package com.evolveum.midpoint.rest.impl;

import com.evolveum.midpoint.CacheInvalidationContext;
import com.evolveum.midpoint.TerminateSessionEvent;
import com.evolveum.midpoint.common.configuration.api.MidpointConfiguration;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.model.impl.security.NodeAuthenticationToken;
import com.evolveum.midpoint.repo.api.CacheDispatcher;
import com.evolveum.midpoint.repo.api.CacheInvalidationDetails;
import com.evolveum.midpoint.schema.DefinitionProcessingOption;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.TerminateSessionEventType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.UserSessionManagementListType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Paths;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/ws/cluster", "/rest/cluster", "/api/cluster"})
@RestController
/* loaded from: input_file:com/evolveum/midpoint/rest/impl/ClusterRestController.class */
public class ClusterRestController extends AbstractRestController {
    public static final String CLASS_DOT = ClusterRestController.class.getName() + ".";
    private static final String OPERATION_EXECUTE_CLUSTER_CACHE_INVALIDATION_EVENT = CLASS_DOT + "executeClusterCacheInvalidationEvent";
    private static final String OPERATION_EXECUTE_CLUSTER_TERMINATE_SESSION_EVENT = CLASS_DOT + "executeClusterTerminateSessionEvent";
    private static final String OPERATION_GET_LOCAL_SCHEDULER_INFORMATION = CLASS_DOT + "getLocalSchedulerInformation";
    private static final String OPERATION_STOP_LOCAL_SCHEDULER = CLASS_DOT + "stopLocalScheduler";
    private static final String OPERATION_START_LOCAL_SCHEDULER = CLASS_DOT + "startLocalScheduler";
    private static final String OPERATION_STOP_LOCAL_TASK = CLASS_DOT + "stopLocalTask";
    private static final String OPERATION_GET_REPORT_FILE = CLASS_DOT + "getReportFile";
    private static final String OPERATION_DELETE_REPORT_FILE = CLASS_DOT + "deleteReportFile";
    private static final String OPERATION_GET_TASK = CLASS_DOT + "getTask";
    private static final String EXPORT_DIR = "export/";

    @Autowired
    private MidpointConfiguration midpointConfiguration;

    @Autowired
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired
    private CacheDispatcher cacheDispatcher;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/evolveum/midpoint/rest/impl/ClusterRestController$FileResolution.class */
    public static class FileResolution {
        File file;
        HttpStatus status;

        FileResolution() {
        }
    }

    @PostMapping({"/event/invalidation/"})
    public ResponseEntity<?> executeClusterCacheInvalidationEvent() {
        return executeClusterCacheInvalidationEvent(null, null);
    }

    @PostMapping({"/event/invalidation/{type}"})
    public ResponseEntity<?> executeClusterCacheInvalidationEvent(@PathVariable("type") String str) {
        return executeClusterCacheInvalidationEvent(str, null);
    }

    @PostMapping({"/event/invalidation/{type}/{oid}"})
    public ResponseEntity<?> executeClusterCacheInvalidationEvent(@PathVariable("type") String str, @PathVariable("oid") String str2) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_EXECUTE_CLUSTER_CACHE_INVALIDATION_EVENT);
        try {
            checkNodeAuthentication();
            this.cacheDispatcher.dispatchInvalidation(str != null ? ObjectTypes.getClassFromRestType(str) : null, str2, false, new CacheInvalidationContext(true, (CacheInvalidationDetails) null));
            createSubresult.recordSuccess();
            handleException = createResponse(HttpStatus.OK, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @PostMapping({"/event/terminateSession/"})
    public ResponseEntity<?> executeClusterTerminateSessionEvent(@RequestBody TerminateSessionEventType terminateSessionEventType) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_EXECUTE_CLUSTER_TERMINATE_SESSION_EVENT);
        try {
            checkNodeAuthentication();
            this.focusProfileService.terminateLocalSessions(TerminateSessionEvent.fromEventType(terminateSessionEventType));
            createSubresult.recordSuccess();
            handleException = createResponse(HttpStatus.OK, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @GetMapping({"/event/listUserSession"})
    public ResponseEntity<?> listUserSession() {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_GET_LOCAL_SCHEDULER_INFORMATION);
        try {
            checkNodeAuthentication();
            List localLoggedInPrincipals = this.focusProfileService.getLocalLoggedInPrincipals();
            UserSessionManagementListType userSessionManagementListType = new UserSessionManagementListType();
            userSessionManagementListType.getSession().addAll(localLoggedInPrincipals);
            handleException = createResponse(HttpStatus.OK, userSessionManagementListType, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        createSubresult.computeStatus();
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @GetMapping({"/scheduler/information"})
    public ResponseEntity<?> getLocalSchedulerInformation() {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_GET_LOCAL_SCHEDULER_INFORMATION);
        try {
            checkNodeAuthentication();
            handleException = createResponse(HttpStatus.OK, this.taskManager.getLocalSchedulerInformation(createSubresult), createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        createSubresult.computeStatus();
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @PostMapping({"/scheduler/stop"})
    public ResponseEntity<?> stopLocalScheduler() {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_STOP_LOCAL_SCHEDULER);
        try {
            checkNodeAuthentication();
            this.taskManager.stopLocalScheduler(createSubresult);
            handleException = createResponse(HttpStatus.OK, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        createSubresult.computeStatus();
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @PostMapping({"/scheduler/start"})
    public ResponseEntity<?> startLocalScheduler() {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_START_LOCAL_SCHEDULER);
        try {
            checkNodeAuthentication();
            this.taskManager.startLocalScheduler(createSubresult);
            handleException = createResponse(HttpStatus.OK, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        createSubresult.computeStatus();
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @PostMapping({"/tasks/{oid}/stop"})
    public ResponseEntity<?> stopLocalTask(@PathVariable("oid") String str) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_STOP_LOCAL_TASK);
        try {
            checkNodeAuthentication();
            this.taskManager.stopLocalTask(str, createSubresult);
            handleException = createResponse(HttpStatus.OK, createSubresult);
        } catch (Throwable th) {
            handleException = handleException(createSubresult, th);
        }
        createSubresult.computeStatus();
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @GetMapping(value = {"/reportFiles"}, produces = {"application/octet-stream"})
    public ResponseEntity<?> getReportFile(@RequestParam("filename") String str) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_GET_REPORT_FILE);
        try {
            checkNodeAuthentication();
            FileResolution resolveFile = resolveFile(str);
            handleException = resolveFile.status == null ? ResponseEntity.ok(new FileInputStream(resolveFile.file)) : ResponseEntity.status(resolveFile.status).build();
            createSubresult.computeStatus();
        } catch (Throwable th) {
            handleException = handleException(null, th);
        }
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @DeleteMapping({"/reportFiles"})
    public ResponseEntity<?> deleteReportFile(@RequestParam("filename") String str) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_DELETE_REPORT_FILE);
        try {
            checkNodeAuthentication();
            FileResolution resolveFile = resolveFile(str);
            if (resolveFile.status == null) {
                if (!resolveFile.file.delete()) {
                    this.logger.warn("Couldn't delete report output file {}", resolveFile.file);
                }
                handleException = ResponseEntity.ok().build();
            } else {
                handleException = ResponseEntity.status(resolveFile.status).build();
            }
            createSubresult.computeStatus();
        } catch (Throwable th) {
            handleException = handleException(null, th);
        }
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    @GetMapping({"/tasks/{oid}"})
    public ResponseEntity<?> getTask(@PathVariable("oid") String str, @RequestParam(value = "include", required = false) List<String> list) {
        ResponseEntity<?> handleException;
        Task initRequest = initRequest();
        OperationResult createSubresult = createSubresult(initRequest, OPERATION_GET_REPORT_FILE);
        try {
            checkNodeAuthentication();
            handleException = ResponseEntity.ok(this.taskManager.getObject(TaskType.class, str, GetOperationOptions.fromRestOptions((List) null, list, (List) null, (List) null, DefinitionProcessingOption.ONLY_IF_EXISTS, this.prismContext), createSubresult));
            createSubresult.computeStatus();
        } catch (Throwable th) {
            handleException = handleException(null, th);
        }
        finishRequest(initRequest, createSubresult);
        return handleException;
    }

    private FileResolution resolveFile(String str) {
        FileResolution fileResolution = new FileResolution();
        fileResolution.file = Paths.get(this.midpointConfiguration.getMidpointHome(), EXPORT_DIR, str).toFile();
        if (forbiddenFileName(str)) {
            this.logger.warn("File name '{}' is forbidden", str);
            fileResolution.status = HttpStatus.FORBIDDEN;
        } else if (!fileResolution.file.exists()) {
            this.logger.warn("Report output file '{}' does not exist", fileResolution.file);
            fileResolution.status = HttpStatus.NOT_FOUND;
        } else if (fileResolution.file.isDirectory()) {
            this.logger.warn("Report output file '{}' is a directory", fileResolution.file);
            fileResolution.status = HttpStatus.FORBIDDEN;
        }
        return fileResolution;
    }

    private boolean forbiddenFileName(String str) {
        return str.contains("/../");
    }

    private void checkNodeAuthentication() throws SecurityViolationException {
        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof NodeAuthenticationToken)) {
            throw new SecurityViolationException("Node authentication is expected but not present");
        }
    }
}
