package org.gcube.informationsystem.icproxy.resources;

import java.security.Key;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import org.eclipse.persistence.internal.helper.Helper;
import org.eclipse.persistence.internal.oxm.Constants;
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.resources.gcore.Resources;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.informationsystem.icproxy.profiles.ServiceEndpointProfile;
import org.gcube.informationsystem.publisher.RegistryPublisher;
import org.gcube.informationsystem.publisher.RegistryPublisherFactory;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.resources.discovery.icclient.ICFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("ServiceEndpoint")
/* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.class */
public class ServiceEndpointResource {
    private static final Logger log = LoggerFactory.getLogger(ServiceEndpointResource.class);
    public static final String ENABLED_ROLE = "service-endpoint-key";

    @GET
    @Produces({MediaType.APPLICATION_XML})
    @Path("/{category}")
    public List<ServiceEndpoint> retrieve(@NotNull @PathParam("category") String str) {
        log.info("ServiceEndpoint called with category {} in context {}", str, ScopeProvider.instance.get());
        List<ServiceEndpoint> submit = ICFactory.clientFor(ServiceEndpoint.class).submit(getQuery(str));
        log.debug("retrieved resources are " + submit.size());
        return submit;
    }

    @GET
    @Produces({MediaType.APPLICATION_XML})
    @Path("/{category}/{name}")
    public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String str, @NotNull @PathParam("category") String str2, @QueryParam("decrypt") boolean z) {
        log.info("ServiceEndpoint called with category {} and name {} in scope {}", new Object[]{str2, str, ScopeProvider.instance.get()});
        List<ServiceEndpoint> submit = ICFactory.clientFor(ServiceEndpoint.class).submit(getQuery(str, str2));
        if (Objects.nonNull(submit)) {
            log.debug("retrieved resources are " + submit.size());
            return getServiceEndpoints(z, submit);
        }
        log.error("ServiceEndpoint called with category {} and name {} in scope {}, return NULL", new Object[]{str2, str, ScopeProvider.instance.get()});
        return null;
    }

    @GET
    @Produces({MediaType.TEXT_XML})
    @Path("/{category}/{name}/Result/{result:([^$\\?]+)}")
    public String retrieveCustom(@NotNull @PathParam("name") String str, @NotNull @PathParam("category") String str2, @NotNull @PathParam("result") String str3) {
        log.info("ServiceEndpoint called with category {} and name {} and result {} in scope {}", new Object[]{str2, str, str3, ScopeProvider.instance.get()});
        SimpleQuery query = getQuery(str, str2);
        if (str3.startsWith(Constants.XPATH_SEPARATOR)) {
            query.setResult("$resource" + str3);
        } else {
            query.setResult("$resource/" + str3);
        }
        List submit = ICFactory.client().submit(query);
        StringBuilder sb = new StringBuilder("<Results>");
        Iterator it = submit.iterator();
        while (it.hasNext()) {
            sb.append("<Result>").append(((String) it.next()).replaceAll(Helper.NL, "")).append("</Result>");
        }
        sb.append("</Results>");
        log.debug("retrieved resources are " + submit.size());
        return sb.toString();
    }

    @POST
    @Produces({MediaType.APPLICATION_XML})
    @Consumes({MediaType.APPLICATION_XML})
    public ServiceEndpoint create(ServiceEndpoint serviceEndpoint) {
        log.debug("Try to create new serviceEndpoint profile {} in {}", serviceEndpoint, ScopeProvider.instance.get());
        if (!Objects.nonNull(serviceEndpoint) || !isRoleEnabled()) {
            throw new RuntimeException("ServiceEndpoint profile is null or user not enabled");
        }
        log.debug("going to encrypt and push");
        registerSE(encryptResource(serviceEndpoint));
        log.debug("pushed on IS");
        return serviceEndpoint;
    }

    @POST
    @Produces({MediaType.APPLICATION_XML})
    @Consumes({MediaType.APPLICATION_JSON})
    public ServiceEndpoint create(ServiceEndpointProfile serviceEndpointProfile) {
        log.debug("Try to create new serviceEndpoint profile {} in {}", serviceEndpointProfile, ScopeProvider.instance.get());
        if (!Objects.nonNull(serviceEndpointProfile) || !isRoleEnabled()) {
            throw new RuntimeException("ServiceEndpoint profile is null or user not enabled");
        }
        ServiceEndpoint serviceEndpoint = new ServiceEndpoint();
        ServiceEndpoint.Profile name = serviceEndpoint.newProfile().category(serviceEndpointProfile.getCategory()).name(serviceEndpointProfile.getName());
        name.newPlatform().name(serviceEndpointProfile.getPlatform()).version((short) 1).minorVersion((short) 0).revisionVersion((short) 0).buildVersion((short) 0);
        name.newRuntime().hostedOn(serviceEndpointProfile.getHost());
        ServiceEndpoint.AccessPoint accessPoint = new ServiceEndpoint.AccessPoint();
        accessPoint.name(serviceEndpointProfile.getAccessPointName());
        accessPoint.address(serviceEndpointProfile.getAccessPointAddress());
        accessPoint.credentials(serviceEndpointProfile.getAccessPointPass(), serviceEndpointProfile.getAccessPointUsername());
        name.accessPoints().add(accessPoint);
        log.debug("going to encrypt and push");
        registerSE(encryptResource(serviceEndpoint));
        log.debug("pushed on IS");
        return serviceEndpoint;
    }

    private SimpleQuery getQuery(String str, String str2) {
        XQuery queryFor = ICFactory.queryFor(ServiceEndpoint.class);
        queryFor.addCondition(String.format("$resource/Profile/Name/text() eq '%s'", str));
        queryFor.addCondition(String.format("$resource/Profile/Category/text() eq '%s'", str2));
        return queryFor;
    }

    private SimpleQuery getQuery(String str) {
        XQuery queryFor = ICFactory.queryFor(ServiceEndpoint.class);
        queryFor.addCondition(String.format("$resource/Profile/Category/text() eq '%s'", str));
        return queryFor;
    }

    private ServiceEndpoint decryptResource(ServiceEndpoint serviceEndpoint) {
        log.debug("encrypting serviceEndpoint {} ", serviceEndpoint.id());
        Iterator it = serviceEndpoint.profile().accessPoints().iterator();
        while (it.hasNext()) {
            ServiceEndpoint.AccessPoint accessPoint = (ServiceEndpoint.AccessPoint) it.next();
            accessPoint.credentials(decryptString(accessPoint.password()), accessPoint.username());
        }
        return serviceEndpoint;
    }

    private ServiceEndpoint encryptResource(ServiceEndpoint serviceEndpoint) {
        log.debug("encrypting serviceEndpoint {} ", serviceEndpoint.id());
        Iterator it = serviceEndpoint.profile().accessPoints().iterator();
        while (it.hasNext()) {
            ServiceEndpoint.AccessPoint accessPoint = (ServiceEndpoint.AccessPoint) it.next();
            accessPoint.credentials(encryptString(accessPoint.password()), accessPoint.username());
        }
        return serviceEndpoint;
    }

    private static String decryptString(String str) {
        log.debug("decrypting string");
        try {
            return StringEncrypter.getEncrypter().decrypt(str, new Key[0]);
        } catch (Exception e) {
            throw new RuntimeException("Unable to decrypt : " + str, e);
        }
    }

    private static String encryptString(String str) {
        log.debug("encrypting string");
        try {
            return StringEncrypter.getEncrypter().encrypt(str, new Key[0]);
        } catch (Exception e) {
            throw new RuntimeException("Unable to encrypt : " + str, e);
        }
    }

    private List<ServiceEndpoint> getServiceEndpoints(boolean z, List<ServiceEndpoint> list) {
        if (z) {
            if (isRoleEnabled()) {
                ArrayList arrayList = new ArrayList(list.size());
                Iterator<ServiceEndpoint> it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(decryptResource(it.next()));
                }
                return arrayList;
            }
            log.warn("user not enabled to see the resource free to air, sorry");
        }
        return list;
    }

    private boolean isRoleEnabled() {
        log.debug("checking role");
        try {
            if (ModelUtils.getAccessTokenFrom(AccessTokenProvider.instance.get()).getRealmAccess().getRoles().contains(ENABLED_ROLE)) {
                log.info("The client is authorized to see the resource as 'free-to-air'");
                return true;
            }
        } catch (Exception e) {
            log.error("token not retrieved properly: " + e.getMessage());
            e.printStackTrace();
        }
        log.info("user not authorized, sorry");
        return false;
    }

    private static String registerSE(ServiceEndpoint serviceEndpoint) {
        RegistryPublisher create = RegistryPublisherFactory.create();
        if (log.isDebugEnabled()) {
            Resources.print(serviceEndpoint);
        }
        return create.create(serviceEndpoint).id();
    }
}
