package com.evolveum.midpoint.model.impl;

import com.evolveum.midpoint.CacheInvalidationContext;
import com.evolveum.midpoint.TerminateSessionEvent;
import com.evolveum.midpoint.common.configuration.api.MidpointConfiguration;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.model.impl.security.NodeAuthenticationToken;
import com.evolveum.midpoint.model.impl.security.SecurityHelper;
import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
import com.evolveum.midpoint.repo.api.CacheDispatcher;
import com.evolveum.midpoint.repo.api.CacheInvalidationDetails;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.TerminateSessionEventType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.UserSessionManagementListType;
import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Paths;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
@Service
/* loaded from: input_file:com/evolveum/midpoint/model/impl/ClusterRestService.class */
public class ClusterRestService {
    private static final String EXPORT_DIR = "export/";
    public static final String EVENT_INVALIDATION = "/event/invalidation/";
    public static final String EVENT_TERMINATE_SESSION = "/event/terminateSession/";
    public static final String EVENT_LIST_USER_SESSION = "/event/listUserSession";

    @Autowired
    private SecurityHelper securityHelper;

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private MidpointConfiguration midpointConfiguration;

    @Autowired
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired
    private CacheDispatcher cacheDispatcher;
    public static final String CLASS_DOT = ClusterRestService.class.getName() + ".";
    private static final String OPERATION_EXECUTE_CLUSTER_CACHE_INVALIDATION_EVENT = CLASS_DOT + "executeClusterCacheInvalidationEvent";
    private static final String OPERATION_EXECUTE_CLUSTER_TERMINATE_SESSION_EVENT = CLASS_DOT + "executeClusterTerminateSessionEvent";
    private static final String OPERATION_GET_LOCAL_SCHEDULER_INFORMATION = CLASS_DOT + "getLocalSchedulerInformation";
    private static final String OPERATION_STOP_LOCAL_SCHEDULER = CLASS_DOT + "stopLocalScheduler";
    private static final String OPERATION_START_LOCAL_SCHEDULER = CLASS_DOT + "startLocalScheduler";
    private static final String OPERATION_STOP_LOCAL_TASK = CLASS_DOT + "stopLocalTask";
    private static final String OPERATION_GET_REPORT_FILE = CLASS_DOT + "getReportFile";
    private static final String OPERATION_DELETE_REPORT_FILE = CLASS_DOT + "deleteReportFile";
    private static final Trace LOGGER = TraceManager.getTrace(ClusterRestService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/evolveum/midpoint/model/impl/ClusterRestService$FileResolution.class */
    public static class FileResolution {
        File file;
        Response.Status status;

        FileResolution() {
        }
    }

    @Path("/event/invalidation/{type}")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response executeClusterCacheInvalidationEvent(@PathParam("type") String str, @Context MessageContext messageContext) {
        return executeClusterCacheInvalidationEvent(str, null, messageContext);
    }

    @Path("/event/invalidation/{type}/{oid}")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response executeClusterCacheInvalidationEvent(@PathParam("type") String str, @PathParam("oid") String str2, @Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_EXECUTE_CLUSTER_CACHE_INVALIDATION_EVENT);
        try {
            checkNodeAuthentication();
            this.cacheDispatcher.dispatchInvalidation(str != null ? ObjectTypes.getClassFromRestType(str) : null, str2, false, new CacheInvalidationContext(true, (CacheInvalidationDetails) null));
            operationResult.recordSuccess();
            handleException = RestServiceUtil.createResponse(Response.Status.OK, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        finishRequest(initRequest);
        return handleException;
    }

    @Path(EVENT_TERMINATE_SESSION)
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response executeClusterTerminateSessionEvent(TerminateSessionEventType terminateSessionEventType, @Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_EXECUTE_CLUSTER_TERMINATE_SESSION_EVENT);
        try {
            checkNodeAuthentication();
            this.focusProfileService.terminateLocalSessions(TerminateSessionEvent.fromEventType(terminateSessionEventType));
            operationResult.recordSuccess();
            handleException = RestServiceUtil.createResponse(Response.Status.OK, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        finishRequest(initRequest);
        return handleException;
    }

    @GET
    @Path(EVENT_LIST_USER_SESSION)
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response listUserSession(@Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_GET_LOCAL_SCHEDULER_INFORMATION);
        try {
            checkNodeAuthentication();
            List localLoggedInPrincipals = this.focusProfileService.getLocalLoggedInPrincipals();
            UserSessionManagementListType userSessionManagementListType = new UserSessionManagementListType();
            userSessionManagementListType.getSession().addAll(localLoggedInPrincipals);
            handleException = RestServiceUtil.createResponse(Response.Status.OK, userSessionManagementListType, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        operationResult.computeStatus();
        finishRequest(initRequest);
        return handleException;
    }

    @GET
    @Path("/scheduler/information")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response getLocalSchedulerInformation(@Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_GET_LOCAL_SCHEDULER_INFORMATION);
        try {
            checkNodeAuthentication();
            handleException = RestServiceUtil.createResponse(Response.Status.OK, this.taskManager.getLocalSchedulerInformation(operationResult), operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        operationResult.computeStatus();
        finishRequest(initRequest);
        return handleException;
    }

    @Path("/scheduler/stop")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response stopLocalScheduler(@Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_STOP_LOCAL_SCHEDULER);
        try {
            checkNodeAuthentication();
            this.taskManager.stopLocalScheduler(operationResult);
            handleException = RestServiceUtil.createResponse(Response.Status.OK, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        operationResult.computeStatus();
        finishRequest(initRequest);
        return handleException;
    }

    @Path("/scheduler/start")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response startLocalScheduler(@Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_START_LOCAL_SCHEDULER);
        try {
            checkNodeAuthentication();
            this.taskManager.startLocalScheduler(operationResult);
            handleException = RestServiceUtil.createResponse(Response.Status.OK, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        operationResult.computeStatus();
        finishRequest(initRequest);
        return handleException;
    }

    @Path("/tasks/{oid}/stop")
    @Consumes({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    @POST
    @Produces({"application/xml", "application/json", RestServiceUtil.APPLICATION_YAML})
    public Response stopLocalTask(@PathParam("oid") String str, @Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_STOP_LOCAL_TASK);
        try {
            checkNodeAuthentication();
            this.taskManager.stopLocalTask(str, operationResult);
            handleException = RestServiceUtil.createResponse(Response.Status.OK, operationResult);
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(operationResult, th);
        }
        operationResult.computeStatus();
        finishRequest(initRequest);
        return handleException;
    }

    @GET
    @Produces({"application/octet-stream"})
    @Path("/reportFiles")
    public Response getReportFile(@QueryParam("filename") String str, @Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_GET_REPORT_FILE);
        try {
            checkNodeAuthentication();
            FileResolution resolveFile = resolveFile(str);
            handleException = resolveFile.status == null ? Response.ok(outputStream -> {
                FileInputStream fileInputStream = new FileInputStream(resolveFile.file);
                try {
                    IOUtils.copy(fileInputStream, outputStream);
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }).build() : Response.status(resolveFile.status).build();
            operationResult.computeStatus();
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(null, th);
        }
        finishRequest(initRequest);
        return handleException;
    }

    @Path("/reportFiles")
    @DELETE
    public Response deleteReportFile(@QueryParam("filename") String str, @Context MessageContext messageContext) {
        Response handleException;
        Task initRequest = RestServiceUtil.initRequest(messageContext);
        OperationResult operationResult = new OperationResult(OPERATION_DELETE_REPORT_FILE);
        try {
            checkNodeAuthentication();
            FileResolution resolveFile = resolveFile(str);
            if (resolveFile.status == null) {
                if (!resolveFile.file.delete()) {
                    LOGGER.warn("Couldn't delete report output file {}", resolveFile.file);
                }
                handleException = Response.ok().build();
            } else {
                handleException = Response.status(resolveFile.status).build();
            }
            operationResult.computeStatus();
        } catch (Throwable th) {
            handleException = RestServiceUtil.handleException(null, th);
        }
        finishRequest(initRequest);
        return handleException;
    }

    private FileResolution resolveFile(String str) {
        FileResolution fileResolution = new FileResolution();
        fileResolution.file = Paths.get(this.midpointConfiguration.getMidpointHome(), EXPORT_DIR, str).toFile();
        if (forbiddenFileName(str)) {
            LOGGER.warn("File name '{}' is forbidden", str);
            fileResolution.status = Response.Status.FORBIDDEN;
        } else if (!fileResolution.file.exists()) {
            LOGGER.warn("Report output file '{}' does not exist", fileResolution.file);
            fileResolution.status = Response.Status.NOT_FOUND;
        } else if (fileResolution.file.isDirectory()) {
            LOGGER.warn("Report output file '{}' is a directory", fileResolution.file);
            fileResolution.status = Response.Status.FORBIDDEN;
        }
        return fileResolution;
    }

    private void finishRequest(Task task) {
        RestServiceUtil.finishRequest(task, this.securityHelper);
    }

    private boolean forbiddenFileName(String str) {
        return str.contains("/../");
    }

    private void checkNodeAuthentication() throws SecurityViolationException {
        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof NodeAuthenticationToken)) {
            throw new SecurityViolationException("Node authentication is expected but not present");
        }
    }
}
