package org.gluu.oxauth.bcauthorize.ws.rs;

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.gluu.oxauth.audit.ApplicationAuditLogger;
import org.gluu.oxauth.ciba.CIBADeviceRegistrationValidatorService;
import org.gluu.oxauth.model.audit.Action;
import org.gluu.oxauth.model.audit.OAuth2AuditLog;
import org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType;
import org.gluu.oxauth.model.ciba.BackchannelDeviceRegistrationErrorResponseType;
import org.gluu.oxauth.model.common.AuthorizationGrant;
import org.gluu.oxauth.model.common.AuthorizationGrantList;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.error.DefaultErrorResponse;
import org.gluu.oxauth.model.error.ErrorResponseFactory;
import org.gluu.oxauth.service.common.UserService;
import org.gluu.oxauth.util.ServerUtil;
import org.slf4j.Logger;

@Path("/")
/* loaded from: input_file:org/gluu/oxauth/bcauthorize/ws/rs/BackchannelDeviceRegistrationRestWebServiceImpl.class */
public class BackchannelDeviceRegistrationRestWebServiceImpl implements BackchannelDeviceRegistrationRestWebService {

    @Inject
    private Logger log;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private UserService userService;

    @Inject
    private AuthorizationGrantList authorizationGrantList;

    @Inject
    private CIBADeviceRegistrationValidatorService cibaDeviceRegistrationValidatorService;

    @Override // org.gluu.oxauth.bcauthorize.ws.rs.BackchannelDeviceRegistrationRestWebService
    public Response requestBackchannelDeviceRegistrationPost(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityContext securityContext) {
        OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), Action.BACKCHANNEL_DEVICE_REGISTRATION);
        this.log.debug("Attempting to request backchannel device registration: idTokenHint = {}, deviceRegistrationToken = {}, isSecure = {}", new Object[]{str, str2, Boolean.valueOf(securityContext.isSecure())});
        Response.ResponseBuilder ok = Response.ok();
        if (!this.appConfiguration.getCibaEnabled().booleanValue()) {
            this.log.warn("Trying to register a CIBA device, however CIBA config is disabled.");
            Response.ResponseBuilder status = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
            status.entity(this.errorResponseFactory.getErrorAsJson(BackchannelAuthenticationErrorResponseType.INVALID_REQUEST));
            return status.build();
        }
        DefaultErrorResponse validateParams = this.cibaDeviceRegistrationValidatorService.validateParams(str, str2);
        if (validateParams != null) {
            Response.ResponseBuilder status2 = Response.status(validateParams.getStatus());
            status2.entity(this.errorResponseFactory.errorAsJson(validateParams.getType(), validateParams.getReason()));
            return status2.build();
        }
        AuthorizationGrant authorizationGrantByIdToken = this.authorizationGrantList.getAuthorizationGrantByIdToken(str);
        if (authorizationGrantByIdToken == null) {
            Response.ResponseBuilder status3 = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
            status3.entity(this.errorResponseFactory.getErrorAsJson(BackchannelAuthenticationErrorResponseType.UNKNOWN_USER_ID));
            return status3.build();
        }
        User user = authorizationGrantByIdToken.getUser();
        if (user == null) {
            Response.ResponseBuilder status4 = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
            status4.entity(this.errorResponseFactory.getErrorAsJson(BackchannelDeviceRegistrationErrorResponseType.UNKNOWN_USER_ID));
            return status4.build();
        }
        this.userService.setCustomAttribute(user, "oxAuthBackchannelDeviceRegistrationToken", str2);
        this.userService.updateUser(user);
        this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
        return ok.build();
    }
}
