package org.apereo.cas.mgmt;

import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHost;
import org.apache.logging.log4j.message.StructuredDataId;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.mgmt.authentication.CasUserProfile;
import org.apereo.cas.mgmt.domain.SsoSession;
import org.apereo.cas.mgmt.domain.SsoSessionResponse;
import org.apereo.cas.mgmt.util.HttpComponentsClientHttpRequestFactoryBasicAuth;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.text.MessageSanitizer;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.client.support.BasicAuthenticationInterceptor;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;

@RequestMapping(path = {"api/sessions"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-support-dashboard-6.6.0.jar:org/apereo/cas/mgmt/SessionsController.class */
public class SessionsController {
    private final CasManagementConfigurationProperties mgmtProperties;
    private final CasConfigurationProperties casProperties;
    private final MessageSanitizer messageSanitizer;

    /* JADX WARN: Multi-variable type inference failed */
    private SsoSessionResponse getSsoSessions(String str, boolean z) {
        SsoSessionResponse ssoSessionResponse = (SsoSessionResponse) getRestTemplate(str).getForEntity(str, SsoSessionResponse.class, new Object[0]).getBody();
        if (z) {
            ((SsoSessionResponse) Objects.requireNonNull(ssoSessionResponse)).getActiveSsoSessions().forEach(ssoSession -> {
                ssoSession.setTicketGrantingTicket(this.messageSanitizer.sanitize(ssoSession.getTicketGrantingTicket()));
            });
        }
        return ssoSessionResponse;
    }

    private static void isAdmin(Authentication authentication) throws IllegalAccessException {
        if (!CasUserProfile.from(authentication).isAdministrator()) {
            throw new IllegalAccessException("Permission Denied");
        }
    }

    @GetMapping
    public SsoSessionResponse getUserSession(Authentication authentication) throws IllegalAccessException {
        isAdmin(authentication);
        return getSsoSessions(this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions?user=" + CasUserProfile.from(authentication).getId() + "&type=ALL", true);
    }

    @GetMapping({"{user}"})
    public SsoSessionResponse getSession(@PathVariable String str, Authentication authentication) throws IllegalAccessException {
        isAdmin(authentication);
        return getSsoSessions(this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions?user=" + str + "&type=ALL", true);
    }

    @DeleteMapping({"{tgt}"})
    public void revokeSession(@PathVariable String str, @RequestParam String str2, Authentication authentication) throws IllegalAccessException {
        String ticketGrantingTicket;
        CipherExecutor.LOGGER.info("Attempting to revoke [{}]", str);
        CasUserProfile from = CasUserProfile.from(authentication);
        if (from.isAdministrator()) {
            Optional<SsoSession> findFirst = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?user=" + (StructuredDataId.RESERVED.equals(str2) ? from.getId() : str2) + "&type=ALL", false).getActiveSsoSessions().stream().filter(ssoSession -> {
                return this.messageSanitizer.sanitize(ssoSession.getTicketGrantingTicket()).equals(str);
            }).findFirst();
            if (!findFirst.isPresent()) {
                throw new IllegalAccessException("Permission Denied");
            }
            ticketGrantingTicket = findFirst.get().getTicketGrantingTicket();
        } else {
            Optional<SsoSession> findFirst2 = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?user=" + from.getId() + "&type=ALL", false).getActiveSsoSessions().stream().filter(ssoSession2 -> {
                return this.messageSanitizer.sanitize(ssoSession2.getTicketGrantingTicket()).equals(str);
            }).findFirst();
            if (!findFirst2.isPresent()) {
                throw new IllegalAccessException("Permission Denied");
            }
            ticketGrantingTicket = findFirst2.get().getTicketGrantingTicket();
        }
        if (ticketGrantingTicket == null || ticketGrantingTicket.isEmpty()) {
            return;
        }
        new RestTemplate().delete((this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions") + "/" + ticketGrantingTicket, new Object[0]);
    }

    @GetMapping({"revokeAll"})
    @ResponseStatus(HttpStatus.OK)
    public void revokeAll(Authentication authentication) {
        CasUserProfile from = CasUserProfile.from(authentication);
        CipherExecutor.LOGGER.info("Attempting to revoke all sessions for [{}]", from.getId());
        RestTemplate restTemplate = new RestTemplate();
        String str = this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions";
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        restTemplate.postForObject(str + "/" + from.getId(), new HttpEntity(null, httpHeaders), Void.class, new Object[0]);
    }

    @PostMapping({"bulkRevoke"})
    @ResponseStatus(HttpStatus.OK)
    public void bulkRevoke(Authentication authentication, @RequestBody List<String> list) {
        CipherExecutor.LOGGER.info("Attempting to revoke [{}]", list);
        CasUserProfile from = CasUserProfile.from(authentication);
        ArrayList arrayList = new ArrayList();
        SsoSessionResponse ssoSessions = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?user=" + from.getId() + "&type=ALL", false);
        list.forEach(str -> {
            ssoSessions.getActiveSsoSessions().stream().filter(ssoSession -> {
                return this.messageSanitizer.sanitize(ssoSession.getTicketGrantingTicket()).equals(str);
            }).findFirst().ifPresent(ssoSession2 -> {
                arrayList.add(ssoSession2.getTicketGrantingTicket());
            });
        });
        if (arrayList.isEmpty()) {
            return;
        }
        RestTemplate restTemplate = new RestTemplate();
        String str2 = this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions";
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        restTemplate.exchange(str2, HttpMethod.POST, new HttpEntity<>("{\"tickets\": \"" + ((String) arrayList.stream().collect(Collectors.joining(","))) + "\"}", httpHeaders), Void.class, new Object[0]);
    }

    private RestTemplate getRestTemplate(String str) {
        RestTemplate restTemplate = new RestTemplate(new HttpComponentsClientHttpRequestFactoryBasicAuth(new HttpHost(URI.create(str).getHost())));
        if (StringUtils.isNotBlank(this.mgmtProperties.getActuatorBasicAuthUsername())) {
            restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(this.mgmtProperties.getActuatorBasicAuthUsername(), this.mgmtProperties.getActuatorBasicAuthPassword()));
        }
        return restTemplate;
    }

    @Generated
    public SessionsController(CasManagementConfigurationProperties casManagementConfigurationProperties, CasConfigurationProperties casConfigurationProperties, MessageSanitizer messageSanitizer) {
        this.mgmtProperties = casManagementConfigurationProperties;
        this.casProperties = casConfigurationProperties;
        this.messageSanitizer = messageSanitizer;
    }
}
