package pl.edu.icm.unity.oauth.as.console;

import com.nimbusds.oauth2.sdk.client.ClientType;
import com.vaadin.flow.server.StreamResource;
import io.imunity.console.utils.tprofile.OutputTranslationProfileFieldFactory;
import io.imunity.vaadin.auth.services.DefaultServiceDefinition;
import io.imunity.vaadin.auth.services.ServiceDefinition;
import io.imunity.vaadin.auth.services.ServiceEditor;
import io.imunity.vaadin.auth.services.idp.IdpServiceController;
import io.imunity.vaadin.auth.services.idp.IdpUsersHelper;
import io.imunity.vaadin.elements.NotificationPresenter;
import io.imunity.vaadin.endpoint.common.api.HtmlTooltipFactory;
import io.imunity.vaadin.endpoint.common.api.SubViewSwitcher;
import io.imunity.vaadin.endpoint.common.exceptions.ControllerException;
import io.imunity.vaadin.endpoint.common.file.LocalOrRemoteResource;
import io.imunity.vaadin.endpoint.common.forms.VaadinLogoImageLoader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.imageio.ImageIO;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.attribute.Attribute;
import pl.edu.icm.unity.base.attribute.AttributeExt;
import pl.edu.icm.unity.base.attribute.image.ImageType;
import pl.edu.icm.unity.base.attribute.image.UnityImage;
import pl.edu.icm.unity.base.authn.LocalCredentialState;
import pl.edu.icm.unity.base.endpoint.Endpoint;
import pl.edu.icm.unity.base.endpoint.EndpointConfiguration;
import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.entity.EntityState;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.group.Group;
import pl.edu.icm.unity.base.i18n.I18nString;
import pl.edu.icm.unity.base.identity.Identity;
import pl.edu.icm.unity.base.identity.IdentityParam;
import pl.edu.icm.unity.base.message.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.AttributeTypeManagement;
import pl.edu.icm.unity.engine.api.AttributesManagement;
import pl.edu.icm.unity.engine.api.AuthenticationFlowManagement;
import pl.edu.icm.unity.engine.api.AuthenticatorManagement;
import pl.edu.icm.unity.engine.api.EndpointManagement;
import pl.edu.icm.unity.engine.api.EntityCredentialManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.GroupsManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.RealmsManagement;
import pl.edu.icm.unity.engine.api.RegistrationsManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorSupportService;
import pl.edu.icm.unity.engine.api.bulk.BulkGroupQueryService;
import pl.edu.icm.unity.engine.api.bulk.EntityInGroupData;
import pl.edu.icm.unity.engine.api.config.UnityServerConfiguration;
import pl.edu.icm.unity.engine.api.endpoint.EndpointFileConfigurationManagement;
import pl.edu.icm.unity.engine.api.exceptions.RuntimeEngineException;
import pl.edu.icm.unity.engine.api.files.FileStorageService;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.engine.api.identity.IdentityTypeSupport;
import pl.edu.icm.unity.engine.api.policyDocument.PolicyDocumentManagement;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.oauth.as.OAuthScopesService;
import pl.edu.icm.unity.oauth.as.OAuthSystemAttributesProvider;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;
import pl.edu.icm.unity.oauth.as.webauthz.OAuthAuthzWebEndpoint;
import pl.edu.icm.unity.stdext.attr.EnumAttribute;
import pl.edu.icm.unity.stdext.attr.ImageAttribute;
import pl.edu.icm.unity.stdext.attr.ImageAttributeSyntax;
import pl.edu.icm.unity.stdext.attr.StringAttribute;
import pl.edu.icm.unity.stdext.credential.pass.PasswordToken;

@Component
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/console/OAuthServiceController.class */
class OAuthServiceController implements IdpServiceController {
    private static final Logger log = Log.getLogger("unity.server.web", OAuthServiceController.class);
    public static final String DEFAULT_CREDENTIAL = "sys:password";
    public static final String IDP_CLIENT_MAIN_GROUP = "/IdPs";
    public static final String OAUTH_CLIENTS_SUBGROUP = "oauth-clients";
    private MessageSource msg;
    private EndpointManagement endpointMan;
    private RealmsManagement realmsMan;
    private AuthenticationFlowManagement flowsMan;
    private AuthenticatorManagement authMan;
    private AttributeTypeManagement atMan;
    private BulkGroupQueryService bulkService;
    private RegistrationsManagement registrationMan;
    private URIAccessService uriAccessService;
    private FileStorageService fileStorageService;
    private UnityServerConfiguration serverConfig;
    private AuthenticatorSupportService authenticatorSupportService;
    private IdentityTypeSupport idTypeSupport;
    private PKIManagement pkiMan;
    private AdvertisedAddressProvider advertisedAddrProvider;
    private OutputTranslationProfileFieldFactory outputTranslationProfileFieldFactory;
    private AttributeTypeSupport attrTypeSupport;
    private AttributesManagement attrMan;
    private EntityManagement entityMan;
    private GroupsManagement groupMan;
    private EntityCredentialManagement entityCredentialManagement;
    private IdpUsersHelper idpUsersHelper;
    private VaadinLogoImageLoader imageService;
    private PolicyDocumentManagement policyDocumentManagement;
    private NetworkServer server;
    private final EndpointFileConfigurationManagement serviceFileConfigController;
    private final OAuthScopesService scopesService;
    private final NotificationPresenter notificationPresenter;
    private final HtmlTooltipFactory htmlTooltipFactory;

    @Autowired
    OAuthServiceController(MessageSource messageSource, EndpointManagement endpointManagement, RealmsManagement realmsManagement, AuthenticationFlowManagement authenticationFlowManagement, AuthenticatorManagement authenticatorManagement, AttributeTypeManagement attributeTypeManagement, BulkGroupQueryService bulkGroupQueryService, RegistrationsManagement registrationsManagement, URIAccessService uRIAccessService, FileStorageService fileStorageService, UnityServerConfiguration unityServerConfiguration, AuthenticatorSupportService authenticatorSupportService, PKIManagement pKIManagement, NetworkServer networkServer, AdvertisedAddressProvider advertisedAddressProvider, IdentityTypeSupport identityTypeSupport, OutputTranslationProfileFieldFactory outputTranslationProfileFieldFactory, AttributeTypeSupport attributeTypeSupport, AttributesManagement attributesManagement, EntityManagement entityManagement, GroupsManagement groupsManagement, EntityCredentialManagement entityCredentialManagement, VaadinLogoImageLoader vaadinLogoImageLoader, IdpUsersHelper idpUsersHelper, PolicyDocumentManagement policyDocumentManagement, EndpointFileConfigurationManagement endpointFileConfigurationManagement, OAuthScopesService oAuthScopesService, NotificationPresenter notificationPresenter, HtmlTooltipFactory htmlTooltipFactory) {
        this.msg = messageSource;
        this.endpointMan = endpointManagement;
        this.realmsMan = realmsManagement;
        this.flowsMan = authenticationFlowManagement;
        this.authMan = authenticatorManagement;
        this.atMan = attributeTypeManagement;
        this.bulkService = bulkGroupQueryService;
        this.registrationMan = registrationsManagement;
        this.uriAccessService = uRIAccessService;
        this.fileStorageService = fileStorageService;
        this.serverConfig = unityServerConfiguration;
        this.authenticatorSupportService = authenticatorSupportService;
        this.pkiMan = pKIManagement;
        this.advertisedAddrProvider = advertisedAddressProvider;
        this.idTypeSupport = identityTypeSupport;
        this.outputTranslationProfileFieldFactory = outputTranslationProfileFieldFactory;
        this.attrTypeSupport = attributeTypeSupport;
        this.attrMan = attributesManagement;
        this.entityMan = entityManagement;
        this.groupMan = groupsManagement;
        this.entityCredentialManagement = entityCredentialManagement;
        this.imageService = vaadinLogoImageLoader;
        this.idpUsersHelper = idpUsersHelper;
        this.server = networkServer;
        this.policyDocumentManagement = policyDocumentManagement;
        this.serviceFileConfigController = endpointFileConfigurationManagement;
        this.scopesService = oAuthScopesService;
        this.notificationPresenter = notificationPresenter;
        this.htmlTooltipFactory = htmlTooltipFactory;
    }

    public List<ServiceDefinition> getServices() throws ControllerException {
        ArrayList arrayList = new ArrayList();
        try {
            for (Endpoint endpoint : (List) this.endpointMan.getEndpoints().stream().filter(endpoint2 -> {
                return endpoint2.getTypeId().equals(OAuthAuthzWebEndpoint.Factory.TYPE.getName());
            }).collect(Collectors.toList())) {
                DefaultServiceDefinition serviceDef = getServiceDef(endpoint);
                serviceDef.setBinding(OAuthAuthzWebEndpoint.Factory.TYPE.getSupportedBinding());
                DefaultServiceDefinition tokenService = getTokenService(endpoint.getConfiguration().getTag());
                if (tokenService != null) {
                    arrayList.add(new OAuthServiceDefinition(serviceDef, tokenService));
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.getAllError", new Object[0]), e);
        }
    }

    private DefaultServiceDefinition getTokenService(String str) throws EngineException {
        List list = (List) this.endpointMan.getEndpoints().stream().filter(endpoint -> {
            return endpoint.getTypeId().equals(OAuthTokenEndpoint.TYPE.getName()) && endpoint.getConfiguration().getTag().equals(str);
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            log.warn("Can not find a corresponding token endpoint for OAuth AS endpoint with tag {}", str);
            return null;
        }
        if (list.size() > 1) {
            log.warn("Found {} token endpoints for OAuth AS endpoint with tag {}", Integer.valueOf(list.size()), str);
            return null;
        }
        DefaultServiceDefinition serviceDef = getServiceDef((Endpoint) list.get(0));
        serviceDef.setBinding(OAuthTokenEndpoint.TYPE.getSupportedBinding());
        return serviceDef;
    }

    private DefaultServiceDefinition getServiceDef(Endpoint endpoint) {
        DefaultServiceDefinition defaultServiceDefinition = new DefaultServiceDefinition(endpoint.getTypeId());
        defaultServiceDefinition.setName(endpoint.getName());
        defaultServiceDefinition.setAddress(endpoint.getContextAddress());
        defaultServiceDefinition.setConfiguration(endpoint.getConfiguration().getConfiguration());
        defaultServiceDefinition.setAuthenticationOptions(endpoint.getConfiguration().getAuthenticationOptions());
        defaultServiceDefinition.setDisplayedName(endpoint.getConfiguration().getDisplayedName());
        defaultServiceDefinition.setRealm(endpoint.getConfiguration().getRealm());
        defaultServiceDefinition.setDescription(endpoint.getConfiguration().getDescription());
        defaultServiceDefinition.setState(endpoint.getState());
        defaultServiceDefinition.setSupportsConfigReloadFromFile(this.serviceFileConfigController.getEndpointConfigKey(endpoint.getName()).isPresent());
        return defaultServiceDefinition;
    }

    public ServiceDefinition getService(String str) throws ControllerException {
        try {
            Endpoint endpoint = (Endpoint) this.endpointMan.getEndpoints().stream().filter(endpoint2 -> {
                return endpoint2.getName().equals(str) && endpoint2.getTypeId().equals(OAuthAuthzWebEndpoint.Factory.TYPE.getName());
            }).findFirst().orElse(null);
            if (endpoint == null) {
                return null;
            }
            DefaultServiceDefinition serviceDef = getServiceDef(endpoint);
            serviceDef.setBinding(OAuthAuthzWebEndpoint.Factory.TYPE.getSupportedBinding());
            OAuthServiceDefinition oAuthServiceDefinition = new OAuthServiceDefinition(serviceDef, getTokenService(endpoint.getConfiguration().getTag()));
            oAuthServiceDefinition.setClientsSupplier(this::getOAuthClients);
            return oAuthServiceDefinition;
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.getError", new Object[]{str}), e);
        }
    }

    public void deploy(ServiceDefinition serviceDefinition) throws ControllerException {
        OAuthServiceDefinition oAuthServiceDefinition = (OAuthServiceDefinition) serviceDefinition;
        DefaultServiceDefinition webAuthzService = oAuthServiceDefinition.getWebAuthzService();
        DefaultServiceDefinition tokenService = oAuthServiceDefinition.getTokenService();
        String uuid = UUID.randomUUID().toString();
        try {
            this.endpointMan.deploy(webAuthzService.getType(), webAuthzService.getName(), webAuthzService.getAddress(), new EndpointConfiguration(webAuthzService.getDisplayedName(), webAuthzService.getDescription(), webAuthzService.getAuthenticationOptions(), webAuthzService.getConfiguration(), webAuthzService.getRealm(), uuid));
            if (tokenService != null) {
                this.endpointMan.deploy(tokenService.getType(), tokenService.getName(), tokenService.getAddress(), new EndpointConfiguration(tokenService.getDisplayedName(), tokenService.getDescription(), tokenService.getAuthenticationOptions(), tokenService.getConfiguration(), tokenService.getRealm(), uuid));
            }
            if (this.groupMan.getChildGroups("/").stream().map(str -> {
                return str.toString();
            }).filter(str2 -> {
                return str2.equals(IDP_CLIENT_MAIN_GROUP);
            }).count() == 0) {
                this.groupMan.addGroup(new Group(IDP_CLIENT_MAIN_GROUP));
            }
            createClientsGroup(oAuthServiceDefinition);
            if (oAuthServiceDefinition.getSelectedClients() != null) {
                updateClients(oAuthServiceDefinition.getSelectedClients());
            }
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.deployError", new Object[]{webAuthzService.getName()}), e);
        }
    }

    private void createClientsGroup(OAuthServiceDefinition oAuthServiceDefinition) throws EngineException {
        if (oAuthServiceDefinition.getAutoGeneratedClientsGroup() == null) {
            return;
        }
        Group group = new Group(oAuthServiceDefinition.getAutoGeneratedClientsGroup());
        group.setDisplayedName(new I18nString(oAuthServiceDefinition.getWebAuthzService().getName()));
        this.groupMan.addGroup(group);
        Group group2 = new Group(oAuthServiceDefinition.getAutoGeneratedClientsGroup() + "/oauth-clients");
        group2.setDisplayedName(new I18nString(OAUTH_CLIENTS_SUBGROUP));
        this.groupMan.addGroup(group2);
    }

    public void undeploy(ServiceDefinition serviceDefinition) throws ControllerException {
        OAuthServiceDefinition oAuthServiceDefinition = (OAuthServiceDefinition) serviceDefinition;
        DefaultServiceDefinition webAuthzService = oAuthServiceDefinition.getWebAuthzService();
        DefaultServiceDefinition tokenService = oAuthServiceDefinition.getTokenService();
        try {
            this.endpointMan.undeploy(webAuthzService.getName());
            if (tokenService != null) {
                this.endpointMan.undeploy(tokenService.getName());
            }
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.undeployError", new Object[]{webAuthzService.getName()}), e);
        }
    }

    public void update(ServiceDefinition serviceDefinition) throws ControllerException {
        OAuthServiceDefinition oAuthServiceDefinition = (OAuthServiceDefinition) serviceDefinition;
        DefaultServiceDefinition webAuthzService = oAuthServiceDefinition.getWebAuthzService();
        DefaultServiceDefinition tokenService = oAuthServiceDefinition.getTokenService();
        String uuid = UUID.randomUUID().toString();
        try {
            this.endpointMan.updateEndpoint(webAuthzService.getName(), new EndpointConfiguration(webAuthzService.getDisplayedName(), webAuthzService.getDescription(), webAuthzService.getAuthenticationOptions(), webAuthzService.getConfiguration(), webAuthzService.getRealm(), uuid));
            if (tokenService != null) {
                this.endpointMan.updateEndpoint(tokenService.getName(), new EndpointConfiguration(tokenService.getDisplayedName(), tokenService.getDescription(), tokenService.getAuthenticationOptions(), tokenService.getConfiguration(), tokenService.getRealm(), uuid));
            }
            updateClients(oAuthServiceDefinition.getSelectedClients());
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.updateError", new Object[]{oAuthServiceDefinition.getName()}), e);
        }
    }

    public void reloadConfigFromFile(ServiceDefinition serviceDefinition) throws ControllerException {
        OAuthServiceDefinition oAuthServiceDefinition = (OAuthServiceDefinition) serviceDefinition;
        DefaultServiceDefinition webAuthzService = oAuthServiceDefinition.getWebAuthzService();
        DefaultServiceDefinition tokenService = oAuthServiceDefinition.getTokenService();
        ArrayList arrayList = new ArrayList();
        try {
            this.endpointMan.updateEndpoint(webAuthzService.getName(), this.serviceFileConfigController.getEndpointConfig(webAuthzService.getName()));
        } catch (Exception e) {
            arrayList.add(new ControllerException(this.msg.getMessage("ServicesController.updateError", new Object[]{oAuthServiceDefinition.getName()}), e));
        }
        if (tokenService != null) {
            try {
                this.endpointMan.updateEndpoint(tokenService.getName(), this.serviceFileConfigController.getEndpointConfig(tokenService.getName()));
            } catch (Exception e2) {
                arrayList.add(new ControllerException(this.msg.getMessage("ServicesController.updateError", new Object[]{oAuthServiceDefinition.getName()}), e2));
            }
        }
        if (arrayList.size() == 2) {
            log.error("Can not update OAuth endpoint", ((ControllerException) arrayList.get(2)).getCause());
        }
        if (!arrayList.isEmpty()) {
            throw ((ControllerException) arrayList.get(0));
        }
    }

    private void updateClients(List<OAuthClient> list) throws EngineException, URISyntaxException {
        String clientNameAttr = this.idpUsersHelper.getClientNameAttr();
        for (OAuthClient oAuthClient : list) {
            if (oAuthClient.getEntity() == null) {
                Long valueOf = Long.valueOf(addOAuthClient(oAuthClient));
                OAuthClient m17clone = oAuthClient.m17clone();
                m17clone.setEntity(valueOf);
                updateClient(m17clone, clientNameAttr);
            } else if (oAuthClient.isToRemove()) {
                EntityParam entityParam = new EntityParam(oAuthClient.getEntity());
                String group = oAuthClient.getGroup();
                if (group.equals("/")) {
                    this.entityMan.removeEntity(entityParam);
                } else {
                    Set keySet = this.entityMan.getGroups(entityParam).keySet();
                    keySet.remove("/");
                    keySet.remove(IDP_CLIENT_MAIN_GROUP);
                    keySet.remove(group);
                    if (keySet.isEmpty()) {
                        this.entityMan.removeEntity(entityParam);
                    } else {
                        this.groupMan.removeMember(oAuthClient.getGroup(), entityParam);
                    }
                }
            } else if (oAuthClient.isUpdated()) {
                updateClient(oAuthClient, clientNameAttr);
            }
        }
    }

    private long addOAuthClient(OAuthClient oAuthClient) throws EngineException {
        Identity addEntity = this.entityMan.addEntity(new IdentityParam("userName", oAuthClient.getId()), EntityState.valid);
        addToGroupRecursive(Group.getMissingGroups(oAuthClient.getGroup(), Arrays.asList("/")), addEntity.getEntityId());
        return addEntity.getEntityId();
    }

    private void addToGroupRecursive(Deque<String> deque, long j) throws EngineException {
        if (deque.isEmpty()) {
            return;
        }
        this.groupMan.addMemberFromParent(deque.pollLast(), new EntityParam(Long.valueOf(j)));
        addToGroupRecursive(deque, j);
    }

    private void updateClient(OAuthClient oAuthClient, String str) throws EngineException, URISyntaxException {
        EntityParam entityParam = new EntityParam(oAuthClient.getEntity());
        String group = oAuthClient.getGroup();
        LocalOrRemoteResource logo = oAuthClient.getLogo();
        if (logo != null) {
            if (logo.getLocal() != null) {
                updateLogo(entityParam, group, logo.getLocal());
            } else if (logo.getSrc() != null && !logo.getSrc().isEmpty()) {
                updateLogo(entityParam, group, this.uriAccessService.readURI(new URI(logo.getSrc())).getContents());
            } else if (!this.attrMan.getAttributes(entityParam, group, OAuthSystemAttributesProvider.CLIENT_LOGO).isEmpty()) {
                this.attrMan.removeAttribute(entityParam, group, OAuthSystemAttributesProvider.CLIENT_LOGO);
            }
        }
        if (oAuthClient.getFlows() != null) {
            this.attrMan.setAttribute(entityParam, EnumAttribute.of(OAuthSystemAttributesProvider.ALLOWED_FLOWS, group, oAuthClient.getFlows()));
        }
        if (!oAuthClient.isAllowAnyScopes()) {
            this.attrMan.setAttribute(entityParam, StringAttribute.of(OAuthSystemAttributesProvider.ALLOWED_SCOPES, group, oAuthClient.getScopes() != null ? oAuthClient.getScopes() : Collections.emptyList()));
        } else if (this.attrMan.getAttributes(entityParam, group, OAuthSystemAttributesProvider.ALLOWED_SCOPES).size() > 0) {
            this.attrMan.removeAttribute(entityParam, group, OAuthSystemAttributesProvider.ALLOWED_SCOPES);
        }
        if (oAuthClient.getTitle() != null) {
            this.attrMan.setAttribute(entityParam, StringAttribute.of(OAuthSystemAttributesProvider.CLIENT_NAME, group, new String[]{oAuthClient.getTitle()}));
        }
        if (oAuthClient.getType() != null) {
            this.attrMan.setAttribute(entityParam, EnumAttribute.of(OAuthSystemAttributesProvider.CLIENT_TYPE, group, oAuthClient.getType()));
        }
        if (oAuthClient.getRedirectURIs() != null) {
            this.attrMan.setAttribute(entityParam, StringAttribute.of(OAuthSystemAttributesProvider.ALLOWED_RETURN_URI, group, oAuthClient.getRedirectURIs()));
        }
        if (oAuthClient.getName() != null && str != null) {
            this.attrMan.setAttribute(entityParam, StringAttribute.of(str, "/", new String[]{oAuthClient.getName()}));
        }
        if (oAuthClient.getType().equals(ClientType.PUBLIC.toString())) {
            this.entityCredentialManagement.setEntityCredentialStatus(entityParam, DEFAULT_CREDENTIAL, LocalCredentialState.notSet);
        } else {
            if (oAuthClient.getSecret() == null || oAuthClient.getSecret().isEmpty()) {
                return;
            }
            this.entityCredentialManagement.setEntityCredential(entityParam, DEFAULT_CREDENTIAL, new PasswordToken(oAuthClient.getSecret()).toJson());
        }
    }

    private void updateLogo(EntityParam entityParam, String str, byte[] bArr) throws EngineException {
        ImageAttributeSyntax syntax = this.attrTypeSupport.getSyntax(this.attrTypeSupport.getType(OAuthSystemAttributesProvider.CLIENT_LOGO));
        UnityImage unityImage = new UnityImage(bArr, ImageType.JPG);
        unityImage.scaleDown(syntax.getConfig().getMaxWidth(), syntax.getConfig().getMaxHeight());
        this.attrMan.setAttribute(entityParam, ImageAttribute.of(OAuthSystemAttributesProvider.CLIENT_LOGO, str, new UnityImage[]{unityImage}));
    }

    public void remove(ServiceDefinition serviceDefinition) throws ControllerException {
        OAuthServiceDefinition oAuthServiceDefinition = (OAuthServiceDefinition) serviceDefinition;
        DefaultServiceDefinition webAuthzService = oAuthServiceDefinition.getWebAuthzService();
        DefaultServiceDefinition tokenService = oAuthServiceDefinition.getTokenService();
        try {
            this.endpointMan.removeEndpoint(webAuthzService.getName());
            if (tokenService != null) {
                this.endpointMan.removeEndpoint(tokenService.getName());
            }
        } catch (Exception e) {
            throw new ControllerException(this.msg.getMessage("ServicesController.removeError", new Object[]{webAuthzService.getName()}), e);
        }
    }

    public String getSupportedEndpointType() {
        return OAuthAuthzWebEndpoint.Factory.TYPE.getName();
    }

    private List<OAuthClient> getOAuthClients(String str) {
        try {
            ArrayList arrayList = new ArrayList();
            Map membershipInfo = this.bulkService.getMembershipInfo(this.bulkService.getBulkMembershipData(str));
            String clientNameAttr = this.idpUsersHelper.getClientNameAttr();
            for (EntityInGroupData entityInGroupData : membershipInfo.values()) {
                if (isOAuthClient(entityInGroupData)) {
                    arrayList.add(getOAuthClient(entityInGroupData, str, clientNameAttr));
                }
            }
            return arrayList;
        } catch (EngineException e) {
            throw new RuntimeEngineException(e);
        }
    }

    private boolean isOAuthClient(EntityInGroupData entityInGroupData) {
        return entityInGroupData.groupAttributesByName.keySet().contains(OAuthSystemAttributesProvider.ALLOWED_FLOWS) && getUserName(entityInGroupData.entity.getIdentities()) != null;
    }

    private OAuthClient getOAuthClient(EntityInGroupData entityInGroupData, String str, String str2) throws EngineException {
        OAuthClient oAuthClient = new OAuthClient();
        oAuthClient.setEntity(entityInGroupData.entity.getId());
        oAuthClient.setId(getUserName(entityInGroupData.entity.getIdentities()));
        oAuthClient.setGroup(str);
        Map map = entityInGroupData.groupAttributesByName;
        oAuthClient.setFlows(((AttributeExt) map.get(OAuthSystemAttributesProvider.ALLOWED_FLOWS)).getValues());
        if (map.containsKey(OAuthSystemAttributesProvider.ALLOWED_SCOPES)) {
            oAuthClient.setScopes(((AttributeExt) map.get(OAuthSystemAttributesProvider.ALLOWED_SCOPES)).getValues());
            oAuthClient.setAllowAnyScopes(false);
        } else {
            oAuthClient.setAllowAnyScopes(true);
        }
        if (map.containsKey(OAuthSystemAttributesProvider.CLIENT_TYPE)) {
            oAuthClient.setType((String) ((AttributeExt) map.get(OAuthSystemAttributesProvider.CLIENT_TYPE)).getValues().get(0));
        } else {
            oAuthClient.setType(ClientType.CONFIDENTIAL.toString());
        }
        if (map.containsKey(OAuthSystemAttributesProvider.ALLOWED_RETURN_URI)) {
            oAuthClient.setRedirectURIs(((AttributeExt) map.get(OAuthSystemAttributesProvider.ALLOWED_RETURN_URI)).getValues());
        }
        if (map.containsKey(OAuthSystemAttributesProvider.CLIENT_NAME)) {
            oAuthClient.setTitle((String) ((AttributeExt) map.get(OAuthSystemAttributesProvider.CLIENT_NAME)).getValues().get(0));
        }
        if (map.containsKey(OAuthSystemAttributesProvider.CLIENT_NAME)) {
            oAuthClient.setTitle((String) ((AttributeExt) map.get(OAuthSystemAttributesProvider.CLIENT_NAME)).getValues().get(0));
        }
        if (str2 != null && entityInGroupData.rootAttributesByName.containsKey(str2)) {
            oAuthClient.setName((String) ((AttributeExt) entityInGroupData.rootAttributesByName.get(str2)).getValues().get(0));
        }
        if (map.containsKey(OAuthSystemAttributesProvider.CLIENT_LOGO)) {
            Attribute attribute = (Attribute) map.get(OAuthSystemAttributesProvider.CLIENT_LOGO);
            UnityImage convertFromString = this.attrTypeSupport.getSyntax(attribute).convertFromString((String) attribute.getValues().get(0));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                ImageIO.write(convertFromString.getBufferedImage(), convertFromString.getType().toExt(), byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                LocalOrRemoteResource localOrRemoteResource = new LocalOrRemoteResource(new StreamResource("logo", () -> {
                    return new ByteArrayInputStream(byteArray);
                }), OAuthTokenEndpoint.PATH, byteArray);
                byteArrayOutputStream.close();
                oAuthClient.setLogo(localOrRemoteResource);
            } catch (IOException e) {
                throw new EngineException(e);
            }
        }
        return oAuthClient;
    }

    private String getUserName(List<Identity> list) {
        for (Identity identity : list) {
            if (identity.getTypeId().equals("userName")) {
                return identity.getValue();
            }
        }
        return null;
    }

    private List<String> getAllUsernames() throws EngineException {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.bulkService.getMembershipInfo(this.bulkService.getBulkMembershipData("/")).values().iterator();
        while (it.hasNext()) {
            for (Identity identity : ((EntityInGroupData) it.next()).entity.getIdentities()) {
                if (identity.getTypeId().equals("userName")) {
                    arrayList.add(identity.getValue());
                }
            }
        }
        return arrayList;
    }

    public ServiceEditor getEditor(SubViewSwitcher subViewSwitcher) throws EngineException {
        return new OAuthServiceEditor(this.msg, subViewSwitcher, this.outputTranslationProfileFieldFactory, this.pkiMan, this.advertisedAddrProvider.get().toString(), this.server.getUsedContextPaths(), this.imageService, this.notificationPresenter, this.fileStorageService, this.serverConfig, (List) this.realmsMan.getRealms().stream().map(authenticationRealm -> {
            return authenticationRealm.getName();
        }).collect(Collectors.toList()), (List) this.flowsMan.getAuthenticationFlows().stream().collect(Collectors.toList()), (List) this.authMan.getAuthenticators((String) null).stream().collect(Collectors.toList()), (List) this.atMan.getAttributeTypes().stream().map(attributeType -> {
            return attributeType.getName();
        }).collect(Collectors.toList()), (List) this.bulkService.getGroupAndSubgroups(this.bulkService.getBulkStructuralData("/")).values().stream().map(groupContents -> {
            return groupContents.getGroup();
        }).collect(Collectors.toList()), this.idpUsersHelper.getAllUsers(), this::getOAuthClients, getAllUsernames(), (List) this.registrationMan.getForms().stream().filter(registrationForm -> {
            return registrationForm.isPubliclyAvailable();
        }).map(registrationForm2 -> {
            return registrationForm2.getName();
        }).collect(Collectors.toList()), this.pkiMan.getCredentialNames(), this.authenticatorSupportService, this.idTypeSupport.getIdentityTypes(), (List) this.endpointMan.getEndpoints().stream().map(endpoint -> {
            return endpoint.getContextAddress();
        }).collect(Collectors.toList()), this.policyDocumentManagement.getPolicyDocuments(), this.scopesService, this.pkiMan.getValidatorNames(), this.pkiMan.getAllCertificateNames(), this.htmlTooltipFactory);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -238651201:
                if (implMethodName.equals("lambda$getOAuthClient$81eb55ab$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("com/vaadin/flow/server/InputStreamFactory") && serializedLambda.getFunctionalInterfaceMethodName().equals("createInputStream") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/io/InputStream;") && serializedLambda.getImplClass().equals("pl/edu/icm/unity/oauth/as/console/OAuthServiceController") && serializedLambda.getImplMethodSignature().equals("([B)Ljava/io/InputStream;")) {
                    byte[] bArr = (byte[]) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return new ByteArrayInputStream(bArr);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
