package org.cloudfoundry.identity.uaa.login;

import java.io.IOException;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.login.AccountCreationService;
import org.cloudfoundry.identity.uaa.message.PasswordChangeRequest;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.oauth.ClientAdminEndpoints;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.stereotype.Service;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestClientException;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.thymeleaf.context.Context;
import org.thymeleaf.spring4.SpringTemplateEngine;

@Service
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.4.0.jar:org/cloudfoundry/identity/uaa/login/EmailInvitationsService.class */
public class EmailInvitationsService implements InvitationsService {
    private final Log logger = LogFactory.getLog(getClass());
    public static final String INVITATION_REDIRECT_URL = "invitation_redirect_url";
    public static final int INVITATION_EXPIRY_DAYS = 365;
    private final SpringTemplateEngine templateEngine;
    private final MessageService messageService;

    @Autowired
    private ScimUserProvisioning scimUserProvisioning;
    private String brand;

    @Autowired
    private AccountCreationService accountCreationService;

    @Autowired
    private ExpiringCodeService expiringCodeService;

    @Autowired
    private ClientAdminEndpoints clientAdminEndpoints;

    public EmailInvitationsService(SpringTemplateEngine springTemplateEngine, MessageService messageService, String str) {
        this.templateEngine = springTemplateEngine;
        this.messageService = messageService;
        this.brand = str;
    }

    public void setBrand(String str) {
        this.brand = str;
    }

    private void sendInvitationEmail(String str, String str2, String str3, String str4) {
        try {
            this.messageService.sendMessage(str2, str, MessageType.INVITATION, getSubjectText(), getEmailHtml(str3, str4));
        } catch (RestClientException e) {
            this.logger.info("Exception raised while creating invitation email from " + str, e);
        }
    }

    private String getSubjectText() {
        return this.brand.equals("pivotal") ? "Invitation to join Pivotal" : "Invitation to join Cloud Foundry";
    }

    private String getEmailHtml(String str, String str2) {
        String uriString = ServletUriComponentsBuilder.fromCurrentContextPath().path("/invitations/accept").build().toUriString();
        Context context = new Context();
        context.setVariable("serviceName", this.brand.equals("pivotal") ? "Pivotal" : "Cloud Foundry");
        context.setVariable("code", str2);
        context.setVariable("currentUser", str);
        context.setVariable("accountsUrl", uriString);
        return this.templateEngine.process("invite", context);
    }

    @Override // org.cloudfoundry.identity.uaa.login.InvitationsService
    public void inviteUser(String str, String str2) {
        try {
            ScimUser createUser = this.accountCreationService.createUser(str, new RandomValueStringGenerator().generate());
            HashMap hashMap = new HashMap();
            hashMap.put(Claims.USER_ID, createUser.getId());
            hashMap.put("email", str);
            sendInvitationEmail(str, createUser.getId(), str2, this.expiringCodeService.generateCode(hashMap, 365, TimeUnit.DAYS));
        } catch (IOException e) {
            this.logger.warn("couldn't invite user", e);
        } catch (HttpClientErrorException e2) {
            try {
                AccountCreationService.ExistingUserResponse existingUserResponse = (AccountCreationService.ExistingUserResponse) JsonUtils.readValue(e2.getResponseBodyAsString(), AccountCreationService.ExistingUserResponse.class);
                if (existingUserResponse.getVerified().booleanValue()) {
                    throw new UaaException(e2.getStatusText(), e2.getStatusCode().value());
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put(Claims.USER_ID, existingUserResponse.getUserId());
                hashMap2.put("email", str);
                sendInvitationEmail(str, existingUserResponse.getUserId(), str2, this.expiringCodeService.generateCode(hashMap2, 365, TimeUnit.DAYS));
            } catch (IOException e3) {
                this.logger.warn("couldn't invite user", e3);
            } catch (JsonUtils.JsonUtilException e4) {
                this.logger.warn("couldn't invite user", e4);
            }
        }
    }

    @Override // org.cloudfoundry.identity.uaa.login.InvitationsService
    public String acceptInvitation(String str, String str2, String str3, String str4) {
        ScimUser retrieve = this.scimUserProvisioning.retrieve(str);
        this.scimUserProvisioning.verifyUser(retrieve.getId(), retrieve.getVersion());
        new PasswordChangeRequest().setPassword(str3);
        this.scimUserProvisioning.changePassword(str, null, str3);
        String str5 = null;
        if (str4 != null && !str4.equals("")) {
            try {
                str5 = (String) this.clientAdminEndpoints.getClientDetails(str4).getAdditionalInformation().get(INVITATION_REDIRECT_URL);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return str5;
    }
}
