package org.gluu.oxauth.uma.service;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.uma.UmaPermissionList;
import org.gluu.oxauth.model.uma.persistence.UmaPermission;
import org.gluu.oxauth.model.util.Pair;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.model.base.SimpleBranch;
import org.gluu.search.filter.Filter;
import org.gluu.util.INumGenerator;
import org.slf4j.Logger;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/uma/service/UmaPermissionService.class */
public class UmaPermissionService {
    private static final String ORGUNIT_OF_RESOURCE_PERMISSION = "uma_permission";
    private static final int DEFAULT_TICKET_LIFETIME = 3600;

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private UmaScopeService scopeService;

    @Inject
    private AppConfiguration appConfiguration;

    public static String getDn(String str, String str2) {
        return String.format("oxTicket=%s,%s", str2, getBranchDn(str));
    }

    public static String getBranchDn(String str) {
        return String.format("ou=%s,%s", ORGUNIT_OF_RESOURCE_PERMISSION, str);
    }

    private List<UmaPermission> createPermissions(UmaPermissionList umaPermissionList, Pair<Date, Integer> pair) {
        String str = INumGenerator.generate(8) + "." + System.currentTimeMillis();
        String generateNewTicket = generateNewTicket();
        ArrayList arrayList = new ArrayList();
        Iterator it = umaPermissionList.iterator();
        while (it.hasNext()) {
            org.gluu.oxauth.model.uma.UmaPermission umaPermission = (org.gluu.oxauth.model.uma.UmaPermission) it.next();
            UmaPermission umaPermission2 = new UmaPermission(umaPermission.getResourceId(), this.scopeService.getScopeDNsByIdsAndAddToLdapIfNeeded(umaPermission.getScopes()), generateNewTicket, str, pair);
            if (umaPermission.getParams() != null && !umaPermission.getParams().isEmpty()) {
                umaPermission2.getAttributes().putAll(umaPermission.getParams());
            }
            arrayList.add(umaPermission2);
        }
        return arrayList;
    }

    public String generateNewTicket() {
        return UUID.randomUUID().toString();
    }

    public String addPermission(UmaPermissionList umaPermissionList, String str) {
        try {
            List<UmaPermission> createPermissions = createPermissions(umaPermissionList, ticketExpirationDate());
            Iterator<UmaPermission> it = createPermissions.iterator();
            while (it.hasNext()) {
                addPermission(it.next(), str);
            }
            return createPermissions.get(0).getTicket();
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            throw e;
        }
    }

    public Pair<Date, Integer> ticketExpirationDate() {
        int umaTicketLifetime = this.appConfiguration.getUmaTicketLifetime();
        if (umaTicketLifetime <= 0) {
            umaTicketLifetime = 3600;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, umaTicketLifetime);
        return new Pair<>(calendar.getTime(), Integer.valueOf(umaTicketLifetime));
    }

    public void addPermission(UmaPermission umaPermission, String str) {
        try {
            addBranchIfNeeded(str);
            umaPermission.setDn(getDn(str, umaPermission.getTicket()));
            this.ldapEntryManager.persist(umaPermission);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void merge(UmaPermission umaPermission) {
        this.ldapEntryManager.merge(umaPermission);
    }

    public void mergeSilently(UmaPermission umaPermission) {
        try {
            this.ldapEntryManager.merge(umaPermission);
        } catch (Exception e) {
            this.log.error("Failed to persist permission: " + umaPermission, e);
        }
    }

    public List<UmaPermission> getPermissionsByTicket(String str) {
        try {
            return this.ldapEntryManager.findEntries(this.staticConfiguration.getBaseDn().getClients(), UmaPermission.class, Filter.createEqualityFilter("oxTicket", str));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public void deletePermission(String str) {
        try {
            Iterator<UmaPermission> it = getPermissionsByTicket(str).iterator();
            while (it.hasNext()) {
                this.ldapEntryManager.remove(it.next());
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void addBranch(String str) {
        SimpleBranch simpleBranch = new SimpleBranch();
        simpleBranch.setOrganizationalUnitName(ORGUNIT_OF_RESOURCE_PERMISSION);
        simpleBranch.setDn(getBranchDn(str));
        this.ldapEntryManager.persist(simpleBranch);
    }

    public void addBranchIfNeeded(String str) {
        if (containsBranch(str)) {
            return;
        }
        addBranch(str);
    }

    public boolean containsBranch(String str) {
        return this.ldapEntryManager.contains(getBranchDn(str), SimpleBranch.class);
    }

    public String changeTicket(List<UmaPermission> list, Map<String, String> map) {
        String generateNewTicket = generateNewTicket();
        for (UmaPermission umaPermission : list) {
            this.ldapEntryManager.remove(umaPermission);
            String format = String.format("oxTicket=%s,%s", generateNewTicket, StringUtils.substringAfter(umaPermission.getDn(), ","));
            umaPermission.setTicket(generateNewTicket);
            umaPermission.setDn(format);
            umaPermission.setAttributes(map);
            this.ldapEntryManager.persist(umaPermission);
            this.log.trace("New ticket: " + generateNewTicket + ", old permission: " + format);
        }
        return generateNewTicket;
    }
}
