package com.liferay.oauth2.provider.internal.configuration;

import com.liferay.oauth2.provider.configuration.OAuth2ProviderApplicationHeadlessServerConfiguration;
import com.liferay.oauth2.provider.constants.ClientProfile;
import com.liferay.oauth2.provider.constants.GrantType;
import com.liferay.oauth2.provider.model.OAuth2Application;
import com.liferay.oauth2.provider.scope.liferay.ScopeLocator;
import com.liferay.oauth2.provider.util.OAuth2SecureRandomGenerator;
import com.liferay.osgi.util.configuration.ConfigurationFactoryUtil;
import com.liferay.petra.function.transform.TransformUtil;
import com.liferay.petra.string.StringBundler;
import com.liferay.petra.string.StringUtil;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.util.HashMapBuilder;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.Validator;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Consumer;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.oauth2.provider.configuration.OAuth2ProviderApplicationHeadlessServerConfiguration"}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"_portalK8sConfigMapModifier.cardinality.minimum=1"}, service = {})
/* loaded from: input_file:com/liferay/oauth2/provider/internal/configuration/OAuth2ProviderApplicationHeadlessServerConfigurationFactory.class */
public class OAuth2ProviderApplicationHeadlessServerConfigurationFactory extends BaseConfigurationFactory {
    private static final String _COMPANY_DEFAULT_USER_TOKEN = "<company.default.user>";
    private static final Log _log = LogFactoryUtil.getLog(OAuth2ProviderApplicationHeadlessServerConfigurationFactory.class);

    @Reference
    private ScopeLocator _scopeLocator;

    @Activate
    protected void activate(Map<String, Object> map) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug("Activate " + map);
        }
        ConfigurationFactoryUtil.executeAsCompany(this.companyLocalService, map, l -> {
            String externalReferenceCode = ConfigurationFactoryUtil.getExternalReferenceCode(map);
            Collection scopeAliases = this._scopeLocator.getScopeAliases(l.longValue());
            OAuth2ProviderApplicationHeadlessServerConfiguration oAuth2ProviderApplicationHeadlessServerConfiguration = (OAuth2ProviderApplicationHeadlessServerConfiguration) ConfigurableUtil.createConfigurable(OAuth2ProviderApplicationHeadlessServerConfiguration.class, map);
            List<String> transformToList = TransformUtil.transformToList(oAuth2ProviderApplicationHeadlessServerConfiguration.scopes(), str -> {
                if (!scopeAliases.contains(str)) {
                    Iterator it = scopeAliases.iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        if (StringUtil.equalsIgnoreCase(str, str)) {
                            return str;
                        }
                    }
                }
                return str;
            });
            this.oAuth2Application = _addOrUpdateOAuth2Application(l.longValue(), externalReferenceCode, oAuth2ProviderApplicationHeadlessServerConfiguration, transformToList);
            if (_log.isDebugEnabled()) {
                _log.debug("OAuth 2 application " + this.oAuth2Application);
            }
            modifyConfigMap(this.companyLocalService.getCompanyById(l.longValue()), HashMapBuilder.put(externalReferenceCode + ".oauth2.headless.server.audience", this.oAuth2Application.getHomePageURL()).put(externalReferenceCode + ".oauth2.headless.server.client.id", this.oAuth2Application.getClientId()).put(externalReferenceCode + ".oauth2.headless.server.client.secret", this.oAuth2Application.getClientSecret()).put(externalReferenceCode + ".oauth2.headless.server.scopes", StringUtil.merge(transformToList, "\n")).put(externalReferenceCode + ".oauth2.authorization.uri", "/o/oauth2/authorize").put(externalReferenceCode + ".oauth2.home.page.uri", this.oAuth2Application.getHomePageURL()).put(externalReferenceCode + ".oauth2.introspection.uri", "/o/oauth2/introspect").put(externalReferenceCode + ".oauth2.jwks.uri", "/o/oauth2/jwks").put(externalReferenceCode + ".oauth2.redirect.uris", "/o/oauth2/redirect").put(externalReferenceCode + ".oauth2.token.uri", "/o/oauth2/token").build(), map);
        });
    }

    @Override // com.liferay.oauth2.provider.internal.configuration.BaseConfigurationFactory
    protected Log getLog() {
        return _log;
    }

    private OAuth2Application _addOrUpdateOAuth2Application(long j, String str, OAuth2ProviderApplicationHeadlessServerConfiguration oAuth2ProviderApplicationHeadlessServerConfiguration, List<String> list) throws Exception {
        User _getServiceUser;
        OAuth2Application fetchOAuth2ApplicationByExternalReferenceCode = this.oAuth2ApplicationLocalService.fetchOAuth2ApplicationByExternalReferenceCode(str, j);
        User guestUser = this.userLocalService.getGuestUser(j);
        String generateClientId = OAuth2SecureRandomGenerator.generateClientId();
        String generateClientSecret = OAuth2SecureRandomGenerator.generateClientSecret();
        if (fetchOAuth2ApplicationByExternalReferenceCode != null) {
            _getServiceUser = this.userLocalService.getUserById(j, fetchOAuth2ApplicationByExternalReferenceCode.getClientCredentialUserId());
            generateClientId = fetchOAuth2ApplicationByExternalReferenceCode.getClientId();
            generateClientSecret = fetchOAuth2ApplicationByExternalReferenceCode.getClientSecret();
        } else {
            _getServiceUser = _getServiceUser(j, oAuth2ProviderApplicationHeadlessServerConfiguration);
        }
        String homePageURL = getHomePageURL(oAuth2ProviderApplicationHeadlessServerConfiguration.homePageURL(), oAuth2ProviderApplicationHeadlessServerConfiguration.baseURL());
        OAuth2Application addOrUpdateOAuth2Application = this.oAuth2ApplicationLocalService.addOrUpdateOAuth2Application(str, guestUser.getUserId(), guestUser.getScreenName(), ListUtil.fromArray(new GrantType[]{GrantType.CLIENT_CREDENTIALS, GrantType.JWT_BEARER}), "client_secret_post", _getServiceUser.getUserId(), generateClientId, ClientProfile.HEADLESS_SERVER.id(), generateClientSecret, oAuth2ProviderApplicationHeadlessServerConfiguration.description(), Arrays.asList("token.introspection"), homePageURL, 0L, (String) null, getName(oAuth2ProviderApplicationHeadlessServerConfiguration.name(), str), oAuth2ProviderApplicationHeadlessServerConfiguration.privacyPolicyURL(), Collections.emptyList(), false, true, (Consumer) null, new ServiceContext());
        updateScopes(addOrUpdateOAuth2Application, list);
        if (_log.isInfoEnabled()) {
            _log.info(StringBundler.concat(new Object[]{"OAuth 2 application with external reference code ", addOrUpdateOAuth2Application.getExternalReferenceCode(), " and company ID ", Long.valueOf(addOrUpdateOAuth2Application.getCompanyId()), " has client ID ", addOrUpdateOAuth2Application.getClientId()}));
        }
        return addOrUpdateOAuth2Application;
    }

    private User _getServiceUser(long j, OAuth2ProviderApplicationHeadlessServerConfiguration oAuth2ProviderApplicationHeadlessServerConfiguration) throws Exception {
        String userAccountEmailAddress = oAuth2ProviderApplicationHeadlessServerConfiguration.userAccountEmailAddress();
        String userAccountScreenName = oAuth2ProviderApplicationHeadlessServerConfiguration.userAccountScreenName();
        if (Objects.equals(_COMPANY_DEFAULT_USER_TOKEN, userAccountEmailAddress) || !Objects.equals(_COMPANY_DEFAULT_USER_TOKEN, userAccountScreenName)) {
            if (Validator.isNull(userAccountScreenName)) {
                throw new IllegalArgumentException("User account screen name is null");
            }
            return Objects.equals(_COMPANY_DEFAULT_USER_TOKEN, userAccountScreenName) ? this.userLocalService.getUserByScreenName(j, "default-service-account") : this.userLocalService.getUserByScreenName(j, userAccountScreenName);
        }
        if (Validator.isEmailAddress(userAccountEmailAddress)) {
            return this.userLocalService.getUserByEmailAddress(j, userAccountEmailAddress);
        }
        throw new IllegalArgumentException("User account email address is not an email address");
    }
}
