package org.cloudfoundry.identity.uaa.zone;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.UUID;
import javax.validation.Valid;
import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.provider.ClientAlreadyExistsException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
import org.springframework.validation.Errors;
import org.springframework.validation.ObjectError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/identity-zones"})
@RestController
/* loaded from: input_file:org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.class */
public class IdentityZoneEndpoints implements ApplicationEventPublisherAware {

    @Autowired
    private MessageSource messageSource;
    private ApplicationEventPublisher publisher;
    private static final Logger logger = LoggerFactory.getLogger(IdentityZoneEndpoints.class);
    private final IdentityZoneProvisioning zoneDao;
    private final IdentityProviderProvisioning idpDao;
    private final IdentityZoneEndpointClientRegistrationService clientRegistrationService;

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints$UnprocessableEntityException.class */
    private class UnprocessableEntityException extends UaaException {
        public UnprocessableEntityException(String str) {
            super("invalid_identity_zone", str, 422);
        }
    }

    public IdentityZoneEndpoints(IdentityZoneProvisioning identityZoneProvisioning, IdentityProviderProvisioning identityProviderProvisioning, IdentityZoneEndpointClientRegistrationService identityZoneEndpointClientRegistrationService) {
        this.zoneDao = identityZoneProvisioning;
        this.idpDao = identityProviderProvisioning;
        this.clientRegistrationService = identityZoneEndpointClientRegistrationService;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.GET})
    public IdentityZone getIdentityZone(@PathVariable String str) {
        List<IdentityZone> filterForCurrentZone = filterForCurrentZone(Arrays.asList(this.zoneDao.retrieve(str)));
        if (filterForCurrentZone.size() == 0) {
            throw new ZoneDoesNotExistsException("Zone does not exist or is not accessible.");
        }
        return filterForCurrentZone.get(0);
    }

    @RequestMapping(method = {RequestMethod.GET})
    public List<IdentityZone> getIdentityZones() {
        return filterForCurrentZone(this.zoneDao.retrieveAll());
    }

    protected List<IdentityZone> filterForCurrentZone(List<IdentityZone> list) {
        if (IdentityZoneHolder.isUaa()) {
            return list;
        }
        String id = IdentityZoneHolder.get().getId();
        LinkedList linkedList = new LinkedList();
        for (IdentityZone identityZone : list) {
            if (id.equals(identityZone.getId())) {
                linkedList.add(identityZone);
            }
        }
        return linkedList;
    }

    @RequestMapping(method = {RequestMethod.POST})
    public ResponseEntity<IdentityZone> createIdentityZone(@Valid @RequestBody IdentityZone identityZone, BindingResult bindingResult) {
        if (bindingResult.hasErrors()) {
            throw new UnprocessableEntityException(getErrorMessages(bindingResult));
        }
        if (!IdentityZoneHolder.isUaa()) {
            throw new AccessDeniedException("Zones can only be created by being authenticated in the default zone.");
        }
        if (!StringUtils.hasText(identityZone.getId())) {
            identityZone.setId(UUID.randomUUID().toString());
        }
        IdentityZone identityZone2 = IdentityZoneHolder.get();
        try {
            logger.debug("Zone - creating id[" + identityZone.getId() + "] subdomain[" + identityZone.getSubdomain() + "]");
            IdentityZone create = this.zoneDao.create(identityZone);
            IdentityZoneHolder.set(create);
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setName("uaa");
            identityProvider.setType("uaa");
            identityProvider.setOriginKey("uaa");
            identityProvider.setIdentityZoneId(create.getId());
            UaaIdentityProviderDefinition uaaIdentityProviderDefinition = new UaaIdentityProviderDefinition();
            uaaIdentityProviderDefinition.setPasswordPolicy((PasswordPolicy) null);
            identityProvider.setConfig(uaaIdentityProviderDefinition);
            this.idpDao.create(identityProvider);
            logger.debug("Zone - created id[" + create.getId() + "] subdomain[" + create.getSubdomain() + "]");
            ResponseEntity<IdentityZone> responseEntity = new ResponseEntity<>(create, HttpStatus.CREATED);
            IdentityZoneHolder.set(identityZone2);
            return responseEntity;
        } catch (Throwable th) {
            IdentityZoneHolder.set(identityZone2);
            throw th;
        }
    }

    private String getErrorMessages(Errors errors) {
        ArrayList arrayList = new ArrayList();
        Iterator it = errors.getAllErrors().iterator();
        while (it.hasNext()) {
            arrayList.add(this.messageSource.getMessage((ObjectError) it.next(), Locale.getDefault()));
        }
        return String.join("\r\n", arrayList);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.PUT})
    public ResponseEntity<IdentityZone> updateIdentityZone(@Valid @RequestBody IdentityZone identityZone, @PathVariable String str) {
        if (str == null) {
            throw new ZoneDoesNotExistsException(str);
        }
        if (!IdentityZoneHolder.isUaa() && !str.equals(IdentityZoneHolder.get().getId())) {
            throw new AccessDeniedException("Zone admins can only update their own zone.");
        }
        IdentityZone identityZone2 = IdentityZoneHolder.get();
        try {
            logger.debug("Zone - updating id[" + str + "] subdomain[" + identityZone.getSubdomain() + "]");
            this.zoneDao.retrieve(str);
            identityZone.setId(str);
            IdentityZone update = this.zoneDao.update(identityZone);
            IdentityZoneHolder.set(update);
            logger.debug("Zone - updated id[" + update.getId() + "] subdomain[" + update.getSubdomain() + "]");
            ResponseEntity<IdentityZone> responseEntity = new ResponseEntity<>(update, HttpStatus.OK);
            IdentityZoneHolder.set(identityZone2);
            return responseEntity;
        } catch (Throwable th) {
            IdentityZoneHolder.set(identityZone2);
            throw th;
        }
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.DELETE})
    @Transactional
    public ResponseEntity<IdentityZone> deleteIdentityZone(@PathVariable String str) {
        if (str == null) {
            throw new ZoneDoesNotExistsException(str);
        }
        if (!IdentityZoneHolder.isUaa() && !str.equals(IdentityZoneHolder.get().getId())) {
            throw new AccessDeniedException("Zone admins can only update their own zone.");
        }
        IdentityZone identityZone = IdentityZoneHolder.get();
        try {
            logger.debug("Zone - deleting id[" + str + "]");
            IdentityZone retrieve = this.zoneDao.retrieve(str);
            IdentityZoneHolder.set(retrieve);
            if (this.publisher == null || retrieve == null) {
                ResponseEntity<IdentityZone> responseEntity = new ResponseEntity<>(HttpStatus.UNPROCESSABLE_ENTITY);
                IdentityZoneHolder.set(identityZone);
                return responseEntity;
            }
            this.publisher.publishEvent(new EntityDeletedEvent(retrieve));
            logger.debug("Zone - deleted id[" + retrieve.getId() + "]");
            ResponseEntity<IdentityZone> responseEntity2 = new ResponseEntity<>(retrieve, HttpStatus.OK);
            IdentityZoneHolder.set(identityZone);
            return responseEntity2;
        } catch (Throwable th) {
            IdentityZoneHolder.set(identityZone);
            throw th;
        }
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"{identityZoneId}/clients"})
    public ResponseEntity<? extends ClientDetails> createClient(@PathVariable String str, @RequestBody BaseClientDetails baseClientDetails) {
        if (str == null) {
            throw new ZoneDoesNotExistsException(str);
        }
        if (!IdentityZoneHolder.isUaa() && !str.equals(IdentityZoneHolder.get().getId())) {
            throw new AccessDeniedException("Zone admins can only create clients in their own zone.");
        }
        IdentityZone identityZone = IdentityZoneHolder.get();
        try {
            logger.debug("Zone creating client zone[" + str + "] client[" + baseClientDetails.getClientId() + "]");
            IdentityZoneHolder.set(this.zoneDao.retrieve(str));
            ClientDetails createClient = this.clientRegistrationService.createClient(baseClientDetails);
            logger.debug("Zone client created zone[" + str + "] client[" + baseClientDetails.getClientId() + "]");
            ResponseEntity<? extends ClientDetails> responseEntity = new ResponseEntity<>(removeSecret(createClient), HttpStatus.CREATED);
            IdentityZoneHolder.set(identityZone);
            return responseEntity;
        } catch (Throwable th) {
            IdentityZoneHolder.set(identityZone);
            throw th;
        }
    }

    private ClientDetails removeSecret(ClientDetails clientDetails) {
        BaseClientDetails baseClientDetails = (BaseClientDetails) clientDetails;
        baseClientDetails.setClientSecret((String) null);
        return baseClientDetails;
    }

    @RequestMapping(method = {RequestMethod.DELETE}, value = {"{identityZoneId}/clients/{clientId}"})
    public ResponseEntity<? extends ClientDetails> deleteClient(@PathVariable String str, @PathVariable String str2) {
        if (str == null) {
            throw new ZoneDoesNotExistsException(str);
        }
        if (!IdentityZoneHolder.isUaa() && !str.equals(IdentityZoneHolder.get().getId())) {
            throw new AccessDeniedException("Zone admins can only delete their own zone.");
        }
        IdentityZone identityZone = IdentityZoneHolder.get();
        try {
            logger.debug("Zone deleting client zone[" + str + "] client[" + str2 + "]");
            IdentityZoneHolder.set(this.zoneDao.retrieve(str));
            ClientDetails deleteClient = this.clientRegistrationService.deleteClient(str2);
            logger.debug("Zone client deleted zone[" + str + "] client[" + str2 + "]");
            ResponseEntity<? extends ClientDetails> responseEntity = new ResponseEntity<>(removeSecret(deleteClient), HttpStatus.OK);
            IdentityZoneHolder.set(identityZone);
            return responseEntity;
        } catch (Throwable th) {
            IdentityZoneHolder.set(identityZone);
            throw th;
        }
    }

    @ExceptionHandler({ZoneAlreadyExistsException.class})
    public ResponseEntity<ZoneAlreadyExistsException> handleZoneAlreadyExistsException(ZoneAlreadyExistsException zoneAlreadyExistsException) {
        return new ResponseEntity<>(zoneAlreadyExistsException, HttpStatus.CONFLICT);
    }

    @ExceptionHandler({InvalidClientDetailsException.class})
    public ResponseEntity<InvalidClientDetailsException> handleInvalidClientDetails(InvalidClientDetailsException invalidClientDetailsException) {
        return new ResponseEntity<>(invalidClientDetailsException, HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler({NoSuchClientException.class})
    public ResponseEntity<Void> handleNoSuchClient(NoSuchClientException noSuchClientException) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }

    @ExceptionHandler({ClientAlreadyExistsException.class})
    public ResponseEntity<InvalidClientDetailsException> handleClientAlreadyExists(ClientAlreadyExistsException clientAlreadyExistsException) {
        return new ResponseEntity<>(new InvalidClientDetailsException(clientAlreadyExistsException.getMessage()), HttpStatus.CONFLICT);
    }

    @ExceptionHandler({ZoneDoesNotExistsException.class})
    public ResponseEntity<ZoneDoesNotExistsException> handleZoneDoesNotExistsException(ZoneDoesNotExistsException zoneDoesNotExistsException) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }

    @ExceptionHandler({MethodArgumentNotValidException.class})
    public ResponseEntity<Void> handleValidationException(MethodArgumentNotValidException methodArgumentNotValidException) {
        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler({AccessDeniedException.class})
    public ResponseEntity<Void> handleAccessDeniedException(AccessDeniedException accessDeniedException) {
        return new ResponseEntity<>(HttpStatus.FORBIDDEN);
    }

    @ExceptionHandler({UnprocessableEntityException.class})
    public ResponseEntity<UnprocessableEntityException> handleUnprocessableEntityException(UnprocessableEntityException unprocessableEntityException) {
        return new ResponseEntity<>(unprocessableEntityException, HttpStatus.UNPROCESSABLE_ENTITY);
    }

    @ExceptionHandler({Exception.class})
    public ResponseEntity<Void> handleException(Exception exc) {
        logger.error(exc.getClass() + ": " + exc.getMessage(), exc);
        return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
    }
}
