package io.gravitee.am.service.impl;

import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.exception.oauth2.OAuth2Exception;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.common.utils.SecureRandomString;
import io.gravitee.am.common.web.UriBuilder;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Client;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.repository.management.api.ClientRepository;
import io.gravitee.am.repository.oauth2.api.AccessTokenRepository;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.ClientService;
import io.gravitee.am.service.DomainService;
import io.gravitee.am.service.EmailTemplateService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.FormService;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.ScopeService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.ClientAlreadyExistsException;
import io.gravitee.am.service.exception.ClientNotFoundException;
import io.gravitee.am.service.exception.DomainNotFoundException;
import io.gravitee.am.service.exception.InvalidClientMetadataException;
import io.gravitee.am.service.exception.InvalidRedirectUriException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.NewClient;
import io.gravitee.am.service.model.PatchClient;
import io.gravitee.am.service.model.TopClient;
import io.gravitee.am.service.model.TotalClient;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.ClientAuditBuilder;
import io.gravitee.am.service.utils.GrantTypeUtils;
import io.reactivex.Completable;
import io.reactivex.Maybe;
import io.reactivex.Observable;
import io.reactivex.Single;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/ClientServiceImpl.class */
public class ClientServiceImpl implements ClientService {
    private final Logger LOGGER = LoggerFactory.getLogger(ClientServiceImpl.class);

    @Autowired
    private ClientRepository clientRepository;

    @Autowired
    private IdentityProviderService identityProviderService;

    @Autowired
    private AccessTokenRepository accessTokenRepository;

    @Autowired
    private DomainService domainService;

    @Autowired
    private EventService eventService;

    @Autowired
    private ScopeService scopeService;

    @Autowired
    private EmailTemplateService emailTemplateService;

    @Autowired
    private FormService formService;

    @Autowired
    private AuditService auditService;

    @Override // io.gravitee.am.service.ClientService
    public Maybe<Client> findById(String str) {
        this.LOGGER.debug("Find client by ID: {}", str);
        return this.clientRepository.findById(str).map(client -> {
            if (client.getAuthorizedGrantTypes() == null) {
                client.setAuthorizedGrantTypes(Collections.emptyList());
            }
            return client;
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find a client using its ID: {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find a client using its ID: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Maybe<Client> findByDomainAndClientId(String str, String str2) {
        this.LOGGER.debug("Find client by domain: {} and client id: {}", str, str2);
        return this.clientRepository.findByClientIdAndDomain(str2, str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find client by domain: {} and client id: {}", new Object[]{str, str2, th});
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find client by domain: %s and client id: %s", str, str2), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> findByDomain(String str) {
        this.LOGGER.debug("Find clients by domain", str);
        return this.clientRepository.findByDomain(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients by domain: {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find clients by domain: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> search(String str, String str2) {
        this.LOGGER.debug("Search clients for domain {} and with query {}", str, str2);
        return this.clientRepository.search(str, str2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients for domain {} and query {}", new Object[]{str, str2, th});
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find clients for domain %s and query %s", str, str2), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Page<Client>> findByDomain(String str, int i, int i2) {
        this.LOGGER.debug("Find clients by domain", str);
        return this.clientRepository.findByDomain(str, i, i2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients by domain: {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find clients by domain: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> findByIdentityProvider(String str) {
        this.LOGGER.debug("Find clients by identity provider : {}", str);
        return this.clientRepository.findByIdentityProvider(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients by identity provider", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find clients by identity provider", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> findByCertificate(String str) {
        this.LOGGER.debug("Find clients by certificate : {}", str);
        return this.clientRepository.findByCertificate(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients by certificate", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find clients by certificate", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> findByDomainAndExtensionGrant(String str, String str2) {
        this.LOGGER.debug("Find clients by domain {} and extension grant : {}", str, str2);
        return this.clientRepository.findByDomainAndExtensionGrant(str, str2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients by extension grant", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find clients by extension grant", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<Client>> findAll() {
        this.LOGGER.debug("Find clients");
        return this.clientRepository.findAll().onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find clients", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Page<Client>> findAll(int i, int i2) {
        this.LOGGER.debug("Find clients");
        return this.clientRepository.findAll(i, i2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find clients", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find clients", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<TopClient>> findTopClients() {
        this.LOGGER.debug("Find top clients");
        return this.clientRepository.findAll().flatMapObservable(set -> {
            return Observable.fromIterable(set);
        }).flatMapSingle(client -> {
            return this.accessTokenRepository.countByClientId(client.getClientId()).map(l -> {
                TopClient topClient = new TopClient();
                topClient.setClient(client);
                topClient.setAccessTokens(l.longValue());
                return topClient;
            });
        }).toList().map(list -> {
            return (Set) list.stream().filter(topClient -> {
                return topClient.getAccessTokens() > 0;
            }).collect(Collectors.toSet());
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find top clients", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find top clients", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Set<TopClient>> findTopClientsByDomain(String str) {
        this.LOGGER.debug("Find top clients by domain: {}", str);
        return this.clientRepository.findByDomain(str).flatMapObservable(set -> {
            return Observable.fromIterable(set);
        }).flatMapSingle(client -> {
            return this.accessTokenRepository.countByClientId(client.getClientId()).map(l -> {
                TopClient topClient = new TopClient();
                topClient.setClient(client);
                topClient.setAccessTokens(l.longValue());
                return topClient;
            });
        }).toList().map(list -> {
            return (Set) list.stream().filter(topClient -> {
                return topClient.getAccessTokens() > 0;
            }).collect(Collectors.toSet());
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find top clients by domain", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find top clients by domain", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<TotalClient> findTotalClientsByDomain(String str) {
        this.LOGGER.debug("Find total clients by domain: {}", str);
        return this.clientRepository.countByDomain(str).map(l -> {
            TotalClient totalClient = new TotalClient();
            totalClient.setTotalClients(l.longValue());
            return totalClient;
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find total clients by domain: {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find total clients by domain: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<TotalClient> findTotalClients() {
        this.LOGGER.debug("Find total client");
        return this.clientRepository.count().map(l -> {
            TotalClient totalClient = new TotalClient();
            totalClient.setTotalClients(l.longValue());
            return totalClient;
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find total clients", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find total clients", th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> create(String str, NewClient newClient, User user) {
        this.LOGGER.debug("Create a new client {} for domain {}", newClient, str);
        return this.clientRepository.findByClientIdAndDomain(newClient.getClientId(), str).isEmpty().flatMap(bool -> {
            if (!bool.booleanValue()) {
                return Single.error(new ClientAlreadyExistsException(newClient.getClientId(), str));
            }
            Client client = new Client();
            client.setClientId(newClient.getClientId());
            client.setClientSecret(newClient.getClientSecret());
            client.setClientName(newClient.getClientName());
            client.setDomain(str);
            client.setAuthorizedGrantTypes(Arrays.asList(new String[0]));
            client.setResponseTypes(Arrays.asList(new String[0]));
            return Single.just(client);
        }).flatMap(client -> {
            return create(client);
        }).onErrorResumeNext(this::handleError).doOnSuccess(client2 -> {
            this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_CREATED").client(client2));
        }).doOnError(th -> {
            this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_CREATED").throwable(th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> create(Client client) {
        this.LOGGER.debug("Create a client {} for domain {}", client, client.getDomain());
        if (client.getDomain() == null || client.getDomain().trim().isEmpty()) {
            return Single.error(new InvalidClientMetadataException("No domain set on client"));
        }
        client.setId(RandomString.generate());
        if (client.getClientId() == null) {
            client.setClientId(SecureRandomString.generate());
        }
        if (client.getClientSecret() == null || client.getClientSecret().trim().isEmpty()) {
            client.setClientSecret(SecureRandomString.generate());
        }
        if (client.getClientName() == null || client.getClientName().trim().isEmpty()) {
            client.setClientName("Unknown Client");
        }
        client.setAccessTokenValiditySeconds(7200);
        client.setRefreshTokenValiditySeconds(14400);
        client.setIdTokenValiditySeconds(14400);
        client.setEnabled(true);
        client.setCreatedAt(new Date());
        client.setUpdatedAt(client.getCreatedAt());
        Single<Client> validateClientMetadata = validateClientMetadata(client);
        ClientRepository clientRepository = this.clientRepository;
        clientRepository.getClass();
        return validateClientMetadata.flatMap((v1) -> {
            return r1.create(v1);
        }).flatMap(client2 -> {
            return this.eventService.create(new Event(Type.CLIENT, new Payload(client2.getId(), client2.getDomain(), Action.CREATE))).flatMap(event -> {
                return Single.just(client2);
            });
        }).onErrorResumeNext(this::handleError);
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> update(Client client) {
        this.LOGGER.debug("Update client_id {} for domain {}", client.getClientId(), client.getDomain());
        return (client.getDomain() == null || client.getDomain().trim().isEmpty()) ? Single.error(new InvalidClientMetadataException("No domain set on client")) : this.clientRepository.findById(client.getId()).switchIfEmpty(Maybe.error(new ClientNotFoundException(client.getId()))).flatMapSingle(client2 -> {
            return Single.just(client);
        }).flatMap(this::validateClientMetadata).flatMap(this::updateClientAndReloadDomain).onErrorResumeNext(this::handleError);
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> patch(String str, String str2, PatchClient patchClient, boolean z, User user) {
        this.LOGGER.debug("Patch a client {} for domain {}", str2, str);
        return this.clientRepository.findById(str2).switchIfEmpty(Maybe.error(new ClientNotFoundException(str2))).flatMapSingle(client -> {
            Optional<Set<String>> identities = patchClient.getIdentities();
            return (identities == null || !identities.isPresent()) ? Single.just(client) : Observable.fromIterable(identities.get()).flatMapMaybe(str3 -> {
                return this.identityProviderService.findById(str3);
            }).toList().flatMap(list -> {
                return Single.just(client);
            });
        }).flatMap(client2 -> {
            return Single.just(patchClient.patch(client2, z)).flatMap(this::validateClientMetadata).flatMap(this::updateClientAndReloadDomain).doOnSuccess(client2 -> {
                this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_UPDATED").oldValue(client2).client(client2));
            }).doOnError(th -> {
                this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_UPDATED").throwable(th));
            });
        }).onErrorResumeNext(this::handleError);
    }

    @Override // io.gravitee.am.service.ClientService
    public Completable delete(String str, User user) {
        this.LOGGER.debug("Delete client {}", str);
        return this.clientRepository.findById(str).switchIfEmpty(Maybe.error(new ClientNotFoundException(str))).flatMapCompletable(client -> {
            return this.clientRepository.delete(str).andThen(this.eventService.create(new Event(Type.CLIENT, new Payload(client.getId(), client.getDomain(), Action.DELETE))).toCompletable()).andThen(this.emailTemplateService.findByDomainAndClient(client.getDomain(), client.getId()).flatMapCompletable(list -> {
                return Completable.concat((List) list.stream().map(email -> {
                    return this.emailTemplateService.delete(email.getId());
                }).collect(Collectors.toList()));
            })).andThen(this.formService.findByDomainAndClient(client.getDomain(), client.getId()).flatMapCompletable(list2 -> {
                return Completable.concat((List) list2.stream().map(form -> {
                    return this.formService.delete(form.getId());
                }).collect(Collectors.toList()));
            })).doOnComplete(() -> {
                this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_DELETED").client(client));
            }).doOnError(th -> {
                this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_DELETED").throwable(th));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            this.LOGGER.error("An error occurs while trying to delete client: {}", str, th);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete client: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> renewClientSecret(String str, String str2, User user) {
        this.LOGGER.debug("Renew client secret for client {} in domain {}", str2, str);
        return this.clientRepository.findById(str2).switchIfEmpty(Maybe.error(new ClientNotFoundException(str2))).flatMapSingle(client -> {
            return renewClientSecret(client, user);
        }).onErrorResumeNext(this::handleError);
    }

    @Override // io.gravitee.am.service.ClientService
    public Single<Client> renewClientSecret(Client client, User user) {
        this.LOGGER.debug("Renew client secret for client {} in domain {}", client.getId(), client.getDomain());
        client.setClientSecret(SecureRandomString.generate());
        return updateClientAndReloadDomain(client).onErrorResumeNext(this::handleError).doOnSuccess(client2 -> {
            this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_SECRET_RENEWED").client(client2));
        }).doOnError(th -> {
            this.auditService.report(((ClientAuditBuilder) AuditBuilder.builder(ClientAuditBuilder.class)).principal(user).type("CLIENT_SECRET_RENEWED").throwable(th));
        });
    }

    private Single<Client> validateClientMetadata(Client client) {
        return GrantTypeUtils.validateGrantTypes(client).flatMap(this::validateRedirectUris).flatMap(this::validateScopes);
    }

    private Single<Client> validateRedirectUris(Client client) {
        return this.domainService.findById(client.getDomain()).switchIfEmpty(Maybe.error(new DomainNotFoundException(client.getDomain()))).flatMapSingle(domain -> {
            if (GrantTypeUtils.isRedirectUriRequired(client.getAuthorizedGrantTypes()) && CollectionUtils.isEmpty(client.getRedirectUris())) {
                return Single.error(new InvalidRedirectUriException());
            }
            if (client.getRedirectUris() != null) {
                for (String str : client.getRedirectUris()) {
                    try {
                        URI build = UriBuilder.fromURIString(str).build();
                        if (build.getScheme() == null) {
                            return Single.error(new InvalidRedirectUriException("redirect_uri : " + str + " is malformed"));
                        }
                        if (!domain.isRedirectUriLocalhostAllowed() && UriBuilder.isHttp(build.getScheme()) && UriBuilder.isLocalhost(build.getHost())) {
                            return Single.error(new InvalidRedirectUriException("localhost is forbidden"));
                        }
                        if (!domain.isRedirectUriUnsecuredHttpSchemeAllowed() && build.getScheme().equalsIgnoreCase("http")) {
                            return Single.error(new InvalidRedirectUriException("Unsecured http scheme is forbidden"));
                        }
                        if (!domain.isRedirectUriWildcardAllowed() && build.getPath().contains("*")) {
                            return Single.error(new InvalidRedirectUriException("Wildcard are forbidden"));
                        }
                        if (build.getFragment() != null) {
                            return Single.error(new InvalidRedirectUriException("redirect_uri with fragment is forbidden"));
                        }
                    } catch (IllegalArgumentException | URISyntaxException e) {
                        return Single.error(new InvalidRedirectUriException("redirect_uri : " + str + " is malformed"));
                    }
                }
            }
            return Single.just(client);
        });
    }

    private Single<Client> validateScopes(Client client) {
        return this.scopeService.validateScope(client.getDomain(), client.getScopes()).map(bool -> {
            if (bool.booleanValue() && client.getScopeApprovals() != null) {
                client.setScopeApprovals((Map) client.getScopeApprovals().entrySet().stream().filter(entry -> {
                    return client.getScopes() != null && client.getScopes().contains(entry.getKey());
                }).collect(Collectors.toMap(entry2 -> {
                    return (String) entry2.getKey();
                }, entry3 -> {
                    return (Integer) entry3.getValue();
                })));
            }
            return bool;
        }).flatMap(bool2 -> {
            return !bool2.booleanValue() ? Single.error(new InvalidClientMetadataException("non valid scopes")) : Single.just(client);
        });
    }

    private Single<Client> updateClientAndReloadDomain(Client client) {
        client.setUpdatedAt(new Date());
        return this.clientRepository.update(client).flatMap(client2 -> {
            return this.eventService.create(new Event(Type.CLIENT, new Payload(client2.getId(), client.getDomain(), Action.UPDATE))).flatMap(event -> {
                return Single.just(client2);
            });
        });
    }

    private Single<Client> handleError(Throwable th) {
        if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
            return Single.error(th);
        }
        this.LOGGER.error("An error occurs while trying to create or update a client", th);
        return Single.error(new TechnicalManagementException("An error occurs while trying to create or update a client", th));
    }
}
