package org.xdi.oxauth.service.uma.resourceserver;

import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.xdi.oxauth.model.common.uma.UmaRPT;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.uma.PermissionTicket;
import org.xdi.oxauth.model.uma.UmaPermission;
import org.xdi.oxauth.model.uma.persistence.ResourceSet;
import org.xdi.oxauth.model.uma.persistence.ResourceSetPermission;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.token.TokenService;
import org.xdi.oxauth.service.uma.ResourceSetPermissionManager;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.util.Pair;

@Stateless
@Named("umaRsPermissionService")
/* loaded from: input_file:org/xdi/oxauth/service/uma/resourceserver/PermissionService.class */
public class PermissionService {
    public static final int DEFAULT_PERMISSION_LIFETIME = 3600;

    @Inject
    private Logger log;

    @Inject
    private RsResourceService umaRsResourceService;

    @Inject
    private TokenService tokenService;

    @Inject
    private ResourceSetPermissionManager resourceSetPermissionManager;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ClientService clientService;

    public Pair<Boolean, Response> hasEnoughPermissionsWithTicketRegistration(UmaRPT umaRPT, List<ResourceSetPermission> list, RsResourceType rsResourceType, List<RsScopeType> list2) {
        Pair<Boolean, Response> pair = new Pair<>(false, (Object) null);
        ResourceSet resource = this.umaRsResourceService.getResource(rsResourceType);
        if (resource == null || StringUtils.isBlank(resource.getId())) {
            pair.setFirst(false);
            pair.setSecond(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
            return pair;
        }
        if (hasEnoughPermissions(umaRPT, list, resource, list2)) {
            pair.setFirst(true);
            return pair;
        }
        pair.setFirst(false);
        String asJsonSilently = ServerUtil.asJsonSilently(new PermissionTicket(registerPermission(umaRPT, resource, list2)));
        this.log.debug("Construct response: HTTP 403 (Forbidden), entity: " + asJsonSilently);
        pair.setSecond(Response.status(Response.Status.FORBIDDEN).header("host_id", this.appConfiguration.getIssuer()).header("as_uri", this.appConfiguration.getUmaConfigurationEndpoint()).header("error", "insufficient_scope").entity(asJsonSilently).build());
        return pair;
    }

    private boolean hasEnoughPermissions(UmaRPT umaRPT, List<ResourceSetPermission> list, ResourceSet resourceSet, List<RsScopeType> list2) {
        if (list == null || list.isEmpty()) {
            return false;
        }
        List<String> scopeDns = this.umaRsResourceService.getScopeDns(list2);
        Iterator<ResourceSetPermission> it = list.iterator();
        while (it.hasNext()) {
            if (hasAny(it.next(), scopeDns)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasAny(ResourceSetPermission resourceSetPermission, List<String> list) {
        List scopeDns = resourceSetPermission.getScopeDns();
        if (scopeDns == null || scopeDns.isEmpty() || list == null || list.isEmpty()) {
            return false;
        }
        Iterator it = scopeDns.iterator();
        while (it.hasNext()) {
            if (list.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    public Date rptExpirationDate() {
        int umaRequesterPermissionTokenLifetime = this.appConfiguration.getUmaRequesterPermissionTokenLifetime();
        if (umaRequesterPermissionTokenLifetime <= 0) {
            umaRequesterPermissionTokenLifetime = 3600;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, umaRequesterPermissionTokenLifetime);
        return calendar.getTime();
    }

    private String registerPermission(UmaRPT umaRPT, ResourceSet resourceSet, List<RsScopeType> list) {
        Date rptExpirationDate = rptExpirationDate();
        UmaPermission umaPermission = new UmaPermission();
        umaPermission.setResourceSetId(resourceSet.getId());
        umaPermission.setExpiresAt(rptExpirationDate);
        ResourceSetPermission createResourceSetPermission = this.resourceSetPermissionManager.createResourceSetPermission(this.appConfiguration.getIssuer(), umaPermission, rptExpirationDate);
        createResourceSetPermission.setScopeDns(this.umaRsResourceService.getScopeDns(list));
        this.resourceSetPermissionManager.addResourceSetPermission(createResourceSetPermission, this.clientService.getClient(umaRPT.getClientId()).getDn());
        return createResourceSetPermission.getTicket();
    }
}
