package io.jans.as.server.ssa.ws.rs.action;

import io.jans.as.client.ssa.create.SsaCreateRequest;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.ssa.Ssa;
import io.jans.as.common.model.ssa.SsaState;
import io.jans.as.common.service.common.InumService;
import io.jans.as.model.common.CreatorType;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.ssa.SsaErrorResponseType;
import io.jans.as.model.ssa.SsaRequestParam;
import io.jans.as.model.ssa.SsaScopeType;
import io.jans.as.model.token.JsonWebResponse;
import io.jans.as.server.auth.DpopService;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.service.external.ModifySsaResponseService;
import io.jans.as.server.service.external.context.ModifySsaResponseContext;
import io.jans.as.server.ssa.ws.rs.SsaContextBuilder;
import io.jans.as.server.ssa.ws.rs.SsaJsonService;
import io.jans.as.server.ssa.ws.rs.SsaRestWebServiceValidator;
import io.jans.as.server.ssa.ws.rs.SsaService;
import io.jans.as.server.util.ServerUtil;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import java.util.UUID;
import java.util.function.Function;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONObject;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/ssa/ws/rs/action/SsaCreateAction.class */
public class SsaCreateAction {

    @Inject
    private Logger log;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private InumService inumService;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private SsaJsonService ssaJsonService;

    @Inject
    private SsaService ssaService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ModifySsaResponseService modifySsaResponseService;

    @Inject
    private SsaRestWebServiceValidator ssaRestWebServiceValidator;

    @Inject
    private SsaContextBuilder ssaContextBuilder;

    public Response create(String str, HttpServletRequest httpServletRequest) throws WebApplicationException {
        this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.SSA);
        this.log.trace("Ssa request = {}", str);
        Response.ResponseBuilder status = Response.status(Response.Status.CREATED);
        try {
            JSONObject jSONObject = new JSONObject(str);
            SsaCreateRequest fromJson = SsaCreateRequest.fromJson(jSONObject);
            this.log.debug("Attempting to create ssa: {}", fromJson);
            prepareCreateRequest(fromJson);
            this.ssaRestWebServiceValidator.validateSsaCreateRequest(fromJson);
            String ssa = this.staticConfiguration.getBaseDn().getSsa();
            String generateDefaultId = this.inumService.generateDefaultId();
            Client clientFromSession = this.ssaRestWebServiceValidator.getClientFromSession();
            this.ssaRestWebServiceValidator.checkScopesPolicy(clientFromSession, SsaScopeType.SSA_ADMIN.getValue());
            Date date = new Date();
            Date expiration = getExpiration(fromJson.getExpiration());
            Ssa ssa2 = new Ssa();
            ssa2.setDn("inum=" + generateDefaultId + "," + ssa);
            ssa2.setId(generateDefaultId);
            ssa2.setDeletable(true);
            ssa2.setOrgId(fromJson.getOrgId());
            ssa2.setExpirationDate(expiration);
            ssa2.setTtl(Integer.valueOf(ServerUtil.calculateTtl(date, expiration)));
            ssa2.setDescription(fromJson.getDescription());
            ssa2.getAttributes().setSoftwareId(fromJson.getSoftwareId());
            ssa2.getAttributes().setSoftwareRoles(fromJson.getSoftwareRoles());
            ssa2.getAttributes().setScopes(getScopesForRoles(fromJson.getSoftwareRoles()));
            ssa2.getAttributes().setGrantTypes(fromJson.getGrantTypes());
            ssa2.getAttributes().setCustomAttributes(getCustomAttributes(jSONObject));
            ssa2.getAttributes().setClientDn(clientFromSession.getDn());
            ssa2.getAttributes().setOneTimeUse(fromJson.getOneTimeUse());
            ssa2.getAttributes().setRotateSsa(fromJson.getRotateSsa());
            ssa2.getAttributes().setLifetime(fromJson.getLifetime());
            ssa2.setCreatorType(CreatorType.CLIENT);
            ssa2.setState(SsaState.ACTIVE);
            ssa2.setCreatorId(clientFromSession.getClientId());
            ssa2.setCreationDate(date);
            ModifySsaResponseContext buildModifySsaResponseContext = this.ssaContextBuilder.buildModifySsaResponseContext(httpServletRequest, clientFromSession);
            Function<JsonWebResponse, Void> buildCreateProcessor = this.modifySsaResponseService.buildCreateProcessor(buildModifySsaResponseContext);
            ExecutionContext executionContext = buildModifySsaResponseContext.toExecutionContext();
            executionContext.setPostProcessor(buildCreateProcessor);
            Jwt generateJwt = this.ssaService.generateJwt(ssa2, executionContext);
            this.ssaService.persist(ssa2);
            this.log.info("Ssa created: {}", ssa2);
            status.entity(this.ssaJsonService.jsonObjectToString(this.ssaJsonService.getJSONObject(generateJwt.toString())));
            status.cacheControl(ServerUtil.cacheControl(true, false));
            status.header(DpopService.PRAGMA, DpopService.NO_CACHE);
            status.type(MediaType.APPLICATION_JSON_TYPE);
            return status.build();
        } catch (WebApplicationException e) {
            if (this.log.isErrorEnabled()) {
                this.log.error(e.getMessage(), e);
            }
            throw e;
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2);
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, SsaErrorResponseType.UNKNOWN_ERROR, "Unknown error");
        }
    }

    private List<String> getScopesForRoles(List<String> list) {
        this.log.debug("scopesForRoles - softwareRoles: {}", list);
        Map ssaMapSoftwareRolesToScopes = this.appConfiguration.getSsaConfiguration().getSsaMapSoftwareRolesToScopes();
        if (ssaMapSoftwareRolesToScopes == null || ssaMapSoftwareRolesToScopes.isEmpty()) {
            this.log.debug("scopesForRoles - no mappings in ssaConfiguration.ssaMapSoftwareRolesToScopes");
            return new ArrayList();
        }
        List arrayList = new ArrayList();
        for (String str : list) {
            List list2 = (List) ssaMapSoftwareRolesToScopes.get(str);
            if (list2 != null && arrayList.size() < list2.size()) {
                arrayList = list2;
                this.log.debug("scopesForRoles - set scopes: {} for role: {}", arrayList, str);
            }
        }
        this.log.debug("scopesForRoles - scopes: {}", arrayList);
        return arrayList;
    }

    private void prepareCreateRequest(SsaCreateRequest ssaCreateRequest) {
        if (ssaCreateRequest.getExpiration() == null || ssaCreateRequest.getExpiration().longValue() == 0) {
            ssaCreateRequest.setExpiration(Long.valueOf(getExpiration(ssaCreateRequest.getExpiration()).getTime() / 1000));
        }
        if (ssaCreateRequest.getLifetime() == null || ssaCreateRequest.getLifetime().intValue() < 1) {
            ssaCreateRequest.setLifetime(Integer.valueOf((int) (ssaCreateRequest.getExpiration().longValue() - (new Date().getTime() / 1000))));
        }
        if (StringUtils.isBlank(ssaCreateRequest.getSoftwareId())) {
            ssaCreateRequest.setSoftwareId(UUID.randomUUID().toString());
        }
    }

    private Map<String, String> getCustomAttributes(JSONObject jSONObject) {
        if (this.appConfiguration.getSsaConfiguration().getSsaCustomAttributes().isEmpty()) {
            return new HashMap();
        }
        HashMap hashMap = new HashMap();
        this.appConfiguration.getSsaConfiguration().getSsaCustomAttributes().forEach(str -> {
            if (jSONObject.has(str)) {
                hashMap.put(str, jSONObject.getString(str));
            } else {
                this.log.warn("Field: {} is not found in request", str);
            }
        });
        ArrayList arrayList = new ArrayList();
        arrayList.add(SsaRequestParam.DESCRIPTION.getName());
        arrayList.add(SsaRequestParam.GRANT_TYPES.getName());
        arrayList.add(SsaRequestParam.SOFTWARE_ROLES.getName());
        arrayList.add(SsaRequestParam.ORG_ID.getName());
        arrayList.add(SsaRequestParam.EXPIRATION.getName());
        arrayList.add(SsaRequestParam.SOFTWARE_ID.getName());
        arrayList.add(SsaRequestParam.ONE_TIME_USE.getName());
        arrayList.add(SsaRequestParam.ROTATE_SSA.getName());
        arrayList.add(SsaRequestParam.LIFETIME.getName());
        arrayList.addAll(this.appConfiguration.getSsaConfiguration().getSsaCustomAttributes());
        jSONObject.toMap().forEach((str2, obj) -> {
            if (arrayList.contains(str2)) {
                return;
            }
            this.log.warn("Field: {} is not defined", str2);
        });
        return hashMap;
    }

    private Date getExpiration(Long l) {
        Calendar gregorianCalendar = GregorianCalendar.getInstance(TimeZone.getTimeZone("UTC"));
        if (l == null || l.longValue() <= 0) {
            gregorianCalendar.add(5, this.appConfiguration.getSsaConfiguration().getSsaExpirationInDays().intValue());
            return gregorianCalendar.getTime();
        }
        gregorianCalendar.setTimeInMillis(l.longValue() * 1000);
        return gregorianCalendar.getTime();
    }
}
