package org.mitre.openid.connect.web;

import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import java.lang.reflect.Type;
import java.text.ParseException;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.web.AuthenticationUtilities;
import org.mitre.openid.connect.model.CachedImage;
import org.mitre.openid.connect.service.ClientLogoLoadingService;
import org.mitre.openid.connect.view.ClientEntityViewForAdmins;
import org.mitre.openid.connect.view.ClientEntityViewForUsers;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/api/clients"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/openid/connect/web/ClientAPI.class */
public class ClientAPI {
    public static final String URL = "api/clients";

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private ClientLogoLoadingService clientLogoLoadingService;
    private JsonParser parser = new JsonParser();
    private Gson gson = new GsonBuilder().serializeNulls().registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() { // from class: org.mitre.openid.connect.web.ClientAPI.4
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWSAlgorithm m51deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return JWSAlgorithm.parse(jsonElement.getAsString());
            }
            return null;
        }
    }).registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() { // from class: org.mitre.openid.connect.web.ClientAPI.3
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWEAlgorithm m50deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return JWEAlgorithm.parse(jsonElement.getAsString());
            }
            return null;
        }
    }).registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() { // from class: org.mitre.openid.connect.web.ClientAPI.2
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public EncryptionMethod m49deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (jsonElement.isJsonPrimitive()) {
                return EncryptionMethod.parse(jsonElement.getAsString());
            }
            return null;
        }
    }).registerTypeAdapter(JWKSet.class, new JsonDeserializer<JWKSet>() { // from class: org.mitre.openid.connect.web.ClientAPI.1
        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public JWKSet m48deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) throws JsonParseException {
            if (!jsonElement.isJsonObject()) {
                return null;
            }
            try {
                return JWKSet.parse(jsonElement.toString());
            } catch (ParseException e) {
                return null;
            }
        }
    }).setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ").create();
    private static final Logger logger = LoggerFactory.getLogger(ClientAPI.class);

    @RequestMapping(method = {RequestMethod.GET}, produces = {"application/json"})
    public String apiGetAllClients(Model model, Authentication authentication) {
        model.addAttribute(JsonEntityView.ENTITY, this.clientService.getAllClients());
        return AuthenticationUtilities.isAdmin(authentication) ? ClientEntityViewForAdmins.VIEWNAME : ClientEntityViewForUsers.VIEWNAME;
    }

    @RequestMapping(method = {RequestMethod.POST}, consumes = {"application/json"}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiAddClient(@RequestBody String str, Model model, Authentication authentication) {
        try {
            JsonObject asJsonObject = this.parser.parse(str).getAsJsonObject();
            ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) this.gson.fromJson(asJsonObject, ClientDetailsEntity.class);
            if (Strings.isNullOrEmpty(clientDetailsEntity.getClientId())) {
                clientDetailsEntity = this.clientService.generateClientId(clientDetailsEntity);
            }
            if (clientDetailsEntity.getTokenEndpointAuthMethod() == null || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.NONE)) {
                clientDetailsEntity.setClientSecret((String) null);
            } else if (clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_BASIC) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_POST) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)) {
                if ((asJsonObject.has("generateClientSecret") && asJsonObject.get("generateClientSecret").getAsBoolean()) || Strings.isNullOrEmpty(clientDetailsEntity.getClientSecret())) {
                    clientDetailsEntity = this.clientService.generateClientSecret(clientDetailsEntity);
                }
            } else {
                if (!clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY)) {
                    logger.error("unknown auth method");
                    model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                    model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested");
                    return JsonErrorView.VIEWNAME;
                }
                if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri()) && clientDetailsEntity.getJwks() == null) {
                    logger.error("tried to create client with private key auth but no private key");
                    model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                    model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWK Set URI or JWK Set Value.");
                    return JsonErrorView.VIEWNAME;
                }
                clientDetailsEntity.setClientSecret((String) null);
            }
            clientDetailsEntity.setDynamicallyRegistered(false);
            try {
                model.addAttribute(JsonEntityView.ENTITY, this.clientService.saveNewClient(clientDetailsEntity));
                return AuthenticationUtilities.isAdmin(authentication) ? ClientEntityViewForAdmins.VIEWNAME : ClientEntityViewForUsers.VIEWNAME;
            } catch (IllegalArgumentException e) {
                logger.error("Unable to save client: {}", e.getMessage());
                model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client: " + e.getMessage());
                return JsonErrorView.VIEWNAME;
            }
        } catch (IllegalStateException e2) {
            logger.error("apiAddClient failed due to IllegalStateException", e2);
            model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
            model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
            return JsonErrorView.VIEWNAME;
        } catch (JsonSyntaxException e3) {
            logger.error("apiAddClient failed due to JsonSyntaxException", e3);
            model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
            model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
            return JsonErrorView.VIEWNAME;
        }
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.PUT}, consumes = {"application/json"}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiUpdateClient(@PathVariable("id") Long l, @RequestBody String str, Model model, Authentication authentication) {
        try {
            JsonObject asJsonObject = this.parser.parse(str).getAsJsonObject();
            ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) this.gson.fromJson(asJsonObject, ClientDetailsEntity.class);
            ClientDetailsEntity clientById = this.clientService.getClientById(l);
            if (clientById == null) {
                logger.error("apiUpdateClient failed; client with id " + l + " could not be found.");
                model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The requested client with id " + l + "could not be found.");
                return JsonErrorView.VIEWNAME;
            }
            if (Strings.isNullOrEmpty(clientDetailsEntity.getClientId())) {
                clientDetailsEntity = this.clientService.generateClientId(clientDetailsEntity);
            }
            if (clientDetailsEntity.getTokenEndpointAuthMethod() == null || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.NONE)) {
                clientDetailsEntity.setClientSecret((String) null);
            } else if (clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_BASIC) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_POST) || clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)) {
                if ((asJsonObject.has("generateClientSecret") && asJsonObject.get("generateClientSecret").getAsBoolean()) || Strings.isNullOrEmpty(clientDetailsEntity.getClientSecret())) {
                    clientDetailsEntity = this.clientService.generateClientSecret(clientDetailsEntity);
                }
            } else {
                if (!clientDetailsEntity.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY)) {
                    logger.error("unknown auth method");
                    model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                    model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested");
                    return JsonErrorView.VIEWNAME;
                }
                if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri()) && clientDetailsEntity.getJwks() == null) {
                    logger.error("tried to create client with private key auth but no private key");
                    model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                    model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWK Set URI or JWK Set Value.");
                    return JsonErrorView.VIEWNAME;
                }
                clientDetailsEntity.setClientSecret((String) null);
            }
            try {
                model.addAttribute(JsonEntityView.ENTITY, this.clientService.updateClient(clientById, clientDetailsEntity));
                return AuthenticationUtilities.isAdmin(authentication) ? ClientEntityViewForAdmins.VIEWNAME : ClientEntityViewForUsers.VIEWNAME;
            } catch (IllegalArgumentException e) {
                logger.error("Unable to save client: {}", e.getMessage());
                model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client: " + e.getMessage());
                return JsonErrorView.VIEWNAME;
            }
        } catch (IllegalStateException e2) {
            logger.error("apiUpdateClient failed due to IllegalStateException", e2);
            model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
            model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
            return JsonErrorView.VIEWNAME;
        } catch (JsonSyntaxException e3) {
            logger.error("apiUpdateClient failed due to JsonSyntaxException", e3);
            model.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
            model.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
            return JsonErrorView.VIEWNAME;
        }
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.DELETE})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String apiDeleteClient(@PathVariable("id") Long l, ModelAndView modelAndView) {
        ClientDetailsEntity clientById = this.clientService.getClientById(l);
        if (clientById != null) {
            modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.OK);
            this.clientService.deleteClient(clientById);
            return HttpCodeView.VIEWNAME;
        }
        logger.error("apiDeleteClient failed; client with id " + l + " could not be found.");
        modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
        modelAndView.getModelMap().put(JsonErrorView.ERROR_MESSAGE, "Could not delete client. The requested client with id " + l + "could not be found.");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String apiShowClient(@PathVariable("id") Long l, Model model, Authentication authentication) {
        ClientDetailsEntity clientById = this.clientService.getClientById(l);
        if (clientById != null) {
            model.addAttribute(JsonEntityView.ENTITY, clientById);
            return AuthenticationUtilities.isAdmin(authentication) ? ClientEntityViewForAdmins.VIEWNAME : ClientEntityViewForUsers.VIEWNAME;
        }
        logger.error("apiShowClient failed; client with id " + l + " could not be found.");
        model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
        model.addAttribute(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + l + " could not be found.");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/{id}/logo"}, method = {RequestMethod.GET}, produces = {"image/gif", "image/jpeg", "image/png"})
    public ResponseEntity<byte[]> getClientLogo(@PathVariable("id") Long l, Model model) {
        ClientDetailsEntity clientById = this.clientService.getClientById(l);
        if (clientById != null && !Strings.isNullOrEmpty(clientById.getLogoUri())) {
            CachedImage logo = this.clientLogoLoadingService.getLogo(clientById);
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.parseMediaType(logo.getContentType()));
            httpHeaders.setContentLength(logo.getLength());
            return new ResponseEntity<>(logo.getData(), httpHeaders, HttpStatus.OK);
        }
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
}
