package org.gcube.service.idm.rest;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.util.PortletCategoryKeys;
import com.webcohesion.enunciate.metadata.rs.RequestHeader;
import com.webcohesion.enunciate.metadata.rs.RequestHeaders;
import com.webcohesion.enunciate.metadata.rs.ResponseCode;
import com.webcohesion.enunciate.metadata.rs.StatusCodes;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.InternalServerErrorException;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.util.HashMap;
import java.util.Map;
import org.gcube.common.security.Owner;
import org.gcube.common.security.providers.SecretManagerProvider;
import org.gcube.service.idm.IdMManager;
import org.gcube.service.idm.controller.AuthController;
import org.gcube.service.idm.controller.JWTController;
import org.gcube.service.idm.controller.KCUserController;
import org.gcube.service.idm.controller.LiferayProfileClient;
import org.gcube.service.idm.keycloack.KkClientFactory;
import org.gcube.service.idm.serializers.IdmObjectSerializator;
import org.gcube.service.utils.ErrorMessages;
import org.gcube.service.utils.beans.ResponseBean;
import org.gcube.service.utils.beans.ResponseBeanMap;
import org.gcube.service.utils.beans.ResponseBeanPaginated;
import org.gcube.smartgears.annotations.ManagedBy;
import org.keycloak.representations.idm.UserRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequestHeaders({@RequestHeader(name = "Authorization", description = "Bearer token, see https://dev.d4science.org/how-to-access-resources"), @RequestHeader(name = "Content-Type", description = "application/json")})
@Path(PortletCategoryKeys.USERS)
@ManagedBy(IdMManager.class)
/* loaded from: input_file:WEB-INF/classes/org/gcube/service/idm/rest/UserAPI.class */
public class UserAPI {
    private static final Logger logger = LoggerFactory.getLogger(UserAPI.class);

    /* loaded from: input_file:WEB-INF/classes/org/gcube/service/idm/rest/UserAPI$USER_DETAILS.class */
    public enum USER_DETAILS {
        profile,
        email,
        roles_realm,
        roles_clients,
        groups,
        id,
        username,
        name,
        attributes,
        user;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static USER_DETAILS[] valuesCustom() {
            USER_DETAILS[] valuesCustom = values();
            int length = valuesCustom.length;
            USER_DETAILS[] user_detailsArr = new USER_DETAILS[length];
            System.arraycopy(valuesCustom, 0, user_detailsArr, 0, length);
            return user_detailsArr;
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "current user informations"), @ResponseCode(code = 403, condition = ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("/me")
    public Response getMe(@QueryParam("inspect") @DefaultValue("false") Boolean bool) {
        logger.info("/users/me");
        ResponseBean responseBean = new ResponseBean();
        ObjectMapper serializer = IdmObjectSerializator.getSerializer();
        Owner owner = SecretManagerProvider.get().getOwner();
        Map<String, Object> userData = getUserData(owner.getId(), Boolean.valueOf(!owner.isApplication()), bool);
        responseBean.setResult(userData);
        userData.put("owner", owner);
        try {
            if (bool.booleanValue()) {
                userData.put("verify", JWTController.decodeJwtToken(AuthController.getAccessToken()));
            }
            responseBean.setSuccess(true);
            return Response.ok(serializer.writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "user informations"), @ResponseCode(code = 403, condition = ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("/{username}")
    public Response getUser(@PathParam("username") String str, @QueryParam("inspect") @DefaultValue("false") Boolean bool) {
        ResponseBeanMap responseBeanMap = new ResponseBeanMap();
        ObjectMapper serializer = IdmObjectSerializator.getSerializer();
        if (!AuthController.checkAnyRole(AuthController.ACCESS_READ_ROLES)) {
            throw new ForbiddenException(ErrorMessages.USER_NOT_AUTHORIZED_PRIVATE);
        }
        try {
            responseBeanMap.setResult(getUserData(str, Boolean.valueOf(!SecretManagerProvider.get().getOwner().isApplication()), bool));
            responseBeanMap.setSuccess(true);
            return Response.ok(serializer.writeValueAsString(responseBeanMap)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }

    protected Map<String, Object> getUserData(String str, Boolean bool, Boolean bool2) {
        HashMap hashMap = new HashMap();
        hashMap.put("user", KCUserController.getUserByUsername(str));
        try {
            if (bool.booleanValue()) {
                hashMap.put("profile", LiferayProfileClient.getUserProfileByUsername(str));
            }
        } catch (Exception e) {
            e.printStackTrace();
            hashMap.put("profile", null);
        }
        if (bool2.booleanValue()) {
            hashMap.put("roles", KCUserController.getUserResourceByUsername(str).roles().getAll());
        }
        return hashMap;
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "infos about the owner of the auth token"), @ResponseCode(code = 403, condition = ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/me/owner")
    public Response getCurrentUser() {
        ResponseBean responseBean = new ResponseBean();
        try {
            responseBean.setResult(SecretManagerProvider.get().getOwner());
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "decode the token"), @ResponseCode(code = 403, condition = ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json;charset=UTF-8", "application/vnd.api+json"})
    @GET
    @Path("/me/verify")
    public Response getInrospectioCurrenttUser() {
        ResponseBean responseBean = new ResponseBean();
        try {
            responseBean.setResult(JWTController.decodeJwtToken(AuthController.getAccessToken()));
            responseBean.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }

    @StatusCodes({@ResponseCode(code = 200, condition = "decode the token"), @ResponseCode(code = 403, condition = ErrorMessages.NOT_USER_TOKEN_CONTEXT_USED), @ResponseCode(code = 404, condition = ErrorMessages.INVALID_ATTRIBUTE), @ResponseCode(code = 500, condition = ErrorMessages.ERROR_IN_API_RESULT)})
    @Produces({"application/json"})
    @GET
    @Path("/{username}/{parameter}")
    public Response getUserParameter(@PathParam("username") String str, @PathParam("parameter") USER_DETAILS user_details) {
        ResponseBean responseBean = new ResponseBean();
        ObjectMapper serializer = IdmObjectSerializator.getSerializer();
        Owner owner = SecretManagerProvider.get().getOwner();
        if (str.equals("me")) {
            str = owner.getId();
        }
        if (!AuthController.checkAnyRole(AuthController.ACCESS_READ_ROLES) && !AuthController.userIsMe(str, owner)) {
            throw new ForbiddenException(ErrorMessages.USER_NOT_AUTHORIZED_PRIVATE);
        }
        try {
            if (user_details.equals(USER_DETAILS.profile)) {
                responseBean.setResult(LiferayProfileClient.getUserProfileByUsername(str));
                return Response.ok(serializer.writeValueAsString(responseBean)).build();
            }
            UserRepresentation userByUsername = KCUserController.getUserByUsername(str);
            if (user_details.equals(USER_DETAILS.email)) {
                responseBean.setResult(userByUsername.getEmail());
            } else if (user_details.equals(USER_DETAILS.roles_realm)) {
                responseBean.setResult(userByUsername.getRealmRoles());
            } else if (user_details.equals(USER_DETAILS.roles_clients)) {
                responseBean.setResult(userByUsername.getClientRoles());
            } else if (user_details.equals(USER_DETAILS.groups)) {
                responseBean.setResult(userByUsername.getGroups());
            } else if (user_details.equals(USER_DETAILS.id)) {
                responseBean.setResult(userByUsername.getId());
            } else if (user_details.equals(USER_DETAILS.username)) {
                responseBean.setResult(userByUsername.getUsername());
            } else if (user_details.equals(USER_DETAILS.name)) {
                responseBean.setResult(String.valueOf(userByUsername.getFirstName()) + StringPool.SPACE + userByUsername.getLastName());
            } else if (user_details.equals(USER_DETAILS.attributes)) {
                responseBean.setResult(userByUsername.getAttributes());
            } else {
                if (!user_details.equals(USER_DETAILS.user) && user_details != null) {
                    throw new BadRequestException("unknow parameter " + user_details);
                }
                responseBean.setResult(userByUsername);
            }
            responseBean.setSuccess(true);
            return Response.ok(serializer.writeValueAsString(responseBean)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }

    @Produces({"application/json"})
    @GET
    @Path("/search")
    public Response search(@QueryParam("format") @DefaultValue("username") KCUserController.REPR repr, @QueryParam("exact") @DefaultValue("true") Boolean bool, @QueryParam("username") String str, @QueryParam("firsnName") String str2, @QueryParam("lastName") String str3, @QueryParam("email") String str4, @QueryParam("first") @DefaultValue("0") int i, @QueryParam("max") @DefaultValue("100") int i2, @QueryParam("enabled") @DefaultValue("true") Boolean bool2) {
        ResponseBeanPaginated responseBeanPaginated = new ResponseBeanPaginated(Integer.valueOf(i), Integer.valueOf(i2));
        try {
            if (!repr.equals(KCUserController.REPR.username) && !AuthController.checkAnyRole(AuthController.ACCESS_READ_ROLES)) {
                throw new ForbiddenException(ErrorMessages.USER_NOT_AUTHORIZED_PRIVATE);
            }
            responseBeanPaginated.setResult(KCUserController.formatList(KkClientFactory.getSingleton().getKKRealm().users().search(str, str2, str3, str4, Integer.valueOf(i), Integer.valueOf(i2), bool2, Boolean.valueOf(!KCUserController.REPR.full.equals(repr)), bool), repr));
            responseBeanPaginated.setSuccess(true);
            return Response.ok(IdmObjectSerializator.getSerializer().writeValueAsString(responseBeanPaginated)).build();
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            throw new InternalServerErrorException(e);
        }
    }
}
