package de.adorsys.sts.resourceserver.processing;

import com.nimbusds.jose.RemoteKeySourceException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jose.util.ResourceRetriever;
import de.adorsys.sts.resourceserver.ResourceServerInfo;
import de.adorsys.sts.resourceserver.model.ResourceServer;
import de.adorsys.sts.resourceserver.model.ResourceServerAndSecret;
import de.adorsys.sts.resourceserver.model.ResourceServers;
import de.adorsys.sts.resourceserver.model.UserCredentials;
import de.adorsys.sts.resourceserver.service.EncryptionService;
import de.adorsys.sts.resourceserver.service.ResourceServerService;
import de.adorsys.sts.resourceserver.service.SecretEncryptionException;
import de.adorsys.sts.resourceserver.service.UserDataService;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/sts-resource-server-0.12.0.jar:de/adorsys/sts/resourceserver/processing/ResourceServerProcessor.class */
public class ResourceServerProcessor {
    public static final int DEFAULT_HTTP_CONNECT_TIMEOUT = 250;
    public static final int DEFAULT_HTTP_READ_TIMEOUT = 250;
    public static final int DEFAULT_HTTP_SIZE_LIMIT = 51200;
    private final ResourceServerService resourceServerService;
    private final EncryptionService encryptionService;
    private static JWKSelector encKeySelector = new JWKSelector(new JWKMatcher.Builder().keyUse(KeyUse.ENCRYPTION).build());
    private ResourceRetriever resourceRetriever = new DefaultResourceRetriever(250, 250, 51200);

    public ResourceServerProcessor(ResourceServerService resourceServerService, EncryptionService encryptionService) {
        this.resourceServerService = resourceServerService;
        this.encryptionService = encryptionService;
    }

    public List<ResourceServerAndSecret> processResources(String[] strArr, String[] strArr2, UserDataService userDataService) {
        ArrayList arrayList = new ArrayList();
        Map<String, Map<String, ResourceServer>> multiMap = this.resourceServerService.getAll().toMultiMap();
        if (strArr != null) {
            filterServersByAudience(strArr, multiMap, arrayList);
        }
        if (strArr2 != null) {
            filterServersByResources(strArr2, multiMap, arrayList);
        }
        if (arrayList.isEmpty()) {
            return arrayList;
        }
        loadUserCredentials(userDataService, arrayList);
        Iterator<ResourceServerAndSecret> it = arrayList.iterator();
        while (it.hasNext()) {
            encryptSecret(it.next());
        }
        return arrayList;
    }

    public List<ResourceServerAndSecret> processResources(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        Map<String, Map<String, ResourceServer>> multiMap = this.resourceServerService.getAll().toMultiMap();
        if (strArr != null) {
            filterServersByAudience(strArr, multiMap, arrayList);
        }
        if (strArr2 != null) {
            filterServersByResources(strArr2, multiMap, arrayList);
        }
        if (arrayList.isEmpty()) {
            return arrayList;
        }
        Iterator<ResourceServerAndSecret> it = arrayList.iterator();
        while (it.hasNext()) {
            encryptSecret(it.next());
        }
        return arrayList;
    }

    private void encryptSecret(ResourceServerAndSecret resourceServerAndSecret) {
        if (StringUtils.isBlank(resourceServerAndSecret.getResourceServer().getUserSecretClaimName())) {
            return;
        }
        Optional<String> tryToEncrypt = tryToEncrypt(resourceServerAndSecret);
        resourceServerAndSecret.getClass();
        tryToEncrypt.ifPresent(resourceServerAndSecret::setEncryptedSecret);
    }

    private Optional<String> tryToEncrypt(ResourceServerAndSecret resourceServerAndSecret) {
        Optional<String> empty = Optional.empty();
        ResourceServer resourceServer = resourceServerAndSecret.getResourceServer();
        if (StringUtils.isBlank(resourceServer.getUserSecretClaimName())) {
            return empty;
        }
        try {
            List<JWK> list = new ResourceServerInfo(this.resourceRetriever, resourceServer).getJWKSource().get(encKeySelector, null);
            if (list == null || list.isEmpty()) {
                return empty;
            }
            try {
                return Optional.of(this.encryptionService.encrypt(list.iterator().next(), resourceServerAndSecret.getRawSecret()));
            } catch (SecretEncryptionException e) {
                e.printStackTrace();
                return empty;
            }
        } catch (RemoteKeySourceException e2) {
            e2.printStackTrace();
            return empty;
        }
    }

    private List<ResourceServerAndSecret> filterServersByResources(String[] strArr, Map<String, Map<String, ResourceServer>> map, List<ResourceServerAndSecret> list) {
        return filterServers0(strArr, map.get("endpoint"), list);
    }

    private List<ResourceServerAndSecret> filterServersByAudience(String[] strArr, Map<String, Map<String, ResourceServer>> map, List<ResourceServerAndSecret> list) {
        return filterServers0(strArr, map.get(ResourceServers.AUDIENCE), list);
    }

    /* JADX WARN: Removed duplicated region for block: B:9:0x0040  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.List<de.adorsys.sts.resourceserver.model.ResourceServerAndSecret> filterServers0(java.lang.String[] r4, java.util.Map<java.lang.String, de.adorsys.sts.resourceserver.model.ResourceServer> r5, java.util.List<de.adorsys.sts.resourceserver.model.ResourceServerAndSecret> r6) {
        /*
            r3 = this;
            r0 = r4
            r7 = r0
            r0 = r7
            int r0 = r0.length
            r8 = r0
            r0 = 0
            r9 = r0
        Lb:
            r0 = r9
            r1 = r8
            if (r0 >= r1) goto L7b
            r0 = r7
            r1 = r9
            r0 = r0[r1]
            r10 = r0
            r0 = r5
            r1 = r10
            java.lang.Object r0 = r0.get(r1)
            de.adorsys.sts.resourceserver.model.ResourceServer r0 = (de.adorsys.sts.resourceserver.model.ResourceServer) r0
            r11 = r0
            r0 = r11
            if (r0 != 0) goto L2e
            goto L75
        L2e:
            r0 = r6
            java.util.Iterator r0 = r0.iterator()
            r12 = r0
        L36:
            r0 = r12
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L5f
            r0 = r12
            java.lang.Object r0 = r0.next()
            de.adorsys.sts.resourceserver.model.ResourceServerAndSecret r0 = (de.adorsys.sts.resourceserver.model.ResourceServerAndSecret) r0
            r13 = r0
            r0 = r11
            r1 = r13
            de.adorsys.sts.resourceserver.model.ResourceServer r1 = r1.getResourceServer()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L5c
            goto L36
        L5c:
            goto L36
        L5f:
            de.adorsys.sts.resourceserver.model.ResourceServerAndSecret$ResourceServerAndSecretBuilder r0 = de.adorsys.sts.resourceserver.model.ResourceServerAndSecret.builder()
            r1 = r11
            de.adorsys.sts.resourceserver.model.ResourceServerAndSecret$ResourceServerAndSecretBuilder r0 = r0.resourceServer(r1)
            de.adorsys.sts.resourceserver.model.ResourceServerAndSecret r0 = r0.build()
            r12 = r0
            r0 = r6
            r1 = r12
            boolean r0 = r0.add(r1)
        L75:
            int r9 = r9 + 1
            goto Lb
        L7b:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: de.adorsys.sts.resourceserver.processing.ResourceServerProcessor.filterServers0(java.lang.String[], java.util.Map, java.util.List):java.util.List");
    }

    private void loadUserCredentials(UserDataService userDataService, List<ResourceServerAndSecret> list) {
        if (userDataService == null) {
            return;
        }
        UserCredentials loadUserCredentials = userDataService.loadUserCredentials();
        boolean z = false;
        for (ResourceServerAndSecret resourceServerAndSecret : list) {
            String credentialForResourceServer = loadUserCredentials.getCredentialForResourceServer(resourceServerAndSecret.getResourceServer().getAudience());
            if (credentialForResourceServer == null) {
                credentialForResourceServer = RandomStringUtils.randomGraph(16);
                loadUserCredentials.setCredentialForResourceServer(resourceServerAndSecret.getResourceServer().getAudience(), credentialForResourceServer);
                z = true;
            }
            resourceServerAndSecret.setRawSecret(credentialForResourceServer);
        }
        if (z) {
            userDataService.storeUserCredentials(loadUserCredentials);
        }
    }

    public void storeUserCredentials(UserDataService userDataService, String str, String str2) {
        if (userDataService == null) {
            return;
        }
        String[] strArr = {str2};
        List<ResourceServerAndSecret> filterServersByAudience = filterServersByAudience(strArr, this.resourceServerService.getAll().toMultiMap(), new ArrayList());
        UserCredentials loadUserCredentials = userDataService.loadUserCredentials();
        if (filterServersByAudience.isEmpty()) {
            return;
        }
        ResourceServerAndSecret resourceServerAndSecret = filterServersByAudience.get(0);
        if (loadUserCredentials.getCredentialForResourceServer(resourceServerAndSecret.getResourceServer().getAudience()) != null) {
            return;
        }
        loadUserCredentials.setCredentialForResourceServer(resourceServerAndSecret.getResourceServer().getAudience(), str);
        userDataService.storeUserCredentials(loadUserCredentials);
    }
}
