package io.jans.lock.service.consumer.message.opa;

import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.jans.lock.model.config.AppConfiguration;
import io.jans.lock.model.config.OpaConfiguration;
import io.jans.lock.service.TokenService;
import io.jans.lock.service.external.ExternalLockService;
import io.jans.lock.service.external.context.ExternalLockContext;
import io.jans.model.token.TokenEntity;
import io.jans.service.EncryptionService;
import io.jans.service.cdi.async.Asynchronous;
import io.jans.service.cdi.qualifier.Implementation;
import io.jans.service.message.consumer.MessageConsumer;
import io.jans.service.net.BaseHttpService;
import io.jans.util.StringHelper;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.io.IOException;
import java.time.Duration;
import java.time.format.DateTimeFormatter;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import net.jodah.expiringmap.ExpirationListener;
import net.jodah.expiringmap.ExpirationPolicy;
import net.jodah.expiringmap.ExpiringMap;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.slf4j.Logger;

@ApplicationScoped
@Implementation
/* loaded from: input_file:io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.class */
public class OpaMessageConsumer extends MessageConsumer {
    public static String MESSAGE_CONSUMER_TYPE = "OPA";

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ExternalLockService externalLockService;

    @Inject
    private BaseHttpService httpService;

    @Inject
    private TokenService tokenService;

    @Inject
    private EncryptionService encryptionService;
    private ObjectMapper objectMapper;
    private ExpiringMap<String, String> loadedTokens;
    private OpaExpirationListener expirationListener;

    /* loaded from: input_file:io/jans/lock/service/consumer/message/opa/OpaMessageConsumer$OpaExpirationListener.class */
    protected class OpaExpirationListener implements ExpirationListener<String, String> {
        protected OpaExpirationListener() {
        }

        public void expired(String str, String str2) {
            OpaMessageConsumer.this.log.debug("Deleting expired token {}", str);
            try {
                OpaMessageConsumer.this.removeData(OpaMessageConsumer.this.objectMapper.readTree(str2));
            } catch (JacksonException e) {
                OpaMessageConsumer.this.log.error("Failed to parse messge: '{}'", str2, e);
            }
        }
    }

    @PostConstruct
    public void init() {
        this.objectMapper = new ObjectMapper();
        this.expirationListener = new OpaExpirationListener();
        this.loadedTokens = ExpiringMap.builder().expirationPolicy(ExpirationPolicy.CREATED).variableExpiration().expirationListener(this.expirationListener).build();
    }

    @Asynchronous
    public void onMessage(String str, String str2) {
        this.log.info("onMessage {} : {}", str, str2);
        try {
            JsonNode readTree = this.objectMapper.readTree(str2);
            if (!readTree.hasNonNull("tknTyp") || !readTree.hasNonNull("tknCde") || !readTree.hasNonNull("tknOp")) {
                this.log.error("Message has missing tknOp or tknTyp, or tknTyp: '{}'", str2);
                return;
            }
            String asText = readTree.get("tknOp").asText();
            if (StringHelper.equalsIgnoreCase(asText, "add")) {
                putData(str2, readTree);
            } else if (StringHelper.equalsIgnoreCase(asText, "del")) {
                removeData(readTree);
            } else {
                this.log.error("Message has unsupported operation: '{}'", str2);
            }
        } catch (JacksonException e) {
            this.log.error("Failed to parse messge: '{}'", str2, e);
        }
    }

    public void onSubscribe(String str, int i) {
        this.log.debug("onSubscribe {} : {}", str, Integer.valueOf(i));
    }

    public void onUnsubscribe(String str, int i) {
        this.log.debug("onUnsubscribe {} : {}", str, Integer.valueOf(i));
    }

    public String getMessageConsumerType() {
        return MESSAGE_CONSUMER_TYPE;
    }

    protected boolean putData(String str, JsonNode jsonNode) {
        ExternalLockContext externalLockContext = new ExternalLockContext();
        String asText = jsonNode.get("tknTyp").asText();
        String asText2 = jsonNode.get("tknCde").asText();
        TokenEntity findToken = this.tokenService.findToken(asText2);
        this.log.debug("Token {} loaded successfully", findToken);
        externalLockContext.setTokenEntity(findToken);
        ObjectNode createObjectNode = this.objectMapper.createObjectNode();
        buildBaseTokenObject(findToken, createObjectNode);
        this.externalLockService.beforeDataPut(jsonNode, createObjectNode, externalLockContext);
        if (externalLockContext.isCancelPdpOperation()) {
            this.log.debug("DataPut was canceled by script");
            return true;
        }
        OpaConfiguration opaConfiguration = this.appConfiguration.getOpaConfiguration();
        HttpPut httpPut = new HttpPut(String.format("%s/data/%s/%s", opaConfiguration.getBaseUrl(), asText, asText2));
        addAccessTokenHeader(httpPut, opaConfiguration);
        httpPut.addHeader("Content-Type", ContentType.APPLICATION_JSON.getMimeType());
        httpPut.addHeader("If-None-Match", "*");
        httpPut.setEntity(new StringEntity(createObjectNode.toString(), ContentType.APPLICATION_JSON));
        boolean z = false;
        try {
            int statusCode = this.httpService.getHttpsClient().execute(httpPut).getStatusLine().getStatusCode();
            this.log.debug("Get OPA add data for token '{}' response with status code '{}'", asText2, Integer.valueOf(statusCode));
            z = statusCode == 204 || statusCode == 304;
        } catch (IOException e) {
            this.log.error("Failed to execute put data request", e);
        }
        if (z) {
            this.loadedTokens.put(asText2, str, ExpirationPolicy.CREATED, getExpirationInSeconds(findToken), TimeUnit.SECONDS);
        }
        return z;
    }

    public void buildBaseTokenObject(TokenEntity tokenEntity, ObjectNode objectNode) {
        objectNode.put("scope", tokenEntity.getScope());
        objectNode.put("creationDate", DateTimeFormatter.ISO_INSTANT.format(tokenEntity.getCreationDate().toInstant()));
        objectNode.put("expirationDate", DateTimeFormatter.ISO_INSTANT.format(tokenEntity.getExpirationDate().toInstant()));
        objectNode.put("userId", tokenEntity.getUserId());
        objectNode.put("clientId", tokenEntity.getClientId());
    }

    protected boolean removeData(JsonNode jsonNode) {
        ExternalLockContext externalLockContext = new ExternalLockContext();
        this.externalLockService.beforeDataRemoval(jsonNode, externalLockContext);
        if (externalLockContext.isCancelPdpOperation()) {
            this.log.debug("DataRemoval was canceled by script");
            return true;
        }
        String asText = jsonNode.get("tknTyp").asText();
        String asText2 = jsonNode.get("tknCde").asText();
        OpaConfiguration opaConfiguration = this.appConfiguration.getOpaConfiguration();
        HttpDelete httpDelete = new HttpDelete(String.format("%s/data/%s/%s", opaConfiguration.getBaseUrl(), asText, asText2));
        addAccessTokenHeader(httpDelete, opaConfiguration);
        boolean z = false;
        try {
            int statusCode = this.httpService.getHttpsClient().execute(httpDelete).getStatusLine().getStatusCode();
            this.log.debug("Get OPA remove data for token '{}' response with status code '{}'", asText2, Integer.valueOf(statusCode));
            z = statusCode == 204;
        } catch (IOException e) {
            this.log.error("Failed to execute delete data request", e);
        }
        return z;
    }

    protected long getExpirationInSeconds(TokenEntity tokenEntity) {
        return Long.valueOf(Duration.between(new Date().toInstant(), tokenEntity.getExpirationDate().toInstant()).getSeconds()).longValue();
    }

    private void addAccessTokenHeader(HttpRequestBase httpRequestBase, OpaConfiguration opaConfiguration) {
        String decrypt = this.encryptionService.decrypt(opaConfiguration.getAccessToken(), true);
        if (StringHelper.isNotEmpty(decrypt)) {
            httpRequestBase.setHeader("Authorization", "Bearer " + decrypt);
        }
    }

    public void destroy() {
        this.log.debug("Destory Messages");
    }
}
