package org.apereo.cas.mgmt;

import com.google.common.base.Splitter;
import com.mchange.io.FileUtils;
import java.io.File;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.UserDefinedFileAttributeView;
import java.text.MessageFormat;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.configuration.model.SubmissionNotifications;
import org.apereo.cas.configuration.model.support.email.EmailProperties;
import org.apereo.cas.configuration.model.support.saml.idp.metadata.SamlIdPMetadataProperties;
import org.apereo.cas.mgmt.authentication.CasUserProfile;
import org.apereo.cas.mgmt.controller.AbstractVersionControlController;
import org.apereo.cas.mgmt.domain.PendingItem;
import org.apereo.cas.mgmt.domain.RegisteredServiceItem;
import org.apereo.cas.mgmt.domain.RejectData;
import org.apereo.cas.mgmt.factory.RepositoryFactory;
import org.apereo.cas.mgmt.util.CasManagementUtils;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.util.RegisteredServiceJsonSerializer;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.DigestUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.ResourceUtils;
import org.eclipse.jgit.diff.RawText;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.Ref;
import org.quartz.impl.jdbcjobstore.StdJDBCConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.thymeleaf.standard.processor.StandardRemoveTagProcessor;

@RequestMapping(path = {"api/submissions"}, produces = {"application/json"})
@RestController("casManagementSubmissisonsController")
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-support-submissions-6.3.10.jar:org/apereo/cas/mgmt/SubmissionController.class */
public class SubmissionController extends AbstractVersionControlController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SubmissionController.class);
    private static final int MAX_EMAIL_LENGTH = 200;
    private final RepositoryFactory repositoryFactory;
    private final MgmtManagerFactory<? extends ServicesManager> managerFactory;
    private final CasManagementConfigurationProperties managementProperties;
    private final CasConfigurationProperties casProperties;
    private final CommunicationsManager communicationsManager;

    public SubmissionController(RepositoryFactory repositoryFactory, MgmtManagerFactory<? extends ServicesManager> mgmtManagerFactory, CasManagementConfigurationProperties casManagementConfigurationProperties, CasConfigurationProperties casConfigurationProperties, CommunicationsManager communicationsManager) {
        this.repositoryFactory = repositoryFactory;
        this.managerFactory = mgmtManagerFactory;
        this.managementProperties = casManagementConfigurationProperties;
        this.casProperties = casConfigurationProperties;
        this.communicationsManager = communicationsManager;
    }

    @GetMapping
    public List<RegisteredServiceItem> getSubmissions(Authentication authentication) throws Exception {
        isAdministrator(authentication);
        LOGGER.debug(this.managementProperties.getSubmissions().getSubmitDir());
        try {
            Stream<Path> list = Files.list(Paths.get(this.managementProperties.getSubmissions().getSubmitDir(), new String[0]));
            try {
                List<RegisteredServiceItem> list2 = (List) list.map(SubmissionController::createServiceItem).collect(Collectors.toList());
                if (list != null) {
                    list.close();
                }
                return list2;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw e;
        }
    }

    @GetMapping({"/pending"})
    public List<PendingItem> getPendingSubmissions(Authentication authentication) throws Exception {
        CasUserProfile from = CasUserProfile.from(authentication);
        try {
            Stream<Path> list = Files.list(Paths.get(this.managementProperties.getSubmissions().getSubmitDir(), new String[0]));
            try {
                List<PendingItem> list2 = (List) list.filter(path -> {
                    return isSubmitter(path, from);
                }).map(SubmissionController::createPendingItem).collect(Collectors.toList());
                GitUtil masterRepository = this.repositoryFactory.masterRepository();
                Stream<Ref> branches = masterRepository.branches();
                Objects.requireNonNull(masterRepository);
                list2.addAll((List) branches.map(masterRepository::mapBranches).filter(branchMap -> {
                    return !branchMap.getName().endsWith(Constants.MASTER) && branchMap.getCommitter().equalsIgnoreCase(from.getId());
                }).filter(branchMap2 -> {
                    return (branchMap2.isAccepted() || branchMap2.isRejected()) ? false : true;
                }).map(branchMap3 -> {
                    return createPendingItem(branchMap3, masterRepository);
                }).collect(Collectors.toList()));
                if (list != null) {
                    list.close();
                }
                return list2;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isSubmitter(Path path, CasUserProfile casUserProfile) {
        return getSubmitter(path)[0].equals(casUserProfile.getEmail());
    }

    private static RegisteredServiceItem createServiceItem(Path path) {
        RegisteredService from = new RegisteredServiceJsonSerializer().from(path.toFile());
        RegisteredServiceItem registeredServiceItem = new RegisteredServiceItem();
        registeredServiceItem.setAssignedId(path.getFileName().toString());
        registeredServiceItem.setEvalOrder(from.getEvaluationOrder());
        registeredServiceItem.setName(from.getName());
        registeredServiceItem.setServiceId(from.getServiceId());
        registeredServiceItem.setDescription(DigestUtils.abbreviate(from.getDescription()));
        registeredServiceItem.setSubmitter(getSubmitter(path)[1]);
        registeredServiceItem.setSubmitted(getSubmitted(path));
        registeredServiceItem.setStatus(status(path.getFileName().toString()));
        registeredServiceItem.setStaged(from.getEnvironments().contains("staged"));
        registeredServiceItem.setType(CasManagementUtils.getType(from));
        return registeredServiceItem;
    }

    private static PendingItem createPendingItem(Path path) {
        RegisteredService fromJson = CasManagementUtils.fromJson(path.toFile());
        PendingItem pendingItem = new PendingItem();
        pendingItem.setId(path.getFileName().toString());
        pendingItem.setName(fromJson.getName());
        pendingItem.setServiceId(fromJson.getServiceId());
        pendingItem.setSubmitted(getSubmitted(path));
        pendingItem.setStatus(status(path.getFileName().toString()));
        pendingItem.setType(CasManagementUtils.getType(fromJson));
        return pendingItem;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PendingItem createPendingItem(BranchMap branchMap, GitUtil gitUtil) {
        try {
            PendingItem pendingItem = new PendingItem();
            pendingItem.setId(branchMap.getId());
            pendingItem.setName(branchMap.getFullMessage());
            pendingItem.setServiceId(gitUtil.getDiffsToRevert(branchMap.getName()).size() + " services");
            pendingItem.setSubmitted(CasManagementUtils.formatDateTime(branchMap.getCommitTime()));
            pendingItem.setStatus("EDIT");
            return pendingItem;
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    private static String status(String str) {
        return str.startsWith("edit") ? "EDIT" : str.startsWith(StandardRemoveTagProcessor.ATTR_NAME) ? "REMOVE" : "SUBMITTED";
    }

    @PostMapping({"/yaml"})
    public String getYamlSubmission(Authentication authentication, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        return CasManagementUtils.toYaml(CasManagementUtils.fromJson(new File(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str)));
    }

    @PostMapping({"/json"})
    public String getJsonSubmission(Authentication authentication, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        return CasManagementUtils.toJson(CasManagementUtils.fromJson(new File(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str)));
    }

    @PostMapping({"/metadata"})
    public String getMetadataSubmission(Authentication authentication, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        SamlRegisteredService samlRegisteredService = (SamlRegisteredService) CasManagementUtils.fromJson(new File(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str));
        if (samlRegisteredService.getMetadataLocation().contains("mdq.incommon.org")) {
            return IOUtils.toString(fetchMetadata(samlRegisteredService.getMetadataLocation().replace(StdJDBCConstants.TABLE_PREFIX_SUBST, EncodingUtils.urlEncode(samlRegisteredService.getServiceId()))).getEntity().getContent(), StandardCharsets.UTF_8);
        }
        return FileUtils.getContentsAsString(ResourceUtils.getResourceFrom("file:/" + this.managementProperties.getMetadataRepoDir() + "/" + (DigestUtils.sha(samlRegisteredService.getServiceId()) + ".xml")).getFile());
    }

    @PostMapping(path = {"/reject"}, consumes = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    public void rejectSubmission(Authentication authentication, @RequestBody RejectData rejectData) throws Exception {
        isAdministrator(authentication);
        Path path = Paths.get(this.managementProperties.getSubmissions().getSubmitDir() + "/" + rejectData.getId(), new String[0]);
        RegisteredService fromJson = CasManagementUtils.fromJson(path.toFile());
        String str = getSubmitter(path)[0];
        Files.delete(path);
        sendRejectMessage(fromJson.getName(), rejectData.getNote(), str, rejectData.getId().contains("edit"));
    }

    private void sendRejectMessage(String str, String str2, String str3, boolean z) {
        if (this.communicationsManager.isMailSenderDefined()) {
            SubmissionNotifications notifications = this.managementProperties.getSubmissions().getNotifications();
            EmailProperties rejectChange = z ? notifications.getRejectChange() : notifications.getReject();
            rejectChange.setSubject(MessageFormat.format(rejectChange.getSubject(), str));
            this.communicationsManager.email(rejectChange, str3, MessageFormat.format(rejectChange.getText(), str, str2));
        }
    }

    @PostMapping({"added"})
    @ResponseStatus(HttpStatus.OK)
    public void addedSubmission(Authentication authentication, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        Path path = Paths.get(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str, new String[0]);
        RegisteredService fromJson = CasManagementUtils.fromJson(path.toFile());
        String str2 = getSubmitter(path)[0];
        Files.delete(path);
        sendAddedMessage(fromJson.getName(), "", str2);
    }

    private void sendAddedMessage(String str, String str2, String str3) {
        if (this.communicationsManager.isMailSenderDefined()) {
            EmailProperties added = this.managementProperties.getSubmissions().getNotifications().getAdded();
            added.setSubject(MessageFormat.format(added.getSubject(), str));
            this.communicationsManager.email(added, str3, MessageFormat.format(added.getText(), str, str2));
        }
    }

    @PostMapping({"diff"})
    @ResponseStatus(HttpStatus.OK)
    public void diffSubmission(Authentication authentication, HttpServletResponse httpServletResponse, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        GitUtil masterRepository = this.repositoryFactory.masterRepository();
        RawText rawText = new RawText(org.apache.commons.io.FileUtils.readFileToByteArray(new File(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str)));
        httpServletResponse.getOutputStream().write(masterRepository.getFormatter(new RawText(org.apache.commons.io.FileUtils.readFileToByteArray(new File(this.managementProperties.getVersionControl().getServicesRepo() + "/service-" + Splitter.on("-").splitToList(str).get(1)))), rawText));
    }

    @PostMapping({"accept"})
    @ResponseStatus(HttpStatus.OK)
    public void acceptSubmission(Authentication authentication, @RequestBody String str) throws Exception {
        isAdministrator(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        Path path = Paths.get(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str, new String[0]);
        RegisteredService fromJson = CasManagementUtils.fromJson(path.toFile());
        from2.save(fromJson);
        String str2 = getSubmitter(path)[0];
        Files.delete(path);
        sendAcceptMessage(fromJson.getName(), str2);
    }

    private void sendAcceptMessage(String str, String str2) {
        if (this.communicationsManager.isMailSenderDefined()) {
            EmailProperties accept = this.managementProperties.getSubmissions().getNotifications().getAccept();
            accept.setSubject(MessageFormat.format(accept.getSubject(), str));
            this.communicationsManager.email(accept, str2, MessageFormat.format(accept.getText(), str));
        }
    }

    @DeleteMapping
    @ResponseStatus(HttpStatus.OK)
    public void deleteSubmission(Authentication authentication, @RequestParam String str) throws Exception {
        isAdministrator(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        Path path = Paths.get(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str, new String[0]);
        RegisteredService fromJson = CasManagementUtils.fromJson(path.toFile());
        String str2 = getSubmitter(path)[0];
        from2.delete(fromJson.getId());
        Files.delete(path);
        sendDeleteMessage(fromJson.getName(), str2);
    }

    private void sendDeleteMessage(String str, String str2) {
        if (this.communicationsManager.isMailSenderDefined()) {
            EmailProperties delete = this.managementProperties.getSubmissions().getNotifications().getDelete();
            delete.setSubject(MessageFormat.format(delete.getSubject(), str));
            this.communicationsManager.email(delete, str2, MessageFormat.format(delete.getText(), str));
        }
    }

    @PostMapping({"import"})
    public RegisteredService importSubmission(@RequestBody String str) throws Exception {
        return CasManagementUtils.fromJson(new File(this.managementProperties.getSubmissions().getSubmitDir() + "/" + str));
    }

    private static String[] getSubmitter(Path path) {
        try {
            byte[] bArr = new byte[200];
            ((UserDefinedFileAttributeView) Files.getFileAttributeView(path, UserDefinedFileAttributeView.class, new LinkOption[0])).read("original_author", ByteBuffer.wrap(bArr));
            return new String(bArr, StandardCharsets.UTF_8).trim().split(":");
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return new String[]{"", ""};
        }
    }

    private static String getSubmitted(Path path) {
        try {
            return LocalDateTime.ofInstant(Files.getLastModifiedTime(path, new LinkOption[0]).toInstant(), ZoneOffset.systemDefault()).toString();
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return "";
        }
    }

    private HttpResponse fetchMetadata(String str) {
        SamlIdPMetadataProperties metadata = this.casProperties.getAuthn().getSamlIdp().getMetadata();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("Content-Type", metadata.getSupportedContentTypes());
        linkedHashMap.put("Accept", "*/*");
        LOGGER.debug("Fetching dynamic metadata via MDQ for [{}]", str);
        HttpResponse executeGet = HttpUtils.executeGet(str, metadata.getBasicAuthnUsername(), this.casProperties.getAuthn().getSamlIdp().getMetadata().getBasicAuthnPassword(), new HashMap(), linkedHashMap);
        if (executeGet != null) {
            return executeGet;
        }
        LOGGER.error("Unable to fetch metadata from [{}]", str);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
}
