package org.xdi.oxauth.model.common;

import java.security.SignatureException;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.model.authorize.JwtAuthorizationRequest;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.exception.InvalidJweException;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.ldap.TokenLdap;
import org.xdi.oxauth.model.ldap.TokenType;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.token.IdTokenFactory;
import org.xdi.oxauth.model.token.JsonWebResponse;
import org.xdi.oxauth.service.GrantService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.oxauth.util.TokenHashUtil;
import org.xdi.service.CacheService;
import org.xdi.util.security.StringEncrypter;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/model/common/AuthorizationGrant.class */
public class AuthorizationGrant extends AbstractAuthorizationGrant {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationGrant.class);

    @Inject
    private CacheService cacheService;
    private GrantService grantService;
    private IdTokenFactory idTokenFactory;
    private boolean isCachedWithNoPersistence;

    public AuthorizationGrant(User user, AuthorizationGrantType authorizationGrantType, Client client, Date date, AppConfiguration appConfiguration) {
        super(user, authorizationGrantType, client, date, appConfiguration);
        this.isCachedWithNoPersistence = false;
    }

    @Inject
    public void init(GrantService grantService, IdTokenFactory idTokenFactory) {
        this.grantService = grantService;
        this.idTokenFactory = idTokenFactory;
    }

    public IdToken createIdToken(IAuthorizationGrant iAuthorizationGrant, String str, AuthorizationCode authorizationCode, AccessToken accessToken, Set<String> set, boolean z) throws Exception {
        this.idTokenFactory = (IdTokenFactory) ServerUtil.bean(IdTokenFactory.class);
        JsonWebResponse createJwr = this.idTokenFactory.createJwr(iAuthorizationGrant, str, authorizationCode, accessToken, set, z);
        return new IdToken(createJwr.toString(), createJwr.getClaims().getClaimAsDate("iat"), createJwr.getClaims().getClaimAsDate("exp"));
    }

    @Override // org.xdi.oxauth.model.common.AbstractAuthorizationGrant, org.xdi.oxauth.model.common.IAuthorizationGrant
    public String checkScopesPolicy(String str) {
        String checkScopesPolicy = super.checkScopesPolicy(str);
        save();
        return checkScopesPolicy;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrant
    public void save() {
        if (!this.isCachedWithNoPersistence) {
            saveImpl();
        } else {
            if (getAuthorizationGrantType() != AuthorizationGrantType.AUTHORIZATION_CODE) {
                throw new UnsupportedOperationException("Grant caching is not supported for : " + getAuthorizationGrantType());
            }
            MemcachedGrant memcachedGrant = new MemcachedGrant(this);
            this.cacheService = (CacheService) ServerUtil.bean(CacheService.class);
            this.cacheService.put(Integer.toString(getAuthorizationCode().getExpiresIn()), memcachedGrant.cacheKey(), memcachedGrant);
        }
    }

    private void saveImpl() {
        String grantId = getGrantId();
        if (grantId == null || !StringUtils.isNotBlank(grantId)) {
            return;
        }
        this.grantService = (GrantService) ServerUtil.bean(GrantService.class);
        List<TokenLdap> grantsByGrantId = this.grantService.getGrantsByGrantId(grantId);
        if (grantsByGrantId == null || grantsByGrantId.isEmpty()) {
            return;
        }
        String nonce = getNonce();
        String scopesAsString = getScopesAsString();
        for (TokenLdap tokenLdap : grantsByGrantId) {
            tokenLdap.setNonce(nonce);
            tokenLdap.setScope(scopesAsString);
            tokenLdap.setAuthMode(getAcrValues());
            tokenLdap.setSessionDn(getSessionDn());
            tokenLdap.setAuthenticationTime(getAuthenticationTime());
            tokenLdap.setCodeChallenge(getCodeChallenge());
            tokenLdap.setCodeChallengeMethod(getCodeChallengeMethod());
            JwtAuthorizationRequest jwtAuthorizationRequest = getJwtAuthorizationRequest();
            if (jwtAuthorizationRequest != null && StringUtils.isNotBlank(jwtAuthorizationRequest.getEncodedJwt())) {
                tokenLdap.setJwtRequest(jwtAuthorizationRequest.getEncodedJwt());
            }
            log.debug("Saving grant: " + grantId + ", code_challenge: " + getCodeChallenge());
            this.grantService.mergeSilently(tokenLdap);
        }
    }

    @Override // org.xdi.oxauth.model.common.AbstractAuthorizationGrant, org.xdi.oxauth.model.common.IAuthorizationGrant
    public AccessToken createAccessToken() {
        try {
            AccessToken createAccessToken = super.createAccessToken();
            if (createAccessToken.getExpiresIn() > 0) {
                persist(asToken(createAccessToken));
            }
            return createAccessToken;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    @Override // org.xdi.oxauth.model.common.AbstractAuthorizationGrant, org.xdi.oxauth.model.common.IAuthorizationGrant
    public AccessToken createLongLivedAccessToken() {
        try {
            AccessToken createLongLivedAccessToken = super.createLongLivedAccessToken();
            if (createLongLivedAccessToken.getExpiresIn() > 0) {
                persist(asToken(createLongLivedAccessToken));
            }
            return createLongLivedAccessToken;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    @Override // org.xdi.oxauth.model.common.AbstractAuthorizationGrant, org.xdi.oxauth.model.common.IAuthorizationGrant
    public RefreshToken createRefreshToken() {
        try {
            RefreshToken createRefreshToken = super.createRefreshToken();
            if (createRefreshToken.getExpiresIn() > 0) {
                persist(asToken(createRefreshToken));
            }
            return createRefreshToken;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrant
    public IdToken createIdToken(String str, AuthorizationCode authorizationCode, AccessToken accessToken, AuthorizationGrant authorizationGrant, boolean z) throws SignatureException, StringEncrypter.EncryptionException, InvalidJwtException, InvalidJweException {
        try {
            IdToken createIdToken = createIdToken(this, str, authorizationCode, accessToken, getScopes(), z);
            String acrValues = authorizationGrant.getAcrValues();
            String sessionDn = authorizationGrant.getSessionDn();
            if (createIdToken.getExpiresIn() > 0) {
                TokenLdap asToken = asToken(createIdToken);
                asToken.setAuthMode(acrValues);
                asToken.setSessionDn(sessionDn);
                persist(asToken);
            }
            setAcrValues(acrValues);
            setSessionDn(sessionDn);
            save();
            return createIdToken;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    public void persist(TokenLdap tokenLdap) {
        this.grantService.persist(tokenLdap);
    }

    public void persist(AuthorizationCode authorizationCode) {
        persist(asToken(authorizationCode));
    }

    public TokenLdap asToken(IdToken idToken) {
        TokenLdap asTokenLdap = asTokenLdap(idToken);
        asTokenLdap.setTokenTypeEnum(TokenType.ID_TOKEN);
        return asTokenLdap;
    }

    public TokenLdap asToken(RefreshToken refreshToken) {
        TokenLdap asTokenLdap = asTokenLdap(refreshToken);
        asTokenLdap.setTokenTypeEnum(TokenType.REFRESH_TOKEN);
        return asTokenLdap;
    }

    public TokenLdap asToken(AuthorizationCode authorizationCode) {
        TokenLdap asTokenLdap = asTokenLdap(authorizationCode);
        asTokenLdap.setTokenTypeEnum(TokenType.AUTHORIZATION_CODE);
        return asTokenLdap;
    }

    public TokenLdap asToken(AccessToken accessToken) {
        TokenLdap asTokenLdap = asTokenLdap(accessToken);
        asTokenLdap.setTokenTypeEnum(TokenType.ACCESS_TOKEN);
        return asTokenLdap;
    }

    public String getScopesAsString() {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = getScopes().iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(" ");
        }
        return sb.toString().trim();
    }

    public TokenLdap asTokenLdap(AbstractToken abstractToken) {
        this.grantService = (GrantService) ServerUtil.bean(GrantService.class);
        String generateGrantId = GrantService.generateGrantId();
        TokenLdap tokenLdap = new TokenLdap();
        tokenLdap.setDn(this.grantService.buildDn(generateGrantId, getGrantId(), getClientId()));
        tokenLdap.setId(generateGrantId);
        tokenLdap.setGrantId(getGrantId());
        tokenLdap.setCreationDate(abstractToken.getCreationDate());
        tokenLdap.setExpirationDate(abstractToken.getExpirationDate());
        tokenLdap.setTokenCode(TokenHashUtil.getHashedToken(abstractToken.getCode()));
        tokenLdap.setUserId(getUserId());
        tokenLdap.setClientId(getClientId());
        tokenLdap.setScope(getScopesAsString());
        tokenLdap.setAuthMode(abstractToken.getAuthMode());
        tokenLdap.setSessionDn(abstractToken.getSessionDn());
        tokenLdap.setAuthenticationTime(getAuthenticationTime());
        AuthorizationGrantType authorizationGrantType = getAuthorizationGrantType();
        if (authorizationGrantType != null) {
            tokenLdap.setGrantType(authorizationGrantType.getParamName());
        }
        AuthorizationCode authorizationCode = getAuthorizationCode();
        if (authorizationCode != null) {
            tokenLdap.setAuthorizationCode(TokenHashUtil.getHashedToken(authorizationCode.getCode()));
        }
        String nonce = getNonce();
        if (nonce != null) {
            tokenLdap.setNonce(nonce);
        }
        JwtAuthorizationRequest jwtAuthorizationRequest = getJwtAuthorizationRequest();
        if (jwtAuthorizationRequest != null && StringUtils.isNotBlank(jwtAuthorizationRequest.getEncodedJwt())) {
            tokenLdap.setJwtRequest(jwtAuthorizationRequest.getEncodedJwt());
        }
        return tokenLdap;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrant
    public boolean isValid() {
        return true;
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrant
    public void revokeAllTokens() {
        TokenLdap tokenLdap = getTokenLdap();
        if (tokenLdap == null || !StringUtils.isNotBlank(tokenLdap.getGrantId())) {
            return;
        }
        this.grantService.removeAllByGrantId(tokenLdap.getGrantId());
    }

    @Override // org.xdi.oxauth.model.common.IAuthorizationGrant
    public void checkExpiredTokens() {
    }

    public boolean isCachedWithNoPersistence() {
        return this.isCachedWithNoPersistence;
    }

    public void setIsCachedWithNoPersistence(boolean z) {
        this.isCachedWithNoPersistence = z;
    }
}
