package org.cloudfoundry.identity.uaa.account;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.approval.Approval;
import org.cloudfoundry.identity.uaa.approval.ApprovalStore;
import org.cloudfoundry.identity.uaa.approval.DescribedApproval;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.5.7.jar:org/cloudfoundry/identity/uaa/account/ProfileController.class */
public class ProfileController {
    protected static Log logger = LogFactory.getLog(ProfileController.class);
    private final ApprovalStore approvalsService;
    private final ClientServicesExtension clientDetailsService;
    private final SecurityContextAccessor securityContextAccessor;

    public ProfileController(ApprovalStore approvalStore, ClientServicesExtension clientServicesExtension) {
        this(approvalStore, clientServicesExtension, new DefaultSecurityContextAccessor());
    }

    public ProfileController(ApprovalStore approvalStore, ClientServicesExtension clientServicesExtension, SecurityContextAccessor securityContextAccessor) {
        this.approvalsService = approvalStore;
        this.clientDetailsService = clientServicesExtension;
        this.securityContextAccessor = securityContextAccessor;
    }

    @RequestMapping(value = {"/profile"}, method = {RequestMethod.GET})
    public String get(Authentication authentication, Model model) {
        Map<String, List<DescribedApproval>> currentApprovalsForUser = getCurrentApprovalsForUser(getCurrentUserId());
        model.addAttribute("clientnames", getClientNames(currentApprovalsForUser));
        model.addAttribute("approvals", currentApprovalsForUser);
        model.addAttribute("isUaaManagedUser", Boolean.valueOf(isUaaManagedUser(authentication)));
        return "approvals";
    }

    protected Map<String, String> getClientNames(Map<String, List<DescribedApproval>> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str : map.keySet()) {
            ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str, IdentityZoneHolder.get().getId());
            String clientId = loadClientByClientId.getClientId();
            if (loadClientByClientId.getAdditionalInformation() != null && loadClientByClientId.getAdditionalInformation().get("name") != null) {
                clientId = (String) loadClientByClientId.getAdditionalInformation().get("name");
            }
            linkedHashMap.put(str, clientId);
        }
        return linkedHashMap;
    }

    @RequestMapping(value = {"/profile"}, method = {RequestMethod.POST})
    public String post(@RequestParam(required = false) Collection<String> collection, @RequestParam(required = false) String str, @RequestParam(required = false) String str2, @RequestParam(required = false) String str3) {
        String currentUserId = getCurrentUserId();
        if (null == str) {
            if (null == str2) {
                return "redirect:profile";
            }
            deleteApprovalsForClient(currentUserId, str3);
            return "redirect:profile";
        }
        Map<String, List<DescribedApproval>> currentApprovalsForUser = getCurrentApprovalsForUser(currentUserId);
        ArrayList arrayList = new ArrayList();
        Iterator<List<DescribedApproval>> it = currentApprovalsForUser.values().iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next());
        }
        if (StringUtils.hasText(str3)) {
            arrayList.removeIf(describedApproval -> {
                return !str3.equals(describedApproval.getClientId());
            });
        }
        for (DescribedApproval describedApproval2 : arrayList) {
            String str4 = describedApproval2.getClientId() + "-" + describedApproval2.getScope();
            if (collection == null || !collection.contains(str4)) {
                describedApproval2.setStatus(Approval.ApprovalStatus.DENIED);
            } else {
                describedApproval2.setStatus(Approval.ApprovalStatus.APPROVED);
            }
        }
        updateApprovals(arrayList);
        return "redirect:profile";
    }

    @ExceptionHandler
    public View handleException(NoSuchClientException noSuchClientException) {
        logger.debug("Unable to find client for approvals:" + noSuchClientException.getMessage());
        return new RedirectView("profile?error_message_code=request.invalid_parameter", true);
    }

    private boolean isUaaManagedUser(Authentication authentication) {
        if (authentication.getPrincipal() instanceof UaaPrincipal) {
            return OriginKeys.UAA.equals(((UaaPrincipal) authentication.getPrincipal()).getOrigin());
        }
        return false;
    }

    public Map<String, List<DescribedApproval>> getCurrentApprovalsForUser(String str) {
        HashMap hashMap = new HashMap();
        List<Approval> approvalsForUser = this.approvalsService.getApprovalsForUser(str, IdentityZoneHolder.get().getId());
        ArrayList<DescribedApproval> arrayList = new ArrayList();
        Iterator<Approval> it = approvalsForUser.iterator();
        while (it.hasNext()) {
            arrayList.add(new DescribedApproval(it.next()));
        }
        for (DescribedApproval describedApproval : arrayList) {
            List list = (List) hashMap.get(describedApproval.getClientId());
            if (list == null) {
                list = new ArrayList();
                hashMap.put(describedApproval.getClientId(), list);
            }
            String scope = describedApproval.getScope();
            if (scope.contains(".")) {
                describedApproval.setDescription("Access your '" + scope.substring(0, scope.lastIndexOf(".")) + "' resources with scope '" + scope.substring(scope.lastIndexOf(".") + 1) + "'");
                list.add(describedApproval);
            } else {
                describedApproval.setDescription("Access your data with scope '" + scope + "'");
                list.add(describedApproval);
            }
        }
        Iterator it2 = hashMap.values().iterator();
        while (it2.hasNext()) {
            Collections.sort((List) it2.next(), new Comparator<DescribedApproval>() { // from class: org.cloudfoundry.identity.uaa.account.ProfileController.1
                @Override // java.util.Comparator
                public int compare(DescribedApproval describedApproval2, DescribedApproval describedApproval3) {
                    return describedApproval2.getScope().compareTo(describedApproval3.getScope());
                }
            });
        }
        return hashMap;
    }

    public void updateApprovals(List<DescribedApproval> list) {
        String id = IdentityZoneHolder.get().getId();
        for (DescribedApproval describedApproval : list) {
            this.approvalsService.revokeApprovalsForClientAndUser(describedApproval.getClientId(), describedApproval.getUserId(), id);
        }
        Iterator<DescribedApproval> it = list.iterator();
        while (it.hasNext()) {
            this.approvalsService.addApproval(it.next(), id);
        }
    }

    public void deleteApprovalsForClient(String str, String str2) {
        this.clientDetailsService.loadClientByClientId(str2);
        this.approvalsService.revokeApprovalsForClientAndUser(str2, str, IdentityZoneHolder.get().getId());
    }

    private String getCurrentUserId() {
        if (this.securityContextAccessor.isUser()) {
            return this.securityContextAccessor.getUserId();
        }
        throw new AccessDeniedException("Approvals can only be managed by a user");
    }
}
