package org.forgerock.openam.oauth2.rest;

import com.sun.identity.common.ISLocaleContext;
import com.sun.identity.shared.debug.Debug;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.api.annotations.ApiError;
import org.forgerock.api.annotations.CollectionProvider;
import org.forgerock.api.annotations.Delete;
import org.forgerock.api.annotations.Handler;
import org.forgerock.api.annotations.Operation;
import org.forgerock.api.annotations.Parameter;
import org.forgerock.api.annotations.Query;
import org.forgerock.api.annotations.Schema;
import org.forgerock.api.enums.QueryType;
import org.forgerock.json.JsonValue;
import org.forgerock.json.JsonValueFunctions;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourceResponse;
import org.forgerock.json.resource.Responses;
import org.forgerock.json.resource.http.HttpContext;
import org.forgerock.oauth2.core.ClientRegistration;
import org.forgerock.oauth2.core.ClientRegistrationStore;
import org.forgerock.oauth2.core.OAuth2ProviderSettings;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.TokenStore;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.openam.cts.api.fields.OAuthTokenField;
import org.forgerock.openam.rest.resource.ContextHelper;
import org.forgerock.openam.tokens.CoreTokenField;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.services.context.Context;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;
import org.forgerock.util.query.QueryFilter;
import org.joda.time.format.ISODateTimeFormat;

@CollectionProvider(details = @Handler(mvccSupported = false, title = "i18n:api-descriptor/OAuth2UserApplications#title", description = "i18n:api-descriptor/OAuth2UserApplications#description", resourceSchema = @Schema(schemaResource = "OAuth2UserApplications.resource.schema.json"), parameters = {@Parameter(name = "user", type = "string", description = "i18n:api-descriptor/OAuth2UserApplications#pathparam.user")}), pathParam = @Parameter(name = "clientId", type = "string", description = "i18n:api-descriptor/OAuth2UserApplications#pathparam.clientid"))
/* loaded from: input_file:org/forgerock/openam/oauth2/rest/OAuth2UserApplications.class */
public class OAuth2UserApplications {
    private final TokenStore tokenStore;
    private final OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory;
    private final ClientRegistrationStore clientRegistrationStore;
    private final ContextHelper contextHelper;
    private final Debug debug;

    @Inject
    public OAuth2UserApplications(TokenStore tokenStore, OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory, ClientRegistrationStore clientRegistrationStore, ContextHelper contextHelper, @Named("frRest") Debug debug) {
        this.tokenStore = tokenStore;
        this.oAuth2ProviderSettingsFactory = oAuth2ProviderSettingsFactory;
        this.clientRegistrationStore = clientRegistrationStore;
        this.contextHelper = contextHelper;
        this.debug = debug;
    }

    @Query(operationDescription = @Operation(description = "i18n:api-descriptor/OAuth2UserApplications#query.description", errors = {@ApiError(code = 500, description = "i18n:api-descriptor/OAuth2UserApplications#query.error.500.description")}), type = QueryType.FILTER, queryableFields = {})
    public Promise<QueryResponse, ResourceException> query(Context context, QueryResourceHandler queryResourceHandler, QueryRequest queryRequest) {
        String userId = this.contextHelper.getUserId(context);
        String realm = this.contextHelper.getRealm(context);
        try {
            JsonValue queryForToken = this.tokenStore.queryForToken(realm, getQueryFilter(userId, realm));
            HashMap hashMap = new HashMap();
            Iterator it = queryForToken.iterator();
            while (it.hasNext()) {
                JsonValue jsonValue = (JsonValue) it.next();
                String attributeValue = getAttributeValue(jsonValue, OAuthTokenField.CLIENT_ID.getOAuthField());
                if (tokenClientExists(attributeValue, getAttributeValue(jsonValue, OAuthTokenField.REALM.getOAuthField()), context)) {
                    Set set = (Set) hashMap.get(attributeValue);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(attributeValue, set);
                    }
                    set.add(jsonValue);
                }
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                queryResourceHandler.handleResource(getResourceResponse(context, (String) entry.getKey(), (Iterable) entry.getValue()));
            }
            return Promises.newResultPromise(Responses.newQueryResponse());
        } catch (InvalidClientException | NotFoundException | ServerException e) {
            this.debug.message("Failed to query OAuth2 clients for user {}", new Object[]{userId, e});
            return new InternalServerErrorException(e).asPromise();
        }
    }

    private boolean tokenClientExists(String str, String str2, Context context) {
        try {
            this.clientRegistrationStore.get(str, str2, context);
            return true;
        } catch (InvalidClientException | NotFoundException e) {
            return false;
        }
    }

    @Delete(operationDescription = @Operation(description = "i18n:api-descriptor/OAuth2UserApplications#delete.description", errors = {@ApiError(code = 500, description = "i18n:api-descriptor/OAuth2UserApplications#delete.error.500.description")}))
    public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String str) {
        String userId = this.contextHelper.getUserId(context);
        String realm = this.contextHelper.getRealm(context);
        this.debug.message("Revoking access to OAuth2 client {} for user {}", new Object[]{str, userId});
        try {
            this.oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, str);
            JsonValue queryForToken = this.tokenStore.queryForToken(realm, QueryFilter.and(new QueryFilter[]{getQueryFilter(userId, realm), QueryFilter.equalTo(OAuthTokenField.CLIENT_ID.getField(), str)}));
            if (queryForToken.asCollection().isEmpty()) {
                return new org.forgerock.json.resource.NotFoundException().asPromise();
            }
            Iterator it = queryForToken.iterator();
            while (it.hasNext()) {
                String attributeValue = getAttributeValue((JsonValue) it.next(), OAuthTokenField.ID.getOAuthField());
                this.debug.message("Removing OAuth2 token {} with client {} for user {}", new Object[]{attributeValue, str, userId});
                this.tokenStore.delete(realm, attributeValue);
            }
            return getResourceResponse(context, str, queryForToken).asPromise();
        } catch (InvalidClientException | NotFoundException | ServerException e) {
            this.debug.message("Failed to revoke access to OAuth2 client {} for user {}", new Object[]{str, userId, e});
            return new InternalServerErrorException(e).asPromise();
        }
    }

    private ResourceResponse getResourceResponse(Context context, String str, Iterable<JsonValue> iterable) throws NotFoundException, InvalidClientException, ServerException {
        String attributeValue = getAttributeValue(iterable.iterator().next(), OAuthTokenField.REALM.getOAuthField());
        OAuth2ProviderSettings oAuth2ProviderSettings = this.oAuth2ProviderSettingsFactory.get(context);
        ClientRegistration clientRegistration = this.clientRegistrationStore.get(str, attributeValue, context);
        Map<String, String> scopeDescriptions = clientRegistration.getScopeDescriptions(getLocale(context));
        HashMap hashMap = new HashMap();
        Iterator<JsonValue> it = iterable.iterator();
        while (it.hasNext()) {
            for (String str2 : getAttributeValueSet(it.next(), OAuthTokenField.SCOPE.getOAuthField())) {
                if (scopeDescriptions.containsKey(str2)) {
                    hashMap.put(str2, scopeDescriptions.get(str2));
                } else {
                    hashMap.put(str2, str2);
                }
            }
        }
        JsonValue json = JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("_id", str), JsonValue.field("name", clientRegistration.getDisplayName(getLocale(context))), JsonValue.field("scopes", hashMap), JsonValue.field("expiryDateTime", calculateExpiryDateTime(iterable, oAuth2ProviderSettings))}));
        return Responses.newResourceResponse(str, String.valueOf(json.getObject().hashCode()), json);
    }

    private String calculateExpiryDateTime(Iterable<JsonValue> iterable, OAuth2ProviderSettings oAuth2ProviderSettings) throws ServerException {
        long j = 0;
        for (JsonValue jsonValue : iterable) {
            long parseLong = Long.parseLong(getAttributeValue(jsonValue, OAuthTokenField.EXPIRY_TIME.getOAuthField()));
            if (parseLong == -1) {
                return null;
            }
            if ("refresh_token".equals(getAttributeValue(jsonValue, OAuthTokenField.TOKEN_NAME.getOAuthField()))) {
                if (oAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken()) {
                    return null;
                }
                parseLong += oAuth2ProviderSettings.getAccessTokenLifetime() * 1000;
            }
            if (parseLong > j) {
                j = parseLong;
            }
        }
        return ISODateTimeFormat.dateTime().print(j);
    }

    private String getAttributeValue(JsonValue jsonValue, String str) {
        JsonValue jsonValue2 = jsonValue.get(str);
        return jsonValue2.isString() ? jsonValue2.asString() : jsonValue2.isCollection() ? (String) CollectionUtils.getFirstItem(jsonValue2.asCollection(String.class)) : jsonValue2.toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.Set] */
    private Set<String> getAttributeValueSet(JsonValue jsonValue, String str) {
        HashSet hashSet = new HashSet();
        JsonValue jsonValue2 = jsonValue.get(str);
        if (jsonValue2.isString()) {
            hashSet.add(jsonValue2.asString());
        } else if (jsonValue2.isCollection()) {
            hashSet = (Set) jsonValue2.as(JsonValueFunctions.setOf(String.class));
        }
        return hashSet;
    }

    private Locale getLocale(Context context) {
        ISLocaleContext iSLocaleContext = new ISLocaleContext();
        iSLocaleContext.setLocale(context.asContext(HttpContext.class));
        return iSLocaleContext.getLocale();
    }

    private QueryFilter<CoreTokenField> getQueryFilter(String str, String str2) {
        return QueryFilter.and(new QueryFilter[]{QueryFilter.equalTo(OAuthTokenField.USER_NAME.getField(), str), QueryFilter.equalTo(OAuthTokenField.REALM.getField(), str2), QueryFilter.or(new QueryFilter[]{QueryFilter.equalTo(OAuthTokenField.TOKEN_NAME.getField(), "access_token"), QueryFilter.equalTo(OAuthTokenField.TOKEN_NAME.getField(), "refresh_token")})});
    }
}
