package io.jans.as.server.service;

import com.google.common.collect.Sets;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.service.common.EncryptionService;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.persistence.model.Scope;
import io.jans.as.server.model.token.HandleTokenFactory;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.exception.EntryPersistenceException;
import io.jans.orm.model.base.CustomAttribute;
import io.jans.orm.model.base.CustomEntry;
import io.jans.orm.model.base.CustomObjectAttribute;
import io.jans.orm.search.filter.Filter;
import io.jans.service.BaseCacheService;
import io.jans.service.CacheService;
import io.jans.service.LocalCacheService;
import io.jans.util.StringHelper;
import io.jans.util.security.StringEncrypter;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.util.Collection;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import org.apache.commons.lang3.BooleanUtils;
import org.json.JSONArray;
import org.python.jline.internal.Preconditions;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/service/ClientService.class */
public class ClientService {
    protected static final String[] CLIENT_OBJECT_CLASSES = {"jansClnt"};

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private CacheService cacheService;

    @Inject
    private LocalCacheService localCacheService;

    @Inject
    private ScopeService scopeService;

    @Inject
    private EncryptionService encryptionService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private StaticConfiguration staticConfiguration;

    public void persist(Client client) {
        ignoreCustomObjectClassesForNonLDAP(client);
        this.ldapEntryManager.persist(client);
    }

    private Client ignoreCustomObjectClassesForNonLDAP(Client client) {
        String persistenceType = this.ldapEntryManager.getPersistenceType();
        this.log.debug("persistenceType: {}", persistenceType);
        if (!PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceType)) {
            this.log.debug("Setting CustomObjectClasses :{} to null as it's used only for LDAP and current persistenceType is {} ", client.getCustomObjectClasses(), persistenceType);
            client.setCustomObjectClasses((String[]) null);
        }
        return client;
    }

    public void merge(Client client) {
        this.ldapEntryManager.merge(client);
        removeFromCache(client);
    }

    public boolean authenticate(String str, String str2) {
        Client client;
        this.log.debug("Authenticating Client with LDAP: clientId = {}", str);
        boolean z = false;
        try {
            client = getClient(str);
        } catch (StringEncrypter.EncryptionException e) {
            this.log.error(e.getMessage(), e);
        }
        if (client == null) {
            this.log.debug("Failed to find client = {}", str);
            return false;
        }
        String decryptSecret = decryptSecret(client.getClientSecret());
        z = decryptSecret != null && decryptSecret.equals(str2);
        return z;
    }

    public Set<Client> getClient(Collection<String> collection, boolean z) {
        HashSet newHashSet = Sets.newHashSet();
        if (collection == null) {
            return newHashSet;
        }
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            try {
                Client client = getClient(it.next());
                if (client != null) {
                    newHashSet.add(client);
                }
            } catch (RuntimeException e) {
                if (!z) {
                    throw e;
                }
            }
        }
        return newHashSet;
    }

    public Client getClient(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        Client clientByDn = getClientByDn(buildClientDn(str));
        this.log.debug("Found {} entries for client id = {}", Integer.valueOf(clientByDn != null ? 1 : 0), str);
        return clientByDn;
    }

    public boolean isPublic(String str) {
        return isPublic(getClient(str));
    }

    public boolean isPublic(Client client) {
        return client != null && client.hasAuthenticationMethod(AuthenticationMethod.NONE);
    }

    public Client getClient(String str, String str2) {
        Client client = getClient(str);
        if (client == null || str2 == null || !str2.equals(client.getRegistrationAccessToken())) {
            return null;
        }
        rotateRegistrationAccessToken(client);
        return client;
    }

    public String generateRegistrationAccessToken() {
        return HandleTokenFactory.generateHandleToken();
    }

    public void rotateRegistrationAccessToken(Client client) {
        if (client == null || BooleanUtils.isFalse(this.appConfiguration.getRotateClientRegistrationAccessTokenOnUsage())) {
            return;
        }
        client.setRegistrationAccessToken(generateRegistrationAccessToken());
        persist(client);
    }

    public Set<Client> getClientsByDns(Collection<String> collection) {
        return getClientsByDns(collection, true);
    }

    public Set<Client> getClientsByDns(Collection<String> collection, boolean z) {
        Preconditions.checkNotNull(collection);
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            try {
                newHashSet.add(getClientByDn(it.next()));
            } catch (RuntimeException e) {
                if (!z) {
                    throw e;
                }
            }
        }
        return newHashSet;
    }

    public Client getClientByDn(String str) {
        try {
            return (Client) getCacheService().getWithPut(str, () -> {
                return (Client) this.ldapEntryManager.find(Client.class, str);
            }, 60);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return null;
        }
    }

    public CustomObjectAttribute getCustomAttribute(Client client, String str) {
        for (CustomObjectAttribute customObjectAttribute : client.getCustomAttributes()) {
            if (StringHelper.equalsIgnoreCase(str, customObjectAttribute.getName())) {
                return customObjectAttribute;
            }
        }
        return null;
    }

    public void setCustomAttribute(Client client, String str, String str2) {
        CustomObjectAttribute customAttribute = getCustomAttribute(client, str);
        if (customAttribute == null) {
            customAttribute = new CustomObjectAttribute(str);
            client.getCustomAttributes().add(customAttribute);
        }
        customAttribute.setValue(str2);
    }

    public List<Client> getAllClients(String[] strArr) {
        return this.ldapEntryManager.findEntries(this.staticConfiguration.getBaseDn().getClients(), Client.class, (Filter) null, strArr);
    }

    public List<Client> getAllClients(String[] strArr, int i) {
        return this.ldapEntryManager.findEntries(this.staticConfiguration.getBaseDn().getClients(), Client.class, (Filter) null, strArr, i);
    }

    public String buildClientDn(String str) {
        return String.format("inum=%s,", str) + this.staticConfiguration.getBaseDn().getClients();
    }

    public void remove(Client client) {
        if (client != null) {
            removeFromCache(client);
            this.ldapEntryManager.removeRecursively(client.getDn(), Client.class);
        }
    }

    public void removeFromCache(Client client) {
        try {
            getCacheService().remove(client.getDn());
        } catch (Exception e) {
            this.log.error("Failed to remove client from cache." + client.getDn(), e);
        }
    }

    public void updateAccessTime(Client client, boolean z) {
        if (BooleanUtils.isFalse(this.appConfiguration.getUpdateClientAccessTime())) {
            return;
        }
        String dn = client.getDn();
        CustomEntry customEntry = new CustomEntry();
        customEntry.setDn(dn);
        customEntry.setCustomObjectClasses(CLIENT_OBJECT_CLASSES);
        String encodeTime = this.ldapEntryManager.encodeTime(customEntry.getDn(), new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime());
        customEntry.getCustomAttributes().add(new CustomAttribute("jansLastAccessTime", encodeTime));
        if (z) {
            customEntry.getCustomAttributes().add(new CustomAttribute("jansLastLogonTime", encodeTime));
        }
        try {
            this.ldapEntryManager.merge(customEntry);
        } catch (EntryPersistenceException e) {
            this.log.error("Failed to update jansLastAccessTime and jansLastLogonTime of client '{}'", dn);
            this.log.trace("Failed to update user:", e);
        }
        removeFromCache(client);
    }

    public Object getAttribute(Client client, String str) {
        Object obj = null;
        if (str != null) {
            if (str.equals("displayName")) {
                obj = client.getClientName();
            } else if (str.equals("inum")) {
                obj = client.getClientId();
            } else if (str.equals("jansAppTyp")) {
                obj = client.getApplicationType();
            } else if (str.equals("jansIdTknSignedRespAlg")) {
                obj = client.getIdTokenSignedResponseAlg();
            } else if (str.equals("jansRedirectURI") && client.getRedirectUris() != null) {
                JSONArray jSONArray = new JSONArray();
                for (String str2 : client.getRedirectUris()) {
                    jSONArray.put(str2);
                }
                obj = jSONArray;
            } else if (!str.equals("jansScope") || client.getScopes() == null) {
                Iterator it = client.getCustomAttributes().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CustomObjectAttribute customObjectAttribute = (CustomObjectAttribute) it.next();
                    if (customObjectAttribute.getName().equals(str)) {
                        List values = customObjectAttribute.getValues();
                        if (values != null) {
                            if (values.size() == 1) {
                                obj = values.get(0);
                            } else {
                                JSONArray jSONArray2 = new JSONArray();
                                Iterator it2 = values.iterator();
                                while (it2.hasNext()) {
                                    jSONArray2.put(it2.next());
                                }
                                obj = jSONArray2;
                            }
                        }
                    }
                }
            } else {
                JSONArray jSONArray3 = new JSONArray();
                for (String str3 : client.getScopes()) {
                    Scope scopeByDn = this.scopeService.getScopeByDn(str3);
                    if (scopeByDn != null) {
                        jSONArray3.put(scopeByDn.getId());
                    }
                }
                obj = jSONArray3;
            }
        }
        return obj;
    }

    public String decryptSecret(String str) throws StringEncrypter.EncryptionException {
        return this.encryptionService.decrypt(str);
    }

    public String encryptSecret(String str) throws StringEncrypter.EncryptionException {
        return this.encryptionService.encrypt(str);
    }

    private BaseCacheService getCacheService() {
        return BooleanUtils.isTrue(this.appConfiguration.getUseLocalCache()) ? this.localCacheService : this.cacheService;
    }
}
