package org.cloudfoundry.identity.uaa.mfa;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
import org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaProviderException;
import org.cloudfoundry.identity.uaa.mfa.exception.MfaAlreadyExistsException;
import org.cloudfoundry.identity.uaa.mfa.exception.MfaProviderUpdateIsNotAllowed;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.cloudfoundry.identity.uaa.zone.MfaConfig;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/mfa-providers"})
@RestController
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/mfa/MfaProviderEndpoints.class */
public class MfaProviderEndpoints implements ApplicationEventPublisherAware {
    protected static Log logger = LogFactory.getLog(MfaProviderEndpoints.class);
    private ApplicationEventPublisher publisher;
    private MfaProviderProvisioning mfaProviderProvisioning;
    private MfaProviderValidator mfaProviderValidator;
    private IdentityZoneProvisioning identityZoneProvisioning;

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }

    @RequestMapping(method = {RequestMethod.POST})
    public ResponseEntity<MfaProvider> createMfaProvider(@RequestBody MfaProvider mfaProvider) {
        String id = IdentityZoneHolder.get().getId();
        mfaProvider.setIdentityZoneId(id);
        this.mfaProviderValidator.validate(mfaProvider);
        if (!StringUtils.hasText(mfaProvider.getConfig().getIssuer())) {
            mfaProvider.getConfig().setIssuer(IdentityZoneHolder.get().getName());
        }
        return new ResponseEntity<>(this.mfaProviderProvisioning.create(mfaProvider, id), HttpStatus.CREATED);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.PUT})
    public ResponseEntity<MfaProvider> updateMfaProvider() throws MfaProviderUpdateIsNotAllowed {
        throw new MfaProviderUpdateIsNotAllowed();
    }

    @RequestMapping(method = {RequestMethod.GET})
    public ResponseEntity<List<MfaProvider>> retrieveMfaProviders() {
        return new ResponseEntity<>(this.mfaProviderProvisioning.retrieveAll(IdentityZoneHolder.get().getId()), HttpStatus.OK);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.GET})
    public ResponseEntity<MfaProvider> retrieveMfaProviderById(@PathVariable String str) {
        return new ResponseEntity<>(this.mfaProviderProvisioning.retrieve(str, IdentityZoneHolder.get().getId()), HttpStatus.OK);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.DELETE})
    public ResponseEntity<MfaProvider> deleteMfaProviderById(@PathVariable String str) {
        MfaProvider retrieve = this.mfaProviderProvisioning.retrieve(str, IdentityZoneHolder.get().getId());
        MfaConfig mfaConfig = IdentityZoneHolder.get().getConfig().getMfaConfig();
        if (mfaConfig.isEnabled() && mfaConfig.getProviderName().equals(retrieve.getName())) {
            throw new MfaAlreadyExistsException("MFA provider is currently active on zone: " + IdentityZoneHolder.get().getId() + ". Please deactivate it from the zone or set another MFA provider");
        }
        this.publisher.publishEvent((ApplicationEvent) new EntityDeletedEvent(retrieve, SecurityContextHolder.getContext().getAuthentication()));
        return new ResponseEntity<>(retrieve, HttpStatus.OK);
    }

    @ExceptionHandler({InvalidMfaProviderException.class})
    public ResponseEntity<InvalidMfaProviderException> handleInvalidMfaProviderException(InvalidMfaProviderException invalidMfaProviderException) {
        return new ResponseEntity<>(invalidMfaProviderException, HttpStatus.UNPROCESSABLE_ENTITY);
    }

    @ExceptionHandler({MfaAlreadyExistsException.class})
    public ResponseEntity<InvalidMfaProviderException> handleInvalidMfaProviderException(MfaAlreadyExistsException mfaAlreadyExistsException) {
        return new ResponseEntity<>(new InvalidMfaProviderException(mfaAlreadyExistsException.getMessage()), HttpStatus.CONFLICT);
    }

    @ExceptionHandler({EmptyResultDataAccessException.class})
    public ResponseEntity<EmptyResultDataAccessException> handleEmptyResultDataAccessException(EmptyResultDataAccessException emptyResultDataAccessException) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }

    @ExceptionHandler({MfaProviderUpdateIsNotAllowed.class})
    public ResponseEntity<MfaProviderUpdateIsNotAllowed> handleMfaUpdatingNameOfActiveProvider(MfaProviderUpdateIsNotAllowed mfaProviderUpdateIsNotAllowed) {
        return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
    }

    public MfaProviderProvisioning getMfaProviderProvisioning() {
        return this.mfaProviderProvisioning;
    }

    public void setMfaProviderProvisioning(MfaProviderProvisioning mfaProviderProvisioning) {
        this.mfaProviderProvisioning = mfaProviderProvisioning;
    }

    public void setMfaProviderValidator(MfaProviderValidator mfaProviderValidator) {
        this.mfaProviderValidator = mfaProviderValidator;
    }

    public void setIdentityZoneProvisioning(IdentityZoneProvisioning identityZoneProvisioning) {
        this.identityZoneProvisioning = identityZoneProvisioning;
    }
}
