package org.apache.syncope.client.console;

import java.security.AccessControlException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Future;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.MediaType;
import javax.xml.ws.WebServiceException;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.commons.lang3.time.FastDateFormat;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.syncope.client.console.commons.RealmsUtils;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.lib.batch.BatchRequest;
import org.apache.syncope.client.ui.commons.BaseSession;
import org.apache.syncope.client.ui.commons.DateOps;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.info.PlatformInfo;
import org.apache.syncope.common.lib.info.SystemInfo;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.wicket.Component;
import org.apache.wicket.Session;
import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.model.IModel;
import org.apache.wicket.request.Request;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.task.TaskRejectedException;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;

/* loaded from: input_file:org/apache/syncope/client/console/SyncopeConsoleSession.class */
public class SyncopeConsoleSession extends AuthenticatedWebSession implements BaseSession {
    private static final long serialVersionUID = 747562246415852166L;
    protected static final Logger LOG = LoggerFactory.getLogger(SyncopeConsoleSession.class);
    protected final SyncopeClientFactoryBean clientFactory;
    protected final SyncopeClient anonymousClient;
    protected final Pair<String, String> gitAndBuildInfo;
    protected final PlatformInfo platformInfo;
    protected final SystemInfo systemInfo;
    protected final Map<Class<?>, Object> services;
    protected final ThreadPoolTaskExecutor executor;
    protected String domain;
    protected SyncopeClient client;
    protected UserTO selfTO;
    protected Map<String, Set<String>> auth;
    protected List<String> delegations;
    protected String delegatedBy;
    protected Roles roles;

    /* loaded from: input_file:org/apache/syncope/client/console/SyncopeConsoleSession$Error.class */
    public enum Error {
        SESSION_EXPIRED("error.session.expired", "Session expired: please login again"),
        AUTHORIZATION("error.authorization", "Insufficient access rights when performing the requested operation"),
        REST("error.rest", "There was an error while contacting the Core server");

        private final String key;
        private final String fallback;

        Error(String str, String str2) {
            this.key = str;
            this.fallback = str2;
        }

        public String key() {
            return this.key;
        }

        public String fallback() {
            return this.fallback;
        }
    }

    public static SyncopeConsoleSession get() {
        return Session.get();
    }

    public SyncopeConsoleSession(Request request) {
        super(request);
        this.services = Collections.synchronizedMap(new HashMap());
        this.clientFactory = SyncopeWebApplication.get().newClientFactory();
        this.anonymousClient = SyncopeWebApplication.get().newAnonymousClient();
        this.gitAndBuildInfo = this.anonymousClient.gitAndBuildInfo();
        this.platformInfo = this.anonymousClient.platform();
        this.systemInfo = this.anonymousClient.system();
        this.executor = SyncopeWebApplication.get().newThreadPoolTaskExecutor();
    }

    protected String message(SyncopeClientException syncopeClientException) {
        return syncopeClientException.getType().name() + ": " + ((String) syncopeClientException.getElements().stream().collect(Collectors.joining(", ")));
    }

    public void onException(Exception exc) {
        Throwable rootCause = ExceptionUtils.getRootCause(exc);
        String message = rootCause.getMessage();
        if (rootCause instanceof SyncopeClientException) {
            SyncopeClientException syncopeClientException = (SyncopeClientException) rootCause;
            message = syncopeClientException.isComposite() ? (String) syncopeClientException.asComposite().getExceptions().stream().map(this::message).collect(Collectors.joining("; ")) : message(syncopeClientException);
        } else if ((rootCause instanceof AccessControlException) || (rootCause instanceof ForbiddenException)) {
            Error error = StringUtils.containsIgnoreCase(message, "expired") ? Error.SESSION_EXPIRED : Error.AUTHORIZATION;
            message = getApplication().getResourceSettings().getLocalizer().getString(error.key(), (Component) null, (IModel) null, (Locale) null, (String) null, error.fallback());
        } else if ((rootCause instanceof BadRequestException) || (rootCause instanceof WebServiceException)) {
            message = getApplication().getResourceSettings().getLocalizer().getString(Error.REST.key(), (Component) null, (IModel) null, (Locale) null, (String) null, Error.REST.fallback());
        }
        error(getApplication().getResourceSettings().getLocalizer().getString(message, (Component) null, (IModel) null, (Locale) null, (String) null, message));
    }

    public MediaType getMediaType() {
        return this.clientFactory.getContentType().getMediaType();
    }

    public void execute(Runnable runnable) {
        try {
            this.executor.execute(runnable);
        } catch (TaskRejectedException e) {
            LOG.error("Could not execute {}", runnable, e);
        }
    }

    public <T> Future<T> execute(Callable<T> callable) {
        try {
            return this.executor.submit(callable);
        } catch (TaskRejectedException e) {
            LOG.error("Could not execute {}", callable, e);
            return new CompletableFuture();
        }
    }

    public Pair<String, String> gitAndBuildInfo() {
        return this.gitAndBuildInfo;
    }

    public PlatformInfo getPlatformInfo() {
        return this.platformInfo;
    }

    public SystemInfo getSystemInfo() {
        return this.systemInfo;
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    public String getDomain() {
        return StringUtils.isBlank(this.domain) ? "Master" : this.domain;
    }

    public String getJWT() {
        return (String) Optional.ofNullable(this.client).map((v0) -> {
            return v0.getJWT();
        }).orElse(null);
    }

    public boolean authenticate(String str, String str2) {
        boolean z = false;
        try {
            this.client = this.clientFactory.setDomain(getDomain()).create(str, str2);
            refreshAuth(str);
            z = true;
        } catch (Exception e) {
            LOG.error("Authentication failed", e);
        }
        return z;
    }

    public boolean authenticate(String str) {
        boolean z = false;
        try {
            this.client = this.clientFactory.setDomain(getDomain()).create(str);
            refreshAuth(null);
            z = true;
        } catch (Exception e) {
            LOG.error("Authentication failed", e);
        }
        if (z) {
            bind();
        }
        signIn(z);
        return z;
    }

    public void cleanup() {
        this.client = null;
        this.auth = null;
        this.delegations = null;
        this.delegatedBy = null;
        this.selfTO = null;
        this.services.clear();
    }

    public void invalidate() {
        if (getJWT() != null) {
            if (this.client != null) {
                this.client.logout();
            }
            cleanup();
        }
        this.executor.shutdown();
        super.invalidate();
    }

    public UserTO getSelfTO() {
        return this.selfTO;
    }

    public List<String> getAuthRealms() {
        return (List) this.auth.values().stream().flatMap((v0) -> {
            return v0.stream();
        }).distinct().sorted().collect(Collectors.toList());
    }

    public List<String> getSearchableRealms() {
        Set<String> set = this.auth.get("REALM_LIST");
        return set.isEmpty() ? List.of() : (List) set.stream().sorted().collect(Collectors.toList());
    }

    public Optional<String> getRootRealm(String str) {
        List<String> searchableRealms = getSearchableRealms();
        if (searchableRealms.isEmpty()) {
            return Optional.empty();
        }
        if (str != null) {
            Stream<String> stream = searchableRealms.stream();
            Objects.requireNonNull(str);
            if (stream.anyMatch(str::startsWith)) {
                return Optional.of(str);
            }
        }
        return searchableRealms.stream().findFirst();
    }

    public boolean owns(String str, String... strArr) {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        if (this.auth == null) {
            return false;
        }
        Set<String> of = ArrayUtils.isEmpty(strArr) ? Set.of() : Set.of((Object[]) strArr);
        for (String str2 : str.split(",")) {
            if (this.auth.containsKey(str2)) {
                boolean z = false;
                Set set = (Set) this.auth.get(str2).stream().map(RealmsUtils::getFullPath).collect(Collectors.toSet());
                if (of.isEmpty()) {
                    return !set.isEmpty();
                }
                for (String str3 : of) {
                    if (str3.startsWith("/")) {
                        Stream stream = set.stream();
                        Objects.requireNonNull(str3);
                        z |= stream.anyMatch(str3::startsWith);
                    } else {
                        z |= set.contains(str3);
                    }
                }
                return z;
            }
        }
        return false;
    }

    public Roles getRoles() {
        if (isSignedIn() && this.roles == null && this.auth != null) {
            this.roles = new Roles((String[]) this.auth.keySet().toArray(i -> {
                return new String[i];
            }));
            this.roles.add("AUTHENTICATED");
        }
        return this.roles;
    }

    public List<String> getDelegations() {
        return this.delegations;
    }

    public String getDelegatedBy() {
        return this.delegatedBy;
    }

    public void setDelegatedBy(String str) {
        this.delegatedBy = str;
        this.client.delegatedBy(str);
        refreshAuth(null);
    }

    public void refreshAuth(String str) {
        try {
            Triple self = this.client.self();
            this.auth = (Map) self.getLeft();
            this.delegations = (List) self.getMiddle();
            this.selfTO = (UserTO) self.getRight();
            this.roles = null;
        } catch (ForbiddenException e) {
            LOG.warn("Could not read self(), probably in a {} scenario", "MUST_CHANGE_PASSWORD", e);
            this.selfTO = new UserTO();
            this.selfTO.setUsername(str);
            this.selfTO.setMustChangePassword(true);
        }
    }

    public SyncopeClient getAnonymousClient() {
        return this.anonymousClient;
    }

    public <T> T getAnonymousService(Class<T> cls) {
        return (T) getAnonymousClient().getService(cls);
    }

    protected <T> T getCachedService(Class<T> cls) {
        Object service;
        if (this.services.containsKey(cls)) {
            service = this.services.get(cls);
        } else {
            service = this.client.getService(cls);
            this.services.put(cls, service);
        }
        WebClient.client(service).type("application/json").accept(new String[]{"application/json"});
        return (T) service;
    }

    public <T> T getService(Class<T> cls) {
        return (T) getCachedService(cls);
    }

    public <T> T getService(String str, Class<T> cls) {
        T t = (T) getCachedService(cls);
        WebClient.client(t).match(new EntityTag(str), false);
        return t;
    }

    public BatchRequest batch() {
        return this.client.batch();
    }

    public <T> void resetClient(Class<T> cls) {
        WebClient.client(getCachedService(cls)).reset();
    }

    public DateOps.Format getDateFormat() {
        return new DateOps.Format(FastDateFormat.getDateTimeInstance(3, 3, getLocale()));
    }
}
