package org.cloudfoundry.identity.uaa.provider;

import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
import org.cloudfoundry.identity.uaa.authentication.manager.DynamicLdapAuthenticationManager;
import org.cloudfoundry.identity.uaa.authentication.manager.LdapLoginAuthenticationManager;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator;
import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.ObjectUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/identity-providers"})
@RestController
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.class */
public class IdentityProviderEndpoints implements ApplicationEventPublisherAware {
    protected static Log logger = LogFactory.getLog(IdentityProviderEndpoints.class);
    private final IdentityProviderProvisioning identityProviderProvisioning;
    private final ScimGroupExternalMembershipManager scimGroupExternalMembershipManager;
    private final ScimGroupProvisioning scimGroupProvisioning;
    private final SamlIdentityProviderConfigurator samlConfigurator;
    private final IdentityProviderConfigValidationDelegator configValidator;
    private final NoOpLdapLoginAuthenticationManager noOpManager = new NoOpLdapLoginAuthenticationManager();
    private ApplicationEventPublisher publisher = null;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints$NoOpLdapLoginAuthenticationManager.class */
    protected static class NoOpLdapLoginAuthenticationManager extends LdapLoginAuthenticationManager {
        protected NoOpLdapLoginAuthenticationManager() {
        }

        @Override // org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager, org.springframework.security.authentication.AuthenticationManager
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            return authentication;
        }
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }

    public IdentityProviderEndpoints(IdentityProviderProvisioning identityProviderProvisioning, ScimGroupExternalMembershipManager scimGroupExternalMembershipManager, ScimGroupProvisioning scimGroupProvisioning, SamlIdentityProviderConfigurator samlIdentityProviderConfigurator, IdentityProviderConfigValidationDelegator identityProviderConfigValidationDelegator) {
        this.identityProviderProvisioning = identityProviderProvisioning;
        this.scimGroupExternalMembershipManager = scimGroupExternalMembershipManager;
        this.scimGroupProvisioning = scimGroupProvisioning;
        this.samlConfigurator = samlIdentityProviderConfigurator;
        this.configValidator = identityProviderConfigValidationDelegator;
    }

    @RequestMapping(method = {RequestMethod.POST})
    public ResponseEntity<IdentityProvider> createIdentityProvider(@RequestBody IdentityProvider identityProvider, @RequestParam(required = false, defaultValue = "false") boolean z) throws MetadataProviderException {
        identityProvider.setSerializeConfigRaw(z);
        String id = IdentityZoneHolder.get().getId();
        identityProvider.setIdentityZoneId(id);
        try {
            this.configValidator.validate(identityProvider.getConfig(), identityProvider.getType());
            if (OriginKeys.SAML.equals(identityProvider.getType())) {
                SamlIdentityProviderDefinition samlIdentityProviderDefinition = (SamlIdentityProviderDefinition) ObjectUtils.castInstance(identityProvider.getConfig(), SamlIdentityProviderDefinition.class);
                samlIdentityProviderDefinition.setZoneId(id);
                samlIdentityProviderDefinition.setIdpEntityAlias(identityProvider.getOriginKey());
                this.samlConfigurator.addSamlIdentityProviderDefinition(samlIdentityProviderDefinition);
                identityProvider.setConfig(samlIdentityProviderDefinition);
            }
            try {
                IdentityProvider create = this.identityProviderProvisioning.create(identityProvider);
                create.setSerializeConfigRaw(z);
                return new ResponseEntity<>(create, HttpStatus.CREATED);
            } catch (IdpAlreadyExistsException e) {
                return new ResponseEntity<>(identityProvider, HttpStatus.CONFLICT);
            } catch (Exception e2) {
                logger.debug("Unable to create IdentityProvider[" + e2.getMessage() + "].", e2);
                return new ResponseEntity<>(identityProvider, HttpStatus.INTERNAL_SERVER_ERROR);
            }
        } catch (IllegalArgumentException e3) {
            return new ResponseEntity<>(identityProvider, HttpStatus.UNPROCESSABLE_ENTITY);
        }
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.DELETE})
    @Transactional
    public ResponseEntity<IdentityProvider> deleteIdentityProvider(@PathVariable String str, @RequestParam(required = false, defaultValue = "false") boolean z) throws MetadataProviderException {
        IdentityProvider retrieve = this.identityProviderProvisioning.retrieve(str);
        if (this.publisher == null || retrieve == null) {
            return new ResponseEntity<>(HttpStatus.UNPROCESSABLE_ENTITY);
        }
        retrieve.setSerializeConfigRaw(z);
        this.publisher.publishEvent((ApplicationEvent) new EntityDeletedEvent(retrieve, SecurityContextHolder.getContext().getAuthentication()));
        return new ResponseEntity<>(retrieve, HttpStatus.OK);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.PUT})
    public ResponseEntity<IdentityProvider> updateIdentityProvider(@PathVariable String str, @RequestBody IdentityProvider identityProvider, @RequestParam(required = false, defaultValue = "false") boolean z) throws MetadataProviderException {
        identityProvider.setSerializeConfigRaw(z);
        IdentityProvider retrieve = this.identityProviderProvisioning.retrieve(str);
        String id = IdentityZoneHolder.get().getId();
        identityProvider.setId(str);
        identityProvider.setIdentityZoneId(id);
        try {
            this.configValidator.validate(identityProvider.getConfig(), identityProvider.getType());
            if (OriginKeys.SAML.equals(identityProvider.getType())) {
                identityProvider.setOriginKey(retrieve.getOriginKey());
                SamlIdentityProviderDefinition samlIdentityProviderDefinition = (SamlIdentityProviderDefinition) ObjectUtils.castInstance(identityProvider.getConfig(), SamlIdentityProviderDefinition.class);
                samlIdentityProviderDefinition.setZoneId(id);
                samlIdentityProviderDefinition.setIdpEntityAlias(identityProvider.getOriginKey());
                this.samlConfigurator.addSamlIdentityProviderDefinition(samlIdentityProviderDefinition);
                identityProvider.setConfig(samlIdentityProviderDefinition);
            }
            IdentityProvider update = this.identityProviderProvisioning.update(identityProvider);
            update.setSerializeConfigRaw(z);
            return new ResponseEntity<>(update, HttpStatus.OK);
        } catch (IllegalArgumentException e) {
            return new ResponseEntity<>(identityProvider, HttpStatus.UNPROCESSABLE_ENTITY);
        }
    }

    @RequestMapping(method = {RequestMethod.GET})
    public ResponseEntity<List<IdentityProvider>> retrieveIdentityProviders(@RequestParam(value = "active_only", required = false) String str, @RequestParam(required = false, defaultValue = "false") boolean z) {
        List<IdentityProvider> retrieveAll = this.identityProviderProvisioning.retrieveAll(Boolean.valueOf(str).booleanValue(), IdentityZoneHolder.get().getId());
        Iterator<IdentityProvider> it = retrieveAll.iterator();
        while (it.hasNext()) {
            it.next().setSerializeConfigRaw(z);
        }
        return new ResponseEntity<>(retrieveAll, HttpStatus.OK);
    }

    @RequestMapping(value = {"{id}"}, method = {RequestMethod.GET})
    public ResponseEntity<IdentityProvider> retrieveIdentityProvider(@PathVariable String str, @RequestParam(required = false, defaultValue = "false") boolean z) {
        IdentityProvider retrieve = this.identityProviderProvisioning.retrieve(str);
        retrieve.setSerializeConfigRaw(z);
        return new ResponseEntity<>(retrieve, HttpStatus.OK);
    }

    @RequestMapping(value = {"test"}, method = {RequestMethod.POST})
    public ResponseEntity<String> testIdentityProvider(@RequestBody IdentityProviderValidationRequest identityProviderValidationRequest) {
        String str = "ok";
        HttpStatus httpStatus = HttpStatus.OK;
        DynamicLdapAuthenticationManager dynamicLdapAuthenticationManager = new DynamicLdapAuthenticationManager((LdapIdentityProviderDefinition) ObjectUtils.castInstance(identityProviderValidationRequest.getProvider().getConfig(), LdapIdentityProviderDefinition.class), this.scimGroupExternalMembershipManager, this.scimGroupProvisioning, this.noOpManager);
        try {
            try {
                try {
                    Authentication authenticate = dynamicLdapAuthenticationManager.authenticate(identityProviderValidationRequest.getCredentials());
                    if (authenticate == null || (authenticate != null && !authenticate.isAuthenticated())) {
                        httpStatus = HttpStatus.EXPECTATION_FAILED;
                    }
                    dynamicLdapAuthenticationManager.destroy();
                } catch (InternalAuthenticationServiceException e) {
                    httpStatus = HttpStatus.BAD_REQUEST;
                    str = getExceptionString(e);
                    dynamicLdapAuthenticationManager.destroy();
                }
            } catch (BadCredentialsException e2) {
                httpStatus = HttpStatus.EXPECTATION_FAILED;
                str = "bad credentials";
                dynamicLdapAuthenticationManager.destroy();
            } catch (Exception e3) {
                logger.debug("Identity provider validation failed.", e3);
                httpStatus = HttpStatus.INTERNAL_SERVER_ERROR;
                str = "check server logs";
                dynamicLdapAuthenticationManager.destroy();
            }
            return new ResponseEntity<>(JsonUtils.writeValueAsString(str), httpStatus);
        } catch (Throwable th) {
            dynamicLdapAuthenticationManager.destroy();
            throw th;
        }
    }

    @ExceptionHandler({MetadataProviderException.class})
    public ResponseEntity<String> handleMetadataProviderException(MetadataProviderException metadataProviderException) {
        return metadataProviderException.getMessage().contains("Duplicate") ? new ResponseEntity<>(metadataProviderException.getMessage(), HttpStatus.CONFLICT) : new ResponseEntity<>(metadataProviderException.getMessage(), HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler({JsonUtils.JsonUtilException.class})
    public ResponseEntity<String> handleMetadataProviderException() {
        return new ResponseEntity<>("Invalid provider configuration.", HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler({EmptyResultDataAccessException.class})
    public ResponseEntity<String> handleProviderNotFoundException() {
        return new ResponseEntity<>("Provider not found.", HttpStatus.NOT_FOUND);
    }

    protected String getExceptionString(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.getBuffer().toString();
    }
}
