package org.cloudfoundry.identity.uaa.scim.endpoints;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.sql.Timestamp;
import java.util.Map;
import org.apache.batik.util.XMLConstants;
import org.cloudfoundry.identity.uaa.account.EmailChange;
import org.cloudfoundry.identity.uaa.account.EmailChangeResponse;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.event.UserModifiedEvent;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.5.7.jar:org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpoints.class */
public class ChangeEmailEndpoints implements ApplicationEventPublisherAware {
    private final ScimUserProvisioning scimUserProvisioning;
    private final ExpiringCodeStore expiringCodeStore;
    private ApplicationEventPublisher publisher;
    private final QueryableResourceManager<ClientDetails> clientDetailsService;
    private static final int EMAIL_CHANGE_LIFETIME = 1800000;
    public static final String CHANGE_EMAIL_REDIRECT_URL = "change_email_redirect_url";

    public ChangeEmailEndpoints(ScimUserProvisioning scimUserProvisioning, ExpiringCodeStore expiringCodeStore, QueryableResourceManager<ClientDetails> queryableResourceManager) {
        this.scimUserProvisioning = scimUserProvisioning;
        this.expiringCodeStore = expiringCodeStore;
        this.clientDetailsService = queryableResourceManager;
    }

    @RequestMapping(value = {"/email_verifications"}, method = {RequestMethod.POST})
    public ResponseEntity<String> generateEmailVerificationCode(@RequestBody EmailChange emailChange) {
        String userId = emailChange.getUserId();
        String email = emailChange.getEmail();
        ScimUser retrieve = this.scimUserProvisioning.retrieve(userId, IdentityZoneHolder.get().getId());
        if (retrieve.getUserName().equals(retrieve.getPrimaryEmail()) && !this.scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + OriginKeys.UAA + XMLConstants.XML_DOUBLE_QUOTE, IdentityZoneHolder.get().getId()).isEmpty()) {
            return new ResponseEntity<>(HttpStatus.CONFLICT);
        }
        try {
            return new ResponseEntity<>(this.expiringCodeStore.generateCode(JsonUtils.writeValueAsString(emailChange), new Timestamp(System.currentTimeMillis() + 1800000), ExpiringCodeType.EMAIL.name(), IdentityZoneHolder.get().getId()).getCode(), HttpStatus.CREATED);
        } catch (JsonUtils.JsonUtilException e) {
            throw new UaaException("Error while generating change email code", e);
        }
    }

    @RequestMapping(value = {"/email_changes"}, method = {RequestMethod.POST})
    public ResponseEntity<EmailChangeResponse> changeEmail(@RequestBody String str) throws IOException {
        ExpiringCode retrieveCode = this.expiringCodeStore.retrieveCode(str, IdentityZoneHolder.get().getId());
        if (null == retrieveCode || !(null == retrieveCode.getIntent() || ExpiringCodeType.EMAIL.name().equals(retrieveCode.getIntent()))) {
            return new ResponseEntity<>(HttpStatus.UNPROCESSABLE_ENTITY);
        }
        Map map = (Map) JsonUtils.readValue(retrieveCode.getData(), new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.scim.endpoints.ChangeEmailEndpoints.1
        });
        String str2 = (String) map.get("userId");
        String str3 = (String) map.get("email");
        ScimUser retrieve = this.scimUserProvisioning.retrieve(str2, IdentityZoneHolder.get().getId());
        if (retrieve.getUserName().equals(retrieve.getPrimaryEmail())) {
            retrieve.setUserName(str3);
        }
        retrieve.setPrimaryEmail(str3);
        this.scimUserProvisioning.update(str2, retrieve, IdentityZoneHolder.get().getId());
        String str4 = null;
        String str5 = (String) map.get("client_id");
        if (str5 != null && !str5.equals("")) {
            str4 = (String) this.clientDetailsService.retrieve(str5, IdentityZoneHolder.get().getId()).getAdditionalInformation().get("change_email_redirect_url");
        }
        this.publisher.publishEvent((ApplicationEvent) UserModifiedEvent.emailChanged(str2, retrieve.getUserName(), retrieve.getPrimaryEmail()));
        EmailChangeResponse emailChangeResponse = new EmailChangeResponse();
        emailChangeResponse.setEmail(str3);
        emailChangeResponse.setUserId(str2);
        emailChangeResponse.setUsername(retrieve.getUserName());
        emailChangeResponse.setRedirectUrl(str4);
        return new ResponseEntity<>(emailChangeResponse, HttpStatus.OK);
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.publisher = applicationEventPublisher;
    }
}
