package org.forgerock.openidconnect;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdType;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException;
import org.forgerock.openam.identity.idm.AMIdentityRepositoryFactory;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openidconnect.exceptions.InvalidClientMetadata;

@Singleton
/* loaded from: input_file:org/forgerock/openidconnect/ClientDAO.class */
public class ClientDAO {
    private static final String OAUTH2_CLIENT = "OAuth2Client";
    private static final String AGENT_TYPE = "AgentType";
    private static final String ACTIVE = "Active";
    private static final String SUN_IDENTITY_SERVER_DEVICE_STATUS = "sunIdentityServerDeviceStatus";
    private static final String ID_TOKEN_SIGNED_RESPONSE_ALG_DEFAULT = "HS256";
    private static final String CLIENT_TYPE_DEFAULT = "Confidential";
    private static final String APPLICATION_TYPE_DEFAULT = "web";
    private final Debug logger = Debug.getInstance("OAuth2Provider");
    private final AMIdentityRepositoryFactory idRepoFactory;

    @Inject
    public ClientDAO(AMIdentityRepositoryFactory aMIdentityRepositoryFactory) {
        this.idRepoFactory = aMIdentityRepositoryFactory;
    }

    public void create(Client client, OAuth2Request oAuth2Request) throws InvalidClientMetadata {
        Map<String, Set<String>> createClientAttributeMap = createClientAttributeMap(client);
        try {
            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
            this.idRepoFactory.create((String) oAuth2Request.getParameter("realm"), sSOToken).createIdentity(IdType.AGENTONLY, client.getClientID(), createClientAttributeMap);
        } catch (Exception e) {
            this.logger.error("ConnectClientRegistration.Validate(): Unable to create client", e);
            throw new InvalidClientMetadata();
        }
    }

    public Client read(String str, OAuth2Request oAuth2Request) throws UnauthorizedClientException {
        Map<String, Set<String>> hashMap = new HashMap();
        try {
            SSOToken sSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
            AMIdentityRepository create = this.idRepoFactory.create((String) oAuth2Request.getParameter("realm"), sSOToken);
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setAllReturnAttributes(true);
            idSearchControl.setMaxResults(0);
            Set searchResults = create.searchIdentities(IdType.AGENTONLY, str, idSearchControl).getSearchResults();
            if (searchResults == null || searchResults.size() != 1) {
                this.logger.error("OpenAMClientDAO.read(): No client profile or more than one profile found.");
                throw new UnauthorizedClientException("Not able to get client from OpenAM");
            }
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            if (aMIdentity.isActive()) {
                hashMap = aMIdentity.getAttributes();
            }
            Client createClient = createClient(hashMap);
            createClient.setClientID(str);
            return createClient;
        } catch (SSOException e) {
            this.logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e);
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        } catch (IdRepoException e2) {
            this.logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e2);
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        } catch (UnauthorizedClientException e3) {
            this.logger.error("OpenAMClientDAO.read(): Unable to get client AMIdentity: ", e3);
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
    }

    public void update(Client client, OAuth2Request oAuth2Request) throws InvalidClientMetadata, UnauthorizedClientException {
        delete(client.getClientID(), oAuth2Request);
        create(client, oAuth2Request);
    }

    public void delete(String str, OAuth2Request oAuth2Request) throws UnauthorizedClientException {
        try {
            AMIdentityRepository create = this.idRepoFactory.create((String) oAuth2Request.getParameter("realm"), (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()));
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setAllReturnAttributes(true);
            idSearchControl.setMaxResults(0);
            Set searchResults = create.searchIdentities(IdType.AGENTONLY, str, idSearchControl).getSearchResults();
            if (searchResults == null || searchResults.size() != 1) {
                this.logger.error("OpenAMClientDAO.delete(): No client profile or more than one profile found.");
                throw new UnauthorizedClientException("Not able to get client from OpenAM");
            }
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            if (!aMIdentity.isActive()) {
                aMIdentity = null;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(aMIdentity);
            create.deleteIdentities(hashSet);
        } catch (IdRepoException e) {
            this.logger.error("OpenAMClientDAO.delete(): Unable to delete client", e);
            throw new UnauthorizedClientException();
        } catch (SSOException e2) {
            this.logger.error("OpenAMClientDAO.delete(): Unable to delete client", e2);
            throw new UnauthorizedClientException();
        }
    }

    private Map<String, Set<String>> createClientAttributeMap(Client client) {
        HashMap hashMap = new HashMap();
        if (client.getClientSecret() != null) {
            hashMap.put("userpassword", CollectionUtils.asSet(new String[]{client.getClientSecret()}));
        }
        if (client.getAccessToken() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.accessToken", CollectionUtils.asSet(new String[]{client.getAccessToken()}));
        }
        if (client.getAllowedGrantScopes() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.scopes", formatSet(client.getAllowedGrantScopes()));
        }
        if (client.getClientName() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.clientName", formatSet(client.getClientName()));
        }
        if (client.getClientSessionURI() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.clientSessionURI", CollectionUtils.asSet(new String[]{client.getClientSessionURI()}));
        }
        if (client.getClientType() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.clientType", CollectionUtils.asSet(new String[]{client.getClientType().toString()}));
        } else {
            hashMap.put("com.forgerock.openam.oauth2provider.clientType", CollectionUtils.asSet(new String[]{CLIENT_TYPE_DEFAULT}));
        }
        if (client.getDefaultGrantScopes() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.defaultScopes", formatSet(client.getDefaultGrantScopes()));
        }
        if (client.getDisplayDescription() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.description", formatSet(client.getDisplayDescription()));
        }
        if (client.getDisplayName() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.name", formatSet(client.getDisplayName()));
        }
        if (client.getTokenEndpointAuthMethod() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod", CollectionUtils.asSet(new String[]{client.getTokenEndpointAuthMethod().getType()}));
        }
        if (client.getJwks() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.jwks", CollectionUtils.asSet(new String[]{client.getJwks()}));
        }
        if (client.getJwksUri() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.jwksURI", CollectionUtils.asSet(new String[]{client.getJwksUri()}));
        }
        if (client.getX509() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.clientJwtPublicKey", CollectionUtils.asSet(new String[]{client.getX509()}));
        }
        if (client.getKeySelector() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.publicKeyLocation", CollectionUtils.asSet(new String[]{client.getKeySelector()}));
        }
        if (client.getTokenEndpointAuthMethod() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod", CollectionUtils.asSet(new String[]{client.getTokenEndpointAuthMethod().getType()}));
        }
        if (client.getSubjectType() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.subjectType", CollectionUtils.asSet(new String[]{client.getSubjectType().getType()}));
        }
        if (client.getDefaultMaxAgeEnabled() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled", CollectionUtils.asSet(new String[]{String.valueOf(client.getDefaultMaxAgeEnabled())}));
        }
        if (client.getDefaultMaxAge() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.defaultMaxAge", CollectionUtils.asSet(new String[]{String.valueOf(client.getDefaultMaxAge())}));
        }
        if (client.getSectorIdUri() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.sectorIdentifierURI", CollectionUtils.asSet(new String[]{client.getSectorIdUri()}));
        }
        if (client.getIdTokenSignedResponseAlgorithm() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg", CollectionUtils.asSet(new String[]{client.getIdTokenSignedResponseAlgorithm()}));
        } else {
            hashMap.put("com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg", CollectionUtils.asSet(new String[]{ID_TOKEN_SIGNED_RESPONSE_ALG_DEFAULT}));
        }
        if (client.getRedirectionURIsAsString() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.redirectionURIs", formatSet(client.getRedirectionURIsAsString()));
        }
        if (client.getPostLogoutRedirectionURIs() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.postLogoutRedirectURI", formatSet(new HashSet(client.getPostLogoutRedirectionURIs())));
        }
        if (client.getResponseTypes() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.responseTypes", formatSet(client.getResponseTypes()));
        }
        if (client.getContacts() != null) {
            hashMap.put("com.forgerock.openam.oauth2provider.contacts", formatSet(client.getContacts()));
        }
        hashMap.put(AGENT_TYPE, CollectionUtils.asSet(new String[]{OAUTH2_CLIENT}));
        hashMap.put(SUN_IDENTITY_SERVER_DEVICE_STATUS, CollectionUtils.asSet(new String[]{ACTIVE}));
        return hashMap;
    }

    private String getSingleAttribute(Map<String, Set<String>> map, String str) {
        Set<String> set = map.get(str);
        if (set == null || set.isEmpty()) {
            return null;
        }
        return set.iterator().next();
    }

    private Set<String> getSetAttribute(Map<String, Set<String>> map, String str) {
        Set<String> set = map.get(str);
        return set != null ? unformattedSet(set) : Collections.emptySet();
    }

    private Client createClient(Map<String, Set<String>> map) throws UnauthorizedClientException {
        if (map == null || map.isEmpty()) {
            throw new UnauthorizedClientException("Client has no attributes");
        }
        ClientBuilder clientBuilder = new ClientBuilder();
        clientBuilder.setAccessToken(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.accessToken"));
        clientBuilder.setAllowedGrantScopes(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.scopes")));
        clientBuilder.setClientName(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.clientName")));
        clientBuilder.setClientSecret(getSingleAttribute(map, "userpassword"));
        clientBuilder.setClientSessionURI(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.clientSessionURI"));
        clientBuilder.setClientType(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.clientType"));
        clientBuilder.setContacts(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.contacts")));
        clientBuilder.setDefaultGrantScopes(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.defaultScopes")));
        clientBuilder.setDisplayDescription(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.description")));
        clientBuilder.setDisplayName(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.name")));
        clientBuilder.setIdTokenSignedResponseAlgorithm(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg"));
        clientBuilder.setRedirectionURIs(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.redirectionURIs")));
        clientBuilder.setPostLogoutRedirectionURIs(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.postLogoutRedirectURI")));
        clientBuilder.setResponseTypes(new ArrayList(getSetAttribute(map, "com.forgerock.openam.oauth2provider.responseTypes")));
        clientBuilder.setDefaultMaxAgeEnabled(Boolean.valueOf(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled")));
        clientBuilder.setTokenEndpointAuthMethod(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod"));
        clientBuilder.setSubjectType(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.subjectType"));
        clientBuilder.setApplicationType(APPLICATION_TYPE_DEFAULT);
        clientBuilder.setJwks(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.jwks"));
        clientBuilder.setJwksUri(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.jwksURI"));
        clientBuilder.setX509(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.clientJwtPublicKey"));
        clientBuilder.setPublicKeySelector(getSingleAttribute(map, "com.forgerock.openam.oauth2provider.publicKeyLocation"));
        clientBuilder.setDefaultMaxAge(Long.valueOf(CollectionHelper.getLongMapAttr(map, "com.forgerock.openam.oauth2provider.defaultMaxAge", 1L, this.logger)));
        return clientBuilder.createClient();
    }

    private Set<String> formatSet(Set<String> set) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        int i = 0;
        while (it.hasNext()) {
            hashSet.add("[" + i + "]=" + it.next());
            i++;
        }
        return hashSet;
    }

    private Set<String> unformattedSet(Set<String> set) {
        HashSet hashSet = new HashSet();
        int i = 0;
        for (String str : set) {
            hashSet.add(str.substring(str.indexOf(61) + 1, str.length()).trim());
            i++;
        }
        return hashSet;
    }
}
