package org.apereo.cas.mgmt.controller;

import java.io.IOException;
import java.text.MessageFormat;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.mgmt.ManagementServicesManager;
import org.apereo.cas.mgmt.MgmtManagerFactory;
import org.apereo.cas.mgmt.authentication.CasUserProfile;
import org.apereo.cas.mgmt.domain.RegisteredServiceItem;
import org.apereo.cas.mgmt.util.CasManagementUtils;
import org.apereo.cas.services.BaseRegisteredService;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping(path = {"api/services"}, produces = {"application/json"})
@RestController("serviceController")
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-core-6.6.4.jar:org/apereo/cas/mgmt/controller/ServiceController.class */
public class ServiceController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ServiceController.class);
    private static final String NOT_FOUND_PATTERN = "Service '{}' not found";
    private final MgmtManagerFactory<? extends ServicesManager> managerFactory;

    private static void save(RegisteredService registeredService, ManagementServicesManager managementServicesManager) {
        if (registeredService.getEvaluationOrder() < 0) {
            registeredService.setEvaluationOrder(managementServicesManager.getServicesForDomain(managementServicesManager.extractDomain(registeredService.getServiceId())).size());
        }
        if (registeredService.getId() > -1) {
            managementServicesManager.checkForRename(registeredService);
        }
        managementServicesManager.save(registeredService);
        LOGGER.info("Saved changes to service [{}]", Long.valueOf(registeredService.getId()));
    }

    @GetMapping
    public List<RegisteredServiceItem> getServices(Authentication authentication, @RequestParam String str) throws IllegalAccessException {
        CasUserProfile casUserProfile = new CasUserProfile(authentication);
        if (!casUserProfile.isAdministrator() && !casUserProfile.hasPermission(str)) {
            throw new IllegalAccessException("You do not have permission to the domain '" + str + "'");
        }
        ManagementServicesManager managementServicesManager = (ManagementServicesManager) this.managerFactory.from2(authentication);
        return managementServicesManager.getServiceItems(managementServicesManager.getServicesForDomain(str).stream().filter(registeredService -> {
            return registeredService.getFriendlyName().equalsIgnoreCase(CasRegisteredService.FRIENDLY_NAME);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getEvaluationOrder();
        })));
    }

    @GetMapping({"oauth"})
    public List<RegisteredServiceItem> getOAuthServices(Authentication authentication) throws IllegalAccessException {
        CasUserProfile casUserProfile = new CasUserProfile(authentication);
        if (!casUserProfile.isUser()) {
            throw new IllegalAccessException("You do not have permission");
        }
        ManagementServicesManager managementServicesManager = (ManagementServicesManager) this.managerFactory.from2(authentication);
        Stream<RegisteredService> stream = managementServicesManager.findServiceBy(registeredService -> {
            return registeredService instanceof OAuthRegisteredService;
        }).stream();
        Objects.requireNonNull(casUserProfile);
        return managementServicesManager.getServiceItems(stream.filter(casUserProfile::hasPermission));
    }

    @GetMapping({"wsfed"})
    public List<RegisteredServiceItem> getWsfedServices(Authentication authentication) throws IllegalAccessException {
        CasUserProfile casUserProfile = new CasUserProfile(authentication);
        if (!casUserProfile.isUser()) {
            throw new IllegalAccessException("You do not have permission");
        }
        ManagementServicesManager managementServicesManager = (ManagementServicesManager) this.managerFactory.from2(authentication);
        Stream<RegisteredService> stream = managementServicesManager.findServiceBy(registeredService -> {
            return registeredService instanceof WSFederationRegisteredService;
        }).stream();
        Objects.requireNonNull(casUserProfile);
        return managementServicesManager.getServiceItems(stream.filter(casUserProfile::hasPermission));
    }

    @GetMapping({"saml"})
    public List<RegisteredServiceItem> getSamlServices(Authentication authentication) throws IllegalAccessException {
        CasUserProfile from = CasUserProfile.from(authentication);
        if (!from.isUser()) {
            throw new IllegalAccessException("You do not have permission");
        }
        ManagementServicesManager managementServicesManager = (ManagementServicesManager) this.managerFactory.from2(authentication);
        Stream stream = managementServicesManager.getAllServicesOfType(SamlRegisteredService.class).stream();
        Objects.requireNonNull(from);
        return managementServicesManager.getServiceItems(stream.filter((v1) -> {
            return r1.hasPermission(v1);
        }));
    }

    @DeleteMapping({"/{id}"})
    @ResponseStatus(HttpStatus.OK)
    public void deleteRegisteredService(Authentication authentication, @PathVariable("id") long j) {
        CasUserProfile from = CasUserProfile.from(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        RegisteredService findServiceBy = from2.findServiceBy(j);
        if (from.isUser() && from.hasPermission((CasUserProfile) findServiceBy)) {
            if (findServiceBy == null) {
                throw new IllegalArgumentException(MessageFormat.format(NOT_FOUND_PATTERN, Long.valueOf(j)));
            }
            LOGGER.debug("Deleting service [{}]", Long.valueOf(j));
            from2.delete(j);
        }
    }

    @PostMapping(consumes = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    public void saveService(Authentication authentication, @RequestBody RegisteredService registeredService) {
        CasUserProfile from = CasUserProfile.from(authentication);
        if (from.isUser() && from.hasPermission((CasUserProfile) registeredService)) {
            save(registeredService, (ManagementServicesManager) this.managerFactory.from2(authentication));
        }
    }

    @GetMapping({"/{id}"})
    public RegisteredService getServiceById(Authentication authentication, @PathVariable("id") Long l) {
        CasUserProfile from = CasUserProfile.from(authentication);
        if (from.isUser()) {
            RegisteredService service = getService(authentication, l);
            if (from.hasPermission((CasUserProfile) service)) {
                return service;
            }
        }
        throw new IllegalArgumentException("You do not have permission");
    }

    @GetMapping({"/yaml/{id}"})
    public String getYaml(Authentication authentication, @PathVariable("id") Long l) {
        CasUserProfile from = CasUserProfile.from(authentication);
        RegisteredService service = getService(authentication, l);
        return from.hasPermission((CasUserProfile) service) ? CasManagementUtils.toYaml(service) : "";
    }

    @PostMapping({"yaml/{id}"})
    public void saveYaml(Authentication authentication, @PathVariable("id") Long l, @RequestBody String str) throws IOException {
        CasUserProfile from = CasUserProfile.from(authentication);
        RegisteredService parseYaml = CasManagementUtils.parseYaml(str);
        if (from.hasPermission((CasUserProfile) parseYaml)) {
            if (!l.equals(Long.valueOf(parseYaml.getId()))) {
                throw new IllegalArgumentException("Changes to assigned id are not allowed");
            }
            save(parseYaml, (ManagementServicesManager) this.managerFactory.from2(authentication));
        }
    }

    @PostMapping({"validate"})
    public ResponseEntity<String> validate(Authentication authentication, @RequestParam(required = false, name = "format", defaultValue = "json") String str, @RequestBody RegisteredService registeredService) {
        if (CasUserProfile.from(authentication).hasPermission((CasUserProfile) registeredService)) {
            return ResponseEntity.ok(StringUtils.equalsIgnoreCase(str, "yaml") ? CasManagementUtils.toYaml(registeredService) : CasManagementUtils.toJson(registeredService));
        }
        return ResponseEntity.badRequest().build();
    }

    @GetMapping({"/json/{id}"})
    public String getJson(Authentication authentication, @PathVariable("id") Long l) {
        RegisteredService service = getService(authentication, l);
        return CasUserProfile.from(authentication).hasPermission((CasUserProfile) service) ? CasManagementUtils.toJson(service) : "";
    }

    @PostMapping({"/json/{id}"})
    public void saveJson(Authentication authentication, @PathVariable("id") Long l, @RequestBody String str) throws IOException {
        RegisteredService parseJson = CasManagementUtils.parseJson(str);
        if (CasUserProfile.from(authentication).hasPermission((CasUserProfile) parseJson)) {
            if (!l.equals(Long.valueOf(parseJson.getId()))) {
                throw new IllegalArgumentException("Changes to assigned id are not allowed.");
            }
            save(parseJson, (ManagementServicesManager) this.managerFactory.from2(authentication));
        }
    }

    @PostMapping(value = {"import"}, consumes = {"text/plain"})
    public RegisteredService importService(@RequestBody String str) {
        RegisteredService fromJson = str.startsWith("{") ? CasManagementUtils.fromJson(str) : CasManagementUtils.fromYaml(str);
        fromJson.setId(-1L);
        return fromJson;
    }

    @PostMapping(value = {"/updateOrder"}, consumes = {"application/json"})
    @ResponseStatus(HttpStatus.OK)
    public void updateOrder(Authentication authentication, @RequestBody List<RegisteredServiceItem> list) throws IllegalAccessException {
        CasUserProfile from = CasUserProfile.from(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        for (RegisteredServiceItem registeredServiceItem : list) {
            LOGGER.warn("Service = [{}], order = [{}]", registeredServiceItem, Integer.valueOf(registeredServiceItem.getEvalOrder()));
            if (!from.hasPermission(registeredServiceItem.getServiceId())) {
                throw new IllegalAccessException("You do not have permission");
            }
            String assignedId = registeredServiceItem.getAssignedId();
            RegisteredService findServiceBy = from2.findServiceBy(Long.parseLong(assignedId));
            if (findServiceBy == null) {
                throw new IllegalArgumentException(MessageFormat.format(NOT_FOUND_PATTERN, assignedId));
            }
            findServiceBy.setEvaluationOrder(registeredServiceItem.getEvalOrder());
            from2.save(findServiceBy);
        }
    }

    @GetMapping({"promote/{id}"})
    public void promote(@PathVariable Long l, Authentication authentication) throws IllegalAccessException {
        CasUserProfile from = CasUserProfile.from(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        BaseRegisteredService baseRegisteredService = (BaseRegisteredService) from2.findServiceBy(l.longValue());
        if (!from.hasPermission((CasUserProfile) baseRegisteredService)) {
            throw new IllegalAccessException("You do not have permission");
        }
        baseRegisteredService.setEnvironments(null);
        from2.save(baseRegisteredService);
    }

    @GetMapping({"demote/{id}"})
    public void demote(@PathVariable Long l, Authentication authentication) throws IllegalAccessException {
        CasUserProfile from = CasUserProfile.from(authentication);
        ServicesManager from2 = this.managerFactory.from2(authentication);
        BaseRegisteredService baseRegisteredService = (BaseRegisteredService) from2.findServiceBy(l.longValue());
        if (!from.hasPermission((CasUserProfile) baseRegisteredService)) {
            throw new IllegalAccessException("You do not have permission");
        }
        HashSet hashSet = new HashSet();
        hashSet.add("staged");
        baseRegisteredService.setEnvironments(hashSet);
        from2.save(baseRegisteredService);
    }

    private RegisteredService getService(Authentication authentication, Long l) {
        RegisteredService casRegisteredService = l.longValue() == -1 ? new CasRegisteredService() : this.managerFactory.from2(authentication).findServiceBy(l.longValue());
        if (casRegisteredService != null) {
            return casRegisteredService;
        }
        LOGGER.warn("Invalid service id specified [{}]. Cannot find service in the registry", l);
        throw new IllegalArgumentException(MessageFormat.format(NOT_FOUND_PATTERN, l));
    }

    @Generated
    public ServiceController(MgmtManagerFactory<? extends ServicesManager> mgmtManagerFactory) {
        this.managerFactory = mgmtManagerFactory;
    }
}
