package pro.taskana.rest;

import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.hateoas.config.EnableHypermediaSupport;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import pro.taskana.exceptions.InvalidArgumentException;
import pro.taskana.ldap.LdapCache;
import pro.taskana.ldap.LdapClient;
import pro.taskana.rest.resource.AccessIdResource;

@EnableHypermediaSupport(type = {EnableHypermediaSupport.HypermediaType.HAL})
@RestController
/* loaded from: input_file:pro/taskana/rest/AccessIdController.class */
public class AccessIdController {
    private static final Logger LOGGER = LoggerFactory.getLogger(AccessIdController.class);

    @Autowired
    LdapClient ldapClient;
    private static LdapCache ldapCache;

    @GetMapping(path = {Mapping.URL_ACCESSID})
    public ResponseEntity<List<AccessIdResource>> validateAccessIds(@RequestParam("search-for") String str) throws InvalidArgumentException {
        LOGGER.debug("Entry to validateAccessIds(search-for= {})", str);
        if (str.length() < this.ldapClient.getMinSearchForLength()) {
            throw new InvalidArgumentException("searchFor string '" + str + "' is too short. Minimum searchFor length = " + this.ldapClient.getMinSearchForLength());
        }
        if (this.ldapClient.useLdap()) {
            ResponseEntity<List<AccessIdResource>> ok = ResponseEntity.ok(this.ldapClient.searchUsersAndGroups(str));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Exit from validateAccessIds(), returning {}", ok);
            }
            return ok;
        }
        if (ldapCache == null) {
            ResponseEntity<List<AccessIdResource>> build = ResponseEntity.notFound().build();
            LOGGER.debug("Exit from validateAccessIds(), returning {}", build);
            return build;
        }
        ResponseEntity<List<AccessIdResource>> ok2 = ResponseEntity.ok(ldapCache.findMatchingAccessId(str, this.ldapClient.getMaxNumberOfReturnedAccessIds()));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Exit from validateAccessIds(), returning {}", ok2);
        }
        return ok2;
    }

    @GetMapping(path = {Mapping.URL_ACCESSID_GROUPS})
    public ResponseEntity<List<AccessIdResource>> getGroupsByAccessId(@RequestParam("access-id") String str) throws InvalidArgumentException {
        LOGGER.debug("Entry to getGroupsByAccessId(access-id= {})", str);
        if ((this.ldapClient.useLdap() || ldapCache != null) && !validateAccessId(str)) {
            throw new InvalidArgumentException("The accessId is invalid");
        }
        if (this.ldapClient.useLdap()) {
            List<AccessIdResource> searchUsersAndGroups = this.ldapClient.searchUsersAndGroups(str);
            searchUsersAndGroups.addAll(this.ldapClient.searchGroupsofUsersIsMember(str));
            ResponseEntity<List<AccessIdResource>> ok = ResponseEntity.ok(searchUsersAndGroups);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", ok);
            }
            return ok;
        }
        if (ldapCache == null) {
            ResponseEntity<List<AccessIdResource>> build = ResponseEntity.notFound().build();
            LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", build);
            return build;
        }
        ResponseEntity<List<AccessIdResource>> ok2 = ResponseEntity.ok(ldapCache.findGroupsOfUser(str, this.ldapClient.getMaxNumberOfReturnedAccessIds()));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", ok2);
        }
        return ok2;
    }

    public static void setLdapCache(LdapCache ldapCache2) {
        ldapCache = ldapCache2;
    }

    private boolean validateAccessId(String str) throws InvalidArgumentException {
        return (this.ldapClient.useLdap() && this.ldapClient.searchUsersAndGroups(str).size() == 1) || (!this.ldapClient.useLdap() && ldapCache.validateAccessId(str).size() == 1);
    }
}
