package org.eclipse.pass.user;

import com.yahoo.elide.RefreshableElide;
import jakarta.json.Json;
import jakarta.json.JsonObject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import org.eclipse.pass.object.PassClient;
import org.eclipse.pass.object.PassClientResult;
import org.eclipse.pass.object.PassClientSelector;
import org.eclipse.pass.object.RSQL;
import org.eclipse.pass.object.model.Submission;
import org.eclipse.pass.object.model.User;
import org.eclipse.pass.usertoken.BadTokenException;
import org.eclipse.pass.usertoken.Token;
import org.eclipse.pass.usertoken.TokenFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:org/eclipse/pass/user/UserServiceController.class */
public class UserServiceController {
    private static final Logger LOG = LoggerFactory.getLogger(UserServiceController.class);
    private final TokenFactory userTokenFactory;
    private final RefreshableElide refreshableElide;

    public UserServiceController(TokenFactory tokenFactory, RefreshableElide refreshableElide) {
        this.refreshableElide = refreshableElide;
        this.userTokenFactory = tokenFactory;
    }

    @GetMapping({"/user/whoami"})
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        if (userPrincipal == null || userPrincipal.getName() == null) {
            set_error_response(httpServletResponse, "No principal", HttpStatus.UNAUTHORIZED);
            return;
        }
        String name = userPrincipal.getName();
        try {
            PassClient newInstance = PassClient.newInstance(this.refreshableElide);
            try {
                PassClientSelector passClientSelector = new PassClientSelector(User.class);
                passClientSelector.setFilter(RSQL.equals("username", name));
                PassClientResult selectObjects = newInstance.selectObjects(passClientSelector);
                if (selectObjects.getObjects().isEmpty()) {
                    set_error_response(httpServletResponse, "No user matching principal: " + name, HttpStatus.INTERNAL_SERVER_ERROR);
                    if (newInstance != null) {
                        newInstance.close();
                        return;
                    }
                    return;
                }
                if (selectObjects.getObjects().size() > 1) {
                    set_error_response(httpServletResponse, "Multiple users matching principal: " + name, HttpStatus.INTERNAL_SERVER_ERROR);
                    if (newInstance != null) {
                        newInstance.close();
                        return;
                    }
                    return;
                }
                User user = (User) selectObjects.getObjects().get(0);
                Token token = get_user_token(httpServletRequest.getQueryString());
                if (token != null) {
                    enact_user_token(user, token, newInstance);
                }
                set_response(httpServletResponse, Json.createObjectBuilder().add("id", user.getId().toString()).add("type", "user").add("uri", PassClient.getUrl(this.refreshableElide, user)).build(), HttpStatus.OK);
                if (newInstance != null) {
                    newInstance.close();
                }
            } finally {
            }
        } catch (BadTokenException e) {
            set_error_response(httpServletResponse, "Bad user token: " + httpServletRequest.getQueryString(), HttpStatus.BAD_REQUEST);
        }
    }

    private Token get_user_token(String str) throws BadTokenException {
        if (this.userTokenFactory.hasToken(str)) {
            return this.userTokenFactory.fromUri(str);
        }
        return null;
    }

    private void enact_user_token(User user, Token token, PassClient passClient) throws IOException, BadTokenException {
        if (!token.getPassResourceType().equals("submission")) {
            throw new BadTokenException(String.format("Expected submission <%s>", token.getPassResource()));
        }
        Submission object = passClient.getObject(Submission.class, token.getPassResourceIdentifier());
        if (object == null) {
            throw new IOException(String.format("Submission <%s> not found", token.getPassResource()));
        }
        if (!token.getReference().equals(object.getSubmitterEmail())) {
            if (!user.getId().equals(object.getSubmitter().getId())) {
                throw new BadTokenException(String.format("New user token does not match expected e-mail <%s> on submission <%s>; found <%s> instead", token.getReference(), object.getId(), object.getSubmitterEmail()));
            }
            LOG.info("User <{}> already in place as the submitter.  Ignoring user token");
            return;
        }
        LOG.info("User <{}> will be made a submitter for <{}>, based on matching e-mail <{}>", new Object[]{user.getId(), object.getId(), object.getSubmitterEmail()});
        object.setSubmitterEmail((URI) null);
        object.setSubmitterName((String) null);
        if (object.getSubmitter() != null && !object.getSubmitter().getId().equals(user.getId())) {
            throw new BadTokenException(String.format("There is already a submitter <%s> for the submission <%s>, and it isn't the intended user <%s>  Refusing to apply the token for <%s>", object.getSubmitter(), object.getId(), user.getId(), token.getReference()));
        }
        object.setSubmitter(user);
        passClient.updateObject(object);
    }

    private void set_response(HttpServletResponse httpServletResponse, JsonObject jsonObject, HttpStatus httpStatus) throws IOException {
        httpServletResponse.getWriter().print(jsonObject.toString());
        httpServletResponse.setStatus(httpStatus.value());
    }

    private void set_error_response(HttpServletResponse httpServletResponse, String str, HttpStatus httpStatus) throws IOException {
        set_response(httpServletResponse, Json.createObjectBuilder().add("message", str).build(), httpStatus);
        LOG.error(str);
    }
}
