package com.liferay.oauth.client.persistence.service.impl;

import com.liferay.oauth.client.persistence.exception.DuplicateOAuthClientEntryException;
import com.liferay.oauth.client.persistence.exception.OAuthClientEntryAuthRequestParametersJSONException;
import com.liferay.oauth.client.persistence.exception.OAuthClientEntryAuthServerWellKnownURIException;
import com.liferay.oauth.client.persistence.exception.OAuthClientEntryInfoJSONException;
import com.liferay.oauth.client.persistence.exception.OAuthClientEntryOIDCUserInfoMapperJSONException;
import com.liferay.oauth.client.persistence.exception.OAuthClientEntryTokenRequestParametersJSONException;
import com.liferay.oauth.client.persistence.model.OAuthClientEntry;
import com.liferay.oauth.client.persistence.model.OAuthClientEntryTable;
import com.liferay.oauth.client.persistence.service.OAuthClientASLocalMetadataLocalService;
import com.liferay.oauth.client.persistence.service.base.OAuthClientEntryLocalServiceBaseImpl;
import com.liferay.petra.sql.dsl.DSLQueryFactoryUtil;
import com.liferay.portal.aop.AopService;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.service.ResourceLocalService;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.nimbusds.jose.HeaderParameterNames;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.client.ClientInformation;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import java.net.URI;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import net.minidev.json.JSONObject;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(property = {"model.class.name=com.liferay.oauth.client.persistence.model.OAuthClientEntry"}, service = {AopService.class})
/* loaded from: input_file:com/liferay/oauth/client/persistence/service/impl/OAuthClientEntryLocalServiceImpl.class */
public class OAuthClientEntryLocalServiceImpl extends OAuthClientEntryLocalServiceBaseImpl {

    @Reference
    private OAuthClientASLocalMetadataLocalService _oAuthClientASLocalMetadataLocalService;

    @Reference
    private ResourceLocalService _resourceLocalService;

    @Reference
    private UserLocalService _userLocalService;

    public OAuthClientEntry addOAuthClientEntry(long j, String str, String str2, String str3, String str4, String str5) throws PortalException {
        User user = this._userLocalService.getUser(j);
        _validateAuthServerWellKnownURI(str2);
        ClientInformation _parseClientInformation = _parseClientInformation(str2, str3);
        _parseClientInformation.getMetadata().applyDefaults();
        String valueOf = String.valueOf(_parseClientInformation.getID());
        _validateClientId(0L, user.getCompanyId(), str2, valueOf);
        if (Validator.isNull(str)) {
            str = "{}";
        } else {
            _validateAuthRequestParametersJSON(str);
        }
        if (Validator.isNull(str5)) {
            str5 = "{}";
        } else {
            _validateTokenRequestParametersJSON(str5);
        }
        if (str2.contains("openid-configuration")) {
            _validateOIDCUserInfoMapperJSON(str4);
        } else {
            str4 = "{}";
        }
        JSONObject jSONObject = _parseClientInformation.toJSONObject();
        OAuthClientEntry create = this.oAuthClientEntryPersistence.create(this.counterLocalService.increment());
        create.setCompanyId(user.getCompanyId());
        create.setUserId(user.getUserId());
        create.setUserName(user.getFullName());
        create.setAuthRequestParametersJSON(str);
        create.setAuthServerWellKnownURI(str2);
        create.setClientId(valueOf);
        create.setInfoJSON(jSONObject.toString());
        create.setOIDCUserInfoMapperJSON(str4);
        create.setTokenRequestParametersJSON(str5);
        OAuthClientEntry update = this.oAuthClientEntryPersistence.update(create);
        this._resourceLocalService.addResources(update.getCompanyId(), 0L, update.getUserId(), OAuthClientEntry.class.getName(), update.getOAuthClientEntryId(), false, false, false);
        return update;
    }

    @Override // com.liferay.oauth.client.persistence.service.base.OAuthClientEntryLocalServiceBaseImpl
    public OAuthClientEntry deleteOAuthClientEntry(long j) throws PortalException {
        return deleteOAuthClientEntry(this.oAuthClientEntryPersistence.findByPrimaryKey(j));
    }

    public OAuthClientEntry deleteOAuthClientEntry(long j, String str, String str2) throws PortalException {
        return deleteOAuthClientEntry(this.oAuthClientEntryPersistence.findByC_A_C(j, str, str2));
    }

    @Override // com.liferay.oauth.client.persistence.service.base.OAuthClientEntryLocalServiceBaseImpl
    public OAuthClientEntry deleteOAuthClientEntry(OAuthClientEntry oAuthClientEntry) throws PortalException {
        OAuthClientEntry remove = this.oAuthClientEntryPersistence.remove(oAuthClientEntry);
        this._resourceLocalService.deleteResource(remove.getCompanyId(), OAuthClientEntry.class.getName(), 4, remove.getOAuthClientEntryId());
        return remove;
    }

    public OAuthClientEntry fetchOAuthClientEntry(long j, String str, String str2) {
        return this.oAuthClientEntryPersistence.fetchByC_A_C(j, str, str2);
    }

    public List<OAuthClientEntry> getAuthServerWellKnownURISuffixOAuthClientEntries(long j, String str) {
        return (List) this.oAuthClientEntryPersistence.dslQuery(DSLQueryFactoryUtil.select(OAuthClientEntryTable.INSTANCE).from(OAuthClientEntryTable.INSTANCE).where(OAuthClientEntryTable.INSTANCE.companyId.eq(Long.valueOf(j)).and(OAuthClientEntryTable.INSTANCE.authServerWellKnownURI.like(StringUtil.quote(str, '%')))));
    }

    public List<OAuthClientEntry> getCompanyOAuthClientEntries(long j) {
        return this.oAuthClientEntryPersistence.findByCompanyId(j);
    }

    public OAuthClientEntry getOAuthClientEntry(long j, String str, String str2) throws PortalException {
        return this.oAuthClientEntryPersistence.findByC_A_C(j, str, str2);
    }

    public List<OAuthClientEntry> getUserOAuthClientEntries(long j) {
        return this.oAuthClientEntryPersistence.findByUserId(j);
    }

    public OAuthClientEntry updateOAuthClientEntry(long j, String str, String str2, String str3, String str4, String str5) throws PortalException {
        OAuthClientEntry oAuthClientEntry = this.oAuthClientEntryLocalService.getOAuthClientEntry(j);
        _validateAuthServerWellKnownURI(str2);
        ClientInformation _parseClientInformation = _parseClientInformation(str2, str3);
        _parseClientInformation.getMetadata().applyDefaults();
        String valueOf = String.valueOf(_parseClientInformation.getID());
        _validateClientId(j, oAuthClientEntry.getCompanyId(), str2, valueOf);
        if (Validator.isNull(str)) {
            str = "{}";
        } else {
            _validateAuthRequestParametersJSON(str);
        }
        if (Validator.isNull(str5)) {
            str5 = "{}";
        } else {
            _validateTokenRequestParametersJSON(str5);
        }
        if (str2.contains("openid-configuration")) {
            _validateOIDCUserInfoMapperJSON(str4);
        } else {
            str4 = "{}";
        }
        JSONObject jSONObject = _parseClientInformation.toJSONObject();
        oAuthClientEntry.setAuthRequestParametersJSON(str);
        oAuthClientEntry.setAuthServerWellKnownURI(str2);
        oAuthClientEntry.setClientId(valueOf);
        oAuthClientEntry.setInfoJSON(jSONObject.toString());
        oAuthClientEntry.setOIDCUserInfoMapperJSON(str4);
        oAuthClientEntry.setTokenRequestParametersJSON(str5);
        return this.oAuthClientEntryPersistence.update(oAuthClientEntry);
    }

    private ClientInformation _parseClientInformation(String str, String str2) throws PortalException {
        try {
            return str.contains("openid-configuration") ? OIDCClientInformation.parse(JSONObjectUtils.parse(str2)) : ClientInformation.parse(JSONObjectUtils.parse(str2));
        } catch (Exception e) {
            throw new OAuthClientEntryInfoJSONException(e.getMessage(), e);
        }
    }

    private void _validateAuthRequestParametersJSON(String str) throws PortalException {
        try {
            _validateRequestParametersJSON(str);
        } catch (Exception e) {
            throw new OAuthClientEntryAuthRequestParametersJSONException(e.getMessage(), e);
        }
    }

    private void _validateAuthServerWellKnownURI(String str) throws PortalException {
        try {
            if (str.endsWith("local")) {
                this._oAuthClientASLocalMetadataLocalService.getOAuthClientASLocalMetadata(str);
                return;
            }
            HTTPResponse send = new HTTPRequest(HTTPRequest.Method.GET, new URL(str)).send();
            if (send.getStatusCode() != 200) {
                throw new OAuthClientEntryAuthServerWellKnownURIException(send.getStatusMessage());
            }
        } catch (Exception e) {
            throw new OAuthClientEntryAuthServerWellKnownURIException(e);
        }
    }

    private void _validateClientId(long j, long j2, String str, String str2) throws PortalException {
        if (j > 0) {
            OAuthClientEntry findByPrimaryKey = this.oAuthClientEntryPersistence.findByPrimaryKey(j);
            if (str.equals(findByPrimaryKey.getAuthServerWellKnownURI()) && str2.equals(findByPrimaryKey.getClientId())) {
                return;
            }
        }
        if (this.oAuthClientEntryPersistence.fetchByC_A_C(j2, str, str2) != null) {
            throw new DuplicateOAuthClientEntryException("Client ID " + str2);
        }
    }

    private void _validateCustomRequestParameters(JSONObject jSONObject) throws Exception {
        if (jSONObject.containsKey("custom_request_parameters")) {
            JSONObject jSONObject2 = JSONObjectUtils.getJSONObject(jSONObject, "custom_request_parameters");
            Iterator it = jSONObject2.keySet().iterator();
            while (it.hasNext()) {
                Iterator it2 = JSONObjectUtils.getJSONArray(jSONObject2, (String) it.next()).iterator();
                while (it2.hasNext()) {
                    if (!(it2.next() instanceof String)) {
                        throw new ParseException("Value is not a string");
                    }
                }
            }
        }
    }

    private void _validateOIDCUserInfoMapperJSON(String str) throws PortalException {
        try {
            JSONObject parse = JSONObjectUtils.parse(str);
            _validateOIDCUserInfoMapperJSON("user", parse, new String[]{"emailAddress", "firstName", "lastName"});
            if (parse.containsKey("address")) {
                _validateOIDCUserInfoMapperJSON("address", parse, new String[]{"city", "street", HeaderParameterNames.COMPRESSION_ALGORITHM});
            }
            if (parse.containsKey("contact")) {
                _validateOIDCUserInfoMapperJSON("contact", parse, new String[0]);
            }
            if (parse.containsKey("phone")) {
                _validateOIDCUserInfoMapperJSON("phone", parse, new String[]{"phone"});
            }
        } catch (Exception e) {
            throw new OAuthClientEntryOIDCUserInfoMapperJSONException(e.getMessage(), e);
        }
    }

    private void _validateOIDCUserInfoMapperJSON(String str, JSONObject jSONObject, String[] strArr) throws Exception {
        JSONObject jSONObject2 = JSONObjectUtils.getJSONObject(jSONObject, str);
        for (String str2 : strArr) {
            if (Validator.isNull(jSONObject2.getAsString(str2))) {
                throw new OAuthClientEntryOIDCUserInfoMapperJSONException(str2 + " is required for " + str);
            }
        }
        Iterator it = jSONObject2.values().iterator();
        while (it.hasNext()) {
            if (!(it.next() instanceof String)) {
                throw new OAuthClientEntryOIDCUserInfoMapperJSONException("Value is not a string");
            }
        }
    }

    private void _validateRequestParametersJSON(String str) throws Exception {
        JSONObject parse = JSONObjectUtils.parse(str);
        _validateSpecsRequestParameters(parse);
        _validateCustomRequestParameters(parse);
    }

    private void _validateSpecsRequestParameters(JSONObject jSONObject) throws Exception {
        if (jSONObject.containsKey("redirect_uri")) {
            URI.create(JSONObjectUtils.getString(jSONObject, "redirect_uri"));
        }
        if (jSONObject.containsKey("resource")) {
            Iterator it = JSONObjectUtils.getJSONArray(jSONObject, "resource").iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (!(next instanceof String)) {
                    throw new ParseException("Resource must be a JSON array of Strings");
                }
                URI.create((String) next);
            }
        }
        if (jSONObject.containsKey("response_type")) {
            ResponseType.parse(JSONObjectUtils.getString(jSONObject, "response_type"));
        }
        if (jSONObject.containsKey("scope")) {
            Scope.parse(JSONObjectUtils.getString(jSONObject, "scope"));
        }
    }

    private void _validateTokenRequestParametersJSON(String str) throws PortalException {
        try {
            _validateRequestParametersJSON(str);
        } catch (Exception e) {
            throw new OAuthClientEntryTokenRequestParametersJSONException(e.getMessage(), e);
        }
    }
}
