package edu.internet2.middleware.grouper.app.duo.role;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import edu.internet2.middleware.grouper.Field;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderConfig;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.ddl.DdlUtilsChangeDatabase;
import edu.internet2.middleware.grouper.ddl.DdlVersionBean;
import edu.internet2.middleware.grouper.ddl.GrouperDdlUtils;
import edu.internet2.middleware.grouper.ddl.GrouperMockDdl;
import edu.internet2.middleware.grouper.hibernate.ByHqlStatic;
import edu.internet2.middleware.grouper.hibernate.HibernateSession;
import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
import edu.internet2.middleware.grouper.internal.dao.QueryPaging;
import edu.internet2.middleware.grouper.internal.util.GrouperUuid;
import edu.internet2.middleware.grouper.j2ee.MockServiceHandler;
import edu.internet2.middleware.grouper.j2ee.MockServiceRequest;
import edu.internet2.middleware.grouper.j2ee.MockServiceResponse;
import edu.internet2.middleware.grouper.j2ee.MockServiceServlet;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.jdbc.GcDbAccess;
import edu.internet2.middleware.morphString.Morph;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.osgi.framework.AdminPermission;

/* loaded from: input_file:WEB-INF/lib/grouper-5.0.2.jar:edu/internet2/middleware/grouper/app/duo/role/DuoRoleMockServiceHandler.class */
public class DuoRoleMockServiceHandler extends MockServiceHandler {
    public static final Set<String> doNotLogParameters = GrouperUtil.toSet("client_secret");
    public static final Set<String> doNotLogHeaders = GrouperUtil.toSet("authorization");
    private static boolean mockTablesThere = false;
    private static long lastDeleteMillis = -1;

    @Override // edu.internet2.middleware.grouper.j2ee.MockServiceHandler
    public Set<String> doNotLogParameters() {
        return doNotLogParameters;
    }

    @Override // edu.internet2.middleware.grouper.j2ee.MockServiceHandler
    public Set<String> doNotLogHeaders() {
        return doNotLogHeaders;
    }

    public static void ensureDuoRoleMockTables() {
        try {
            new GcDbAccess().sql("select count(*) from mock_duo_role_user").select(Integer.TYPE);
        } catch (Exception e) {
            GrouperDdlUtils.changeDatabase(GrouperMockDdl.V1.getObjectName(), new DdlUtilsChangeDatabase() { // from class: edu.internet2.middleware.grouper.app.duo.role.DuoRoleMockServiceHandler.1
                @Override // edu.internet2.middleware.grouper.ddl.DdlUtilsChangeDatabase
                public void changeDatabase(DdlVersionBean ddlVersionBean) {
                    GrouperDuoRoleUser.createTableDuoUser(ddlVersionBean, ddlVersionBean.getDatabase());
                }
            });
        }
    }

    public static void dropDuoMockTables() {
        MockServiceServlet.dropMockTable("mock_duo_role_user");
    }

    @Override // edu.internet2.middleware.grouper.j2ee.MockServiceHandler
    public void handleRequest(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        if (!mockTablesThere) {
            ensureDuoRoleMockTables();
        }
        mockTablesThere = true;
        if (GrouperUtil.length(mockServiceRequest.getPostMockNamePaths()) == 0) {
            throw new RuntimeException("Pass in a path!");
        }
        List list = GrouperUtil.toList(mockServiceRequest.getPostMockNamePaths());
        GrouperUtil.assertion(list.size() >= 2, "Must start with admin/v1 or admin/v2");
        GrouperUtil.assertion(StringUtils.equals((String) list.get(0), "admin"), "");
        GrouperUtil.assertion(StringUtils.equals((String) list.get(1), "v1") || StringUtils.equals((String) list.get(1), "v2"), "");
        List subList = list.subList(2, list.size());
        mockServiceRequest.setPostMockNamePaths((String[]) subList.toArray(new String[subList.size()]));
        if (StringUtils.equals(HttpGet.METHOD_NAME, mockServiceRequest.getHttpServletRequest().getMethod())) {
            if (Field.FIELD_NAME_ADMINS.equals(subList.get(0)) && 1 == subList.size()) {
                getAdmins(mockServiceRequest, mockServiceResponse);
                return;
            } else if (Field.FIELD_NAME_ADMINS.equals(subList.get(0)) && 2 == subList.size()) {
                getAdmin(mockServiceRequest, mockServiceResponse);
                return;
            }
        }
        if (StringUtils.equals(HttpDelete.METHOD_NAME, mockServiceRequest.getHttpServletRequest().getMethod()) && Field.FIELD_NAME_ADMINS.equals(subList.get(0)) && 2 == subList.size()) {
            deleteAdmins(mockServiceRequest, mockServiceResponse);
            return;
        }
        if (StringUtils.equals(HttpPost.METHOD_NAME, mockServiceRequest.getHttpServletRequest().getMethod())) {
            if ("auth".equals(subList.get(0))) {
                postAuth(mockServiceRequest, mockServiceResponse);
                return;
            }
            if (Field.FIELD_NAME_ADMINS.equals(subList.get(0)) && 1 == subList.size()) {
                postAdmins(mockServiceRequest, mockServiceResponse);
                return;
            } else if (Field.FIELD_NAME_ADMINS.equals(subList.get(0)) && 2 == subList.size()) {
                updateAdmin(mockServiceRequest, mockServiceResponse);
                return;
            }
        }
        throw new RuntimeException("Not expecting request: '" + mockServiceRequest.getHttpServletRequest().getMethod() + "', '" + mockServiceRequest.getPostMockNamePath() + "'");
    }

    public static void main(String[] strArr) {
        GrouperStartup.startup();
        ensureDuoRoleMockTables();
    }

    public void checkAuthorization(MockServiceRequest mockServiceRequest) {
        String header = mockServiceRequest.getHttpServletRequest().getHeader("Authorization");
        if (!header.startsWith("Basic ")) {
            throw new RuntimeException("Authorization token must start with 'Basic '");
        }
        try {
            String str = new String(Base64.getDecoder().decode(GrouperUtil.prefixOrSuffix(header, "Basic ", false)), "UTF-8");
            int indexOf = str.indexOf(":");
            GrouperUtil.assertion(indexOf != -1, "Need to pass in integrationKey and password in Authorization header");
            String trim = str.substring(0, indexOf).trim();
            String propertyValueStringRequired = GrouperConfig.retrieveConfig().propertyValueStringRequired("grouperTest.duo.mock.configId");
            String propertyValueStringRequired2 = GrouperConfig.retrieveConfig().propertyValueStringRequired("grouper.duoConnector." + propertyValueStringRequired + ".adminIntegrationKey");
            String propertyValueStringRequired3 = GrouperConfig.retrieveConfig().propertyValueStringRequired("grouper.duoConnector." + propertyValueStringRequired + ".adminDomainName");
            if (!StringUtils.equals(propertyValueStringRequired2, trim)) {
                throw new RuntimeException("Integration key does not match with what is in grouper config");
            }
            String trim2 = str.substring(indexOf + 1).trim();
            String header2 = mockServiceRequest.getHttpServletRequest().getHeader("Date");
            String upperCase = mockServiceRequest.getHttpServletRequest().getMethod().toUpperCase();
            String str2 = "/" + mockServiceRequest.getPostMockNamePath();
            TreeMap treeMap = new TreeMap();
            Enumeration parameterNames = mockServiceRequest.getHttpServletRequest().getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str3 = (String) parameterNames.nextElement();
                treeMap.put(str3, mockServiceRequest.getHttpServletRequest().getParameter(str3));
            }
            String str4 = "";
            if (treeMap.size() > 0) {
                for (String str5 : treeMap.keySet()) {
                    if (StringUtils.isNotBlank(str4)) {
                        str4 = str4 + "&";
                    }
                    str4 = str4 + GrouperUtil.escapeUrlEncode(str5).replace("+", "%20") + "=" + GrouperUtil.escapeUrlEncode((String) treeMap.get(str5)).replace("+", "%20");
                }
            }
            String hmacHex = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, GrouperConfig.retrieveConfig().propertyValueStringRequired("grouper.duoConnector." + propertyValueStringRequired + ".adminSecretKey")).hmacHex(header2 + "\n" + upperCase + "\n" + propertyValueStringRequired3 + "\n" + str2 + "\n" + str4);
            if (!StringUtils.equals(hmacHex, trim2)) {
                throw new RuntimeException("hmac1 password does not match: " + StringUtils.abbreviate(hmacHex, 10));
            }
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private void checkRequestContentTypeAndDateHeader(MockServiceRequest mockServiceRequest) {
        if (!StringUtils.equals(mockServiceRequest.getHttpServletRequest().getContentType(), "application/x-www-form-urlencoded")) {
            throw new RuntimeException("Content type must be application/x-www-form-urlencoded");
        }
        if (StringUtils.isBlank(mockServiceRequest.getHttpServletRequest().getHeader("Date"))) {
            throw new RuntimeException("Date header must be there");
        }
    }

    public void getAdmins(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        try {
            checkAuthorization(mockServiceRequest);
            String parameter = mockServiceRequest.getHttpServletRequest().getParameter("offset");
            String parameter2 = mockServiceRequest.getHttpServletRequest().getParameter("limit");
            int i = 100;
            if (StringUtils.isNotBlank(parameter2)) {
                i = GrouperUtil.intValue(parameter2);
                if (i <= 0) {
                    throw new RuntimeException("limit cannot be less than or equal to 0.");
                }
                if (i > 300) {
                    i = 300;
                }
            }
            int i2 = 0;
            int i3 = 1;
            if (StringUtils.isNotBlank(parameter)) {
                i2 = GrouperUtil.intValue(parameter);
                i3 = (i2 / i) + 1;
            }
            ByHqlStatic createQuery = HibernateSession.byHqlStatic().createQuery("select distinct user from GrouperDuoRoleUser user");
            QueryOptions queryOptions = new QueryOptions();
            QueryPaging page = QueryPaging.page(i, i3, true);
            createQuery.options(queryOptions.paging(page));
            List list = createQuery.list(GrouperDuoRoleUser.class);
            ObjectNode jsonJacksonNode = GrouperUtil.jsonJacksonNode();
            ArrayNode jsonJacksonArrayNode = GrouperUtil.jsonJacksonArrayNode();
            jsonJacksonNode.put("stat", "OK");
            Iterator it = list.iterator();
            while (it.hasNext()) {
                jsonJacksonArrayNode.add(toUserJson((GrouperDuoRoleUser) it.next()));
            }
            jsonJacksonNode.set("response", jsonJacksonArrayNode);
            if (page.getTotalRecordCount() > i2 + list.size()) {
                ObjectNode jsonJacksonNode2 = GrouperUtil.jsonJacksonNode();
                jsonJacksonNode2.put("next_offset", i2 + i);
                jsonJacksonNode.set("metadata", jsonJacksonNode2);
            }
            mockServiceResponse.setResponseCode(200);
            mockServiceResponse.setContentType("application/json");
            mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
        } catch (Exception e) {
            mockServiceResponse.setResponseCode(401);
        }
    }

    public void getAdmin(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        try {
            checkAuthorization(mockServiceRequest);
            String str = mockServiceRequest.getPostMockNamePaths()[1];
            GrouperUtil.assertion(GrouperUtil.length(str) > 0, "userId is required");
            List list = HibernateSession.byHqlStatic().createQuery("select distinct user from GrouperDuoRoleUser user where user.id = :theId").setString("theId", str).list(GrouperDuoRoleUser.class);
            if (GrouperUtil.length(list) != 1) {
                if (GrouperUtil.length(list) != 0) {
                    throw new RuntimeException("userById: " + GrouperUtil.length(list) + ", id: " + str);
                }
                mockServiceResponse.setResponseCode(404);
            } else {
                mockServiceResponse.setResponseCode(200);
                mockServiceResponse.setContentType("application/json");
                ObjectNode jsonJacksonNode = GrouperUtil.jsonJacksonNode();
                jsonJacksonNode.put("stat", "OK");
                jsonJacksonNode.set("response", toUserJson((GrouperDuoRoleUser) list.get(0)));
                mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
            }
        } catch (Exception e) {
            mockServiceResponse.setResponseCode(401);
        }
    }

    public void postAdmins(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        try {
            checkAuthorization(mockServiceRequest);
            checkRequestContentTypeAndDateHeader(mockServiceRequest);
            String parameter = mockServiceRequest.getHttpServletRequest().getParameter("name");
            if (StringUtils.isBlank(parameter)) {
                mockServiceResponse.setResponseCode(400);
                return;
            }
            String parameter2 = mockServiceRequest.getHttpServletRequest().getParameter("email");
            if (StringUtils.isBlank(parameter2)) {
                mockServiceResponse.setResponseCode(400);
                return;
            }
            String parameter3 = mockServiceRequest.getHttpServletRequest().getParameter("role");
            if (StringUtils.isBlank(parameter3)) {
                mockServiceResponse.setResponseCode(400);
                return;
            }
            GrouperDuoRoleUser grouperDuoRoleUser = new GrouperDuoRoleUser();
            grouperDuoRoleUser.setId(GrouperUuid.getUuid());
            grouperDuoRoleUser.setEmail(parameter2);
            grouperDuoRoleUser.setName(parameter);
            grouperDuoRoleUser.setRole(parameter3);
            List list = HibernateSession.byHqlStatic().createQuery("select user from GrouperDuoRoleUser user where user.email = :email ").setString("email", grouperDuoRoleUser.getEmail()).list(GrouperDuoRoleUser.class);
            if (list != null && list.size() > 0) {
                mockServiceResponse.setResponseCode(400);
                return;
            }
            HibernateSession.byObjectStatic().save(grouperDuoRoleUser);
            ObjectNode jsonJacksonNode = GrouperUtil.jsonJacksonNode();
            jsonJacksonNode.put("stat", "OK");
            jsonJacksonNode.set("response", toUserJson(grouperDuoRoleUser));
            mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
            mockServiceResponse.setResponseCode(200);
            mockServiceResponse.setContentType("application/json");
            mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
        } catch (Exception e) {
            mockServiceResponse.setResponseCode(401);
        }
    }

    public void updateAdmin(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        try {
            checkAuthorization(mockServiceRequest);
            checkRequestContentTypeAndDateHeader(mockServiceRequest);
            String str = mockServiceRequest.getPostMockNamePaths()[1];
            mockServiceRequest.getDebugMap().put("userId", str);
            List list = HibernateSession.byHqlStatic().createQuery("from GrouperDuoRoleUser where id = :theId").setString("theId", str).list(GrouperDuoRoleUser.class);
            if (GrouperUtil.length(list) == 0) {
                mockServiceRequest.getDebugMap().put("cantFindUser", true);
                mockServiceResponse.setResponseCode(404);
                return;
            }
            if (GrouperUtil.length(list) > 1) {
                throw new RuntimeException("Found multiple matched users! " + GrouperUtil.length(list));
            }
            String parameter = mockServiceRequest.getHttpServletRequest().getParameter("name");
            String parameter2 = mockServiceRequest.getHttpServletRequest().getParameter("email");
            String parameter3 = mockServiceRequest.getHttpServletRequest().getParameter("role");
            GrouperDuoRoleUser grouperDuoRoleUser = (GrouperDuoRoleUser) list.get(0);
            if (StringUtils.isNotBlank(parameter2)) {
                List<GrouperDuoRoleUser> list2 = HibernateSession.byHqlStatic().createQuery("select user from GrouperDuoRoleUser user where user.email = :email ").setString("email", parameter2).list(GrouperDuoRoleUser.class);
                if (list2 != null && list2.size() > 0) {
                    for (GrouperDuoRoleUser grouperDuoRoleUser2 : list2) {
                        if (StringUtils.equals(parameter2, grouperDuoRoleUser2.getEmail()) && !StringUtils.equals(grouperDuoRoleUser2.getId(), str)) {
                            mockServiceRequest.getDebugMap().put("emailAlreadyExists", true);
                            mockServiceResponse.setResponseCode(404);
                            return;
                        }
                    }
                }
                grouperDuoRoleUser.setEmail(parameter2);
            }
            if (StringUtils.isNotBlank(parameter)) {
                grouperDuoRoleUser.setName(parameter);
            }
            if (StringUtils.isNotBlank(parameter3)) {
                grouperDuoRoleUser.setRole(parameter3);
            }
            HibernateSession.byObjectStatic().saveOrUpdate(grouperDuoRoleUser);
            getAdmin(mockServiceRequest, mockServiceResponse);
        } catch (Exception e) {
            mockServiceResponse.setResponseCode(401);
        }
    }

    public void postAuth(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        String parameter = mockServiceRequest.getHttpServletRequest().getParameter("client_id");
        if (StringUtils.isBlank(parameter)) {
            throw new RuntimeException("client_id is required!");
        }
        Pattern compile = Pattern.compile("^grouper\\.duoConnector\\.([^.]+)\\.clientId$");
        String str = null;
        Iterator<String> it = GrouperLoaderConfig.retrieveConfig().propertyNames().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            Matcher matcher = compile.matcher(next);
            if (matcher.matches() && StringUtils.equals(GrouperLoaderConfig.retrieveConfig().propertyValueString(next), parameter)) {
                str = matcher.group(1);
                break;
            }
        }
        if (StringUtils.isBlank(str)) {
            throw new RuntimeException("Cant find client id!");
        }
        if (!StringUtils.equals(Morph.decryptIfFile(GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouper.azureConnector." + str + ".clientSecret")), mockServiceRequest.getHttpServletRequest().getParameter("client_secret"))) {
            throw new RuntimeException("Cant find client secret!");
        }
        String propertyValueStringRequired = GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouper.duoConnector." + str + ".tenantId");
        if (4 != mockServiceRequest.getPostMockNamePaths().length || !StringUtils.equals(propertyValueStringRequired, mockServiceRequest.getPostMockNamePaths()[1]) || !StringUtils.equals("oauth2", mockServiceRequest.getPostMockNamePaths()[2]) || !StringUtils.equals(SchemaSymbols.ATTVAL_TOKEN, mockServiceRequest.getPostMockNamePaths()[3])) {
            throw new RuntimeException("Invalid request! expecting: auth/<tenantId>/oauth2/token");
        }
        if (!StringUtils.equals("client_credentials", mockServiceRequest.getHttpServletRequest().getParameter("grant_type"))) {
            throw new RuntimeException("Invalid request! client_credentials must equal 'grant_type'");
        }
        String propertyValueStringRequired2 = GrouperLoaderConfig.retrieveConfig().propertyValueStringRequired("grouper.duoConnector." + str + ".resource");
        String parameter2 = mockServiceRequest.getHttpServletRequest().getParameter(AdminPermission.RESOURCE);
        if (StringUtils.isBlank(propertyValueStringRequired2) || !StringUtils.equals(propertyValueStringRequired2, parameter2)) {
            throw new RuntimeException("Invalid request! resource: '" + parameter2 + "' must equal '" + propertyValueStringRequired2 + "'");
        }
        mockServiceResponse.setResponseCode(200);
        ObjectNode jsonJacksonNode = GrouperUtil.jsonJacksonNode();
        jsonJacksonNode.put("expires_on", (System.currentTimeMillis() / 1000) + 60);
        jsonJacksonNode.put("access_token", GrouperUuid.getUuid());
        mockServiceResponse.setContentType("application/json");
        mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
        if (System.currentTimeMillis() - lastDeleteMillis > 3600000) {
            lastDeleteMillis = System.currentTimeMillis();
            long currentTimeMillis = (System.currentTimeMillis() / 1000) - 3600;
        }
    }

    public void deleteAdmins(MockServiceRequest mockServiceRequest, MockServiceResponse mockServiceResponse) {
        try {
            checkAuthorization(mockServiceRequest);
            String str = mockServiceRequest.getPostMockNamePaths()[1];
            GrouperUtil.assertion(GrouperUtil.length(str) > 0, "id is required");
            HibernateSession.byHqlStatic().createQuery("delete from GrouperDuoRoleUser where id = :theId").setString("theId", str).executeUpdateInt();
            ObjectNode jsonJacksonNode = GrouperUtil.jsonJacksonNode();
            jsonJacksonNode.put("stat", "OK");
            jsonJacksonNode.put("response", "");
            mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
            mockServiceResponse.setResponseCode(200);
            mockServiceResponse.setContentType("application/json");
            mockServiceResponse.setResponseBody(GrouperUtil.jsonJacksonToString(jsonJacksonNode));
        } catch (Exception e) {
            mockServiceResponse.setResponseCode(401);
        }
    }

    private static ObjectNode toUserJson(GrouperDuoRoleUser grouperDuoRoleUser) {
        ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
        GrouperUtil.jsonJacksonAssignString(createObjectNode, "email", grouperDuoRoleUser.getEmail());
        GrouperUtil.jsonJacksonAssignString(createObjectNode, "name", grouperDuoRoleUser.getName());
        GrouperUtil.jsonJacksonAssignString(createObjectNode, "role", grouperDuoRoleUser.getRole());
        GrouperUtil.jsonJacksonAssignString(createObjectNode, "admin_id", grouperDuoRoleUser.getId());
        return createObjectNode;
    }
}
