package org.cloudfoundry.identity.uaa.approval;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.resources.ActionResult;
import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.util.UaaPagingUtils;
import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView;
import org.cloudfoundry.identity.uaa.web.ExceptionReport;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.View;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.18.0.jar:org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.class */
public class ApprovalsAdminEndpoints implements InitializingBean, ApprovalsControllerService {
    private UaaUserDatabase userDatabase;
    private ApprovalStore approvalStore = null;
    private ClientServicesExtension clientDetailsService = null;
    private Map<Class<? extends Exception>, HttpStatus> statuses = new HashMap();
    private HttpMessageConverter<?>[] messageConverters = (HttpMessageConverter[]) new RestTemplate().getMessageConverters().toArray(new HttpMessageConverter[0]);
    private final Log logger = LogFactory.getLog(getClass());
    private SecurityContextAccessor securityContextAccessor = new DefaultSecurityContextAccessor();

    public void setStatuses(Map<Class<? extends Exception>, HttpStatus> map) {
        this.statuses = map;
    }

    public void setMessageConverters(HttpMessageConverter<?>[] httpMessageConverterArr) {
        this.messageConverters = httpMessageConverterArr;
    }

    public void setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor) {
        this.securityContextAccessor = securityContextAccessor;
    }

    public void setApprovalStore(ApprovalStore approvalStore) {
        this.approvalStore = approvalStore;
    }

    public void setUaaUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.userDatabase = uaaUserDatabase;
    }

    @Override // org.cloudfoundry.identity.uaa.approval.ApprovalsControllerService
    @RequestMapping(value = {"/approvals"}, method = {RequestMethod.GET})
    @ResponseBody
    public List<Approval> getApprovals(@RequestParam(required = false, defaultValue = "user_id pr") String str, @RequestParam(required = false, defaultValue = "1") int i, @RequestParam(required = false, defaultValue = "100") int i2) {
        String currentUserId = getCurrentUserId();
        this.logger.debug("Fetching all approvals for user: " + currentUserId);
        List<Approval> subList = UaaPagingUtils.subList(this.approvalStore.getApprovalsForUser(currentUserId, IdentityZoneHolder.get().getId()), i, i2);
        HashSet<String> hashSet = new HashSet();
        Iterator it = subList.iterator();
        while (it.hasNext()) {
            hashSet.add(((Approval) it.next()).getClientId());
        }
        HashMap hashMap = new HashMap();
        for (String str2 : hashSet) {
            BaseClientDetails baseClientDetails = (BaseClientDetails) this.clientDetailsService.loadClientByClientId(str2, IdentityZoneHolder.get().getId());
            Set<String> autoApproveScopes = baseClientDetails.getAutoApproveScopes();
            HashSet hashSet2 = new HashSet();
            if (autoApproveScopes != null) {
                if (autoApproveScopes.contains("true")) {
                    hashSet2.addAll(baseClientDetails.getScope());
                } else {
                    hashSet2.addAll(autoApproveScopes);
                }
            }
            hashMap.put(str2, hashSet2);
        }
        ArrayList arrayList = new ArrayList();
        for (Approval approval : subList) {
            if (!hashMap.containsKey(approval.getClientId()) || !((Set) hashMap.get(approval.getClientId())).contains(approval.getScope())) {
                arrayList.add(approval);
            }
        }
        return arrayList;
    }

    private String getCurrentUserId() {
        if (this.securityContextAccessor.isUser()) {
            return this.securityContextAccessor.getUserId();
        }
        throw new AccessDeniedException("Approvals can only be managed by a user");
    }

    @Override // org.cloudfoundry.identity.uaa.approval.ApprovalsControllerService
    @RequestMapping(value = {"/approvals"}, method = {RequestMethod.PUT})
    @ResponseBody
    public List<Approval> updateApprovals(@RequestBody Approval[] approvalArr) {
        String currentUserId = getCurrentUserId();
        this.logger.debug("Updating approvals for user: " + currentUserId);
        this.approvalStore.revokeApprovalsForUser(currentUserId, IdentityZoneHolder.get().getId());
        LinkedList linkedList = new LinkedList();
        for (Approval approval : approvalArr) {
            if (StringUtils.hasText(approval.getUserId()) && !isValidUser(approval.getUserId())) {
                this.logger.warn(String.format("Error[2] %s attempting to update approvals for %s", currentUserId, approval.getUserId()));
                throw new UaaException("unauthorized_operation", "Cannot update approvals for another user. Set user_id to null to update for existing user.", HttpStatus.UNAUTHORIZED.value());
            }
            approval.setUserId(currentUserId);
            if (this.approvalStore.addApproval(approval, IdentityZoneHolder.get().getId())) {
                linkedList.add(approval);
            }
        }
        return linkedList;
    }

    @Override // org.cloudfoundry.identity.uaa.approval.ApprovalsControllerService
    @RequestMapping(value = {"/approvals/{clientId}"}, method = {RequestMethod.PUT})
    @ResponseBody
    public List<Approval> updateClientApprovals(@PathVariable String str, @RequestBody Approval[] approvalArr) {
        this.clientDetailsService.loadClientByClientId(str, IdentityZoneHolder.get().getId());
        String currentUserId = getCurrentUserId();
        this.logger.debug("Updating approvals for user: " + currentUserId);
        this.approvalStore.revokeApprovalsForClientAndUser(str, currentUserId, IdentityZoneHolder.get().getId());
        for (Approval approval : approvalArr) {
            if (StringUtils.hasText(approval.getUserId()) && !isValidUser(approval.getUserId())) {
                this.logger.warn(String.format("Error[1] %s attemting to update approvals for %s.", currentUserId, approval.getUserId()));
                throw new UaaException("unauthorized_operation", "Cannot update approvals for another user. Set user_id to null to update for existing user.", HttpStatus.UNAUTHORIZED.value());
            }
            approval.setUserId(currentUserId);
            this.approvalStore.addApproval(approval, IdentityZoneHolder.get().getId());
        }
        return this.approvalStore.getApprovals(currentUserId, str, IdentityZoneHolder.get().getId());
    }

    private boolean isValidUser(String str) {
        if (str == null || !str.equals(getCurrentUserId())) {
            return false;
        }
        try {
            this.userDatabase.retrieveUserById(str);
            return true;
        } catch (UsernameNotFoundException e) {
            return false;
        }
    }

    @Override // org.cloudfoundry.identity.uaa.approval.ApprovalsControllerService
    @RequestMapping(value = {"/approvals"}, method = {RequestMethod.DELETE})
    @ResponseBody
    public ActionResult revokeApprovals(@RequestParam(required = true) String str) {
        this.clientDetailsService.loadClientByClientId(str, IdentityZoneHolder.get().getId());
        String currentUserId = getCurrentUserId();
        this.logger.debug("Revoking all existing approvals for user: " + currentUserId + " and client " + str);
        this.approvalStore.revokeApprovalsForClientAndUser(str, currentUserId, IdentityZoneHolder.get().getId());
        return new ActionResult("ok", "Approvals of user " + currentUserId + " and client " + str + " revoked");
    }

    @ExceptionHandler
    public View handleException(NoSuchClientException noSuchClientException) {
        this.logger.debug("Client not found:" + noSuchClientException.getMessage());
        return handleException(new UaaException(noSuchClientException.getMessage(), 404));
    }

    @ExceptionHandler
    public View handleException(Exception exc) {
        UaaException uaaException = exc instanceof UaaException ? (UaaException) exc : new UaaException("Unexpected error", "Error accessing user's approvals", HttpStatus.INTERNAL_SERVER_ERROR.value());
        Class<?> cls = exc.getClass();
        Iterator<Class<? extends Exception>> it = this.statuses.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Class<? extends Exception> next = it.next();
            if (next.isAssignableFrom(cls)) {
                uaaException = new UaaException(exc.getMessage(), "Error accessing user's approvals", this.statuses.get(next).value());
                break;
            }
        }
        return new ConvertingExceptionView(new ResponseEntity(new ExceptionReport(uaaException, false), HttpStatus.valueOf(uaaException.getHttpStatus())), this.messageConverters);
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.approvalStore, "Please supply an approvals manager");
        Assert.notNull(this.userDatabase, "Please supply a user database");
    }

    public void setClientDetailsService(ClientServicesExtension clientServicesExtension) {
        this.clientDetailsService = clientServicesExtension;
    }
}
