package org.xdi.oxauth.uma.service;

import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.ArrayUtils;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.model.ProcessBatchOperation;
import org.gluu.persist.model.SearchScope;
import org.gluu.persist.model.base.SimpleBranch;
import org.gluu.search.filter.Filter;
import org.slf4j.Logger;
import org.xdi.oxauth.model.common.AuthorizationGrantList;
import org.xdi.oxauth.model.config.StaticConfiguration;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.uma.persistence.UmaPermission;
import org.xdi.oxauth.model.util.Util;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.token.TokenService;
import org.xdi.oxauth.uma.authorization.UmaRPT;
import org.xdi.util.INumGenerator;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/uma/service/UmaRptService.class */
public class UmaRptService {
    private static final String ORGUNIT_OF_RPT = "uma_rpt";
    public static final int DEFAULT_RPT_LIFETIME = 3600;

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private TokenService tokenService;

    @Inject
    private AuthorizationGrantList authorizationGrantList;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private ClientService clientService;

    public static String getDn(String str, String str2) {
        return String.format("uniqueIdentifier=%s,%s", str2, branchDn(str));
    }

    public static String branchDn(String str) {
        return String.format("ou=%s,%s", ORGUNIT_OF_RPT, str);
    }

    public void persist(UmaRPT umaRPT) {
        try {
            Preconditions.checkNotNull(umaRPT.getClientId());
            Client client = this.clientService.getClient(umaRPT.getClientId());
            addBranchIfNeeded(client.getDn());
            String uuid = UUID.randomUUID().toString();
            umaRPT.setId(uuid);
            umaRPT.setDn(getDn(client.getDn(), uuid));
            this.ldapEntryManager.persist(umaRPT);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public UmaRPT getRPTByCode(String str) {
        try {
            List findEntries = this.ldapEntryManager.findEntries(this.staticConfiguration.getBaseDn().getClients(), UmaRPT.class, Filter.create(String.format("&(oxAuthTokenCode=%s)", str)));
            if (findEntries != null && !findEntries.isEmpty()) {
                return (UmaRPT) findEntries.get(0);
            }
            this.log.error("Failed to find RPT by code: " + str);
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public void deleteByCode(String str) {
        try {
            UmaRPT rPTByCode = getRPTByCode(str);
            if (rPTByCode != null) {
                this.ldapEntryManager.remove(rPTByCode);
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void cleanup(Date date) {
        this.ldapEntryManager.findEntries(this.staticConfiguration.getBaseDn().getClients(), UmaRPT.class, getExpiredUmaRptFilter(date), SearchScope.SUB, new String[]{""}, new ProcessBatchOperation<UmaRPT>() { // from class: org.xdi.oxauth.uma.service.UmaRptService.1
            public void performAction(List<UmaRPT> list) {
                Iterator<UmaRPT> it = list.iterator();
                while (it.hasNext()) {
                    try {
                        UmaRptService.this.ldapEntryManager.remove(it.next());
                    } catch (Exception e) {
                        UmaRptService.this.log.error("Failed to remove entry", e);
                    }
                }
            }
        }, 0, 0, 100);
    }

    private Filter getExpiredUmaRptFilter(Date date) {
        return Filter.createLessOrEqualFilter("oxAuthExpiration", this.ldapEntryManager.encodeGeneralizedTime(date));
    }

    public void addPermissionToRPT(UmaRPT umaRPT, Collection<UmaPermission> collection) {
        addPermissionToRPT(umaRPT, (UmaPermission[]) collection.toArray(new UmaPermission[collection.size()]));
    }

    public void addPermissionToRPT(UmaRPT umaRPT, UmaPermission... umaPermissionArr) {
        if (ArrayUtils.isEmpty(umaPermissionArr)) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        if (umaRPT.getPermissions() != null) {
            arrayList.addAll(umaRPT.getPermissions());
        }
        for (UmaPermission umaPermission : umaPermissionArr) {
            arrayList.add(umaPermission.getDn());
        }
        umaRPT.setPermissions(arrayList);
        try {
            this.ldapEntryManager.merge(umaRPT);
            this.log.trace("Persisted RPT: " + umaRPT);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public List<UmaPermission> getRptPermissions(UmaRPT umaRPT) {
        ArrayList arrayList = new ArrayList();
        if (umaRPT != null) {
            try {
                if (umaRPT.getPermissions() != null) {
                    Iterator<String> it = umaRPT.getPermissions().iterator();
                    while (it.hasNext()) {
                        UmaPermission umaPermission = (UmaPermission) this.ldapEntryManager.find(UmaPermission.class, it.next());
                        if (umaPermission != null) {
                            arrayList.add(umaPermission);
                        }
                    }
                }
            } catch (Exception e) {
                this.log.error(e.getMessage(), e);
            }
        }
        return arrayList;
    }

    public UmaRPT createRPT(String str) {
        try {
            return new UmaRPT(UUID.randomUUID().toString() + "_" + INumGenerator.generate(8), new Date(), rptExpirationDate(), null, str);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            throw new RuntimeException("Failed to generate RPT, clientId: " + str, e);
        }
    }

    public Date rptExpirationDate() {
        int umaRptLifetime = this.appConfiguration.getUmaRptLifetime();
        if (umaRptLifetime <= 0) {
            umaRptLifetime = 3600;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, umaRptLifetime);
        return calendar.getTime();
    }

    public UmaRPT createRPTAndPersist(String str) {
        UmaRPT createRPT = createRPT(str);
        persist(createRPT);
        return createRPT;
    }

    public UmaPermission getPermissionFromRPTByResourceId(UmaRPT umaRPT, String str) {
        try {
            if (Util.allNotBlank(new String[]{str})) {
                for (UmaPermission umaPermission : getRptPermissions(umaRPT)) {
                    if (str.equals(umaPermission.getResourceId())) {
                        return umaPermission;
                    }
                }
            }
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public void addBranch(String str) {
        SimpleBranch simpleBranch = new SimpleBranch();
        simpleBranch.setOrganizationalUnitName(ORGUNIT_OF_RPT);
        simpleBranch.setDn(branchDn(str));
        this.ldapEntryManager.persist(simpleBranch);
    }

    public void addBranchIfNeeded(String str) {
        if (containsBranch(str)) {
            return;
        }
        addBranch(str);
    }

    public boolean containsBranch(String str) {
        return this.ldapEntryManager.contains(SimpleBranch.class, branchDn(str));
    }
}
