package com.atomgraph.linkeddatahub.resource.admin;

import com.atomgraph.core.MediaTypes;
import com.atomgraph.core.exception.ConfigurationException;
import com.atomgraph.linkeddatahub.apps.model.AdminApplication;
import com.atomgraph.linkeddatahub.apps.model.Application;
import com.atomgraph.linkeddatahub.apps.model.EndUserApplication;
import com.atomgraph.linkeddatahub.listener.EMailListener;
import com.atomgraph.linkeddatahub.model.Service;
import com.atomgraph.linkeddatahub.server.model.impl.GraphStoreImpl;
import com.atomgraph.linkeddatahub.server.security.AgentContext;
import com.atomgraph.linkeddatahub.server.util.MessageBuilder;
import com.atomgraph.linkeddatahub.server.util.Skolemizer;
import com.atomgraph.linkeddatahub.server.util.WebIDCertGen;
import com.atomgraph.linkeddatahub.vocabulary.ACL;
import com.atomgraph.linkeddatahub.vocabulary.Cert;
import com.atomgraph.linkeddatahub.vocabulary.FOAF;
import com.atomgraph.linkeddatahub.vocabulary.LACL;
import com.atomgraph.linkeddatahub.vocabulary.LDHC;
import com.atomgraph.processor.vocabulary.DH;
import com.atomgraph.processor.vocabulary.SIOC;
import com.atomgraph.server.exception.SPINConstraintViolationException;
import com.atomgraph.server.exception.SkolemizationException;
import com.atomgraph.spinrdf.constraints.ConstraintViolation;
import com.atomgraph.spinrdf.constraints.ObjectPropertyPath;
import com.google.common.base.CharMatcher;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPublicKey;
import java.time.LocalDate;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Optional;
import java.util.UUID;
import javax.inject.Inject;
import javax.mail.MessagingException;
import javax.servlet.ServletConfig;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.POST;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import org.apache.jena.datatypes.xsd.XSDDatatype;
import org.apache.jena.ontology.Ontology;
import org.apache.jena.query.ParameterizedSparqlString;
import org.apache.jena.query.Query;
import org.apache.jena.rdf.model.Model;
import org.apache.jena.rdf.model.ModelFactory;
import org.apache.jena.rdf.model.Property;
import org.apache.jena.rdf.model.ResIterator;
import org.apache.jena.rdf.model.Resource;
import org.apache.jena.rdf.model.ResourceFactory;
import org.apache.jena.rdf.model.Statement;
import org.apache.jena.riot.Lang;
import org.apache.jena.riot.RDFDataMgr;
import org.apache.jena.vocabulary.DCTerms;
import org.apache.jena.vocabulary.RDF;
import org.glassfish.jersey.server.internal.process.MappableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atomgraph/linkeddatahub/resource/admin/SignUp.class */
public class SignUp extends GraphStoreImpl {
    public static final String STORE_TYPE = "PKCS12";
    public static final String KEY_ALIAS = "linkeddatahub-client";
    public static final int MIN_PASSWORD_LENGTH = 6;
    public static final String COUNTRY_DATASET_PATH = "/static/com/atomgraph/linkeddatahub/xsl/bootstrap/2.3.2/countries.rdf";
    public static final String AGENT_PATH = "acl/agents/";
    public static final String PUBLIC_KEY_PATH = "acl/public-keys/";
    public static final String AUTHORIZATION_PATH = "acl/authorizations/";
    private final Model countryModel;
    private final String emailSubject;
    private final String emailText;
    private final int validityDays;
    private final boolean download;
    private static final Logger log = LoggerFactory.getLogger(SignUp.class);
    public static final MediaType PKCS12_MEDIA_TYPE = MediaType.valueOf("application/x-pkcs12");

    @Inject
    public SignUp(@Context Request request, @Context UriInfo uriInfo, MediaTypes mediaTypes, Application application, Optional<Ontology> optional, Optional<Service> optional2, @Context SecurityContext securityContext, Optional<AgentContext> optional3, @Context Providers providers, com.atomgraph.linkeddatahub.Application application2, @Context ServletConfig servletConfig) {
        super(request, uriInfo, mediaTypes, application, optional, optional2, securityContext, optional3, providers, application2);
        if (log.isDebugEnabled()) {
            log.debug("Constructing {}", getClass());
        }
        if (!application.canAs(AdminApplication.class)) {
            throw new IllegalStateException("Application cannot be cast to lapp:AdminApplication");
        }
        try {
            InputStream resourceAsStream = servletConfig.getServletContext().getResourceAsStream(COUNTRY_DATASET_PATH);
            try {
                this.countryModel = ModelFactory.createDefaultModel();
                RDFDataMgr.read(this.countryModel, resourceAsStream, (String) null, Lang.RDFXML);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                this.emailSubject = servletConfig.getServletContext().getInitParameter(LDHC.signUpEMailSubject.getURI());
                if (this.emailSubject == null) {
                    throw new InternalServerErrorException(new ConfigurationException(LDHC.signUpEMailSubject));
                }
                this.emailText = servletConfig.getServletContext().getInitParameter(LDHC.webIDSignUpEMailText.getURI());
                if (this.emailText == null) {
                    throw new InternalServerErrorException(new ConfigurationException(LDHC.webIDSignUpEMailText));
                }
                if (servletConfig.getServletContext().getInitParameter(LDHC.signUpCertValidity.getURI()) == null) {
                    throw new InternalServerErrorException(new ConfigurationException(LDHC.signUpCertValidity));
                }
                this.validityDays = Integer.parseInt(servletConfig.getServletContext().getInitParameter(LDHC.signUpCertValidity.getURI()));
                this.download = uriInfo.getQueryParameters().containsKey("download");
            } finally {
            }
        } catch (IOException e) {
            throw new InternalServerErrorException(e);
        }
    }

    @GET
    public Response get(@QueryParam("default") @DefaultValue("false") Boolean bool, @QueryParam("graph") URI uri) {
        return super.get(false, getURI());
    }

    @Override // com.atomgraph.linkeddatahub.server.model.impl.GraphStoreImpl
    @POST
    public Response post(Model model, @QueryParam("default") @DefaultValue("false") Boolean bool, @QueryParam("graph") URI uri) {
        URI build = getUriInfo().getBaseUriBuilder().path(AGENT_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
        new Skolemizer(build.toString()).apply(model);
        ResIterator listResourcesWithProperty = model.listResourcesWithProperty(RDF.type, FOAF.Person);
        try {
            try {
                try {
                    Resource resource = (Resource) listResourcesWithProperty.next();
                    String validateAndRemovePassword = validateAndRemovePassword(resource);
                    Resource resource2 = resource.getRequiredProperty(FOAF.mbox).getResource();
                    ParameterizedSparqlString parameterizedSparqlString = new ParameterizedSparqlString(getAgentQuery().toString());
                    parameterizedSparqlString.setParam(FOAF.mbox.getLocalName(), resource2);
                    if (!getAgentService().getSPARQLClient().loadModel(parameterizedSparqlString.asQuery()).isEmpty()) {
                        throw createSPINConstraintViolationException(resource, FOAF.mbox, "Agent with this mailbox already exists");
                    }
                    String str = resource.getRequiredProperty(FOAF.givenName).getString() + " " + resource.getRequiredProperty(FOAF.familyName).getString();
                    String str2 = null;
                    if (resource.hasProperty(FOAF.member)) {
                        Resource propertyResourceValue = resource.getPropertyResourceValue(FOAF.member);
                        if (propertyResourceValue.hasProperty(FOAF.name)) {
                            str2 = propertyResourceValue.getProperty(FOAF.name).getString();
                        }
                    }
                    String string = getCountryModel().createResource(resource.getRequiredProperty(FOAF.based_near).getResource().getURI()).getRequiredProperty(DCTerms.title).getString();
                    Resource appendItem = appendItem(model, build, model.createResource(getUriInfo().getBaseUri().resolve(AGENT_PATH).toString()), resource);
                    String str3 = UUID.randomUUID().toString() + ".p12";
                    Path path = Paths.get(System.getProperty("java.io.tmpdir") + File.separator + str3, new String[0]);
                    if (!appendItem.isURIResource()) {
                        throw new IllegalStateException("Agent is not a URI resource");
                    }
                    new WebIDCertGen("RSA", STORE_TYPE).generate(path, validateAndRemovePassword, validateAndRemovePassword, KEY_ALIAS, str, null, str2, null, null, string, appendItem.getURI(), getValidityDays());
                    KeyStore keyStore = KeyStore.getInstance(STORE_TYPE);
                    byte[] readAllBytes = Files.readAllBytes(path);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(readAllBytes);
                    try {
                        keyStore.load(byteArrayInputStream, validateAndRemovePassword.toCharArray());
                        Certificate certificate = keyStore.getCertificate(KEY_ALIAS);
                        if (!(certificate.getPublicKey() instanceof RSAPublicKey)) {
                            throw new IllegalStateException("Certificate PublicKey is not an RSAPublicKey");
                        }
                        RSAPublicKey rSAPublicKey = (RSAPublicKey) certificate.getPublicKey();
                        URI build2 = getUriInfo().getBaseUriBuilder().path(PUBLIC_KEY_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
                        Model createDefaultModel = ModelFactory.createDefaultModel();
                        createPublicKey(createDefaultModel, build2, createDefaultModel.createResource(getUriInfo().getBaseUri().resolve(PUBLIC_KEY_PATH).toString()), rSAPublicKey);
                        new Skolemizer(build2.toString()).apply(createDefaultModel);
                        if (super.post(createDefaultModel, false, build2).getStatus() != Response.Status.CREATED.getStatusCode()) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create PublicKey");
                            }
                            throw new InternalServerErrorException("Cannot create PublicKey");
                        }
                        appendItem.addProperty(Cert.key, createDefaultModel.createResource(build2.toString()).getPropertyResourceValue(FOAF.primaryTopic));
                        model.add(model.createResource(getSystem().getSecretaryWebIDURI().toString()), ACL.delegates, appendItem);
                        if (super.post(model, false, build).getStatus() != Response.Status.CREATED.getStatusCode()) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create Agent");
                            }
                            throw new InternalServerErrorException("Cannot create Agent");
                        }
                        URI build3 = getUriInfo().getBaseUriBuilder().path(AUTHORIZATION_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
                        Model createDefaultModel2 = ModelFactory.createDefaultModel();
                        createAuthorization(createDefaultModel2, build3, createDefaultModel2.createResource(getUriInfo().getBaseUri().resolve(AUTHORIZATION_PATH).toString()), build, build2);
                        new Skolemizer(build3.toString()).apply(createDefaultModel2);
                        if (super.post(createDefaultModel2, false, build3).getStatus() != Response.Status.CREATED.getStatusCode()) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create Authorization");
                            }
                            throw new InternalServerErrorException("Cannot create Authorization");
                        }
                        getSystem().getEventBus().post(new com.atomgraph.linkeddatahub.server.event.SignUp(getSystem().getSecretaryWebIDURI()));
                        if (this.download) {
                            Response build4 = Response.ok(readAllBytes).type(PKCS12_MEDIA_TYPE).header("Content-Disposition", "attachment; filename=cert.p12").build();
                            byteArrayInputStream.close();
                            listResourcesWithProperty.close();
                            return build4;
                        }
                        sendEmail(appendItem, LocalDate.now().plusDays(getValidityDays()), readAllBytes, str3);
                        Response build5 = Response.ok().entity(model.add(createDefaultModel)).build();
                        byteArrayInputStream.close();
                        listResourcesWithProperty.close();
                        return build5;
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    throw new MappableException(e);
                }
            } catch (SPINConstraintViolationException e2) {
                throw e2;
            } catch (IllegalArgumentException e3) {
                throw new SkolemizationException(e3, model);
            }
        } catch (Throwable th3) {
            listResourcesWithProperty.close();
            throw th3;
        }
    }

    public String validateAndRemovePassword(Resource resource) throws SPINConstraintViolationException {
        Statement property = resource.getProperty(Cert.key);
        if (property == null) {
            throw createSPINConstraintViolationException(resource, Cert.key, "cert:key is missing");
        }
        if (property.getResource().listProperties(LACL.password).toList().size() > 1) {
            throw createSPINConstraintViolationException(property.getResource(), LACL.password, "Certificate passwords do not match");
        }
        Statement property2 = property.getResource().getProperty(LACL.password);
        if (property2 == null) {
            throw createSPINConstraintViolationException(property.getResource(), LACL.password, "Certificate password is missing");
        }
        String string = property2.getString();
        if (string.length() < 6) {
            throw createSPINConstraintViolationException(property.getResource(), LACL.password, "Certificate password must be at least 6 characters long");
        }
        if (!CharMatcher.ascii().matchesAllOf(string)) {
            throw createSPINConstraintViolationException(property.getResource(), LACL.password, "Certificate password must only contain ASCII characters");
        }
        property2.remove();
        property.remove();
        return string;
    }

    public SPINConstraintViolationException createSPINConstraintViolationException(Resource resource, Property property, String str) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new ObjectPropertyPath(resource, property));
        arrayList.add(new ConstraintViolation(resource, arrayList2, (Collection) null, str, (Resource) null));
        return new SPINConstraintViolationException(arrayList, resource.getModel());
    }

    public Resource appendItem(Model model, URI uri, Resource resource, Resource resource2) {
        model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString()).addProperty(FOAF.primaryTopic, resource2);
        return resource2;
    }

    public Resource createPublicKey(Model model, URI uri, Resource resource, RSAPublicKey rSAPublicKey) {
        Resource addLiteral = model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString());
        Resource addLiteral2 = model.createResource().addProperty(RDF.type, Cert.PublicKey).addLiteral(Cert.exponent, rSAPublicKey.getPublicExponent()).addLiteral(Cert.modulus, ResourceFactory.createTypedLiteral(rSAPublicKey.getModulus().toString(16), XSDDatatype.XSDhexBinary));
        addLiteral.addProperty(FOAF.primaryTopic, addLiteral2);
        return addLiteral2;
    }

    public Resource createAuthorization(Model model, URI uri, Resource resource, URI uri2, URI uri3) {
        Resource addLiteral = model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString());
        Resource addProperty = model.createResource().addProperty(RDF.type, ACL.Authorization).addLiteral(DH.slug, UUID.randomUUID().toString()).addProperty(ACL.accessTo, ResourceFactory.createResource(uri2.toString())).addProperty(ACL.accessTo, ResourceFactory.createResource(uri3.toString())).addProperty(ACL.mode, ACL.Read).addProperty(ACL.agentClass, FOAF.Agent).addProperty(ACL.agentClass, ACL.AuthenticatedAgent);
        addLiteral.addProperty(FOAF.primaryTopic, addProperty);
        return addProperty;
    }

    public void sendEmail(Resource resource, LocalDate localDate, byte[] bArr, String str) throws MessagingException, UnsupportedEncodingException {
        String str2 = resource.getRequiredProperty(FOAF.givenName).getString() + " " + resource.getRequiredProperty(FOAF.familyName).getString();
        MessageBuilder byteArrayBodyPart = getSystem().getMessageBuilder().subject(String.format(getEmailSubject(), getEndUserApplication().getProperty(DCTerms.title).getString(), str2)).to(resource.getRequiredProperty(FOAF.mbox).getResource().getURI().substring("mailto:".length()), str2).textBodyPart(String.format(getEmailText(), getEndUserApplication().getProperty(DCTerms.title).getString(), getEndUserApplication().getBase(), resource.getURI(), localDate.format(DateTimeFormatter.ISO_LOCAL_DATE))).byteArrayBodyPart(bArr, PKCS12_MEDIA_TYPE.toString(), str);
        if (getSystem().getNotificationAddress() != null) {
            byteArrayBodyPart = byteArrayBodyPart.from(getSystem().getNotificationAddress());
        }
        EMailListener.submit(byteArrayBodyPart.build());
    }

    public EndUserApplication getEndUserApplication() {
        return getApplication().canAs(EndUserApplication.class) ? getApplication().as(EndUserApplication.class) : getApplication().as(AdminApplication.class).getEndUserApplication();
    }

    public Service getAgentService() {
        return getApplication().mo17getService();
    }

    public URI getURI() {
        return getUriInfo().getAbsolutePath();
    }

    public int getValidityDays() {
        return this.validityDays;
    }

    public Model getCountryModel() {
        return this.countryModel;
    }

    public String getEmailSubject() {
        return this.emailSubject;
    }

    public String getEmailText() {
        return this.emailText;
    }

    public Query getAgentQuery() {
        return getSystem().getAgentQuery();
    }
}
