package one.microproject.iamservice.core.services.impl;

import io.jsonwebtoken.impl.DefaultClaims;
import java.security.cert.CertificateEncodingException;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import one.microproject.iamservice.core.TokenValidator;
import one.microproject.iamservice.core.dto.IntrospectRequest;
import one.microproject.iamservice.core.dto.IntrospectResponse;
import one.microproject.iamservice.core.model.Client;
import one.microproject.iamservice.core.model.ClientId;
import one.microproject.iamservice.core.model.Organization;
import one.microproject.iamservice.core.model.OrganizationId;
import one.microproject.iamservice.core.model.Project;
import one.microproject.iamservice.core.model.ProjectId;
import one.microproject.iamservice.core.model.User;
import one.microproject.iamservice.core.model.UserId;
import one.microproject.iamservice.core.services.ResourceServerService;
import one.microproject.iamservice.core.services.caches.ModelCache;
import one.microproject.iamservice.core.services.caches.TokenCache;
import one.microproject.iamservice.core.services.dto.ClientInfo;
import one.microproject.iamservice.core.services.dto.ProjectInfo;
import one.microproject.iamservice.core.services.dto.UserInfo;
import one.microproject.iamservice.core.utils.TokenUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:one/microproject/iamservice/core/services/impl/ResourceServerServiceImpl.class */
public class ResourceServerServiceImpl implements ResourceServerService {
    private static final Logger LOG = LoggerFactory.getLogger(ResourceServerServiceImpl.class);
    private final ModelCache modelCache;
    private final TokenCache tokenCache;
    private final TokenValidator tokenValidator;

    public ResourceServerServiceImpl(ModelCache modelCache, TokenCache tokenCache, TokenValidator tokenValidator) {
        this.modelCache = modelCache;
        this.tokenCache = tokenCache;
        this.tokenValidator = tokenValidator;
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public IntrospectResponse introspect(OrganizationId organizationId, ProjectId projectId, IntrospectRequest introspectRequest) {
        if (this.tokenCache.isRevoked(introspectRequest.getToken())) {
            LOG.info("JWT is revoked: {}", introspectRequest.getToken());
        } else {
            try {
                DefaultClaims extractClaims = TokenUtils.extractClaims(introspectRequest.getToken());
                UserId from = UserId.from(extractClaims.getSubject());
                Optional<User> user = this.modelCache.getUser(organizationId, projectId, from);
                if (user.isPresent()) {
                    Optional validateToken = this.tokenValidator.validateToken(user.get().getCertificate().getPublicKey(), introspectRequest.getToken());
                    LOG.info("JWT verified={}", Boolean.valueOf(validateToken.isPresent()));
                    return new IntrospectResponse(Boolean.valueOf(validateToken.isPresent()));
                }
                Optional<Client> client = this.modelCache.getClient(organizationId, projectId, ClientId.from(extractClaims.getSubject()));
                Optional<Project> project = this.modelCache.getProject(organizationId, projectId);
                if (project.isPresent() && client.isPresent()) {
                    Optional validateToken2 = this.tokenValidator.validateToken(project.get().getCertificate().getPublicKey(), introspectRequest.getToken());
                    LOG.info("JWT verified={}", Boolean.valueOf(validateToken2.isPresent()));
                    return new IntrospectResponse(Boolean.valueOf(validateToken2.isPresent()));
                }
                LOG.info("JWT subject {} not found", from);
            } catch (Exception e) {
                LOG.error("JWT introspection failed: ", e);
            }
        }
        return new IntrospectResponse(false);
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<ProjectInfo> getProjectInfo(OrganizationId organizationId, ProjectId projectId) throws CertificateEncodingException {
        Optional<Organization> organization = this.modelCache.getOrganization(organizationId);
        if (organization.isPresent()) {
            Optional<Project> project = this.modelCache.getProject(organizationId, projectId);
            if (project.isPresent()) {
                Project project2 = project.get();
                Set set = (Set) this.modelCache.getUsers(organizationId, projectId).stream().map(user -> {
                    return user.getId().getId();
                }).collect(Collectors.toSet());
                return Optional.of(new ProjectInfo(project2.getId().getId(), project2.getOrganizationId().getId(), project2.getName(), organization.get().getKeyPairData(), project2.getKeyPairData(), (Set<String>) project2.getClients().stream().map(clientId -> {
                    return clientId.getId();
                }).collect(Collectors.toSet()), (Set<String>) set));
            }
        }
        return Optional.empty();
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<UserInfo> getUserInfo(OrganizationId organizationId, ProjectId projectId, UserId userId) throws CertificateEncodingException {
        Optional<Organization> organization = this.modelCache.getOrganization(organizationId);
        if (organization.isPresent()) {
            Optional<Project> project = this.modelCache.getProject(organizationId, projectId);
            if (project.isPresent()) {
                Optional<User> user = this.modelCache.getUser(organizationId, projectId, userId);
                Set set = (Set) this.modelCache.getPermissions(organizationId, projectId, userId).stream().map(permission -> {
                    return permission.asStringValue();
                }).collect(Collectors.toSet());
                if (user.isPresent()) {
                    return Optional.of(new UserInfo(userId.getId(), projectId.getId(), organizationId.getId(), user.get().getName(), organization.get().getKeyPairData(), project.get().getKeyPairData(), user.get().getKeyPairData(), (Set<String>) user.get().getRoles().stream().map(roleId -> {
                        return roleId.getId();
                    }).collect(Collectors.toSet()), (Set<String>) set));
                }
            }
        }
        return Optional.empty();
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<ClientInfo> getClientInfo(OrganizationId organizationId, ProjectId projectId, ClientId clientId) throws CertificateEncodingException {
        if (this.modelCache.getOrganization(organizationId).isPresent() && this.modelCache.getProject(organizationId, projectId).isPresent()) {
            Optional<Client> client = this.modelCache.getClient(organizationId, projectId, clientId);
            Set set = (Set) this.modelCache.getPermissions(organizationId, projectId, clientId).stream().map(permission -> {
                return permission.asStringValue();
            }).collect(Collectors.toSet());
            if (client.isPresent()) {
                return Optional.of(new ClientInfo(clientId.getId(), client.get().getName(), (Set) client.get().getRoles().stream().map(roleId -> {
                    return roleId.getId();
                }).collect(Collectors.toSet()), set));
            }
        }
        return Optional.empty();
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<Project> getProject(OrganizationId organizationId, ProjectId projectId) {
        return this.modelCache.getProject(organizationId, projectId);
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<User> getUser(OrganizationId organizationId, ProjectId projectId, UserId userId) {
        return this.modelCache.getUser(organizationId, projectId, userId);
    }

    @Override // one.microproject.iamservice.core.services.ResourceServerService
    public Optional<Organization> getOrganization(OrganizationId organizationId) {
        return this.modelCache.getOrganization(organizationId);
    }
}
