package org.kuali.kfs.sys.rest.resource;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Map;
import org.apache.commons.lang3.Validate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.config.Environment;
import org.kuali.kfs.kim.api.KimConstants;
import org.kuali.kfs.kim.api.permission.PermissionService;
import org.kuali.kfs.kns.bo.AuthenticationValidationResponse;
import org.kuali.kfs.kns.service.CfAuthenticationService;
import org.kuali.kfs.krad.UserSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.SessionAttribute;
import org.springframework.web.server.ResponseStatusException;

@RequestMapping(path = {"backdoor"}, produces = {"application/json"})
@Lazy
@RestController
/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/sys/rest/resource/BackdoorController.class */
public class BackdoorController {
    private static final Logger LOG = LogManager.getLogger();
    private final Environment environment;
    private final CfAuthenticationService cfAuthenticationService;
    private final PermissionService permissionService;

    @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
    /* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/sys/rest/resource/BackdoorController$BackdoorId.class */
    private static final class BackdoorId {
        final String backdoorId;

        private BackdoorId(@JsonProperty("backdoorId") String str) {
            this.backdoorId = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
    /* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/sys/rest/resource/BackdoorController$Message.class */
    public static final class Message {
        final String message;

        private Message(String str) {
            this.message = str;
        }
    }

    @Autowired
    public BackdoorController(Environment environment, CfAuthenticationService cfAuthenticationService, PermissionService permissionService) {
        Validate.isTrue(environment != null, "environment must be supplied", new Object[0]);
        this.environment = environment;
        Validate.isTrue(cfAuthenticationService != null, "cfAuthenticationService must be supplied", new Object[0]);
        this.cfAuthenticationService = cfAuthenticationService;
        Validate.isTrue(permissionService != null, "permissionService must be supplied", new Object[0]);
        this.permissionService = permissionService;
    }

    @GetMapping(path = {"id"})
    public BackdoorId findBackdoorId(@SessionAttribute(name = "userSession") UserSession userSession) {
        LOG.debug("findBackdoorId(...) - Enter");
        BackdoorId backdoorId = new BackdoorId((userSession == null || !userSession.isBackdoorInUse()) ? "" : userSession.getPrincipalName());
        LOG.debug("findBackdoorId(...) - Exit : backdoorId={}", backdoorId);
        return backdoorId;
    }

    @PostMapping(consumes = {"application/json"}, path = {"login"})
    public ResponseEntity<?> login(@SessionAttribute(name = "userSession") UserSession userSession, @RequestBody BackdoorId backdoorId) {
        LOG.debug("login(...) - Enter : backdoorId={}", backdoorId);
        if (this.environment.isProductionEnvironment()) {
            return ResponseEntity.badRequest().build();
        }
        String str = backdoorId == null ? "" : backdoorId.backdoorId;
        AuthenticationValidationResponse validatePrincipalName = this.cfAuthenticationService.validatePrincipalName(str);
        ResponseEntity<?> responseEntity = null;
        if (validatePrincipalName != AuthenticationValidationResponse.VALID_AUTHENTICATION) {
            switch (validatePrincipalName) {
                case INVALID_PRINCIPAL_NAME_BLANK:
                    LOG.debug("login(...) - BackdoorId was missing");
                    throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "BackdoorId was empty");
                case INVALID_PRINCIPAL_DOES_NOT_EXIST:
                    LOG.debug("login(...) - Principal does not exist");
                    responseEntity = ResponseEntity.ok(logout(userSession));
                    break;
                case INVALID_PRINCIPAL_CANNOT_LOGIN:
                    LOG.debug("login(...) - Principal does not have permissions to back door login");
                    responseEntity = ResponseEntity.ok(logout(userSession));
                    break;
            }
        } else {
            String principalId = userSession.getActualPerson().getPrincipalId();
            if (!this.permissionService.isAuthorized(principalId, "KFS-SYS", KimConstants.PermissionNames.BACKDOOR_RESTRICTION, Map.of())) {
                LOG.warn("login(...) - Attempt to backdoor was made but the user does not have permissions; backdoor processing aborted. : principalId={}", principalId);
                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not permitted to use backdoor functionality");
            }
            try {
                userSession.clearObjectMap();
                userSession.setBackdoorUser(str);
                responseEntity = ResponseEntity.ok(new BackdoorId(userSession.getPrincipalName()));
            } catch (RuntimeException e) {
                LOG.warn("login(...) - Invalid ID : backdoorId={}", backdoorId, e);
                throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid backdoorId");
            }
        }
        LOG.debug("login(...) - Exit : response={}", responseEntity);
        return responseEntity;
    }

    @GetMapping(path = {"logout"})
    public Message logout(@SessionAttribute(name = "userSession") UserSession userSession) {
        LOG.debug("logout(...) - Enter");
        if (userSession == null) {
            LOG.warn("logout(...) - Exit; userSession is NULL");
            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Session was empty");
        }
        userSession.clearBackdoorUser();
        Message message = new Message("Successfully logged out");
        LOG.debug("logout(...) - Exit : message={}", message);
        return message;
    }
}
