package io.jans.configapi.plugin.mgt.rest;

import com.github.fge.jsonpatch.JsonPatchException;
import io.jans.as.common.model.common.User;
import io.jans.as.model.util.Util;
import io.jans.configapi.core.model.SearchRequest;
import io.jans.configapi.core.rest.BaseResource;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.plugin.mgt.model.user.CustomUser;
import io.jans.configapi.plugin.mgt.model.user.UserPatchRequest;
import io.jans.configapi.plugin.mgt.service.UserMgmtService;
import io.jans.configapi.plugin.mgt.util.Constants;
import io.jans.configapi.plugin.mgt.util.MgtUtil;
import io.jans.orm.model.PagedResult;
import io.jans.util.StringHelper;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;

@ApplicationScoped
@Produces({"application/json"})
@Path(Constants.CONFIG_USER)
@Consumes({"application/json"})
/* loaded from: input_file:io/jans/configapi/plugin/mgt/rest/UserResource.class */
public class UserResource extends BaseResource {
    private static final String USER = "user";
    private static final String MAIL = "mail";
    private static final String DISPLAY_NAME = "displayName";
    private static final String JANS_STATUS = "jansStatus";
    private static final String GIVEN_NAME = "givenName";
    private static final String USER_PWD = "userPassword";
    private static final String INUM = "inum";

    @Inject
    Logger logger;

    @Inject
    MgtUtil mgtUtil;

    @Inject
    UserMgmtService userMgmtSrv;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/jans/configapi/plugin/mgt/rest/UserResource$UserPagedResult.class */
    public class UserPagedResult extends PagedResult<CustomUser> {
        private UserPagedResult() {
        }
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.readonly"})
    @Operation(summary = "Gets list of users", description = "Gets list of users", operationId = "get-user", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.readonly"})})
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = UserPagedResult.class), examples = {@ExampleObject(name = "Response json example", value = "example/user/user-all.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getUsers(@Parameter(description = "Search size - max size of the results to return") @QueryParam("limit") @DefaultValue("50") int i, @Parameter(description = "Search pattern") @QueryParam("pattern") @DefaultValue("") String str, @Parameter(description = "The 1-based index of the first query result") @QueryParam("startIndex") @DefaultValue("0") int i2, @Parameter(description = "Attribute whose value will be used to order the returned response") @QueryParam("sortBy") String str2, @Parameter(description = "Order in which the sortBy param is applied. Allowed values are \"ascending\" and \"descending\"") @QueryParam("sortOrder") String str3) throws IllegalAccessException, InvocationTargetException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User search param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}", new Object[]{Util.escapeLog(Integer.valueOf(i)), Util.escapeLog(str), Util.escapeLog(Integer.valueOf(i2)), Util.escapeLog(str2), Util.escapeLog(str3)});
        }
        return Response.ok(doSearch(createSearchRequest(this.userMgmtSrv.getPeopleBaseDn(), str, str2, str3, Integer.valueOf(i2), Integer.valueOf(i), null, this.userMgmtSrv.getUserExclusionAttributesAsString(), this.mgtUtil.getRecordMaxCount()))).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.readonly"})
    @Operation(summary = "Get User by Inum", description = "Get User by Inum", operationId = "get-user-by-inum", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.readonly"})})
    @GET
    @Path("{inum}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class, description = "CustomUser identified by inum"), examples = {@ExampleObject(name = "Response json example", value = "example/user/user.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response getUserByInum(@Parameter(description = "User identifier") @NotNull @PathParam("inum") String str) throws IllegalAccessException, InvocationTargetException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User search by inum:{}", Util.escapeLog(str));
        }
        User userBasedOnInum = this.userMgmtSrv.getUserBasedOnInum(str);
        checkResourceNotNull(userBasedOnInum, USER);
        this.logger.debug("user:{}", userBasedOnInum);
        User excludeUserAttributes = excludeUserAttributes(userBasedOnInum);
        this.logger.debug("user:{}", excludeUserAttributes);
        CustomUser customUser = getCustomUser(excludeUserAttributes);
        this.logger.debug("customUser:{}", customUser);
        return Response.ok(customUser).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.write"})
    @Operation(summary = "Create new User", description = "Create new User", operationId = "post-user", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.write"})})
    @POST
    @RequestBody(description = "User object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class), examples = {@ExampleObject(name = "Request json example", value = "example/user/user-post.json")})})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "Created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class, description = "Created Object"), examples = {@ExampleObject(name = "Response json example", value = "example/user/user.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response createUser(@Valid CustomUser customUser) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User details to be added - customUser:{}", Util.escapeLog(customUser));
        }
        User userAttributes = setUserAttributes(customUser);
        this.userMgmtSrv.parseBirthDateAttribute(userAttributes);
        this.logger.debug("Create  user:{}", userAttributes);
        checkMissingAttributes(userAttributes, null);
        ignoreCustomObjectClassesForNonLDAP(userAttributes);
        User addUser = this.userMgmtSrv.addUser(userAttributes, true);
        this.logger.debug("User created {}", addUser);
        CustomUser customUser2 = getCustomUser(excludeUserAttributes(addUser));
        this.logger.debug("newly created customUser:{}", customUser2);
        return Response.status(Response.Status.CREATED).entity(customUser2).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.write"})
    @Operation(summary = "Update User", description = "Update User", operationId = "put-user", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.write"})})
    @PUT
    @RequestBody(description = "User object", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class), examples = {@ExampleObject(name = "Request json example", value = "example/user/user.json")})})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class), examples = {@ExampleObject(name = "Response json example", value = "example/user/user.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response updateUser(@Valid CustomUser customUser) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User details to be updated - customUser:{}", Util.escapeLog(customUser));
        }
        User userAttributes = setUserAttributes(customUser);
        this.userMgmtSrv.parseBirthDateAttribute(userAttributes);
        this.logger.debug("Create  user:{}", userAttributes);
        checkMissingAttributes(userAttributes, List.of(USER_PWD));
        ignoreCustomObjectClassesForNonLDAP(userAttributes);
        try {
            userAttributes = this.userMgmtSrv.updateUser(userAttributes);
            this.logger.debug("Updated user:{}", userAttributes);
        } catch (Exception e) {
            this.logger.error("Error while updating user", e);
            throwInternalServerException(e);
        }
        CustomUser customUser2 = getCustomUser(excludeUserAttributes(userAttributes));
        this.logger.debug("updated customUser:{}", customUser2);
        return Response.ok(customUser2).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.write"})
    @Operation(summary = "Patch user properties by Inum", description = "Patch user properties by Inum", operationId = "patch-user-by-inum", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.write"})})
    @RequestBody(description = "UserPatchRequest", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = UserPatchRequest.class), examples = {@ExampleObject(name = "Request json example", value = "example/user/user-patch.json")})})
    @PATCH
    @Path("{inum}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Ok", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = CustomUser.class, description = "Patched CustomUser Object"), examples = {@ExampleObject(name = "Response json example", value = "example/user/user.json")})}), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response patchUser(@Parameter(description = "User identifier") @NotNull @PathParam("inum") String str, @NotNull UserPatchRequest userPatchRequest) throws IllegalAccessException, InvocationTargetException, JsonPatchException, IOException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User:{} to be patched with :{} ", Util.escapeLog(str), Util.escapeLog(userPatchRequest));
        }
        User userBasedOnInum = this.userMgmtSrv.getUserBasedOnInum(str);
        this.userMgmtSrv.parseBirthDateAttribute(userBasedOnInum);
        checkResourceNotNull(userBasedOnInum, USER);
        ignoreCustomObjectClassesForNonLDAP(userBasedOnInum);
        User patchUser = this.userMgmtSrv.patchUser(str, userPatchRequest);
        this.logger.debug("Patched user:{}", patchUser);
        CustomUser customUser = getCustomUser(excludeUserAttributes(patchUser));
        this.logger.debug("patched customUser:{}", customUser);
        return Response.ok(customUser).build();
    }

    @ProtectedApi(scopes = {"https://jans.io/oauth/config/user.delete"})
    @Operation(summary = "Delete User", description = "Delete User", operationId = "delete-user", tags = {"Configuration – User Management"}, security = {@SecurityRequirement(name = "oauth2", scopes = {"https://jans.io/oauth/config/user.delete"})})
    @DELETE
    @Path("{inum}")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "No Content"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError")})
    public Response deleteUser(@Parameter(description = "User identifier") @NotNull @PathParam("inum") String str) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User to be deleted - inum:{} ", Util.escapeLog(str));
        }
        User userBasedOnInum = this.userMgmtSrv.getUserBasedOnInum(str);
        checkResourceNotNull(userBasedOnInum, USER);
        this.userMgmtSrv.removeUser(userBasedOnInum);
        return Response.noContent().build();
    }

    private UserPagedResult doSearch(SearchRequest searchRequest) throws IllegalAccessException, InvocationTargetException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("User search params - searchReq:{} ", Util.escapeLog(searchRequest));
        }
        PagedResult<User> searchUsers = this.userMgmtSrv.searchUsers(searchRequest);
        if (this.logger.isTraceEnabled()) {
            this.logger.debug("PagedResult  - pagedResult:{}", searchUsers);
        }
        UserPagedResult userPagedResult = new UserPagedResult();
        if (searchUsers != null) {
            this.logger.debug("Users fetched  - pagedResult.getEntries():{}", searchUsers.getEntries());
            List<User> excludeAttributes = this.userMgmtSrv.excludeAttributes(searchUsers.getEntries(), searchRequest.getExcludedAttributesStr());
            this.logger.debug("Users fetched  - users:{}", excludeAttributes);
            List<CustomUser> customUserList = getCustomUserList((List) excludeAttributes.stream().map(user -> {
                return this.userMgmtSrv.parseBirthDateAttribute(user);
            }).collect(Collectors.toList()));
            userPagedResult.setStart(searchUsers.getStart());
            userPagedResult.setEntriesCount(searchUsers.getEntriesCount());
            userPagedResult.setTotalEntriesCount(searchUsers.getTotalEntriesCount());
            userPagedResult.setEntries(customUserList);
        }
        this.logger.debug("User pagedCustomUser:{}", userPagedResult);
        return userPagedResult;
    }

    private User excludeUserAttributes(User user) throws IllegalAccessException, InvocationTargetException {
        return this.userMgmtSrv.excludeAttributes(user, this.userMgmtSrv.getUserExclusionAttributesAsString());
    }

    private void checkMissingAttributes(User user, List<String> list) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        String checkMandatoryFields = this.userMgmtSrv.checkMandatoryFields(user, list);
        this.logger.debug("missingAttributes:{}", checkMandatoryFields);
        if (StringHelper.isEmpty(checkMandatoryFields)) {
            return;
        }
        throwMissingAttributeError(checkMandatoryFields);
    }

    private List<CustomUser> getCustomUserList(List<User> list) {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        for (User user : list) {
            CustomUser customUser = new CustomUser();
            setParentAttributes(customUser, user);
            arrayList.add(customUser);
            ignoreCustomObjectClassesForNonLDAP(customUser);
        }
        this.logger.debug("Custom Users - customUserList:{}", arrayList);
        return arrayList;
    }

    private CustomUser getCustomUser(User user) {
        CustomUser customUser = new CustomUser();
        if (user == null) {
            return customUser;
        }
        setParentAttributes(customUser, user);
        this.logger.debug("Custom User - customUser:{}", customUser);
        return customUser;
    }

    public CustomUser setParentAttributes(CustomUser customUser, User user) {
        customUser.setBaseDn(user.getBaseDn());
        customUser.setCreatedAt(user.getCreatedAt());
        customUser.setCustomAttributes(user.getCustomAttributes());
        customUser.setCustomObjectClasses(user.getCustomObjectClasses());
        customUser.setDn(user.getDn());
        customUser.setOxAuthPersistentJwt(user.getOxAuthPersistentJwt());
        customUser.setUpdatedAt(user.getUpdatedAt());
        customUser.setUserId(user.getUserId());
        ignoreCustomObjectClassesForNonLDAP(customUser);
        return setCustomUserAttributes(customUser, user);
    }

    public CustomUser setCustomUserAttributes(CustomUser customUser, User user) {
        customUser.setMail(user.getAttribute(MAIL));
        customUser.setDisplayName(user.getAttribute(DISPLAY_NAME));
        customUser.setJansStatus(user.getAttribute(JANS_STATUS));
        customUser.setGivenName(user.getAttribute(GIVEN_NAME));
        customUser.setUserPassword(user.getAttribute(USER_PWD));
        customUser.setInum(user.getAttribute(INUM));
        customUser.removeAttribute(MAIL);
        customUser.removeAttribute(DISPLAY_NAME);
        customUser.removeAttribute(JANS_STATUS);
        customUser.removeAttribute(GIVEN_NAME);
        customUser.removeAttribute(USER_PWD);
        customUser.removeAttribute(INUM);
        return customUser;
    }

    private User setUserAttributes(CustomUser customUser) {
        User user = new User();
        user.setBaseDn(customUser.getBaseDn());
        user.setCreatedAt(customUser.getCreatedAt());
        user.setCustomAttributes(customUser.getCustomAttributes());
        user.setCustomObjectClasses(customUser.getCustomObjectClasses());
        user.setDn(customUser.getDn());
        user.setOxAuthPersistentJwt(customUser.getOxAuthPersistentJwt());
        user.setUpdatedAt(customUser.getUpdatedAt());
        user.setUserId(customUser.getUserId());
        return setUserCustomAttributes(customUser, user);
    }

    private User setUserCustomAttributes(CustomUser customUser, User user) {
        user.setAttribute(MAIL, customUser.getMail(), false);
        user.setAttribute(DISPLAY_NAME, customUser.getDisplayName(), false);
        user.setAttribute(JANS_STATUS, customUser.getJansStatus(), false);
        user.setAttribute(GIVEN_NAME, customUser.getGivenName(), false);
        user.setAttribute(USER_PWD, customUser.getUserPassword(), false);
        user.setAttribute(INUM, customUser.getInum(), false);
        this.logger.debug("Custom User - user:{}", user);
        return user;
    }

    private User ignoreCustomObjectClassesForNonLDAP(User user) {
        return this.userMgmtSrv.ignoreCustomObjectClassesForNonLDAP(user);
    }
}
