package org.apereo.cas.mgmt;

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.mgmt.authentication.CasUserProfile;
import org.apereo.cas.mgmt.authentication.CasUserProfileFactory;
import org.apereo.cas.mgmt.domain.SsoSession;
import org.apereo.cas.mgmt.domain.SsoSessionResponse;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.serialization.TicketIdSanitizationUtils;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;

@RequestMapping(path = {"api/sessions"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-support-dashboard-6.2.2.jar:org/apereo/cas/mgmt/SessionsController.class */
public class SessionsController {
    private final CasManagementConfigurationProperties mgmtProperties;
    private final CasUserProfileFactory casUserProfileFactory;
    private final CasConfigurationProperties casProperties;

    @GetMapping
    public SsoSessionResponse getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IllegalAccessException {
        isAdmin(httpServletRequest, httpServletResponse);
        return getSsoSessions(this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions?type=ALL", true);
    }

    @DeleteMapping({"{tgt}"})
    public void revokeSession(@PathVariable String str, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws IllegalAccessException {
        String ticketGrantingTicket;
        CipherExecutor.LOGGER.info("Attempting to revoke [{}]", str);
        if (this.casUserProfileFactory.from(httpServletRequest, httpServletResponse).isAdministrator()) {
            Optional<SsoSession> findFirst = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?type=ALL", false).getActiveSsoSessions().stream().filter(ssoSession -> {
                return TicketIdSanitizationUtils.sanitize(ssoSession.getTicketGrantingTicket()).equals(str);
            }).findFirst();
            if (!findFirst.isPresent()) {
                throw new IllegalAccessException("Permission Denied");
            }
            ticketGrantingTicket = findFirst.get().getTicketGrantingTicket();
        } else {
            Optional<SsoSession> findFirst2 = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?type=ALL", false).getActiveSsoSessions().stream().filter(ssoSession2 -> {
                return TicketIdSanitizationUtils.sanitize(ssoSession2.getTicketGrantingTicket()).equals(str);
            }).findFirst();
            if (!findFirst2.isPresent()) {
                throw new IllegalAccessException("Permission Denied");
            }
            ticketGrantingTicket = findFirst2.get().getTicketGrantingTicket();
        }
        if (ticketGrantingTicket == null || ticketGrantingTicket.length() <= 0) {
            return;
        }
        new RestTemplate().delete((this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions") + "/" + ticketGrantingTicket, new Object[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private SsoSessionResponse getSsoSessions(String str, boolean z) {
        SsoSessionResponse ssoSessionResponse = (SsoSessionResponse) new RestTemplate().getForEntity(str, SsoSessionResponse.class, new Object[0]).getBody();
        if (z) {
            ssoSessionResponse.getActiveSsoSessions().forEach(ssoSession -> {
                ssoSession.setTicketGrantingTicket(TicketIdSanitizationUtils.sanitize(ssoSession.getTicketGrantingTicket()));
            });
        }
        return ssoSessionResponse;
    }

    @GetMapping({"revokeAll"})
    @ResponseStatus(HttpStatus.OK)
    public void revokeAll(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CasUserProfile from = this.casUserProfileFactory.from(httpServletRequest, httpServletResponse);
        CipherExecutor.LOGGER.info("Attempting to revoke all sessions for [{}]", from.getId());
        RestTemplate restTemplate = new RestTemplate();
        String str = this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions";
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        restTemplate.postForObject(str + "/" + from.getId(), new HttpEntity(null, httpHeaders), Void.class, new Object[0]);
    }

    @PostMapping({"bulkRevoke"})
    @ResponseStatus(HttpStatus.OK)
    public void bulkRevoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody List<String> list) {
        CipherExecutor.LOGGER.info("Attempting to revoke [{}]", list);
        ArrayList arrayList = new ArrayList();
        SsoSessionResponse ssoSessions = getSsoSessions(this.casProperties.getServer().getPrefix() + "/actuator/ssoSessions?type=ALL", false);
        list.forEach(str -> {
            Optional<SsoSession> findFirst = ssoSessions.getActiveSsoSessions().stream().filter(ssoSession -> {
                return TicketIdSanitizationUtils.sanitize(ssoSession.getTicketGrantingTicket()).equals(str);
            }).findFirst();
            if (findFirst.isPresent()) {
                arrayList.add(findFirst.get().getTicketGrantingTicket());
            }
        });
        if (arrayList.size() > 0) {
            RestTemplate restTemplate = new RestTemplate();
            String str2 = this.mgmtProperties.getCasServers().get(0).getUrl() + "/actuator/ssoSessions";
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_JSON);
            restTemplate.exchange(str2, HttpMethod.POST, new HttpEntity<>("{\"tickets\": \"" + ((String) arrayList.stream().collect(Collectors.joining(","))) + "\"}", httpHeaders), Void.class, new Object[0]);
        }
    }

    private void isAdmin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IllegalAccessException {
        if (!this.casUserProfileFactory.from(httpServletRequest, httpServletResponse).isAdministrator()) {
            throw new IllegalAccessException("Permission Denied");
        }
    }

    @Generated
    public SessionsController(CasManagementConfigurationProperties casManagementConfigurationProperties, CasUserProfileFactory casUserProfileFactory, CasConfigurationProperties casConfigurationProperties) {
        this.mgmtProperties = casManagementConfigurationProperties;
        this.casUserProfileFactory = casUserProfileFactory;
        this.casProperties = casConfigurationProperties;
    }
}
