package io.jans.ca.server.op;

import com.google.inject.Injector;
import io.jans.as.client.OpenIdConnectDiscoveryClient;
import io.jans.as.client.OpenIdConnectDiscoveryResponse;
import io.jans.as.model.discovery.WebFingerParam;
import io.jans.ca.common.Command;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.GetIssuerParams;
import io.jans.ca.common.response.GetIssuerResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.beanutils.BeanUtils;
import org.python.google.common.base.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/GetIssuerOperation.class */
public class GetIssuerOperation extends BaseOperation<GetIssuerParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetIssuerOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetIssuerOperation(Command command, Injector injector) {
        super(command, injector, GetIssuerParams.class);
    }

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetIssuerParams getIssuerParams) {
        validateParams(getIssuerParams);
        GetIssuerResponse webfingerResponse = getWebfingerResponse(getIssuerParams.getResource());
        validateIssuer(webfingerResponse, getDiscoveryService().getConnectDiscoveryResponse(getIssuerParams.getOpConfigurationEndpoint(), getIssuerParams.getOpHost(), getIssuerParams.getOpDiscoveryPath()).getIssuer());
        return webfingerResponse;
    }

    private static GetIssuerResponse getWebfingerResponse(String str) {
        try {
            OpenIdConnectDiscoveryResponse exec = new OpenIdConnectDiscoveryClient(str).exec();
            if (exec == null || Strings.isNullOrEmpty(exec.getSubject()) || exec.getLinks().isEmpty()) {
                LOG.error("Error in fetching op discovery configuration response ");
                throw new HttpException(ErrorResponseCode.FAILED_TO_GET_ISSUER);
            }
            GetIssuerResponse getIssuerResponse = new GetIssuerResponse();
            BeanUtils.copyProperties(getIssuerResponse, exec);
            return getIssuerResponse;
        } catch (Exception e) {
            LOG.error("Error in creating op discovery configuration response ", (Throwable) e);
            throw new HttpException(ErrorResponseCode.FAILED_TO_GET_ISSUER);
        }
    }

    private static void validateParams(GetIssuerParams getIssuerParams) {
        if (Strings.isNullOrEmpty(getIssuerParams.getOpHost()) && Strings.isNullOrEmpty(getIssuerParams.getOpConfigurationEndpoint())) {
            LOG.error("Either 'op_configuration_endpoint' or 'op_host' should be provided.");
            throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT);
        }
        if (Strings.isNullOrEmpty(getIssuerParams.getResource())) {
            LOG.error("The 'resource' is empty or not specified.");
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RESOURCE);
        }
    }

    private static void validateIssuer(GetIssuerResponse getIssuerResponse, String str) {
        List list = (List) getIssuerResponse.getLinks().stream().filter(webFingerLink -> {
            return webFingerLink.getRel().equals(WebFingerParam.REL_VALUE);
        }).map(webFingerLink2 -> {
            return webFingerLink2.getHref();
        }).collect(Collectors.toList());
        if (list.stream().noneMatch(str2 -> {
            return str2.equals(str);
        })) {
            LOG.error("Discovered issuer not matched with issuer obtained from Webfinger. Got : {}, Expected : {}", str, String.join(", ", list));
            throw new HttpException(ErrorResponseCode.INVALID_ISSUER_DISCOVERED);
        }
    }
}
