package io.jans.configapi.plugin.saml.rest;

import io.jans.as.model.util.Util;
import io.jans.configapi.core.model.ApiError;
import io.jans.configapi.core.rest.BaseResource;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.plugin.saml.client.IdpClientFactory;
import io.jans.configapi.plugin.saml.form.TrustRelationshipForm;
import io.jans.configapi.plugin.saml.model.MetadataSourceType;
import io.jans.configapi.plugin.saml.model.TrustRelationship;
import io.jans.configapi.plugin.saml.service.SamlService;
import io.jans.configapi.plugin.saml.util.Constants;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.jboss.resteasy.annotations.providers.multipart.MultipartForm;
import org.slf4j.Logger;

@Produces({IdpClientFactory.APPLICATION_JSON})
@Path("/saml/trust-relationship")
@Consumes({IdpClientFactory.APPLICATION_JSON})
/* loaded from: input_file:io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.class */
public class TrustRelationshipResource extends BaseResource {
    private static final String SAML_TRUST_RELATIONSHIP = "Trust Relationship";
    private static final String SAML_TRUST_RELATIONSHIP_FORM = "Trust Relationship From";
    private static final String SAML_TRUST_RELATIONSHIP_CHECK_STR = "Trust Relationship identified by '";
    private static final String NAME_CONFLICT = "NAME_CONFLICT";
    private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name `%s` already exists!";
    private static final String DATA_NULL_CHK = "RESOURCE_IS_NULL";
    private static final String DATA_NULL_MSG = "`%s` should not be null!";

    @Inject
    Logger logger;

    @Inject
    SamlService samlService;

    @ProtectedApi(scopes = {Constants.SAML_READ_ACCESS})
    @Operation(summary = "Get all Trust Relationship", description = "Get all TrustRelationship.", operationId = "get-trust-relationships", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_READ_ACCESS})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, array = @ArraySchema(schema = @Schema(implementation = TrustRelationship.class)))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getAllTrustRelationship() {
        List<TrustRelationship> allTrustRelationships = this.samlService.getAllTrustRelationships();
        this.logger.info("All trustRelationshipList:{}", allTrustRelationships);
        return Response.ok(allTrustRelationships).build();
    }

    @ProtectedApi(scopes = {Constants.SAML_READ_ACCESS})
    @Operation(summary = "Get TrustRelationship by Id", description = "Get TrustRelationship by Id", operationId = "get-trust-relationship-by-id", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_READ_ACCESS})})
    @GET
    @Path("/id/{id}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Trust relationship not found", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class))}), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getTrustRelationshipById(@Parameter(description = "Unique identifier - Id") @NotNull @PathParam("id") String str) {
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Searching TrustRelationship by id: {}", Util.escapeLog(str));
        }
        TrustRelationship trustRelationshipByInum = this.samlService.getTrustRelationshipByInum(str);
        if (trustRelationshipByInum != null) {
            this.logger.info("TrustRelationship found by id:{}, trustRelationship:{}", str, trustRelationshipByInum);
            return Response.ok(trustRelationshipByInum).build();
        }
        this.logger.info("TrustRelationship with id {} not found", str);
        return Response.status(Response.Status.NOT_FOUND).entity(new ApiError.ErrorBuilder().withCode(String.valueOf(Response.Status.NOT_FOUND.getStatusCode())).withMessage("Trust relationship not found").andDescription(String.format("The TrustRelationship with id '%s' was not found", str)).build()).build();
    }

    @Operation(summary = "Create Trust Relationship with Metadata File", description = "Create Trust Relationship with Metadata File", operationId = "post-trust-relationship-metadata-file", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_WRITE_ACCESS})})
    @RequestBody(description = "Trust Relationship object", content = {@Content(mediaType = "multipart/form-data", schema = @Schema(implementation = TrustRelationshipForm.class), examples = {@ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-post.json")})})
    @Path(Constants.UPLOAD_PATH)
    @Consumes({"multipart/form-data"})
    @ProtectedApi(scopes = {Constants.SAML_WRITE_ACCESS}, groupScopes = {}, superScopes = {Constants.SAML_WRITE_ACCESS})
    @POST
    @ApiResponses({@ApiResponse(responseCode = "201", description = "Newly created Trust Relationship", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))}), @ApiResponse(responseCode = "400", description = "Bad Request", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))}), @ApiResponse(responseCode = "500", description = "InternalServerError", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))})})
    public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationshipForm trustRelationshipForm, InputStream inputStream) throws IOException {
        this.logger.info(" Create trustRelationshipForm:{} ", trustRelationshipForm);
        checkResourceNotNull(trustRelationshipForm, SAML_TRUST_RELATIONSHIP_FORM);
        TrustRelationship trustRelationship = trustRelationshipForm.getTrustRelationship();
        this.logger.debug(" Create trustRelationship:{} ", trustRelationship);
        checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP);
        checkNotNull(trustRelationship.getName(), "Name");
        List<TrustRelationship> allTrustRelationshipByName = this.samlService.getAllTrustRelationshipByName(trustRelationship.getName());
        this.logger.debug(" existingTrustRelationship:{} ", allTrustRelationshipByName);
        if (allTrustRelationshipByName != null && !allTrustRelationshipByName.isEmpty()) {
            throwBadRequestException(NAME_CONFLICT, String.format(NAME_CONFLICT_MSG, trustRelationship.getName()));
        }
        InputStream metaDataFile = trustRelationshipForm.getMetaDataFile();
        this.logger.debug(" Create metaDataFile:{} ", metaDataFile);
        if (metaDataFile != null) {
            this.logger.debug(" Create metaDataFile.available():{}", Integer.valueOf(metaDataFile.available()));
        }
        validateSpMetaDataSourceType(trustRelationship, metaDataFile, false);
        String generateInumForNewRelationship = this.samlService.generateInumForNewRelationship();
        trustRelationship.setInum(generateInumForNewRelationship);
        trustRelationship.setDn(this.samlService.getDnForTrustRelationship(generateInumForNewRelationship));
        TrustRelationship addTrustRelationship = this.samlService.addTrustRelationship(trustRelationship, metaDataFile);
        this.logger.info("Create created by TrustRelationship:{}", addTrustRelationship);
        return Response.status(Response.Status.CREATED).entity(addTrustRelationship).build();
    }

    @Operation(summary = "Update TrustRelationship", description = "Update TrustRelationship", operationId = "put-trust-relationship", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_WRITE_ACCESS})})
    @RequestBody(description = "Trust Relationship object", content = {@Content(mediaType = "multipart/form-data", schema = @Schema(implementation = TrustRelationshipForm.class), examples = {@ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-put.json")})})
    @Path(Constants.UPLOAD_PATH)
    @Consumes({"multipart/form-data"})
    @ProtectedApi(scopes = {Constants.SAML_WRITE_ACCESS})
    @PUT
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))}), @ApiResponse(responseCode = "400", description = "Bad Request", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))}), @ApiResponse(responseCode = "500", description = "InternalServerError", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))})})
    public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm trustRelationshipForm, InputStream inputStream) throws IOException {
        this.logger.info("Update trustRelationshipForm:{}", trustRelationshipForm);
        checkResourceNotNull(trustRelationshipForm, SAML_TRUST_RELATIONSHIP_FORM);
        TrustRelationship trustRelationship = trustRelationshipForm.getTrustRelationship();
        this.logger.debug(" Create trustRelationship:{} ", trustRelationship);
        checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP);
        checkNotNull(trustRelationship.getName(), "Name");
        checkNotNull(trustRelationship.getInum(), Constants.INUM);
        TrustRelationship trustRelationshipByInum = this.samlService.getTrustRelationshipByInum(trustRelationship.getInum());
        this.logger.info("TrustRelationship found by trustRelationship.getInum():{}, existingTrustRelationship:{}", trustRelationship.getInum(), trustRelationshipByInum);
        checkResourceNotNull(trustRelationshipByInum, "Trust Relationship identified by '" + trustRelationship.getInum() + "'");
        String inum = trustRelationship.getInum();
        List<TrustRelationship> allTrustRelationshipByName = this.samlService.getAllTrustRelationshipByName(trustRelationship.getName());
        this.logger.info(" trustRelationshipList:{} ", allTrustRelationshipByName);
        if (allTrustRelationshipByName != null && !allTrustRelationshipByName.isEmpty()) {
            this.logger.info("TrustRelationship's with name:{}, inumList:{}", trustRelationship.getName(), (List) allTrustRelationshipByName.stream().map((v0) -> {
                return v0.getInum();
            }).collect(Collectors.toList()));
            List list = (List) allTrustRelationshipByName.stream().filter(trustRelationship2 -> {
                return !trustRelationship2.getInum().equalsIgnoreCase(inum);
            }).collect(Collectors.toList());
            this.logger.info("Other TrustRelationship's with same name:{} list:{}", trustRelationship.getName(), list);
            if (list != null && !list.isEmpty()) {
                throwBadRequestException(NAME_CONFLICT, String.format(NAME_CONFLICT_MSG, trustRelationship.getName()));
            }
        }
        InputStream metaDataFile = trustRelationshipForm.getMetaDataFile();
        this.logger.debug("metaDataFile for update is:{} ", metaDataFile);
        if (metaDataFile != null && metaDataFile.available() > 0) {
            this.logger.debug("For update metaDataFile.available():{}", Integer.valueOf(metaDataFile.available()));
        } else if (trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.FILE)) {
            trustRelationship.setSpMetaDataFN(trustRelationshipByInum.getSpMetaDataFN());
        }
        validateSpMetaDataSourceType(trustRelationship, metaDataFile, true);
        TrustRelationship updateTrustRelationship = this.samlService.updateTrustRelationship(trustRelationship, metaDataFile);
        this.logger.info("Post update trustRelationship:{}", updateTrustRelationship);
        return Response.ok(updateTrustRelationship).build();
    }

    @ProtectedApi(scopes = {Constants.SAML_WRITE_ACCESS})
    @Operation(summary = "Delete TrustRelationship", description = "Delete TrustRelationship", operationId = "delete-trust-relationship", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_WRITE_ACCESS})})
    @Path(Constants.ID_PATH_PARAM)
    @DELETE
    @ApiResponses({@ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response deleteTrustRelationship(@Parameter(description = "Unique Id of Trust Relationship") @NotNull @PathParam("id") String str) {
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Delete TrustRelationship identified by id:{}", Util.escapeLog(str));
        }
        TrustRelationship trustRelationshipByInum = this.samlService.getTrustRelationshipByInum(str);
        if (trustRelationshipByInum == null) {
            checkResourceNotNull(trustRelationshipByInum, SAML_TRUST_RELATIONSHIP);
        }
        this.samlService.removeTrustRelationship(trustRelationshipByInum);
        return Response.noContent().build();
    }

    @ProtectedApi(scopes = {Constants.SAML_READ_ACCESS})
    @Operation(summary = "Get TrustRelationship file metadata", description = "Get TrustRelationship file metadata", operationId = "get-trust-relationship-file-metadata", tags = {"SAML - Trust Relationship"}, security = {@SecurityRequirement(name = "oauth2", scopes = {Constants.SAML_READ_ACCESS})}, responses = {@ApiResponse(responseCode = "200", description = "OK", content = {@Content(mediaType = "application/xml", schema = @Schema(type = "string", format = "binary"))}), @ApiResponse(responseCode = "400", description = "Bad Request", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found", content = {@Content(mediaType = IdpClientFactory.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))}), @ApiResponse(responseCode = "500", description = "Internal Server Error")})
    @Path("/sp-metadata-file/{id}")
    @GET
    public Response gettrustRelationshipFileMetadata(@Parameter(description = "TrustRelationship inum") @NotNull @PathParam("id") String str) {
        this.logger.info("getTrustRelationshipFileMeta()");
        TrustRelationship trustRelationshipByInum = this.samlService.getTrustRelationshipByInum(str);
        checkResourceNotNull(trustRelationshipByInum, SAML_TRUST_RELATIONSHIP);
        if (trustRelationshipByInum.getSpMetaDataSourceType() != MetadataSourceType.FILE) {
            throwBadRequestException("TrustRelationship metadatasource type isn't a FILE");
        }
        InputStream trustRelationshipMetadataFile = this.samlService.getTrustRelationshipMetadataFile(trustRelationshipByInum);
        return trustRelationshipMetadataFile == null ? getNotFoundError(String.format("metadata file for tr '%s' ", str)) : Response.ok(trustRelationshipMetadataFile, "application/xml").build();
    }

    private void validateSpMetaDataSourceType(TrustRelationship trustRelationship, InputStream inputStream, boolean z) throws IOException {
        this.logger.info("Validate SP MetaDataSourceType trustRelationship:{}, metaDataFile:{}, isUpdate:{}", new Object[]{trustRelationship, inputStream, Boolean.valueOf(z)});
        checkResourceNotNull(trustRelationship.getSpMetaDataSourceType(), "SP MetaData Source Type");
        this.logger.info("Validate trustRelationship.getSpMetaDataSourceType():{}", trustRelationship.getSpMetaDataSourceType());
        if (trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.FILE)) {
            if ((inputStream == null || inputStream.available() <= 0) && !z) {
                throwBadRequestException(DATA_NULL_CHK, String.format(DATA_NULL_MSG, "SP MetaData File"));
            }
            trustRelationship.setSamlMetadata(null);
            return;
        }
        if (trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.MANUAL)) {
            if (inputStream != null && inputStream.available() > 0) {
                throwBadRequestException("SP MetaData File should not be provided!");
            }
            checkResourceNotNull(trustRelationship.getSamlMetadata(), "'SamlMetadata manual elements'");
            checkNotNull(trustRelationship.getSamlMetadata().getEntityId(), "'EntityId'");
            checkNotNull(trustRelationship.getSamlMetadata().getNameIDPolicyFormat(), "'NameIDPolicyFormat'");
            checkNotNull(trustRelationship.getSamlMetadata().getSingleLogoutServiceUrl(), "'SingleLogoutServiceUrl'");
            if (StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL()) && StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL())) {
                throwBadRequestException("Either of AssertionConsumerService GET or POST URL should be provided!");
            }
        }
    }
}
