package org.cloudfoundry.identity.uaa.scim.endpoints;

import java.io.IOException;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.password.event.PasswordChangeEvent;
import org.cloudfoundry.identity.uaa.password.event.PasswordChangeFailureEvent;
import org.cloudfoundry.identity.uaa.password.event.ResetPasswordRequestEvent;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-scim-2.2.4.jar:org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoints.class */
public class PasswordResetEndpoints implements ApplicationEventPublisherAware {
    public static final int PASSWORD_RESET_LIFETIME = 1800000;
    private final ScimUserProvisioning scimUserProvisioning;
    private final ExpiringCodeStore expiringCodeStore;
    private final ObjectMapper objectMapper;
    private ApplicationEventPublisher publisher;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-scim-2.2.4.jar:org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoints$PasswordChange.class */
    public static class PasswordChange {

        @JsonProperty("username")
        private String username;

        @JsonProperty("code")
        private String code;

        @JsonProperty("current_password")
        private String currentPassword;

        @JsonProperty("new_password")
        private String newPassword;

        public String getUsername() {
            return this.username;
        }

        public void setUsername(String str) {
            this.username = str;
        }

        public String getCode() {
            return this.code;
        }

        public void setCode(String str) {
            this.code = str;
        }

        public String getCurrentPassword() {
            return this.currentPassword;
        }

        public void setCurrentPassword(String str) {
            this.currentPassword = str;
        }

        public String getNewPassword() {
            return this.newPassword;
        }

        public void setNewPassword(String str) {
            this.newPassword = str;
        }
    }

    public PasswordResetEndpoints(ObjectMapper objectMapper, ScimUserProvisioning scimUserProvisioning, ExpiringCodeStore expiringCodeStore) {
        this.objectMapper = objectMapper;
        this.scimUserProvisioning = scimUserProvisioning;
        this.expiringCodeStore = expiringCodeStore;
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }

    @RequestMapping(value = {"/password_resets"}, method = {RequestMethod.POST})
    public ResponseEntity<Map<String, String>> resetPassword(@RequestBody String str) throws IOException {
        String writeValueAsString = this.objectMapper.writeValueAsString(str);
        HashMap hashMap = new HashMap();
        List<ScimUser> query = this.scimUserProvisioning.query("userName eq " + writeValueAsString + " and origin eq \"" + Origin.UAA + "\"");
        if (query.isEmpty()) {
            List<ScimUser> query2 = this.scimUserProvisioning.query("userName eq " + writeValueAsString);
            if (query2.isEmpty()) {
                return new ResponseEntity<>(HttpStatus.NOT_FOUND);
            }
            hashMap.put(Claims.USER_ID, query2.get(0).getId());
            return new ResponseEntity<>(hashMap, HttpStatus.CONFLICT);
        }
        ScimUser scimUser = query.get(0);
        String code = this.expiringCodeStore.generateCode(scimUser.getId(), new Timestamp(System.currentTimeMillis() + 1800000)).getCode();
        publish(new ResetPasswordRequestEvent(str, code, SecurityContextHolder.getContext().getAuthentication()));
        hashMap.put("code", code);
        hashMap.put(Claims.USER_ID, scimUser.getId());
        return new ResponseEntity<>(hashMap, HttpStatus.CREATED);
    }

    @RequestMapping(value = {"/password_change"}, method = {RequestMethod.POST})
    public ResponseEntity<Map<String, String>> changePassword(@RequestBody PasswordChange passwordChange) {
        return isCodeAuthenticatedChange(passwordChange) ? changePasswordCodeAuthenticated(passwordChange) : isUsernamePasswordAuthenticatedChange(passwordChange) ? changePasswordUsernamePasswordAuthenticated(passwordChange) : new ResponseEntity<>(HttpStatus.BAD_REQUEST);
    }

    private boolean isUsernamePasswordAuthenticatedChange(PasswordChange passwordChange) {
        return (passwordChange.getUsername() == null || passwordChange.getCurrentPassword() == null || passwordChange.getCode() != null) ? false : true;
    }

    private boolean isCodeAuthenticatedChange(PasswordChange passwordChange) {
        return passwordChange.getCode() != null && passwordChange.getCurrentPassword() == null && passwordChange.getUsername() == null;
    }

    private ResponseEntity<Map<String, String>> changePasswordUsernamePasswordAuthenticated(PasswordChange passwordChange) {
        List<ScimUser> query = this.scimUserProvisioning.query("userName eq \"" + passwordChange.getUsername() + "\"");
        if (query.isEmpty()) {
            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
        }
        String currentPassword = passwordChange.getCurrentPassword();
        ScimUser scimUser = query.get(0);
        try {
            this.scimUserProvisioning.changePassword(scimUser.getId(), currentPassword, passwordChange.getNewPassword());
            publish(new PasswordChangeEvent("Password changed", getUaaUser(scimUser), SecurityContextHolder.getContext().getAuthentication()));
            HashMap hashMap = new HashMap();
            hashMap.put(Claims.USER_ID, scimUser.getId());
            hashMap.put("username", scimUser.getUserName());
            return new ResponseEntity<>(hashMap, HttpStatus.OK);
        } catch (ScimResourceNotFoundException e) {
            publish(new PasswordChangeFailureEvent(e.getMessage(), getUaaUser(scimUser), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        } catch (BadCredentialsException e2) {
            publish(new PasswordChangeFailureEvent(e2.getMessage(), getUaaUser(scimUser), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
        } catch (Exception e3) {
            publish(new PasswordChangeFailureEvent(e3.getMessage(), getUaaUser(scimUser), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private ResponseEntity<Map<String, String>> changePasswordCodeAuthenticated(PasswordChange passwordChange) {
        ExpiringCode retrieveCode = this.expiringCodeStore.retrieveCode(passwordChange.getCode());
        if (retrieveCode == null) {
            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
        }
        String data = retrieveCode.getData();
        ScimUser retrieve = this.scimUserProvisioning.retrieve(data);
        try {
            if (!retrieve.isVerified()) {
                this.scimUserProvisioning.verifyUser(data, -1);
            }
            this.scimUserProvisioning.changePassword(data, null, passwordChange.getNewPassword());
            publish(new PasswordChangeEvent("Password changed", getUaaUser(retrieve), SecurityContextHolder.getContext().getAuthentication()));
            HashMap hashMap = new HashMap();
            hashMap.put(Claims.USER_ID, retrieve.getId());
            hashMap.put("username", retrieve.getUserName());
            hashMap.put("email", retrieve.getPrimaryEmail());
            return new ResponseEntity<>(hashMap, HttpStatus.OK);
        } catch (ScimResourceNotFoundException e) {
            publish(new PasswordChangeFailureEvent(e.getMessage(), getUaaUser(retrieve), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        } catch (BadCredentialsException e2) {
            publish(new PasswordChangeFailureEvent(e2.getMessage(), getUaaUser(retrieve), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
        } catch (Exception e3) {
            publish(new PasswordChangeFailureEvent(e3.getMessage(), getUaaUser(retrieve), SecurityContextHolder.getContext().getAuthentication()));
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private UaaUser getUaaUser(ScimUser scimUser) {
        Date date = new Date();
        return new UaaUser(scimUser.getId(), scimUser.getUserName(), "N/A", scimUser.getPrimaryEmail(), null, scimUser.getGivenName(), scimUser.getFamilyName(), date, date, scimUser.getOrigin(), scimUser.getExternalId(), scimUser.isVerified(), scimUser.getZoneId());
    }

    protected void publish(ApplicationEvent applicationEvent) {
        if (this.publisher != null) {
            this.publisher.publishEvent(applicationEvent);
        }
    }
}
