package net.krotscheck.kangaroo.authz.admin.v1.resource;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.AuthorizationScope;
import java.math.BigInteger;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.admin.Scope;
import net.krotscheck.kangaroo.authz.admin.v1.auth.ScopesAllowed;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.authenticator.IAuthenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.Application;
import net.krotscheck.kangaroo.authz.common.database.entity.Authenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.User;
import net.krotscheck.kangaroo.authz.common.database.util.SortUtil;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.hibernate.transaction.Transactional;
import net.krotscheck.kangaroo.common.response.ListResponseBuilder;
import net.krotscheck.kangaroo.common.response.SortOrder;
import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hibernate.search.query.dsl.MustJunction;
import org.hibernate.search.query.dsl.QueryBuilder;
import org.jvnet.hk2.annotations.Optional;

@Transactional
@Api(tags = {"Authenticator"}, authorizations = {@Authorization(value = "Kangaroo", scopes = {@AuthorizationScope(scope = Scope.AUTHENTICATOR, description = "Modify authenticators in one application."), @AuthorizationScope(scope = Scope.AUTHENTICATOR_ADMIN, description = "Modify authenticators in all applications.")})})
@Path("/authenticator")
@ScopesAllowed({Scope.AUTHENTICATOR, Scope.AUTHENTICATOR_ADMIN})
/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/resource/AuthenticatorService.class */
public final class AuthenticatorService extends AbstractService {
    @GET
    @Path("/search")
    @ApiOperation("Search authenticators")
    @Produces({"application/json"})
    public Response search(@QueryParam("offset") @DefaultValue("0") Integer num, @QueryParam("limit") @DefaultValue("10") Integer num2, @QueryParam("q") @DefaultValue("") String str, @Optional @QueryParam("owner") @ApiParam(type = "string") BigInteger bigInteger, @Optional @QueryParam("client") @ApiParam(type = "string") BigInteger bigInteger2, @Optional @QueryParam("type") AuthenticatorType authenticatorType) {
        QueryBuilder queryBuilder = getSearchFactory().buildQueryBuilder().forEntity(Authenticator.class).get();
        MustJunction must = queryBuilder.bool().must(queryBuilder.keyword().fuzzy().onFields(new String[]{"client.name"}).matching(str).createQuery());
        User resolveOwnershipFilter = resolveOwnershipFilter(bigInteger);
        if (resolveOwnershipFilter != null) {
            must.must(queryBuilder.keyword().onField("client.application.owner.id").matching(resolveOwnershipFilter.getId()).createQuery());
        }
        Client client = (Client) resolveFilterEntity(Client.class, bigInteger2);
        if (client != null) {
            must.must(queryBuilder.keyword().onField("client.id").matching(client.getId()).createQuery());
        }
        if (authenticatorType != null) {
            must.must(queryBuilder.keyword().onField("type").matching(authenticatorType).createQuery());
        }
        return executeQuery(Authenticator.class, getFullTextSession().createFullTextQuery(must.createQuery(), new Class[]{Authenticator.class}), num.intValue(), num2.intValue());
    }

    @GET
    @Produces({"application/json"})
    @ApiOperation("Browse authenticators")
    public Response browse(@QueryParam("offset") @DefaultValue("0") int i, @QueryParam("limit") @DefaultValue("10") int i2, @QueryParam("sort") @DefaultValue("createdDate") String str, @QueryParam("order") @DefaultValue("ASC") SortOrder sortOrder, @Optional @QueryParam("owner") @ApiParam(type = "string") BigInteger bigInteger, @Optional @QueryParam("client") @ApiParam(type = "string") BigInteger bigInteger2) {
        User resolveOwnershipFilter = resolveOwnershipFilter(bigInteger);
        Client client = (Client) resolveFilterEntity(Client.class, bigInteger2);
        Criteria projection = getSession().createCriteria(Authenticator.class).createAlias("client", "c").setProjection(Projections.rowCount());
        Criteria addOrder = getSession().createCriteria(Authenticator.class).createAlias("client", "c").setFirstResult(i).setMaxResults(i2).addOrder(SortUtil.order(sortOrder, str));
        if (client != null) {
            addOrder.add(Restrictions.eq("c.id", client.getId()));
            projection.add(Restrictions.eq("c.id", client.getId()));
        }
        if (resolveOwnershipFilter != null) {
            addOrder.createAlias("c.application", "a").createAlias("a.owner", "o").add(Restrictions.eq("o.id", resolveOwnershipFilter.getId()));
            projection.createAlias("c.application", "a").createAlias("a.owner", "o").add(Restrictions.eq("o.id", resolveOwnershipFilter.getId()));
        }
        return ListResponseBuilder.builder().offset(Integer.valueOf(i)).limit(Integer.valueOf(i2)).order(sortOrder).sort(str).total(projection.uniqueResult()).addResult(addOrder.list()).build();
    }

    @GET
    @Path("/{id: [a-f0-9]{32}}")
    @ApiOperation("Read authenticator")
    @Produces({"application/json"})
    public Response getResource(@PathParam("id") @ApiParam(type = "string") BigInteger bigInteger) {
        Authenticator authenticator = (Authenticator) getSession().get(Authenticator.class, bigInteger);
        assertCanAccess(authenticator, getAdminScope());
        return Response.ok(authenticator).build();
    }

    @POST
    @Consumes({"application/json"})
    @ApiOperation("Create authenticator")
    public Response createResource(Authenticator authenticator) {
        if (authenticator == null) {
            throw new BadRequestException();
        }
        if (authenticator.getId() != null) {
            throw new BadRequestException();
        }
        if (authenticator.getClient() == null) {
            throw new BadRequestException();
        }
        if (authenticator.getType() == null) {
            throw new BadRequestException();
        }
        Client client = (Client) getSession().get(Client.class, authenticator.getClient().getId());
        if (client == null) {
            throw new BadRequestException();
        }
        if (!getSecurityContext().isUserInRole(getAdminScope())) {
            Application application = client.getApplication();
            if (getCurrentUser() == null || !getCurrentUser().equals(application.getOwner())) {
                throw new BadRequestException();
            }
        }
        ((IAuthenticator) getInjector().getInstance(IAuthenticator.class, authenticator.getType().toString())).validate(authenticator);
        getSession().save(authenticator);
        return Response.created(getUriInfo().getAbsolutePathBuilder().path(AuthenticatorService.class, "getResource").build(new Object[]{IdUtil.toString(authenticator.getId())})).build();
    }

    @Path("/{id: [a-f0-9]{32}}")
    @Consumes({"application/json"})
    @ApiOperation("Update authenticator")
    @Produces({"application/json"})
    @PUT
    public Response updateResource(@PathParam("id") @ApiParam(type = "string") BigInteger bigInteger, Authenticator authenticator) {
        Session session = getSession();
        Authenticator authenticator2 = (Authenticator) session.get(Authenticator.class, bigInteger);
        assertCanAccess(authenticator2, getAdminScope());
        if (!authenticator2.equals(authenticator)) {
            throw new BadRequestException();
        }
        if (!authenticator2.getClient().equals(authenticator.getClient())) {
            throw new BadRequestException();
        }
        if (authenticator.getType() == null) {
            throw new BadRequestException();
        }
        ((IAuthenticator) getInjector().getInstance(IAuthenticator.class, authenticator.getType().toString())).validate(authenticator);
        authenticator2.setType(authenticator.getType());
        authenticator2.setConfiguration(authenticator.getConfiguration());
        session.update(authenticator2);
        return Response.ok(authenticator2).build();
    }

    @Path("/{id: [a-f0-9]{32}}")
    @DELETE
    @ApiOperation("Delete authenticator")
    public Response deleteResource(@PathParam("id") @ApiParam(type = "string") BigInteger bigInteger) {
        Session session = getSession();
        Authenticator authenticator = (Authenticator) session.get(Authenticator.class, bigInteger);
        assertCanAccess(authenticator, getAdminScope());
        session.delete(authenticator);
        return Response.noContent().build();
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractService
    protected String getAdminScope() {
        return Scope.AUTHENTICATOR_ADMIN;
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractService
    protected String getAccessScope() {
        return Scope.AUTHENTICATOR;
    }
}
