package io.jans.configapi.rest.resource.auth;

import io.jans.ads.model.Deployment;
import io.jans.config.GluuConfiguration;
import io.jans.configapi.core.model.ApiError;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.model.configuration.ApiAppConfiguration;
import io.jans.configapi.rest.model.AuthenticationMethod;
import io.jans.configapi.service.auth.AgamaDeploymentsService;
import io.jans.configapi.service.auth.ConfigurationService;
import io.jans.configapi.service.auth.LdapConfigurationService;
import io.jans.model.custom.script.model.CustomScript;
import io.jans.model.ldap.GluuLdapConfiguration;
import io.jans.orm.model.PagedResult;
import io.jans.service.custom.CustomScriptService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

@Produces({"application/json"})
@Path("/acrs")
@Consumes({"application/json"})
/* loaded from: input_file:io/jans/configapi/rest/resource/auth/AcrsResource.class */
public class AcrsResource extends ConfigBaseResource {
    private static final String AGAMA_PREFIX = "agama_";
    private static final String AGAMA_PREFIX_SEPERATOR = "_";

    @Inject
    Logger log;

    @Inject
    private ApiAppConfiguration appConfiguration;

    @Inject
    ConfigurationService configurationService;

    @Inject
    CustomScriptService customScriptService;

    @Inject
    AgamaDeploymentsService agamaDeploymentsService;

    @Inject
    LdapConfigurationService ldapConfigurationService;

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/acrs.readonly"}, groupScopes = {"https://jans.io/oauth/config/acrs.write"}, superScopes = {"https://jans.io/oauth/config/read-all"})
    @Operation(summary = "Gets default authentication method.", description = "Gets default authentication method.", operationId = "get-acrs", tags = {"Default Authentication Method"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/acrs.readonly", "https://jans.io/oauth/config/acrs.write", "https://jans.io/oauth/config/read-all"})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = AuthenticationMethod.class), examples = {@ExampleObject(name = "Response example", value = "example/acr/acr.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getDefaultAuthenticationMethod() {
        GluuConfiguration findGluuConfiguration = this.configurationService.findGluuConfiguration();
        AuthenticationMethod authenticationMethod = new AuthenticationMethod();
        authenticationMethod.setDefaultAcr(findGluuConfiguration.getAuthenticationMode());
        return Response.ok(authenticationMethod).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/acrs.write"}, superScopes = {"https://jans.io/oauth/config/write-all"})
    @Operation(summary = "Updates default authentication method.", description = "Updates default authentication method.", operationId = "put-acrs", tags = {"Default Authentication Method"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/acrs.write", "https://jans.io/oauth/config/write-all"})})
    @PUT
    @RequestBody(description = "String representing patch-document.", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = AuthenticationMethod.class), examples = {@ExampleObject(name = "Request json example", value = "example/acr/acr.json")})})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = AuthenticationMethod.class))}), @ApiResponse(responseCode = "400", description = "Bad Request", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))}), @ApiResponse(responseCode = "401", description = "Unauthorized", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ApiError.class, description = "Unauthorized"))}), @ApiResponse(responseCode = "500", description = "InternalServerError", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))})})
    public Response updateDefaultAuthenticationMethod(@NotNull AuthenticationMethod authenticationMethod) {
        this.log.info("ACRS details to  update - authenticationMethod:{}", authenticationMethod);
        if (authenticationMethod == null || StringUtils.isBlank(authenticationMethod.getDefaultAcr())) {
            throwBadRequestException("Default authentication method should not be null or empty !");
        }
        if (authenticationMethod != null && StringUtils.isNotBlank(authenticationMethod.getDefaultAcr())) {
            validateAuthenticationMethod(authenticationMethod.getDefaultAcr());
            GluuConfiguration findGluuConfiguration = this.configurationService.findGluuConfiguration();
            findGluuConfiguration.setAuthenticationMode(authenticationMethod.getDefaultAcr());
            this.configurationService.merge(findGluuConfiguration);
        }
        return Response.ok(authenticationMethod).build();
    }

    private void validateAuthenticationMethod(String str) {
        this.log.debug("authenticationMethod:{}, appConfiguration.isAcrValidationEnabled():{}", str, Boolean.valueOf(this.appConfiguration.isAcrValidationEnabled()));
        boolean isAcrValid = isAcrValid(str);
        this.log.debug("isAcrValid:{}", Boolean.valueOf(isAcrValid));
        if (!this.appConfiguration.isAcrValidationEnabled() || isAcrValid) {
            return;
        }
        throwBadRequestException("INVALID_ACR", String.format("Authentication script {%s} is not valid/active", str));
    }

    private boolean isAcrValid(String str) {
        this.log.info(" Validate ACR being set - authenticationMethod:{}, appConfiguration.getAcrExclusionList():{}", str, this.appConfiguration.getAcrExclusionList());
        if (this.appConfiguration.getAcrExclusionList() != null && this.appConfiguration.getAcrExclusionList().contains(str)) {
            return true;
        }
        if (StringUtils.isNotBlank(str) && str.startsWith(AGAMA_PREFIX)) {
            this.log.debug(" Agama authenticationMethod provided.");
            return isValidAgamaDeployment(str);
        }
        List<GluuLdapConfiguration> findLdapConfigurations = this.ldapConfigurationService.findLdapConfigurations();
        this.log.debug(" ldapConfigurations:{}", findLdapConfigurations);
        if (findLdapConfigurations != null && !findLdapConfigurations.isEmpty()) {
            Optional<GluuLdapConfiguration> findFirst = findLdapConfigurations.stream().filter(gluuLdapConfiguration -> {
                return gluuLdapConfiguration.getConfigId().equals(str);
            }).findFirst();
            if (findFirst.isPresent() && findFirst.get() != null) {
                return true;
            }
        }
        CustomScript scriptByDisplayName = this.customScriptService.getScriptByDisplayName(str);
        this.log.debug(" CustomScript:{}", scriptByDisplayName);
        if (scriptByDisplayName == null || !scriptByDisplayName.isEnabled()) {
            this.log.debug(" isValid:{}", false);
            return false;
        }
        this.log.debug(" script:{}, script.isEnabled():{}", scriptByDisplayName, Boolean.valueOf(scriptByDisplayName.isEnabled()));
        return true;
    }

    public boolean isValidAgamaDeployment(String str) {
        boolean z = false;
        this.log.info(" Validate Agama ACR - authenticationMode:{},", str);
        if (StringUtils.isBlank(str)) {
            return false;
        }
        PagedResult<Deployment> list = this.agamaDeploymentsService.list(0, 0, getMaxCount());
        this.log.info(" Agama Deployments - deploymentPagedResult:{},", list);
        if (list != null && list.getEntries() != null && !list.getEntries().isEmpty()) {
            List<Deployment> entries = list.getEntries();
            this.log.debug(" agamaDeploymentList:{},", entries);
            Set<String> directLaunchFlows = getDirectLaunchFlows(entries);
            this.log.info("Final DirectLaunchFlows - keys:{}, authenticationMode:{}, authenticationMode.indexOf(AGAMA_PREFIX_SEPERATOR):{} , authenticationMode.indexOf(AGAMA_PREFIX_SEPERATOR)+1:{}", new Object[]{directLaunchFlows, str, Integer.valueOf(str.indexOf(AGAMA_PREFIX_SEPERATOR)), Integer.valueOf(str.indexOf(AGAMA_PREFIX_SEPERATOR) + 1)});
            String str2 = str;
            if (str.indexOf(AGAMA_PREFIX_SEPERATOR) > 0) {
                str2 = str.substring(str.indexOf(AGAMA_PREFIX_SEPERATOR) + 1);
            }
            this.log.info(" agamaAcr:{},", str2);
            if (directLaunchFlows != null && !directLaunchFlows.isEmpty() && directLaunchFlows.contains(str2)) {
                this.log.debug(" keys.contains(agamaAcr):{},", Boolean.valueOf(directLaunchFlows.contains(str2)));
                z = true;
            }
        }
        this.log.info(" isValidAgamaDeployment - isValid:{}", Boolean.valueOf(z));
        return z;
    }

    private Set<String> getDirectLaunchFlows(List<Deployment> list) {
        this.log.info(" agamaDeploymentList:{}", list);
        Set<String> set = null;
        List list2 = null;
        if (list == null || list.isEmpty()) {
            return null;
        }
        for (Deployment deployment : list) {
            this.log.debug("Agama deployment:{},", deployment);
            if (deployment.getDetails() != null && deployment.getDetails().getFlowsError() != null) {
                set = deployment.getDetails().getFlowsError().keySet();
                this.log.debug(" Agama flow keys:{},", set);
                if (deployment.getDetails().getProjectMetadata() != null) {
                    list2 = deployment.getDetails().getProjectMetadata().getNoDirectLaunchFlows();
                }
            }
        }
        this.log.debug("All deployed agama keys:{}, noDirectLaunchFlows:{}", set, list2);
        if (set != null && !set.isEmpty() && list2 != null) {
            set.removeAll(list2);
        }
        this.log.info("Final agama main flow keys:{}", set);
        return set;
    }
}
