package io.jans.configapi.plugin.cacherefresh.rest;

import io.jans.as.common.service.common.EncryptionService;
import io.jans.configapi.core.rest.BaseResource;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.plugin.cacherefresh.model.config.CacheRefreshConfiguration;
import io.jans.configapi.plugin.cacherefresh.service.CacheRefreshService;
import io.jans.configapi.plugin.cacherefresh.util.Constants;
import io.jans.model.ldap.GluuLdapConfiguration;
import io.jans.util.security.StringEncrypter;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;

@Produces({"application/json"})
@Path(Constants.CACHEREFRESH_CONFIG)
@Consumes({"application/json"})
/* loaded from: input_file:io/jans/configapi/plugin/cacherefresh/rest/CacheRefreshConfigResource.class */
public class CacheRefreshConfigResource extends BaseResource {
    private static final String CACHEREFRESH_CONFIGURATION = "cacheRefreshConfiguration";

    @Inject
    Logger logger;

    @Inject
    CacheRefreshService cacheRefreshService;

    @Inject
    private EncryptionService encryptionService;

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/cacherefresh.readonly"}, groupScopes = {"https://jans.io/oauth/config/cacherefresh.write"}, superScopes = {"https://jans.io/oauth/config/read-all"})
    @Operation(summary = "Gets Cache Refresh configuration.", description = "Gets Cache Refresh configuration.", operationId = "get-properties-cache-refresh", tags = {"Cache Refresh - Configuration"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/cacherefresh.readonly"})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CacheRefreshConfiguration.class))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getCacheRefreshConfiguration() {
        CacheRefreshConfiguration find = this.cacheRefreshService.find();
        this.logger.debug("Cache Refresh details appConfiguration():{}", find);
        return Response.ok(find).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/cacherefresh.write"}, groupScopes = {}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @Operation(summary = "Updates Cache Refresh configuration properties.", description = "Updates Cache Refresh configuration properties.", operationId = "put-properties-cache-refresh", tags = {"Cache Refresh - Configuration"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/cacherefresh.write"})})
    @PUT
    @RequestBody(description = "CacheRefreshConfiguration", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CacheRefreshConfiguration.class))})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "CacheRefreshConfiguration", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CacheRefreshConfiguration.class))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response updateCacheRefreshConfiguration(@NotNull CacheRefreshConfiguration cacheRefreshConfiguration) throws StringEncrypter.EncryptionException {
        this.logger.debug("Cache Refresh details to be updated - appConfiguration:{} ", cacheRefreshConfiguration);
        checkResourceNotNull(cacheRefreshConfiguration, CACHEREFRESH_CONFIGURATION);
        passwordEncryption(cacheRefreshConfiguration);
        this.cacheRefreshService.merge(cacheRefreshConfiguration);
        return Response.ok(this.cacheRefreshService.find()).build();
    }

    private CacheRefreshConfiguration passwordEncryption(CacheRefreshConfiguration cacheRefreshConfiguration) throws StringEncrypter.EncryptionException {
        this.logger.debug("Password  Encryption - appConfiguration:{} ", cacheRefreshConfiguration);
        if (cacheRefreshConfiguration == null) {
            return cacheRefreshConfiguration;
        }
        GluuLdapConfiguration inumConfig = cacheRefreshConfiguration.getInumConfig();
        passwordEncryption(inumConfig);
        cacheRefreshConfiguration.setInumConfig(inumConfig);
        GluuLdapConfiguration targetConfig = cacheRefreshConfiguration.getTargetConfig();
        passwordEncryption(targetConfig);
        cacheRefreshConfiguration.setTargetConfig(targetConfig);
        List<GluuLdapConfiguration> sourceConfigs = cacheRefreshConfiguration.getSourceConfigs();
        if (sourceConfigs != null && !sourceConfigs.isEmpty()) {
            Iterator<GluuLdapConfiguration> it = sourceConfigs.iterator();
            while (it.hasNext()) {
                passwordEncryption(it.next());
                cacheRefreshConfiguration.setSourceConfigs(sourceConfigs);
            }
        }
        return cacheRefreshConfiguration;
    }

    private GluuLdapConfiguration passwordEncryption(GluuLdapConfiguration gluuLdapConfiguration) throws StringEncrypter.EncryptionException {
        this.logger.debug("Password  Encryption - ldapConfiguration:{} ", gluuLdapConfiguration);
        if (gluuLdapConfiguration == null) {
            return gluuLdapConfiguration;
        }
        String bindPassword = gluuLdapConfiguration.getBindPassword();
        if (bindPassword != null && !bindPassword.isEmpty()) {
            try {
                this.encryptionService.decrypt(bindPassword);
            } catch (Exception e) {
                this.logger.error("Exception while decryption of ldapConfiguration password hence will encrypt it!!!");
                gluuLdapConfiguration.setBindPassword(this.encryptionService.encrypt(bindPassword));
            }
        }
        return gluuLdapConfiguration;
    }
}
