package org.apereo.cas.trusted.web;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import jakarta.servlet.http.HttpServletRequest;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Objects;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.util.CompressionUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint;
import org.springframework.core.io.Resource;
import org.springframework.core.io.WritableResource;
import org.springframework.http.ContentDisposition;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RestControllerEndpoint(id = "multifactorTrustedDevices", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/trusted/web/MultifactorAuthenticationTrustedDevicesReportEndpoint.class */
public class MultifactorAuthenticationTrustedDevicesReportEndpoint extends BaseCasActuatorEndpoint {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthenticationTrustedDevicesReportEndpoint.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    private final ObjectProvider<MultifactorAuthenticationTrustStorage> mfaTrustEngine;

    public MultifactorAuthenticationTrustedDevicesReportEndpoint(CasConfigurationProperties casConfigurationProperties, ObjectProvider<MultifactorAuthenticationTrustStorage> objectProvider) {
        super(casConfigurationProperties);
        this.mfaTrustEngine = objectProvider;
    }

    @GetMapping(produces = {"application/json"})
    @Operation(summary = "Get collection of trusted devices")
    public Set<? extends MultifactorAuthenticationTrustRecord> devices() {
        cleanExpiredRecords();
        return ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).getAll();
    }

    @GetMapping(value = {"/{username}"}, produces = {"application/json"})
    @Operation(summary = "Get collection of trusted devices for the user", parameters = {@Parameter(name = "username", required = true, in = ParameterIn.PATH)})
    public Set<? extends MultifactorAuthenticationTrustRecord> devicesForUser(@PathVariable(name = "username") String str) {
        cleanExpiredRecords();
        return ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).get(str);
    }

    @DeleteMapping(value = {"/{key}"}, produces = {"application/json"})
    @Operation(summary = "Remove trusted device using its key", parameters = {@Parameter(name = "key", required = true, in = ParameterIn.PATH)})
    public Integer revoke(@PathVariable(name = "key") String str) {
        ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).remove(str);
        return Integer.valueOf(HttpStatus.OK.value());
    }

    @DeleteMapping(value = {"/clean"}, produces = {"application/json"})
    @Operation(summary = "Remove all trusted devices that have expired")
    public Integer clean() {
        cleanExpiredRecords();
        return Integer.valueOf(HttpStatus.OK.value());
    }

    @DeleteMapping(value = {"/expire"}, produces = {"application/json"})
    @Operation(summary = "Remove expired trusted devices given an expiration date as a threshold", parameters = {@Parameter(name = "date", required = true, in = ParameterIn.QUERY)})
    public Integer removeSince(@RequestParam(name = "expiration") Date date) {
        ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).remove(DateTimeUtils.zonedDateTimeOf(date));
        return Integer.valueOf(HttpStatus.OK.value());
    }

    @PostMapping(path = {"/import"}, consumes = {"application/json"})
    @Operation(summary = "Import a single trusted device record as a JSON document in the request body")
    public ResponseEntity importDevice(HttpServletRequest httpServletRequest) throws Exception {
        String iOUtils = IOUtils.toString(httpServletRequest.getInputStream(), StandardCharsets.UTF_8);
        LOGGER.trace("Submitted record: [{}]", iOUtils);
        MultifactorAuthenticationTrustRecord multifactorAuthenticationTrustRecord = (MultifactorAuthenticationTrustRecord) MAPPER.readValue(iOUtils, new TypeReference<MultifactorAuthenticationTrustRecord>(this) { // from class: org.apereo.cas.trusted.web.MultifactorAuthenticationTrustedDevicesReportEndpoint.1
        });
        LOGGER.trace("Storing device record: [{}]", multifactorAuthenticationTrustRecord);
        ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).save(multifactorAuthenticationTrustRecord);
        return ResponseEntity.status(HttpStatus.CREATED).build();
    }

    @GetMapping(path = {"/export/{username}"}, produces = {"application/octet-stream"})
    @ResponseBody
    @Operation(summary = "Export all device records as a zip file for a given username")
    public ResponseEntity<Resource> exportUserDevices(@PathVariable("username") String str) {
        WritableResource zipFile = CompressionUtils.toZipFile(((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).get(str).stream(), Unchecked.function(obj -> {
            MultifactorAuthenticationTrustRecord multifactorAuthenticationTrustRecord = (MultifactorAuthenticationTrustRecord) obj;
            File createTempFile = File.createTempFile(String.format("%s-%s", multifactorAuthenticationTrustRecord.getPrincipal(), multifactorAuthenticationTrustRecord.getName()), ".json");
            MAPPER.writeValue(createTempFile, multifactorAuthenticationTrustRecord);
            return createTempFile;
        }), "mfatrusteddevices-" + str);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentDisposition(ContentDisposition.attachment().filename((String) Objects.requireNonNull(zipFile.getFilename())).build());
        return new ResponseEntity<>(zipFile, httpHeaders, HttpStatus.OK);
    }

    @GetMapping(path = {"/export"}, produces = {"application/octet-stream"})
    @ResponseBody
    @Operation(summary = "Export all device records as a zip file")
    public ResponseEntity<Resource> export() {
        WritableResource zipFile = CompressionUtils.toZipFile(((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).getAll().stream(), Unchecked.function(obj -> {
            MultifactorAuthenticationTrustRecord multifactorAuthenticationTrustRecord = (MultifactorAuthenticationTrustRecord) obj;
            File createTempFile = File.createTempFile(String.format("%s-%s", multifactorAuthenticationTrustRecord.getPrincipal(), multifactorAuthenticationTrustRecord.getName()), ".json");
            MAPPER.writeValue(createTempFile, multifactorAuthenticationTrustRecord);
            return createTempFile;
        }), "mfatrusteddevices");
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentDisposition(ContentDisposition.attachment().filename((String) Objects.requireNonNull(zipFile.getFilename())).build());
        return new ResponseEntity<>(zipFile, httpHeaders, HttpStatus.OK);
    }

    private void cleanExpiredRecords() {
        ((MultifactorAuthenticationTrustStorage) this.mfaTrustEngine.getObject()).remove();
    }
}
