionCache.getAllResources().keySet().stream().filter(str3 -> {
            return str3.contains(str2);
        }).collect(Collectors.toList());
        if (list == null || list.isEmpty()) {
            throw new WebApplicationException("No matching resource found .", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        List<Scope> list2 = null;
        Iterator it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str4 = (String) it.next();
            String[] split = str4.split(":::");
            if (split != null && split.length > 1) {
                String str5 = split[0];
                String str6 = split[1];
                this.log.trace(" AuthUtil::getResourceScopeList() - httpmethod = " + str5 + " , pathUrl = " + str6);
                if (str6 != null && str6.contains(str2)) {
                    this.log.trace(" AuthUtil::getResourceScopeList() - Matching url, path = " + str2 + " , pathUrl = " + str6);
                    if (str5.contains(str)) {
                        list2 = ConfigApiProtectionCache.getResourceScopes(str4);
                        this.log.trace(" AuthUtil::getResourceScopeList() - Matching scopeList =" + list2);
                        break;
                    }
                }
            }
        }
        return list2;
    }

    public List<String> getAllResourceScopes() {
        Map<String, Scope> allScopes = ConfigApiProtectionCache.getAllScopes();
        this.log.trace("getAllResourceScopes() - scopeMap = " + allScopes);
        ArrayList arrayList = null;
        if (allScopes != null && !allScopes.isEmpty()) {
            arrayList = new ArrayList(allScopes.keySet());
        }
        this.log.trace("\n\n\n AuthUtil:::getAllResourceScopes() - scopeStrList = " + arrayList + "\n\n\n");
        return arrayList;
    }

    public List<String> getRequestedScopes(String str) {
        List<Scope> resourceScopes = ConfigApiProtectionCache.getResourceScopes(str);
        this.log.trace("getRequestedScopes() - scopeList = " + resourceScopes);
        ArrayList arrayList = new ArrayList();
        if (resourceScopes != null && resourceScopes.size() > 0) {
            Iterator<Scope> it = resourceScopes.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getId());
            }
        }
        this.log.trace("\n\n\n AuthUtil:::getRequestedScopes() - scopeStrList = " + arrayList + "\n\n\n");
        return arrayList;
    }

    public List<String> getRequestedScopes(String str, String str2) {
        this.log.trace("getRequestedScopes() - method = " + str + " , path = " + str2);
        List<Scope> resourceScopeList = getResourceScopeList(str, str2);
        this.log.trace("\n\n\n AuthUtil:::getRequestedScopes() - scopeList = " + resourceScopeList + "\n\n\n");
        ArrayList arrayList = new ArrayList();
        if (resourceScopeList != null && resourceScopeList.size() > 0) {
            Iterator<Scope> it = resourceScopeList.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getId());
            }
        }
        this.log.trace("\n\n\n AuthUtil:::getRequestedScopes() - scopeStrList = " + arrayList + "\n\n\n");
        return arrayList;
    }

    public List<String> getRequestedScopes(ResourceInfo resourceInfo) {
        ProtectedApi protectedApi = (ProtectedApi) resourceInfo.getResourceClass().getAnnotation(ProtectedApi.class);
        ArrayList arrayList = new ArrayList();
        if (protectedApi == null) {
            addMethodScopes(resourceInfo, arrayList);
        } else {
            arrayList.addAll((Collection) Stream.of((Object[]) protectedApi.scopes()).collect(Collectors.toList()));
            addMethodScopes(resourceInfo, arrayList);
        }
        return arrayList;
    }

    public boolean validateScope(List<String> list, List<String> list2) {
        return new HashSet(list).containsAll(new HashSet(list2));
    }

    private void addMethodScopes(ResourceInfo resourceInfo, List<String> list) {
        ProtectedApi protectedApi = (ProtectedApi) resourceInfo.getResourceMethod().getAnnotation(ProtectedApi.class);
        if (protectedApi != null) {
            list.addAll((Collection) Stream.of((Object[]) protectedApi.scopes()).collect(Collectors.toList()));
        }
    }

    public Token requestAccessToken(String str, String str2, List<String> list) throws Exception {
        this.log.trace("RequestAccessToken() - tokenUrl = " + str + " ,clientId = " + str2 + " ,scopes = " + list + "\n");
        String clientDecryptPassword = getClientDecryptPassword(str2);
        HashSet hashSet = new HashSet(list);
        String value = ScopeType.OPENID.getValue();
        if (hashSet != null && hashSet.size() > 0) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                value = value + " " + it.next();
            }
        }
        this.log.trace("\n\n\n RequestAccessToken() - scope = " + value);
        TokenResponse requestAccessToken = AuthClientFactory.requestAccessToken(str, str2, clientDecryptPassword, value);
        if (requestAccessToken == null) {
            return null;
        }
        this.log.debug(" tokenScope: {} = ", requestAccessToken.getScope());
        this.log.trace("RequestAccessToken() - tokenResponse.getAccessToken() = " + requestAccessToken.getAccessToken());
        String accessToken = requestAccessToken.getAccessToken();
        Integer expiresIn = requestAccessToken.getExpiresIn();
        if (Util.allNotBlank(new String[]{accessToken})) {
            return new Token((String) null, (String) null, accessToken, ScopeType.OPENID.getValue(), expiresIn);
        }
        return null;
    }

    public Token requestPat(String str, String str2, ScopeType scopeType, List<String> list) throws Exception {
        return request(str, str2, getClientDecryptPassword(str2), scopeType, list);
    }

    public Token request(String str, String str2, String str3, ScopeType scopeType, List<String> list) throws Exception {
        String value = scopeType.getValue();
        if (list != null && list.size() > 0) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                value = value.trim() + " " + it.next();
            }
        }
        TokenResponse patRequest = AuthClientFactory.patRequest(str, str2, str3, value);
        if (patRequest == null) {
            return null;
        }
        this.log.debug(" tokenScope: {} = ", patRequest.getScope());
        String accessToken = patRequest.getAccessToken();
        Integer expiresIn = patRequest.getExpiresIn();
        if (Util.allNotBlank(new String[]{accessToken})) {
            return new Token((String) null, (String) null, accessToken, scopeType.getValue(), expiresIn);
        }
        return null;
    }

    public TokenResponse requestRpt(String str, String str2, List<String> list, Token token) throws Exception {
        this.log.trace(" RPT request parameters, clientId: {}, resourceId: {}, scopes: {}, patToken: {} ", new Object[]{str, str2, list, token});
        String value = UmaScopeType.PROTECTION.getValue();
        if (list != null && list.size() > 0) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                value = value + " " + it.next();
            }
        }
        UmaPermission umaPermission = new UmaPermission();
        umaPermission.setResourceId(str2);
        umaPermission.setScopes(list);
        PermissionTicket registerPermission = this.umaService.getUmaPermissionService().registerPermission("Bearer " + token.getAccessToken(), UmaPermissionList.instance(new UmaPermission[]{umaPermission}));
        if (registerPermission == null) {
            return null;
        }
        this.log.debug(" permissionTicket: {} = ", registerPermission.toString());
        TokenResponse tokenResponse = null;
        try {
            tokenResponse = AuthClientFactory.requestRpt(getTokenUrl(), str, getClientDecryptPassword(str), list, registerPermission.getTicket(), GrantType.OXAUTH_UMA_TICKET, AuthenticationMethod.CLIENT_SECRET_BASIC);
            this.log.trace(" Rpt Token Response  = " + tokenResponse);
            if (tokenResponse != null) {
                this.log.debug(" Rpt Token Response Scope(): {} = ", tokenResponse.getScope());
            }
        } catch (Exception e) {
            this.log.error("Failed to determine RPT status", e);
            e.printStackTrace();
        }
        return tokenResponse;
    }

    public void assignAllScope(String str) {
        this.log.trace(" AssignAllScope to clientId = " + str + "\n");
        Client clientByInum = this.clientService.getClientByInum(str);
        if (clientByInum != null) {
            String[] allScopesArray = getAllScopesArray(getScopeWithDn(getAllScopes()));
            this.log.debug(" AllScope = " + Arrays.asList(allScopesArray) + "\n");
            if (clientByInum != null) {
                clientByInum.setScopes(allScopesArray);
                this.clientService.updateClient(clientByInum);
            }
        }
        this.log.debug(" Verify scopes post assignment, clientId: {} , scopes: {}", str, Arrays.asList(this.clientService.getClientByInum(str).getScopes()));
    }

    public List<String> getAllScopes() {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = ConfigApiProtectionCache.getAllScopes().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add(ConfigApiProtectionCache.getScope(it.next()).getInum());
        }
        return arrayList;
    }

    public String[] getAllScopesArray(List<String> list) {
        String[] strArr = null;
        if (list != null && !list.isEmpty()) {
            strArr = new String[list.size()];
            for (int i = 0; i < list.size(); i++) {
                strArr[i] = list.get(i);
            }
        }
        return strArr;
    }

    public List<String> getScopeWithDn(List<String> list) {
        ArrayList arrayList = null;
        if (list != null && !list.isEmpty()) {
            arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.scopeService.getDnForScope(it.next()));
            }
        }
        return arrayList;
    }

    public boolean isValidIssuer(String str) throws Exception {
        Logger logger = this.log;
        ConfigurationFactory configurationFactory = this.configurationFactory;
        logger.info("\n\n AuthUtil:::isValidIssuer() - issuer = " + str + " , this.configurationFactory.getApiApprovedIssuer().contains(issuer) = " + ConfigurationFactory.getApiApprovedIssuer().contains(str));
        ConfigurationFactory configurationFactory2 = this.configurationFactory;
        return ConfigurationFactory.getApiApprovedIssuer().contains(str);
    }
}
