package org.mitre.openid.connect.web;

import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.lang.reflect.Type;
import java.util.Iterator;
import org.mitre.jose.JWEAlgorithmEmbed;
import org.mitre.jose.JWEEncryptionMethodEmbed;
import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.service.UserInfoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/api/clients"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/openid/connect/web/ClientAPI.class */
public class ClientAPI {

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private UserInfoService userInfoService;
    private JsonParser parser = new JsonParser();
    private Gson gson = new GsonBuilder().serializeNulls().registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer<JWSAlgorithmEmbed>() { // from class: org.mitre.openid.connect.web.ClientAPI.3
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWSAlgorithmEmbed m37deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return JWSAlgorithmEmbed.getForAlgorithmName(jsonElement.getAsString());
            }
            return null;
        }
    }).registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonDeserializer<JWEAlgorithmEmbed>() { // from class: org.mitre.openid.connect.web.ClientAPI.2
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWEAlgorithmEmbed m36deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return JWEAlgorithmEmbed.getForAlgorithmName(jsonElement.getAsString());
            }
            return null;
        }
    }).registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonDeserializer<JWEEncryptionMethodEmbed>() { // from class: org.mitre.openid.connect.web.ClientAPI.1
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWEEncryptionMethodEmbed m35deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return JWEEncryptionMethodEmbed.getForAlgorithmName(jsonElement.getAsString());
            }
            return null;
        }
    }).setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ").create();
    private static Logger logger = LoggerFactory.getLogger(ClientAPI.class);

    @RequestMapping(method = {RequestMethod.GET}, produces = {"application/json"})
    public String apiGetAllClients(Model model, Authentication authentication) {
        model.addAttribute("entity", this.clientService.getAllClients());
        return isAdmin(authentication) ? "clientEntityViewAdmins" : "clientEntityViewUsers";
    }

    @RequestMapping(method = {RequestMethod.POST}, consumes = {"application/json"}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiAddClient(@RequestBody String str, Model model, Authentication authentication) {
        try {
            JsonObject asJsonObject = this.parser.parse(str).getAsJsonObject();
            ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) this.gson.fromJson(asJsonObject, ClientDetailsEntity.class);
            if (Strings.isNullOrEmpty(clientDetailsEntity.getClientId())) {
                clientDetailsEntity = this.clientService.generateClientId(clientDetailsEntity);
            }
            if (clientDetailsEntity.getTokenEndpointAuthMethod() == null || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.NONE)) {
                clientDetailsEntity.setClientSecret((String) null);
            } else if (clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_BASIC) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_POST) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)) {
                if ((asJsonObject.has("generateClientSecret") && asJsonObject.get("generateClientSecret").getAsBoolean()) || Strings.isNullOrEmpty(clientDetailsEntity.getClientSecret())) {
                    clientDetailsEntity = this.clientService.generateClientSecret(clientDetailsEntity);
                }
            } else {
                if (!clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY)) {
                    logger.error("unknown auth method");
                    model.addAttribute("code", HttpStatus.BAD_REQUEST);
                    model.addAttribute("errorMessage", "Unknown auth method requested");
                    return "jsonErrorView";
                }
                if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri())) {
                    logger.error("tried to create client with private key auth but no private key");
                    model.addAttribute("code", HttpStatus.BAD_REQUEST);
                    model.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
                    return "jsonErrorView";
                }
                clientDetailsEntity.setClientSecret((String) null);
            }
            clientDetailsEntity.setDynamicallyRegistered(false);
            model.addAttribute("entity", this.clientService.saveNewClient(clientDetailsEntity));
            return isAdmin(authentication) ? "clientEntityViewAdmins" : "clientEntityViewUsers";
        } catch (IllegalStateException e) {
            logger.error("apiAddClient failed due to IllegalStateException", e);
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
            return "jsonErrorView";
        } catch (JsonSyntaxException e2) {
            logger.error("apiAddClient failed due to JsonSyntaxException", e2);
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
            return "jsonErrorView";
        }
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.PUT}, consumes = {"application/json"}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiUpdateClient(@PathVariable("id") Long l, @RequestBody String str, Model model, Authentication authentication) {
        try {
            JsonObject asJsonObject = this.parser.parse(str).getAsJsonObject();
            ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) this.gson.fromJson(asJsonObject, ClientDetailsEntity.class);
            ClientDetailsEntity clientById = this.clientService.getClientById(l);
            if (clientById == null) {
                logger.error("apiUpdateClient failed; client with id " + l + " could not be found.");
                model.addAttribute("code", HttpStatus.NOT_FOUND);
                model.addAttribute("errorMessage", "Could not update client. The requested client with id " + l + "could not be found.");
                return "jsonErrorView";
            }
            if (Strings.isNullOrEmpty(clientDetailsEntity.getClientId())) {
                clientDetailsEntity = this.clientService.generateClientId(clientDetailsEntity);
            }
            if (clientDetailsEntity.getTokenEndpointAuthMethod() == null || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.NONE)) {
                clientDetailsEntity.setClientSecret((String) null);
            } else if (clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_BASIC) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_POST) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)) {
                if ((asJsonObject.has("generateClientSecret") && asJsonObject.get("generateClientSecret").getAsBoolean()) || Strings.isNullOrEmpty(clientDetailsEntity.getClientSecret())) {
                    clientDetailsEntity = this.clientService.generateClientSecret(clientDetailsEntity);
                }
            } else {
                if (!clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY)) {
                    logger.error("unknown auth method");
                    model.addAttribute("code", HttpStatus.BAD_REQUEST);
                    model.addAttribute("errorMessage", "Unknown auth method requested");
                    return "jsonErrorView";
                }
                if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri())) {
                    logger.error("tried to create client with private key auth but no private key");
                    model.addAttribute("code", HttpStatus.BAD_REQUEST);
                    model.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
                    return "jsonErrorView";
                }
                clientDetailsEntity.setClientSecret((String) null);
            }
            model.addAttribute("entity", this.clientService.updateClient(clientById, clientDetailsEntity));
            return isAdmin(authentication) ? "clientEntityViewAdmins" : "clientEntityViewUsers";
        } catch (IllegalStateException e) {
            logger.error("apiUpdateClient failed due to IllegalStateException", e);
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
            return "jsonErrorView";
        } catch (JsonSyntaxException e2) {
            logger.error("apiUpdateClient failed due to JsonSyntaxException", e2);
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
            return "jsonErrorView";
        }
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.DELETE})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiDeleteClient(@PathVariable("id") Long l, ModelAndView modelAndView) {
        ClientDetailsEntity clientById = this.clientService.getClientById(l);
        if (clientById != null) {
            modelAndView.getModelMap().put("code", HttpStatus.OK);
            this.clientService.deleteClient(clientById);
            return "httpCodeView";
        }
        logger.error("apiDeleteClient failed; client with id " + l + " could not be found.");
        modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
        modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + l + "could not be found.");
        return "jsonErrorView";
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String apiShowClient(@PathVariable("id") Long l, Model model, Authentication authentication) {
        ClientDetailsEntity clientById = this.clientService.getClientById(l);
        if (clientById != null) {
            model.addAttribute("entity", clientById);
            return isAdmin(authentication) ? "clientEntityViewAdmins" : "clientEntityViewUsers";
        }
        logger.error("apiShowClient failed; client with id " + l + " could not be found.");
        model.addAttribute("code", HttpStatus.NOT_FOUND);
        model.addAttribute("errorMessage", "The requested client with id " + l + " could not be found.");
        return "jsonErrorView";
    }

    private boolean isAdmin(Authentication authentication) {
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equals("ROLE_ADMIN")) {
                return true;
            }
        }
        return false;
    }
}
