package org.xdi.oxd.server.op;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.inject.Injector;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.RegisterClient;
import org.xdi.oxauth.client.RegisterRequest;
import org.xdi.oxauth.client.RegisterResponse;
import org.xdi.oxauth.model.authorize.AuthorizeResponseParam;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.common.IntrospectionResponse;
import org.xdi.oxauth.model.common.ResponseType;
import org.xdi.oxauth.model.register.ApplicationType;
import org.xdi.oxd.common.Command;
import org.xdi.oxd.common.CommandResponse;
import org.xdi.oxd.common.ErrorResponseCode;
import org.xdi.oxd.common.ErrorResponseException;
import org.xdi.oxd.common.params.RegisterSiteParams;
import org.xdi.oxd.common.params.SetupClientParams;
import org.xdi.oxd.common.response.RegisterSiteResponse;
import org.xdi.oxd.server.Configuration;
import org.xdi.oxd.server.Utils;
import org.xdi.oxd.server.service.ConfigurationService;
import org.xdi.oxd.server.service.Rp;

/* loaded from: input_file:org/xdi/oxd/server/op/RegisterSiteOperation.class */
public class RegisterSiteOperation extends BaseOperation<RegisterSiteParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RegisterSiteOperation.class);
    private Rp rp;

    /* JADX INFO: Access modifiers changed from: protected */
    public RegisterSiteOperation(Command command, Injector injector) {
        super(command, injector, RegisterSiteParams.class);
    }

    public RegisterSiteResponse execute_(RegisterSiteParams registerSiteParams) {
        validateParametersAndFallbackIfNeeded(registerSiteParams);
        String uuid = UUID.randomUUID().toString();
        LOG.info("Creating RP ...");
        persistRp(uuid, registerSiteParams);
        validateAccessToken(uuid, registerSiteParams);
        LOG.info("RP created: " + this.rp);
        RegisterSiteResponse registerSiteResponse = new RegisterSiteResponse();
        registerSiteResponse.setOxdId(uuid);
        registerSiteResponse.setOpHost(registerSiteParams.getOpHost());
        return registerSiteResponse;
    }

    private void validateAccessToken(String str, RegisterSiteParams registerSiteParams) {
        Configuration configuration = getConfigurationService().getConfiguration();
        if ((configuration.getProtectCommandsWithAccessToken() == null || configuration.getProtectCommandsWithAccessToken().booleanValue() || !StringUtils.isBlank(registerSiteParams.getProtectionAccessToken())) && !(registerSiteParams instanceof SetupClientParams)) {
            IntrospectionResponse introspect = getValidationService().introspect(registerSiteParams.getProtectionAccessToken(), str);
            LOG.trace("introspection: " + introspect + ", setupClientId: " + this.rp.getSetupClientId());
            this.rp.setSetupClientId(introspect.getClientId());
            this.rp.setSetupOxdId(str);
            getRpService().updateSilently(this.rp);
        }
    }

    @Override // org.xdi.oxd.server.op.IOperation
    public CommandResponse execute(RegisterSiteParams registerSiteParams) {
        try {
            return okResponse(execute_(registerSiteParams));
        } catch (ErrorResponseException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
            return CommandResponse.INTERNAL_ERROR_RESPONSE;
        }
    }

    private void validateParametersAndFallbackIfNeeded(RegisterSiteParams registerSiteParams) {
        Rp defaultRp = getConfigurationService().defaultRp();
        if (Strings.isNullOrEmpty(registerSiteParams.getOpHost())) {
            LOG.warn("op_host is not set for parameter: " + registerSiteParams + ". Look up at " + ConfigurationService.DEFAULT_SITE_CONFIG_JSON + " for fallback op_host");
            String opHost = defaultRp.getOpHost();
            if (Strings.isNullOrEmpty(opHost)) {
                throw new ErrorResponseException(ErrorResponseCode.INVALID_OP_HOST);
            }
            LOG.warn("Fallback to op_host: " + opHost + ", from " + ConfigurationService.DEFAULT_SITE_CONFIG_JSON);
            registerSiteParams.setOpHost(opHost);
        }
        ArrayList newArrayList = Lists.newArrayList();
        if (registerSiteParams.getGrantType() != null && !registerSiteParams.getGrantType().isEmpty()) {
            newArrayList.addAll(registerSiteParams.getGrantType());
        }
        if (newArrayList.isEmpty() && defaultRp.getGrantType() != null && !defaultRp.getGrantType().isEmpty()) {
            newArrayList.addAll(defaultRp.getGrantType());
        }
        if (newArrayList.isEmpty()) {
            newArrayList.add(GrantType.AUTHORIZATION_CODE.getValue());
        }
        registerSiteParams.setGrantType(newArrayList);
        if (Strings.isNullOrEmpty(registerSiteParams.getAuthorizationRedirectUri())) {
            registerSiteParams.setAuthorizationRedirectUri(defaultRp.getAuthorizationRedirectUri());
        }
        if (!Utils.isValidUrl(registerSiteParams.getAuthorizationRedirectUri())) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_AUTHORIZATION_REDIRECT_URI);
        }
        if (Strings.isNullOrEmpty(registerSiteParams.getPostLogoutRedirectUri()) && !Strings.isNullOrEmpty(defaultRp.getPostLogoutRedirectUri())) {
            registerSiteParams.setPostLogoutRedirectUri(defaultRp.getPostLogoutRedirectUri());
        }
        ArrayList newArrayList2 = Lists.newArrayList();
        if (registerSiteParams.getResponseTypes() != null && !registerSiteParams.getResponseTypes().isEmpty()) {
            newArrayList2.addAll(registerSiteParams.getResponseTypes());
        }
        if (newArrayList2.isEmpty() && defaultRp.getResponseTypes() != null && !defaultRp.getResponseTypes().isEmpty()) {
            newArrayList2.addAll(defaultRp.getResponseTypes());
        }
        if (newArrayList2.isEmpty()) {
            newArrayList2.add(AuthorizeResponseParam.CODE);
        }
        registerSiteParams.setResponseTypes(newArrayList2);
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.add(registerSiteParams.getAuthorizationRedirectUri());
        if (registerSiteParams.getRedirectUris() != null && !registerSiteParams.getRedirectUris().isEmpty()) {
            newHashSet.addAll(registerSiteParams.getRedirectUris());
            if (!Strings.isNullOrEmpty(registerSiteParams.getPostLogoutRedirectUri())) {
                newHashSet.add(registerSiteParams.getPostLogoutRedirectUri());
            }
        }
        Boolean uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient = getConfigurationService().getConfiguration().getUma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient();
        if (uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient != null && uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient.booleanValue() && !newHashSet.isEmpty()) {
            if (((String) newHashSet.iterator().next()).contains(registerSiteParams.getOpHost())) {
                String str = getDiscoveryService().getUmaDiscovery(registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getClaimsInteractionEndpoint() + "?authentication=true";
                LOG.trace("Register claims interaction endpoint as redirect_uri: " + str);
                newHashSet.add(str);
            } else {
                LOG.trace("Skip auto registration of claims interaction endpoint as redirect_uri because OP host for different uri's is different which will not pass AS redirect_uri's validation (same host must be present).");
            }
        }
        registerSiteParams.setRedirectUris(Lists.newArrayList(newHashSet));
        HashSet newHashSet2 = Sets.newHashSet();
        if (registerSiteParams.getClaimsRedirectUri() != null && !registerSiteParams.getClaimsRedirectUri().isEmpty()) {
            newHashSet2.addAll(registerSiteParams.getClaimsRedirectUri());
        }
        registerSiteParams.setClaimsRedirectUri(Lists.newArrayList(newHashSet2));
        if (registerSiteParams.getScope() == null || registerSiteParams.getScope().isEmpty()) {
            registerSiteParams.setScope(defaultRp.getScope());
        }
        if (registerSiteParams.getScope() == null || registerSiteParams.getScope().isEmpty()) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_SCOPE);
        }
        if (registerSiteParams.getAcrValues() == null || registerSiteParams.getAcrValues().isEmpty()) {
            registerSiteParams.setAcrValues(defaultRp.getAcrValues());
        }
        if (Strings.isNullOrEmpty(registerSiteParams.getClientJwksUri()) && !Strings.isNullOrEmpty(defaultRp.getClientJwksUri())) {
            registerSiteParams.setClientJwksUri(defaultRp.getClientJwksUri());
        }
        if (registerSiteParams.getContacts() == null || registerSiteParams.getContacts().isEmpty()) {
            registerSiteParams.setContacts(defaultRp.getContacts());
        }
        if (registerSiteParams.getUiLocales() == null || registerSiteParams.getUiLocales().isEmpty()) {
            registerSiteParams.setUiLocales(defaultRp.getUiLocales());
        }
        if (registerSiteParams.getClaimsLocales() == null || registerSiteParams.getClaimsLocales().isEmpty()) {
            registerSiteParams.setClaimsLocales(defaultRp.getClaimsLocales());
        }
    }

    private void persistRp(String str, RegisterSiteParams registerSiteParams) {
        try {
            this.rp = createRp(str, registerSiteParams);
            if (!hasClient(registerSiteParams)) {
                RegisterResponse registerClient = registerClient(registerSiteParams);
                this.rp.setClientId(registerClient.getClientId());
                this.rp.setClientSecret(registerClient.getClientSecret());
                this.rp.setClientRegistrationAccessToken(registerClient.getRegistrationAccessToken());
                this.rp.setClientRegistrationClientUri(registerClient.getRegistrationClientUri());
                this.rp.setClientIdIssuedAt(registerClient.getClientIdIssuedAt());
                this.rp.setClientSecretExpiresAt(registerClient.getClientSecretExpiresAt());
            }
            getRpService().create(this.rp);
        } catch (IOException e) {
            LOG.error("Failed to persist site configuration, params: " + registerSiteParams, (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private boolean hasClient(RegisterSiteParams registerSiteParams) {
        return (Strings.isNullOrEmpty(registerSiteParams.getClientId()) || Strings.isNullOrEmpty(registerSiteParams.getClientSecret())) ? false : true;
    }

    private RegisterResponse registerClient(RegisterSiteParams registerSiteParams) {
        String registrationEndpoint = getDiscoveryService().getConnectDiscoveryResponse(registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getRegistrationEndpoint();
        if (Strings.isNullOrEmpty(registrationEndpoint)) {
            LOG.error("This OP (" + registerSiteParams.getOpHost() + ") does not provide registration_endpoint. It means that oxd is not able dynamically register client. Therefore it is required to obtain/register client manually on OP site and provide client_id and client_secret to oxd register_site command.");
            throw new ErrorResponseException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
        }
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(createRegisterClientRequest(registerSiteParams));
        registerClient.setExecutor(getHttpService().getClientExecutor());
        RegisterResponse exec = registerClient.exec();
        if (exec == null) {
            LOG.error("RegisterClient response is null.");
        } else {
            if (!Strings.isNullOrEmpty(exec.getClientId()) && !Strings.isNullOrEmpty(exec.getClientSecret())) {
                LOG.trace("Registered client for site - client_id: " + exec.getClientId() + ", claims: " + exec.getClaims() + ", registration_client_uri:" + exec.getRegistrationClientUri());
                return exec;
            }
            LOG.error("ClientId: " + exec.getClientId() + ", clientSecret: " + exec.getClientSecret());
        }
        if (!Strings.isNullOrEmpty(exec.getErrorDescription())) {
            LOG.error(exec.getErrorDescription());
        }
        throw new RuntimeException("Failed to register client for site. Details:" + exec.getEntity());
    }

    private RegisterRequest createRegisterClientRequest(RegisterSiteParams registerSiteParams) {
        AuthenticationMethod fromString;
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<String> it = registerSiteParams.getResponseTypes().iterator();
        while (it.hasNext()) {
            newArrayList.add(ResponseType.fromString(it.next()));
        }
        String str = "oxD client for site: " + this.rp.getOxdId();
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientName())) {
            str = registerSiteParams.getClientName();
        }
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, str, registerSiteParams.getRedirectUris());
        registerRequest.setResponseTypes(newArrayList);
        registerRequest.setJwksUri(registerSiteParams.getClientJwksUri());
        registerRequest.setClaimsRedirectUris(registerSiteParams.getClaimsRedirectUri() != null ? registerSiteParams.getClaimsRedirectUri() : new ArrayList<>());
        registerRequest.setPostLogoutRedirectUris(registerSiteParams.getPostLogoutRedirectUri() != null ? Lists.newArrayList(registerSiteParams.getPostLogoutRedirectUri()) : Lists.newArrayList());
        registerRequest.setContacts(registerSiteParams.getContacts());
        registerRequest.setScopes(registerSiteParams.getScope());
        registerRequest.setDefaultAcrValues(registerSiteParams.getAcrValues());
        if (registerSiteParams.getTrustedClient() != null && registerSiteParams.getTrustedClient().booleanValue()) {
            registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        }
        ArrayList newArrayList2 = Lists.newArrayList();
        Iterator<String> it2 = registerSiteParams.getGrantType().iterator();
        while (it2.hasNext()) {
            newArrayList2.add(GrantType.fromString(it2.next()));
        }
        registerRequest.setGrantTypes(newArrayList2);
        if (registerSiteParams.getClientFrontchannelLogoutUri() != null) {
            registerRequest.setFrontChannelLogoutUris(Lists.newArrayList(registerSiteParams.getClientFrontchannelLogoutUri()));
        }
        if (StringUtils.isNotBlank(registerSiteParams.getClientTokenEndpointAuthMethod()) && (fromString = AuthenticationMethod.fromString(registerSiteParams.getClientTokenEndpointAuthMethod())) != null) {
            registerRequest.setTokenEndpointAuthMethod(fromString);
        }
        if (registerSiteParams.getClientRequestUris() != null && !registerSiteParams.getClientRequestUris().isEmpty()) {
            registerRequest.setRequestUris(registerSiteParams.getClientRequestUris());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientSectorIdentifierUri())) {
            registerRequest.setSectorIdentifierUri(registerSiteParams.getClientSectorIdentifierUri());
        }
        this.rp.setResponseTypes(registerSiteParams.getResponseTypes());
        this.rp.setPostLogoutRedirectUri(registerSiteParams.getPostLogoutRedirectUri());
        this.rp.setContacts(registerSiteParams.getContacts());
        this.rp.setRedirectUris(Lists.newArrayList(registerSiteParams.getRedirectUris()));
        return registerRequest;
    }

    private Rp createRp(String str, RegisterSiteParams registerSiteParams) {
        Preconditions.checkState(!Strings.isNullOrEmpty(registerSiteParams.getOpHost()), "op_host contains blank value. Please specify valid OP public address.");
        Rp rp = new Rp(getConfigurationService().defaultRp());
        rp.setOxdId(str);
        rp.setOpHost(registerSiteParams.getOpHost());
        rp.setOpDiscoveryPath(registerSiteParams.getOpDiscoveryPath());
        rp.setAuthorizationRedirectUri(registerSiteParams.getAuthorizationRedirectUri());
        rp.setRedirectUris(registerSiteParams.getRedirectUris());
        rp.setClaimsRedirectUri(registerSiteParams.getClaimsRedirectUri());
        rp.setApplicationType("web");
        rp.setOxdRpProgrammingLanguage(registerSiteParams.getOxdRpProgrammingLanguage());
        rp.setUmaProtectedResources(new ArrayList());
        if (!Strings.isNullOrEmpty(registerSiteParams.getPostLogoutRedirectUri())) {
            rp.setPostLogoutRedirectUri(registerSiteParams.getPostLogoutRedirectUri());
        }
        if (registerSiteParams.getAcrValues() != null && !registerSiteParams.getAcrValues().isEmpty()) {
            rp.setAcrValues(registerSiteParams.getAcrValues());
        }
        if (registerSiteParams.getClaimsLocales() != null && !registerSiteParams.getClaimsLocales().isEmpty()) {
            rp.setClaimsLocales(registerSiteParams.getClaimsLocales());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientId()) && !Strings.isNullOrEmpty(registerSiteParams.getClientSecret())) {
            rp.setClientId(registerSiteParams.getClientId());
            rp.setClientSecret(registerSiteParams.getClientSecret());
            rp.setClientRegistrationAccessToken(registerSiteParams.getClientRegistrationAccessToken());
            rp.setClientRegistrationClientUri(registerSiteParams.getClientRegistrationClientUri());
        }
        if (registerSiteParams.getContacts() != null && !registerSiteParams.getContacts().isEmpty()) {
            rp.setContacts(registerSiteParams.getContacts());
        }
        rp.setGrantType(registerSiteParams.getGrantType());
        rp.setResponseTypes(registerSiteParams.getResponseTypes());
        if (registerSiteParams.getScope() != null && !registerSiteParams.getScope().isEmpty()) {
            rp.setScope(registerSiteParams.getScope());
        }
        if (registerSiteParams.getUiLocales() != null && !registerSiteParams.getUiLocales().isEmpty()) {
            rp.setUiLocales(registerSiteParams.getUiLocales());
        }
        return rp;
    }
}
