package org.forgerock.openam.services.push.sns;

import com.sun.identity.shared.debug.Debug;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.api.annotations.Action;
import org.forgerock.api.annotations.ApiError;
import org.forgerock.api.annotations.Handler;
import org.forgerock.api.annotations.Operation;
import org.forgerock.api.annotations.RequestHandler;
import org.forgerock.api.annotations.Schema;
import org.forgerock.json.JsonValue;
import org.forgerock.json.jose.common.JwtReconstruction;
import org.forgerock.json.jose.jws.SignedJwt;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.ActionResponse;
import org.forgerock.json.resource.NotFoundException;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.Responses;
import org.forgerock.openam.cts.CTSPersistentStore;
import org.forgerock.openam.cts.api.tokens.Token;
import org.forgerock.openam.cts.exceptions.CoreTokenException;
import org.forgerock.openam.cts.utils.JSONSerialisation;
import org.forgerock.openam.rest.RealmContext;
import org.forgerock.openam.rest.RestUtils;
import org.forgerock.openam.services.push.PushNotificationConstants;
import org.forgerock.openam.services.push.PushNotificationService;
import org.forgerock.openam.services.push.dispatch.Predicate;
import org.forgerock.openam.services.push.dispatch.PredicateNotMetException;
import org.forgerock.openam.tokens.CoreTokenField;
import org.forgerock.openam.utils.JsonValueBuilder;
import org.forgerock.services.context.Context;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.Promise;

@RequestHandler(@Handler(mvccSupported = false, title = "i18n:api-descriptor/SnsMessageResource#title", description = "i18n:api-descriptor/SnsMessageResource#description"))
/* loaded from: input_file:org/forgerock/openam/services/push/sns/SnsMessageResource.class */
public class SnsMessageResource {
    private final PushNotificationService pushNotificationService;
    private final Debug debug;
    private final CTSPersistentStore coreTokenService;
    private final JSONSerialisation jsonSerialisation;
    private final JwtReconstruction jwtReconstruction;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/services/push/sns/SnsMessageResource$RequestType.class */
    public enum RequestType {
        AUTHENTICATE,
        REGISTER
    }

    @Inject
    public SnsMessageResource(CTSPersistentStore cTSPersistentStore, PushNotificationService pushNotificationService, JSONSerialisation jSONSerialisation, @Named("frPush") Debug debug, JwtReconstruction jwtReconstruction) {
        this.pushNotificationService = pushNotificationService;
        this.jsonSerialisation = jSONSerialisation;
        this.debug = debug;
        this.coreTokenService = cTSPersistentStore;
        this.jwtReconstruction = jwtReconstruction;
    }

    @Action(operationDescription = @Operation(description = "i18n:api-descriptor/SnsMessageResource#action.authenticate.description", errors = {@ApiError(code = 400, description = "i18n:api-descriptor/SnsMessageResource#error.400.description")}), request = @Schema(schemaResource = "SnsMessageResource.authenticate.schema.json"), response = @Schema(schemaResource = "SnsMessageResource.response.schema.json"))
    public Promise<ActionResponse, ResourceException> authenticate(Context context, ActionRequest actionRequest) {
        return handle(context, actionRequest, RequestType.AUTHENTICATE);
    }

    @Action(operationDescription = @Operation(description = "i18n:api-descriptor/SnsMessageResource#action.register.description", errors = {@ApiError(code = 400, description = "i18n:api-descriptor/SnsMessageResource#error.400.description")}), request = @Schema(schemaResource = "SnsMessageResource.register.schema.json"), response = @Schema(schemaResource = "SnsMessageResource.response.schema.json"))
    public Promise<ActionResponse, ResourceException> register(Context context, ActionRequest actionRequest) {
        return handle(context, actionRequest, RequestType.REGISTER);
    }

    private Promise<ActionResponse, ResourceException> handle(Context context, ActionRequest actionRequest, RequestType requestType) {
        Reject.ifFalse(context.containsContext(RealmContext.class));
        String asPath = context.asContext(RealmContext.class).getRealm().asPath();
        JsonValue content = actionRequest.getContent();
        JsonValue jsonValue = content.get(PushNotificationConstants.MESSAGE_ID_JSON_POINTER);
        if (jsonValue == null) {
            this.debug.warning("Received message in realm {} with invalid messageId.", new Object[]{asPath});
            return RestUtils.generateBadRequestException();
        }
        String asString = jsonValue.asString();
        try {
            try {
                this.pushNotificationService.getMessageDispatcher(asPath).handle(asString, content);
            } catch (NotFoundException e) {
                this.debug.warning("Unable to deliver message with messageId {} in realm {}.", new Object[]{asString, asPath, e});
                try {
                    attemptFromCTS(asString, content, requestType);
                } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | CoreTokenException | NotFoundException e2) {
                    this.debug.warning("Nothing in the CTS with messageId {}.", new Object[]{asString, e2});
                    return RestUtils.generateBadRequestException();
                }
            } catch (PredicateNotMetException e3) {
                this.debug.warning("Unable to deliver message with messageId {} in realm {} as predicate not met.", new Object[]{asString, asPath, e3});
                return RestUtils.generateBadRequestException();
            }
            return Responses.newActionResponse(JsonValue.json(JsonValue.object(new Map.Entry[0]))).asPromise();
        } catch (NotFoundException e4) {
            return e4.asPromise();
        }
    }

    private boolean attemptFromCTS(String str, JsonValue jsonValue, RequestType requestType) throws CoreTokenException, ClassNotFoundException, IllegalAccessException, InstantiationException, NotFoundException {
        Token read = this.coreTokenService.read(str);
        if (read == null) {
            throw new NotFoundException("Unable to find token with id " + str + " in CTS.");
        }
        for (Map.Entry entry : JsonValueBuilder.toJsonValue(new String(read.getBlob())).asMap().entrySet()) {
            if (!((Predicate) this.jsonSerialisation.deserialise((String) entry.getValue(), Class.forName((String) entry.getKey()))).perform(jsonValue)) {
                return false;
            }
        }
        if (requestType == RequestType.REGISTER) {
            addRegistrationInfo(read, jsonValue);
        } else {
            addDeny(read, jsonValue);
        }
        this.coreTokenService.update(read);
        return true;
    }

    private void addRegistrationInfo(Token token, JsonValue jsonValue) {
        token.setBlob(this.jsonSerialisation.serialise(jsonValue.getObject()).getBytes());
        token.setAttribute(CoreTokenField.INTEGER_ONE, 1);
    }

    private void addDeny(Token token, JsonValue jsonValue) {
        if (this.jwtReconstruction.reconstructJwt(jsonValue.get(PushNotificationConstants.JWT).asString(), SignedJwt.class).getClaimsSet().getClaim(PushNotificationConstants.DENY_LOCATION) != null) {
            token.setAttribute(CoreTokenField.INTEGER_ONE, 0);
        } else {
            token.setAttribute(CoreTokenField.INTEGER_ONE, 1);
        }
    }
}
