package org.gcube.service.idm.rest;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategies;
import com.webcohesion.enunciate.metadata.rs.ResponseCode;
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
import jakarta.validation.ValidationException;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.gcube.common.security.Owner;
import org.gcube.common.security.providers.SecretManagerProvider;
import org.gcube.service.idm.IdMManager;
import org.gcube.service.idm.controller.AuthController;
import org.gcube.service.idm.controller.KCUserController;
import org.gcube.service.idm.controller.LiferayProfileClient;
import org.gcube.service.idm.keycloack.KkClientFactory;
import org.gcube.service.idm.serializers.IdmObjectSerializator;
import org.gcube.service.utils.ErrorMessages;
import org.gcube.service.utils.beans.ResponseBean;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("2/users")
@ManagedBy(IdMManager.class)
/* loaded from: input_file:WEB-INF/classes/org/gcube/service/idm/rest/SocialUsersAPI.class */
public class SocialUsersAPI {
    private static final Logger logger = LoggerFactory.getLogger(SocialUsersAPI.class);

    @StatusCodes({@ResponseCode(code = 200, condition = "The user's profile is reported in the 'result' field of the returned object"), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("get-profile")
    public Response getUserProfile() {
        ResponseBean responseBean = new ResponseBean();
        Response.Status status = Response.Status.OK;
        try {
            GCubeUser userProfileByUsername = LiferayProfileClient.getUserProfileByUsername(SecretManagerProvider.get().getOwner().getId());
            responseBean.setResult(userProfileByUsername);
            responseBean.setResult(userProfileByUsername);
            responseBean.setSuccess(true);
            return Response.ok(new ObjectMapper().setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE).writeValueAsString(responseBean)).build();
        } catch (Exception e) {
            logger.error("Unable to retrieve user's profile", e);
            responseBean.setMessage(e.getMessage());
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(responseBean).build();
        }
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/get-email")
    public Response getCurrentEmail() {
        ResponseBean responseBean = new ResponseBean();
        Response.Status status = Response.Status.OK;
        try {
            responseBean.setResult(SecretManagerProvider.get().getOwner().getEmail());
            responseBean.setSuccess(true);
        } catch (Exception e) {
            logger.error("Unable to retrieve user's email", e);
            responseBean.setMessage(e.getMessage());
            status = Response.Status.INTERNAL_SERVER_ERROR;
        }
        return Response.status(status).entity(responseBean).build();
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "The user's fullname is reported in the 'result' field of the returned object"), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("get-fullname")
    public Response getUserFullname() {
        ResponseBean responseBean = new ResponseBean();
        Response.Status status = Response.Status.OK;
        Owner owner = SecretManagerProvider.get().getOwner();
        String id = owner.getId();
        if (owner.isApplication()) {
            logger.warn("Trying to access users method via a token different than USER is not allowed");
            throw new ForbiddenException(ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED);
        }
        try {
            String fullname = LiferayProfileClient.getUserProfileByUsername(id).getFullname();
            logger.info("Found fullname " + fullname + " for user " + id);
            responseBean.setResult(fullname);
            responseBean.setSuccess(true);
        } catch (Exception e) {
            logger.error("Unable to retrieve attribute for user.", e);
            status = Response.Status.INTERNAL_SERVER_ERROR;
        }
        return Response.status(status).entity(responseBean).build();
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/get-all-usernames")
    public Response getUsernamesByRole(@QueryParam("first") @DefaultValue("0") int i, @QueryParam("max") @DefaultValue("100") int i2, @QueryParam("firstResult") @DefaultValue("0") int i3, @QueryParam("maxResults") @DefaultValue("100") int i4) {
        if (i3 > 0) {
            i = i3;
        }
        if (i4 != 100) {
            i2 = i4;
        }
        Response.Status status = Response.Status.OK;
        ResponseBean responseBean = new ResponseBean();
        try {
            responseBean.setResult(KCUserController.formatList(KCUserController.contextUsers(Integer.valueOf(i), Integer.valueOf(i2)), KCUserController.REPR.compact));
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            return Response.serverError().build();
        } catch (Exception e2) {
            logger.error("Unable to retrieve users with the requested role", e2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(responseBean).build();
        }
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/get-all-fullnames-and-usernames")
    public Response getAllUsernamesFullnames(@QueryParam("emailVerified") Boolean bool, @QueryParam("enabled") Boolean bool2, @QueryParam("first") @DefaultValue("0") int i, @QueryParam("max") @DefaultValue("100") int i2, @QueryParam("firstResult") @DefaultValue("0") int i3, @QueryParam("maxResults") @DefaultValue("100") int i4) {
        if (i3 > 0) {
            i = i3;
        }
        if (i4 != 100) {
            i2 = i4;
        }
        Response.Status status = Response.Status.OK;
        ResponseBean responseBean = new ResponseBean();
        try {
            List<UserRepresentation> search = KCUserController.realmUsersResource().search(bool, Integer.valueOf(i), Integer.valueOf(i2), bool2, true);
            HashMap hashMap = new HashMap();
            search.forEach(userRepresentation -> {
                hashMap.put(userRepresentation.getUsername(), userRepresentation.getEmail());
            });
            responseBean.setResult(hashMap);
            responseBean.setSuccess(true);
        } catch (Exception e) {
            logger.error("Unable to retrieve users", e);
            status = Response.Status.INTERNAL_SERVER_ERROR;
        }
        return Response.status(status).entity(responseBean).build();
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/get-usernames-by-role")
    public Response getUsernamesByRole(@QueryParam("role-name") String str, @QueryParam("first") @DefaultValue("0") int i, @QueryParam("max") @DefaultValue("100") int i2, @QueryParam("firstResult") @DefaultValue("0") int i3, @QueryParam("maxResults") @DefaultValue("100") int i4) {
        if (i3 > 0) {
            i = i3;
        }
        if (i4 != 100) {
            i2 = i4;
        }
        Response.Status status = Response.Status.OK;
        ResponseBean responseBean = new ResponseBean();
        ArrayList arrayList = new ArrayList();
        try {
            List<UserRepresentation> searchUsersByRole = KCUserController.searchUsersByRole(str, Integer.valueOf(i), Integer.valueOf(i2));
            if (searchUsersByRole != null) {
                Iterator<UserRepresentation> it = searchUsersByRole.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            responseBean.setResult(arrayList);
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            return Response.serverError().build();
        } catch (Exception e2) {
            logger.error("Unable to retrieve users with the requested role", e2);
            responseBean.setMessage(e2.getMessage());
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(responseBean).build();
        }
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/user-exists")
    public Response checkUserExists(@QueryParam("username") String str) {
        Response.Status status = Response.Status.OK;
        ResponseBean responseBean = new ResponseBean();
        try {
            responseBean.setResult(Boolean.valueOf(KCUserController.getUserByUsername(str) != null));
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            return Response.serverError().build();
        } catch (Exception e2) {
            logger.error("Unable to check if user exists with username " + str, e2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(responseBean).build();
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "Successful read of the attribute, reported in the 'result' field of the returned object"), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("get-custom-attribute")
    public Response readCustomAttr(@QueryParam("username") String str, @QueryParam("attribute") @NotNull(message = "attribute name is missing") String str2) throws ValidationException {
        ResponseBean responseBean = new ResponseBean();
        Response.Status status = Response.Status.OK;
        Owner owner = SecretManagerProvider.get().getOwner();
        if (str == null || str.equals("me")) {
            if (owner.isApplication()) {
                logger.warn("Trying to access users method via a token different than USER is not allowed");
                throw new ForbiddenException(ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED);
            }
            str = owner.getId();
        }
        if (!AuthController.checkAnyRole(AuthController.ACCESS_READ_ROLES) && !str.equals(owner.getId())) {
            throw new ForbiddenException(ErrorMessages.USER_NOT_AUTHORIZED_PRIVATE);
        }
        UserRepresentation userByUsername = KCUserController.getUserByUsername(str);
        Map<String, List<String>> attributes = userByUsername.getAttributes();
        if (attributes.containsKey(str2)) {
            responseBean.setResult(attributes.get(str2));
            responseBean.setSuccess(true);
        } else {
            responseBean.setSuccess(false);
            String format = String.format("Unable to retrieve attribute %s for user %s", str2, userByUsername.getUsername());
            responseBean.setMessage(format);
            logger.error(format);
            status = Response.Status.NOT_FOUND;
        }
        return Response.status(status).entity(responseBean).build();
    }

    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/get-oauth-profile")
    public Response getCurrentOAuthProfile() {
        Response.Status status = Response.Status.OK;
        ResponseBean responseBean = new ResponseBean();
        try {
            responseBean.setResult(KCUserController.getUserByUsername(SecretManagerProvider.get().getOwner().getId()));
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            return Response.serverError().build();
        } catch (Exception unused) {
            logger.error(ErrorMessages.CANNOT_RETRIEVE_PROFILE);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(responseBean).build();
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "The list is put into the 'result' field of the returned object"), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("get-usernames-by-global-role")
    public Response getUsernamesByGlobalRole(@QueryParam("role-name") String str, @QueryParam("first") @DefaultValue("0") int i, @QueryParam("max") @DefaultValue("100") int i2, @QueryParam("firstResult") @DefaultValue("0") int i3, @QueryParam("maxResults") @DefaultValue("100") int i4) {
        if (i3 > 0) {
            i = i3;
        }
        if (i4 != 100) {
            i2 = i4;
        }
        ResponseBean responseBean = new ResponseBean();
        Response.Status status = Response.Status.OK;
        if (!SecretManagerProvider.get().getOwner().isApplication()) {
            logger.warn(ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED);
            throw new ForbiddenException(ErrorMessages.NOT_SERVICE_TOKEN_CONTEXT_USED);
        }
        responseBean.setResult(KCUserController.formatList(KkClientFactory.getSingleton().getKKRealm().roles().get(str).getUserMembers(Integer.valueOf(i), Integer.valueOf(i2)), KCUserController.REPR.username));
        responseBean.setSuccess(true);
        return Response.status(status).entity(responseBean).build();
    }
}
