package info.elexis;

import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.repository.OAuth2ClientRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:lib/openid.war:WEB-INF/classes/info/elexis/OpenIdForElexisServerInitializingBean.class */
public class OpenIdForElexisServerInitializingBean implements InitializingBean {
    public static final String OPENID_UNIT_TEST = "openid.unit-test";
    public static final String ELEXIS_SERVER_UNITTEST_CLIENT = "es-unittest-client";
    public static final String ELEXIS_SERVER_INTROSPECTION_CLIENT_ID = "es-introspection-client";
    public static final String ESADMIN_SCOPE = "esadmin";
    public static final String FHIR_SCOPE = "fhir";

    @Autowired
    private OAuth2ClientRepository clientRepository;

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private SystemScopeService systemScopeService;
    private final Logger log = LoggerFactory.getLogger((Class<?>) OpenIdForElexisServerInitializingBean.class);
    private ClientDetailsEntityBuilder clientDetailsEntityBuilder = new ClientDetailsEntityBuilder();

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        assertElexisServerSystemScopes();
        generateOrReplaceElexisServerIntrospectionClient();
        addOrRemoveUnitTestClients(isTestMode());
    }

    private void assertElexisServerSystemScopes() {
        if (this.systemScopeService.getByValue(ESADMIN_SCOPE) == null) {
            SystemScope systemScope = new SystemScope(ESADMIN_SCOPE);
            systemScope.setDefaultScope(false);
            systemScope.setDescription("Elexis-Server Administration");
            systemScope.setIcon("star");
            this.systemScopeService.save(systemScope);
        }
        if (this.systemScopeService.getByValue(FHIR_SCOPE) == null) {
            SystemScope systemScope2 = new SystemScope(FHIR_SCOPE);
            systemScope2.setDefaultScope(false);
            systemScope2.setDescription("FHIR Access");
            systemScope2.setIcon("fire");
            this.systemScopeService.save(systemScope2);
        }
    }

    private void generateOrReplaceElexisServerIntrospectionClient() {
        if (this.clientRepository.getClientByClientId(ELEXIS_SERVER_INTROSPECTION_CLIENT_ID) == null) {
            this.log.warn("Adding elexis-server protected-resource introspection client.");
            ClientDetailsEntity generateClientSecret = this.clientService.generateClientSecret(this.clientDetailsEntityBuilder.buildIntrospectionClient());
            generateClientSecret.setScope(new HashSet(Arrays.asList(ESADMIN_SCOPE, FHIR_SCOPE)));
            ClientDetailsEntity saveNewClient = this.clientService.saveNewClient(generateClientSecret);
            Path resolve = ElexisServer.getElexisServerHomeDirectory().resolve("es-introspection-client.auth");
            try {
                Files.write(resolve, Arrays.asList("# Written " + new Date(), "es-introspection-client:" + saveNewClient.getClientSecret()), Charset.forName("UTF-8"), new OpenOption[0]);
            } catch (IOException e) {
                this.log.error("Error writing file [{}]", resolve, e);
            }
            if (Files.exists(resolve, new LinkOption[0])) {
                try {
                    HashSet hashSet = new HashSet();
                    hashSet.add(PosixFilePermission.OWNER_READ);
                    Files.setPosixFilePermissions(resolve, hashSet);
                } catch (IOException e2) {
                    this.log.warn("Could not reduce file permission [{}]", resolve, e2);
                }
            }
        }
    }

    public static boolean isTestMode() {
        return Boolean.TRUE.equals(Boolean.valueOf(Boolean.parseBoolean(System.getProperty(OPENID_UNIT_TEST))));
    }

    private void addOrRemoveUnitTestClients(boolean z) {
        ClientDetailsEntity clientByClientId = this.clientRepository.getClientByClientId(ELEXIS_SERVER_UNITTEST_CLIENT);
        if (!z) {
            if (clientByClientId != null) {
                this.log.warn("Deleting unit-test client [{}]", ELEXIS_SERVER_UNITTEST_CLIENT);
                this.clientService.deleteClient(clientByClientId);
                return;
            }
            return;
        }
        if (clientByClientId == null) {
            this.log.warn("Adding unit-test client [{}]", ELEXIS_SERVER_UNITTEST_CLIENT);
            ClientDetailsEntity buildUnitTestClient = this.clientDetailsEntityBuilder.buildUnitTestClient();
            buildUnitTestClient.setClientSecret(ELEXIS_SERVER_UNITTEST_CLIENT);
            this.clientService.saveNewClient(buildUnitTestClient);
        }
    }
}
