package io.gravitee.am.service.impl;

import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.exception.oauth2.OAuth2Exception;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.common.utils.SecureRandomString;
import io.gravitee.am.common.web.UriBuilder;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Application;
import io.gravitee.am.model.Certificate;
import io.gravitee.am.model.Membership;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.application.ApplicationOAuthSettings;
import io.gravitee.am.model.application.ApplicationSettings;
import io.gravitee.am.model.application.ApplicationType;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.model.membership.MemberType;
import io.gravitee.am.model.permissions.SystemRole;
import io.gravitee.am.repository.management.api.ApplicationRepository;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.ApplicationTemplateManager;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.CertificateService;
import io.gravitee.am.service.DomainService;
import io.gravitee.am.service.EmailTemplateService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.FormService;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.MembershipService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.ScopeService;
import io.gravitee.am.service.TokenService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.ApplicationAlreadyExistsException;
import io.gravitee.am.service.exception.ApplicationNotFoundException;
import io.gravitee.am.service.exception.DomainNotFoundException;
import io.gravitee.am.service.exception.InvalidClientMetadataException;
import io.gravitee.am.service.exception.InvalidParameterException;
import io.gravitee.am.service.exception.InvalidRedirectUriException;
import io.gravitee.am.service.exception.InvalidRoleException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.NewApplication;
import io.gravitee.am.service.model.PatchApplication;
import io.gravitee.am.service.model.TopApplication;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.ApplicationAuditBuilder;
import io.gravitee.am.service.utils.GrantTypeUtils;
import io.gravitee.am.service.validators.AccountSettingsValidator;
import io.reactivex.Completable;
import io.reactivex.Flowable;
import io.reactivex.Maybe;
import io.reactivex.Observable;
import io.reactivex.Single;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/ApplicationServiceImpl.class */
public class ApplicationServiceImpl implements ApplicationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationServiceImpl.class);
    private static final String AM_V2_VERSION = "AM_V2_VERSION";

    @Autowired
    @Lazy
    private ApplicationRepository applicationRepository;

    @Autowired
    private ApplicationTemplateManager applicationTemplateManager;

    @Autowired
    private AuditService auditService;

    @Autowired
    private DomainService domainService;

    @Autowired
    private EventService eventService;

    @Autowired
    private EmailTemplateService emailTemplateService;

    @Autowired
    private FormService formService;

    @Autowired
    private ScopeService scopeService;

    @Autowired
    private TokenService tokenService;

    @Autowired
    private IdentityProviderService identityProviderService;

    @Autowired
    private RoleService roleService;

    @Autowired
    private MembershipService membershipService;

    @Autowired
    private CertificateService certificateService;

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Page<Application>> findAll(int i, int i2) {
        LOGGER.debug("Find applications");
        return this.applicationRepository.findAll(i, i2).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find applications", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Page<Application>> findByDomain(String str, int i, int i2) {
        LOGGER.debug("Find applications by domain {}", str);
        return this.applicationRepository.findByDomain(str, i, i2).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by domain {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find applications by domain %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Page<Application>> search(String str, String str2, int i, int i2) {
        LOGGER.debug("Search applications with query {} for domain {}", str2, str);
        return this.applicationRepository.search(str, str2, i, i2).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to search applications with query {} for domain {}", new Object[]{str2, str, th});
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to search applications with query %s by domain %s", str2, str), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Flowable<Application> findByCertificate(String str) {
        LOGGER.debug("Find applications by certificate : {}", str);
        return this.applicationRepository.findByCertificate(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by certificate", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find applications by certificate", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Flowable<Application> findByIdentityProvider(String str) {
        LOGGER.debug("Find applications by identity provider : {}", str);
        return this.applicationRepository.findByIdentityProvider(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by identity provider", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find applications by identity provider", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Flowable<Application> findByFactor(String str) {
        LOGGER.debug("Find applications by factor : {}", str);
        return this.applicationRepository.findByFactor(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by factor", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find applications by factor", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Set<Application>> findByDomainAndExtensionGrant(String str, String str2) {
        LOGGER.debug("Find applications by domain {} and extension grant : {}", str, str2);
        return this.applicationRepository.findByDomainAndExtensionGrant(str, str2).collect(() -> {
            return new HashSet();
        }, (v0, v1) -> {
            v0.add(v1);
        }).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by extension grant", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find applications by extension grant", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Flowable<Application> findByIdIn(List<String> list) {
        LOGGER.debug("Find applications by ids : {}", list);
        return this.applicationRepository.findByIdIn(list).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find applications by ids {}", list, th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find applications by ids", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Maybe<Application> findById(String str) {
        LOGGER.debug("Find application by ID: {}", str);
        return this.applicationRepository.findById(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find an application using its ID: {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find an application using its ID: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Maybe<Application> findByDomainAndClientId(String str, String str2) {
        LOGGER.debug("Find application by domain: {} and client_id {}", str, str2);
        return this.applicationRepository.findByDomainAndClientId(str, str2).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find an application using its domain: {} and client_id : {}", new Object[]{str, str2, th});
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find an application using its domain: %s, and client_id", str, str2), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> create(String str, NewApplication newApplication, User user) {
        LOGGER.debug("Create a new application {} for domain {}", newApplication, str);
        Application application = new Application();
        application.setId(RandomString.generate());
        application.setName(newApplication.getName());
        application.setType(newApplication.getType());
        application.setDomain(str);
        application.setMetadata(newApplication.getMetadata());
        ApplicationSettings applicationSettings = new ApplicationSettings();
        ApplicationOAuthSettings applicationOAuthSettings = new ApplicationOAuthSettings();
        applicationOAuthSettings.setClientId(newApplication.getClientId());
        applicationOAuthSettings.setClientSecret(newApplication.getClientSecret());
        applicationOAuthSettings.setTokenEndpointAuthMethod("client_secret_basic");
        applicationOAuthSettings.setRedirectUris(newApplication.getRedirectUris());
        applicationSettings.setOauth(applicationOAuthSettings);
        application.setSettings(applicationSettings);
        this.applicationTemplateManager.apply(application);
        return create0(str, application, user).onErrorResumeNext(th -> {
            if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to create an application", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to create an application", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> create(Application application) {
        LOGGER.debug("Create a new application {} ", application);
        return (application.getDomain() == null || application.getDomain().trim().isEmpty()) ? Single.error(new InvalidClientMetadataException("No domain set on application")) : create0(application.getDomain(), application, null).onErrorResumeNext(th -> {
            if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to create an application", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to create an application", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> update(Application application) {
        LOGGER.debug("Update an application {} ", application);
        return (application.getDomain() == null || application.getDomain().trim().isEmpty()) ? Single.error(new InvalidClientMetadataException("No domain set on application")) : this.applicationRepository.findById(application.getId()).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application.getId()))).flatMapSingle(application2 -> {
            return update0(application2.getDomain(), application2, application, null);
        }).onErrorResumeNext(th -> {
            if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to update an application", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to update an application", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> updateType(String str, String str2, ApplicationType applicationType, User user) {
        LOGGER.debug("Update application {} type to {} for domain {}", new Object[]{str2, applicationType, str});
        return this.applicationRepository.findById(str2).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(str2))).flatMapSingle(application -> {
            Application application = new Application(application);
            application.setType(applicationType);
            this.applicationTemplateManager.changeType(application);
            return update0(str, application, application, user);
        }).onErrorResumeNext(th -> {
            if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to patch an application", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to patch an application", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> patch(String str, String str2, PatchApplication patchApplication, User user) {
        LOGGER.debug("Patch an application {} for domain {}", str2, str);
        return this.applicationRepository.findById(str2).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(str2))).flatMapSingle(application -> {
            Application patch = patchApplication.patch(application);
            this.applicationTemplateManager.apply(patch);
            return AccountSettingsValidator.hasInvalidResetPasswordFields(patch.getSettings().getAccount()) ? Single.error(new InvalidParameterException("Unexpected forgot password field")) : update0(str, application, patch, user);
        }).onErrorResumeNext(th -> {
            if ((th instanceof AbstractManagementException) || (th instanceof OAuth2Exception)) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to patch an application", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to patch an application", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Application> renewClientSecret(String str, String str2, User user) {
        LOGGER.debug("Renew client secret for application {} and domain {}", str2, str);
        return this.applicationRepository.findById(str2).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(str2))).flatMapSingle(application -> {
            if (application.getSettings() == null) {
                return Single.error(new IllegalStateException("Application settings is undefined"));
            }
            if (application.getSettings().getOauth() == null) {
                return Single.error(new IllegalStateException("Application OAuth 2.0 settings is undefined"));
            }
            application.getSettings().getOauth().setClientSecret(SecureRandomString.generate());
            application.setUpdatedAt(new Date());
            return this.applicationRepository.update(application);
        }).flatMap(application2 -> {
            return this.eventService.create(new Event(Type.APPLICATION, new Payload(application2.getId(), ReferenceType.DOMAIN, application2.getDomain(), Action.UPDATE))).flatMap(event -> {
                return Single.just(application2);
            });
        }).doOnSuccess(application3 -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_CLIENT_SECRET_RENEWED").application(application3));
        }).doOnError(th -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_CLIENT_SECRET_RENEWED").throwable(th));
        }).onErrorResumeNext(th2 -> {
            if (th2 instanceof AbstractManagementException) {
                return Single.error(th2);
            }
            LOGGER.error("An error occurs while trying to renew client secret for application {} and domain {}", new Object[]{str2, str, th2});
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to renew client secret for application %s and domain %s", str2, str), th2));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Completable delete(String str, User user) {
        LOGGER.debug("Delete application {}", str);
        return this.applicationRepository.findById(str).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(str))).flatMapCompletable(application -> {
            return this.applicationRepository.delete(str).andThen(this.eventService.create(new Event(Type.APPLICATION, new Payload(application.getId(), ReferenceType.DOMAIN, application.getDomain(), Action.DELETE))).toCompletable()).andThen(this.emailTemplateService.findByClient(ReferenceType.DOMAIN, application.getDomain(), application.getId()).flatMapCompletable(email -> {
                return this.emailTemplateService.delete(email.getId());
            })).andThen(this.formService.findByDomainAndClient(application.getDomain(), application.getId()).flatMapCompletable(form -> {
                return this.formService.delete(application.getDomain(), form.getId());
            })).andThen(this.membershipService.findByReference(application.getId(), ReferenceType.APPLICATION).flatMapCompletable(membership -> {
                return this.membershipService.delete(membership.getId());
            })).doOnComplete(() -> {
                this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_DELETED").application(application));
            }).doOnError(th -> {
                this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_DELETED").throwable(th));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            LOGGER.error("An error occurs while trying to delete application: {}", str, th);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete application: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Long> count() {
        LOGGER.debug("Count applications");
        return this.applicationRepository.count().onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to count applications", th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to count applications", new Object[0]), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Long> countByDomain(String str) {
        LOGGER.debug("Count applications for domain {}", str);
        return this.applicationRepository.countByDomain(str).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to count applications for domain {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to count applications for domain %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Set<TopApplication>> findTopApplications() {
        LOGGER.debug("Find top applications");
        return this.applicationRepository.findAll(0, Integer.MAX_VALUE).flatMapObservable(page -> {
            return Observable.fromIterable(page.getData());
        }).flatMapSingle(application -> {
            return this.tokenService.findTotalTokensByApplication(application).map(totalToken -> {
                TopApplication topApplication = new TopApplication();
                topApplication.setApplication(application);
                topApplication.setAccessTokens(totalToken.getTotalAccessTokens());
                return topApplication;
            });
        }).toList().map(list -> {
            return (Set) list.stream().filter(topApplication -> {
                return topApplication.getAccessTokens() > 0;
            }).collect(Collectors.toSet());
        }).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find top applications", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find top applications", th));
        });
    }

    @Override // io.gravitee.am.service.ApplicationService
    public Single<Set<TopApplication>> findTopApplicationsByDomain(String str) {
        LOGGER.debug("Find top applications for domain: {}", str);
        return this.applicationRepository.findByDomain(str, 0, Integer.MAX_VALUE).flatMapObservable(page -> {
            return Observable.fromIterable(page.getData());
        }).flatMapSingle(application -> {
            return this.tokenService.findTotalTokensByApplication(application).map(totalToken -> {
                TopApplication topApplication = new TopApplication();
                topApplication.setApplication(application);
                topApplication.setAccessTokens(totalToken.getTotalAccessTokens());
                return topApplication;
            });
        }).toList().map(list -> {
            return (Set) list.stream().filter(topApplication -> {
                return topApplication.getAccessTokens() > 0;
            }).collect(Collectors.toSet());
        }).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find top applications for domain {}", str, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to find top applications for domain %s", str), th));
        });
    }

    private Single<Application> create0(String str, Application application, User user) {
        application.setCreatedAt(new Date());
        application.setUpdatedAt(application.getCreatedAt());
        Single flatMap = checkApplicationUniqueness(str, application).andThen(validateApplicationMetadata(application)).flatMap(this::setDefaultCertificate);
        ApplicationRepository applicationRepository = this.applicationRepository;
        Objects.requireNonNull(applicationRepository);
        return flatMap.flatMap((v1) -> {
            return r1.create(v1);
        }).flatMap(application2 -> {
            return (user == null || user.getAdditionalInformation() == null || StringUtils.isEmpty(user.getAdditionalInformation().get("org"))) ? Single.just(application2) : this.roleService.findSystemRole(SystemRole.APPLICATION_PRIMARY_OWNER, ReferenceType.APPLICATION).switchIfEmpty(Single.error(new InvalidRoleException("Cannot assign owner to the application, owner role does not exist"))).flatMap(role -> {
                Membership membership = new Membership();
                membership.setDomain(application2.getDomain());
                membership.setMemberId(user.getId());
                membership.setMemberType(MemberType.USER);
                membership.setReferenceId(application2.getId());
                membership.setReferenceType(ReferenceType.APPLICATION);
                membership.setRoleId(role.getId());
                return this.membershipService.addOrUpdate((String) user.getAdditionalInformation().get("org"), membership).map(membership2 -> {
                    return str;
                });
            });
        }).flatMap(obj -> {
            return this.eventService.create(new Event(Type.APPLICATION, new Payload(application.getId(), ReferenceType.DOMAIN, application.getDomain(), Action.CREATE))).flatMap(event -> {
                return Single.just(application);
            });
        }).doOnSuccess(application3 -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_CREATED").application(application3));
        }).doOnError(th -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_CREATED").throwable(th));
        });
    }

    private Single<Application> update0(String str, Application application, Application application2, User user) {
        application2.setUpdatedAt(new Date());
        Single flatMap = validateApplicationMetadata(application2).flatMap(this::validateApplicationIdentityProviders);
        ApplicationRepository applicationRepository = this.applicationRepository;
        Objects.requireNonNull(applicationRepository);
        return flatMap.flatMap((v1) -> {
            return r1.update(v1);
        }).flatMap(application3 -> {
            return this.eventService.create(new Event(Type.APPLICATION, new Payload(application3.getId(), ReferenceType.DOMAIN, application3.getDomain(), Action.UPDATE))).flatMap(event -> {
                return Single.just(application3);
            });
        }).doOnSuccess(application4 -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_UPDATED").oldValue(application).application(application4));
        }).doOnError(th -> {
            this.auditService.report(((ApplicationAuditBuilder) AuditBuilder.builder(ApplicationAuditBuilder.class)).principal(user).type("APPLICATION_UPDATED").throwable(th));
        });
    }

    private Single<Application> setDefaultCertificate(Application application) {
        return application.getCertificate() != null ? Single.just(application) : this.certificateService.findByDomain(application.getDomain()).toList().map(list -> {
            if (list == null || list.isEmpty()) {
                return application;
            }
            application.setCertificate(((Certificate) list.stream().filter(certificate -> {
                return "Default".equals(certificate.getName());
            }).findFirst().orElse((Certificate) list.get(0))).getId());
            return application;
        });
    }

    private Completable checkApplicationUniqueness(String str, Application application) {
        String clientId = (application.getSettings() == null || application.getSettings().getOauth() == null) ? null : application.getSettings().getOauth().getClientId();
        return findByDomainAndClientId(str, clientId).isEmpty().flatMapCompletable(bool -> {
            return !bool.booleanValue() ? Completable.error(new ApplicationAlreadyExistsException(clientId, str)) : Completable.complete();
        });
    }

    private Single<Application> validateApplicationIdentityProviders(Application application) {
        return (application.getIdentities() == null || application.getIdentities().isEmpty()) ? Single.just(application) : Observable.fromIterable(application.getIdentities()).flatMapSingle(str -> {
            return this.identityProviderService.findById(str).map((v0) -> {
                return Optional.of(v0);
            }).defaultIfEmpty(Optional.empty()).toSingle();
        }).toList().map(list -> {
            if (list == null || list.isEmpty()) {
                application.setIdentities(Collections.emptySet());
            } else {
                application.setIdentities((Set) list.stream().filter((v0) -> {
                    return v0.isPresent();
                }).map((v0) -> {
                    return v0.get();
                }).map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet()));
            }
            return application;
        });
    }

    private Single<Application> validateApplicationMetadata(Application application) {
        if (application.getSettings() != null && application.getSettings().getOauth() != null) {
            return GrantTypeUtils.validateGrantTypes(application).flatMap(this::validateRedirectUris).flatMap(this::validateScopes).flatMap(this::validateTokenEndpointAuthMethod).flatMap(this::validateTlsClientAuth);
        }
        return Single.just(application);
    }

    private Single<Application> validateRedirectUris(Application application) {
        ApplicationOAuthSettings oauth = application.getSettings().getOauth();
        return this.domainService.findById(application.getDomain()).switchIfEmpty(Maybe.error(new DomainNotFoundException(application.getDomain()))).flatMapSingle(domain -> {
            if (GrantTypeUtils.isRedirectUriRequired(oauth.getGrantTypes()) && CollectionUtils.isEmpty(oauth.getRedirectUris())) {
                if (!AM_V2_VERSION.equals(oauth.getSoftwareVersion())) {
                    return Single.error(new InvalidRedirectUriException());
                }
                oauth.setSoftwareVersion((String) null);
            }
            if (oauth.getRedirectUris() != null) {
                for (String str : oauth.getRedirectUris()) {
                    try {
                        URI uri = str.contains("*") ? new URI(str) : UriBuilder.fromURIString(str).build();
                        if (uri.getScheme() == null) {
                            return Single.error(new InvalidRedirectUriException("redirect_uri : " + str + " is malformed"));
                        }
                        String host = UriBuilder.isHttp(uri.getScheme()) ? uri.toURL().getHost() : uri.getHost();
                        if (!domain.isRedirectUriLocalhostAllowed() && UriBuilder.isHttp(uri.getScheme()) && UriBuilder.isLocalhost(host)) {
                            return Single.error(new InvalidRedirectUriException("localhost is forbidden"));
                        }
                        if (!domain.isRedirectUriUnsecuredHttpSchemeAllowed() && uri.getScheme().equalsIgnoreCase("http")) {
                            return Single.error(new InvalidRedirectUriException("Unsecured http scheme is forbidden"));
                        }
                        if (!domain.isRedirectUriWildcardAllowed() && ((Objects.nonNull(uri.getPath()) && uri.getPath().contains("*")) || (Objects.nonNull(host) && host.contains("*")))) {
                            return Single.error(new InvalidRedirectUriException("Wildcard are forbidden"));
                        }
                        if (uri.getFragment() != null) {
                            return Single.error(new InvalidRedirectUriException("redirect_uri with fragment is forbidden"));
                        }
                    } catch (IllegalArgumentException | URISyntaxException e) {
                        return Single.error(new InvalidRedirectUriException("redirect_uri : " + str + " is malformed"));
                    }
                }
            }
            return Single.just(application);
        });
    }

    private Single<Application> validateScopes(Application application) {
        ApplicationOAuthSettings oauth = application.getSettings().getOauth();
        List<String> arrayList = oauth.getScopeSettings() != null ? (List) oauth.getScopeSettings().stream().map((v0) -> {
            return v0.getScope();
        }).collect(Collectors.toList()) : new ArrayList<>();
        return !arrayList.containsAll(oauth.getScopeSettings() != null ? (List) oauth.getScopeSettings().stream().filter((v0) -> {
            return v0.isDefaultScope();
        }).map((v0) -> {
            return v0.getScope();
        }).collect(Collectors.toList()) : new ArrayList<>()) ? Single.error(new InvalidClientMetadataException("non valid default scopes")) : !arrayList.containsAll(oauth.getScopeSettings() != null ? (Set) oauth.getScopeSettings().stream().filter(applicationScopeSettings -> {
            return applicationScopeSettings.getScopeApproval() != null;
        }).map((v0) -> {
            return v0.getScope();
        }).collect(Collectors.toSet()) : new HashSet<>()) ? Single.error(new InvalidClientMetadataException("non valid scope approvals")) : this.scopeService.validateScope(application.getDomain(), arrayList).flatMap(bool -> {
            return !bool.booleanValue() ? Single.error(new InvalidClientMetadataException("non valid scopes")) : Single.just(application);
        });
    }

    private Single<Application> validateTokenEndpointAuthMethod(Application application) {
        ApplicationOAuthSettings oauth = application.getSettings().getOauth();
        String tokenEndpointAuthMethod = oauth.getTokenEndpointAuthMethod();
        return ((ApplicationType.SERVICE.equals(application.getType()) || (oauth.getGrantTypes() != null && oauth.getGrantTypes().contains("client_credentials"))) && tokenEndpointAuthMethod != null && "none".equals(tokenEndpointAuthMethod)) ? Single.error(new InvalidClientMetadataException("Invalid token_endpoint_auth_method for service application (client_credentials grant type)")) : Single.just(application);
    }

    private Single<Application> validateTlsClientAuth(Application application) {
        ApplicationOAuthSettings oauth = application.getSettings().getOauth();
        if (oauth.getTokenEndpointAuthMethod() != null && "tls_client_auth".equalsIgnoreCase(oauth.getTokenEndpointAuthMethod())) {
            if ((oauth.getTlsClientAuthSubjectDn() == null || oauth.getTlsClientAuthSubjectDn().isEmpty()) && ((oauth.getTlsClientAuthSanDns() == null || oauth.getTlsClientAuthSanDns().isEmpty()) && ((oauth.getTlsClientAuthSanIp() == null || oauth.getTlsClientAuthSanIp().isEmpty()) && ((oauth.getTlsClientAuthSanEmail() == null || oauth.getTlsClientAuthSanEmail().isEmpty()) && (oauth.getTlsClientAuthSanUri() == null || oauth.getTlsClientAuthSanUri().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("Missing TLS parameter for tls_client_auth."));
            }
            if (oauth.getTlsClientAuthSubjectDn() != null && !oauth.getTlsClientAuthSubjectDn().isEmpty() && ((oauth.getTlsClientAuthSanDns() != null && !oauth.getTlsClientAuthSanDns().isEmpty()) || ((oauth.getTlsClientAuthSanEmail() != null && !oauth.getTlsClientAuthSanEmail().isEmpty()) || ((oauth.getTlsClientAuthSanIp() != null && !oauth.getTlsClientAuthSanIp().isEmpty()) || (oauth.getTlsClientAuthSanUri() != null && !oauth.getTlsClientAuthSanUri().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("The tls_client_auth must use exactly one of the TLS parameters."));
            }
            if (oauth.getTlsClientAuthSanDns() != null && !oauth.getTlsClientAuthSanDns().isEmpty() && ((oauth.getTlsClientAuthSubjectDn() != null && !oauth.getTlsClientAuthSubjectDn().isEmpty()) || ((oauth.getTlsClientAuthSanEmail() != null && !oauth.getTlsClientAuthSanEmail().isEmpty()) || ((oauth.getTlsClientAuthSanIp() != null && !oauth.getTlsClientAuthSanIp().isEmpty()) || (oauth.getTlsClientAuthSanUri() != null && !oauth.getTlsClientAuthSanUri().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("The tls_client_auth must use exactly one of the TLS parameters."));
            }
            if (oauth.getTlsClientAuthSanIp() != null && !oauth.getTlsClientAuthSanIp().isEmpty() && ((oauth.getTlsClientAuthSubjectDn() != null && !oauth.getTlsClientAuthSubjectDn().isEmpty()) || ((oauth.getTlsClientAuthSanDns() != null && !oauth.getTlsClientAuthSanDns().isEmpty()) || ((oauth.getTlsClientAuthSanEmail() != null && !oauth.getTlsClientAuthSanEmail().isEmpty()) || (oauth.getTlsClientAuthSanUri() != null && !oauth.getTlsClientAuthSanUri().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("The tls_client_auth must use exactly one of the TLS parameters."));
            }
            if (oauth.getTlsClientAuthSanEmail() != null && !oauth.getTlsClientAuthSanEmail().isEmpty() && ((oauth.getTlsClientAuthSubjectDn() != null && !oauth.getTlsClientAuthSubjectDn().isEmpty()) || ((oauth.getTlsClientAuthSanDns() != null && !oauth.getTlsClientAuthSanDns().isEmpty()) || ((oauth.getTlsClientAuthSanIp() != null && !oauth.getTlsClientAuthSanIp().isEmpty()) || (oauth.getTlsClientAuthSanUri() != null && !oauth.getTlsClientAuthSanUri().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("The tls_client_auth must use exactly one of the TLS parameters."));
            }
            if (oauth.getTlsClientAuthSanUri() != null && !oauth.getTlsClientAuthSanUri().isEmpty() && ((oauth.getTlsClientAuthSubjectDn() != null && !oauth.getTlsClientAuthSubjectDn().isEmpty()) || ((oauth.getTlsClientAuthSanDns() != null && !oauth.getTlsClientAuthSanDns().isEmpty()) || ((oauth.getTlsClientAuthSanIp() != null && !oauth.getTlsClientAuthSanIp().isEmpty()) || (oauth.getTlsClientAuthSanEmail() != null && !oauth.getTlsClientAuthSanEmail().isEmpty()))))) {
                return Single.error(new InvalidClientMetadataException("The tls_client_auth must use exactly one of the TLS parameters."));
            }
        }
        return Single.just(application);
    }
}
