package org.xdi.oxauth.uma.service;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.util.StaticUtils;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.BatchOperation;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.slf4j.Logger;
import org.xdi.ldap.model.SearchScope;
import org.xdi.ldap.model.SimpleBranch;
import org.xdi.oxauth.model.config.StaticConfiguration;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtClaims;
import org.xdi.oxauth.model.uma.persistence.UmaPermission;
import org.xdi.oxauth.uma.authorization.UmaPCT;
import org.xdi.util.INumGenerator;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/uma/service/UmaPctService.class */
public class UmaPctService {
    public static final int DEFAULT_PCT_LIFETIME = 3600;

    @Inject
    private Logger log;

    @Inject
    private LdapEntryManager ldapEntryManager;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    public UmaPCT updateClaims(UmaPCT umaPCT, Jwt jwt, String str, List<UmaPermission> list) {
        try {
            String str2 = (String) list.get(0).getAttributes().get("pct");
            UmaPCT byCode = StringUtils.isNotBlank(str2) ? getByCode(str2) : null;
            boolean z = umaPCT != null;
            if (!z) {
                umaPCT = byCode != null ? byCode : createPctAndPersist(str);
            }
            JwtClaims claims = umaPCT.getClaims();
            if (byCode != null && z) {
                JwtClaims claims2 = byCode.getClaims();
                for (String str3 : claims2.keys()) {
                    claims.setClaimObject(str3, claims2.getClaim(str3), false);
                }
                umaPCT = byCode;
            }
            if (jwt != null && jwt.getClaims() != null) {
                for (String str4 : jwt.getClaims().keys()) {
                    claims.setClaimObject(str4, jwt.getClaims().getClaim(str4), false);
                }
            }
            umaPCT.setClaims(claims);
            this.log.trace("PCT code: " + umaPCT.getCode() + ", claims: " + umaPCT.getClaimValuesAsJson());
            return (UmaPCT) this.ldapEntryManager.merge(umaPCT);
        } catch (Exception e) {
            this.log.error("Failed to update PCT claims. " + e.getMessage(), e);
            return umaPCT;
        }
    }

    public UmaPCT getByCode(String str) {
        try {
            List findEntries = this.ldapEntryManager.findEntries(branchBaseDn(), UmaPCT.class, Filter.create(String.format("&(oxAuthTokenCode=%s)", str)));
            if (findEntries != null && !findEntries.isEmpty()) {
                return (UmaPCT) findEntries.get(0);
            }
            this.log.error("Failed to find PCT by code: " + str);
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public UmaPCT createPct(String str) {
        String str2 = UUID.randomUUID().toString() + "_" + INumGenerator.generate(8);
        UmaPCT umaPCT = new UmaPCT(pctLifetime());
        umaPCT.setCode(str2);
        umaPCT.setDn(dn(umaPCT.getCode()));
        umaPCT.setClientId(str);
        return umaPCT;
    }

    public UmaPCT createPctAndPersist(String str) {
        UmaPCT createPct = createPct(str);
        persist(createPct);
        return createPct;
    }

    public int pctLifetime() {
        int umaPctLifetime = this.appConfiguration.getUmaPctLifetime();
        if (umaPctLifetime <= 0) {
            umaPctLifetime = 3600;
        }
        return umaPctLifetime;
    }

    public void persist(UmaPCT umaPCT) {
        try {
            prepareBranch();
            umaPCT.setDn(dn(umaPCT.getCode()));
            this.ldapEntryManager.persist(umaPCT);
        } catch (Exception e) {
            this.log.error("Failed to persist PCT, code: " + umaPCT.getCode() + ". " + e.getMessage(), e);
        }
    }

    public void remove(UmaPCT umaPCT) {
        this.ldapEntryManager.remove(umaPCT);
    }

    public void remove(String str) {
        remove(getByCode(str));
    }

    public void remove(List<UmaPCT> list) {
        Iterator<UmaPCT> it = list.iterator();
        while (it.hasNext()) {
            remove(it.next());
        }
    }

    private void prepareBranch() {
        if (this.ldapEntryManager.contains(SimpleBranch.class, branchBaseDn())) {
            return;
        }
        addBranch();
    }

    public void addBranch() {
        SimpleBranch simpleBranch = new SimpleBranch();
        simpleBranch.setOrganizationalUnitName("pct");
        simpleBranch.setDn(branchBaseDn());
        this.ldapEntryManager.persist(simpleBranch);
    }

    public String dn(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("PCT code is null or blank.");
        }
        return String.format("oxAuthTokenCode=%s,%s", str, branchBaseDn());
    }

    public String branchBaseDn() {
        return String.format("ou=pct,%s", this.staticConfiguration.getBaseDn().getUmaBase());
    }

    public void cleanup(final Date date) {
        prepareBranch();
        new BatchOperation<UmaPCT>(this.ldapEntryManager) { // from class: org.xdi.oxauth.uma.service.UmaPctService.1
            protected List<UmaPCT> getChunkOrNull(int i) {
                return UmaPctService.this.ldapEntryManager.findEntries(UmaPctService.this.branchBaseDn(), UmaPCT.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<UmaPCT> list) {
                Iterator<UmaPCT> it = list.iterator();
                while (it.hasNext()) {
                    try {
                        UmaPctService.this.remove(it.next());
                    } catch (Exception e) {
                        UmaPctService.this.log.error("Failed to remove entry", e);
                    }
                }
            }

            private Filter getFilter() {
                try {
                    return Filter.create(String.format("(oxAuthExpiration<=%s)", StaticUtils.encodeGeneralizedTime(date)));
                } catch (LDAPException e) {
                    UmaPctService.this.log.trace(e.getMessage(), e);
                    return Filter.createPresenceFilter("oxAuthExpiration");
                }
            }
        }.iterateAllByChunks(100);
    }

    public void merge(UmaPCT umaPCT) {
        try {
            this.ldapEntryManager.merge(umaPCT);
        } catch (Exception e) {
            this.log.error("Failed to merge PCT, code: " + umaPCT.getCode() + ". " + e.getMessage(), e);
        }
    }
}
