package net.shibboleth.idp.authn.impl;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.jasminb.jsonapi.models.errors.Error;
import com.github.jasminb.jsonapi.models.errors.Errors;
import com.google.common.base.Strings;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AccountLockoutManager;
import net.shibboleth.idp.authn.EnumeratableAccountLockoutManager;
import net.shibboleth.idp.authn.context.LockoutManagerContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.context.SpringRequestContext;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/DoLockoutManagerOperation.class */
public class DoLockoutManagerOperation extends AbstractProfileAction {

    @Nonnull
    @NotEmpty
    public static final String MANAGER_ID = "lockoutManagerId";

    @Nonnull
    @NotEmpty
    public static final String KEY = "key";

    @Nonnull
    @NotEmpty
    public static final String INEXACT = "inexact";

    @Nonnull
    private Logger log = LoggerFactory.getLogger(DoLockoutManagerOperation.class);

    @NonnullAfterInit
    private ObjectMapper objectMapper;

    @NotEmpty
    @Nullable
    private String managerId;

    @NonnullBeforeExec
    @NotEmpty
    private String key;
    private boolean inexact;

    @NonnullBeforeExec
    private AccountLockoutManager lockoutManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setObjectMapper(@Nonnull ObjectMapper objectMapper) {
        checkSetterPreconditions();
        this.objectMapper = (ObjectMapper) Constraint.isNotNull(objectMapper, "ObjectMapper cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.objectMapper == null) {
            throw new ComponentInitializationException("ObjectMapper cannot be null");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        if (getHttpServletRequest() == null || getHttpServletResponse() == null) {
            this.log.warn("{} No HttpServletRequest or HttpServletResponse available", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return false;
        }
        try {
            SpringRequestContext subcontext = profileRequestContext.getSubcontext(SpringRequestContext.class);
            if (subcontext == null) {
                this.log.warn("{} Spring request context not found in profile request context", getLogPrefix());
                sendError(500, "Internal Server Error", "System misconfiguration.");
                return false;
            }
            RequestContext requestContext = subcontext.getRequestContext();
            if (requestContext == null) {
                this.log.warn("{} Web Flow request context not found in Spring request context", getLogPrefix());
                sendError(500, "Internal Server Error", "System misconfiguration.");
                return false;
            }
            this.lockoutManager = setupLockoutManager(requestContext);
            if (this.lockoutManager == null) {
                sendError(404, "Invalid Lockout Manager", "Invalid lockout manager identifier in path.");
                return false;
            }
            this.key = (String) requestContext.getFlowScope().get("key");
            if (Strings.isNullOrEmpty(this.key)) {
                sendError(404, "Missing Account Key", "No account key specified.");
                return false;
            }
            String str = (String) requestContext.getFlowScope().get(INEXACT);
            if (str == null) {
                return true;
            }
            this.inexact = Boolean.valueOf(str).booleanValue();
            if (!this.inexact || (this.lockoutManager instanceof EnumeratableAccountLockoutManager)) {
                return true;
            }
            sendError(500, "Invalid Lockout Manager", "Lockout manager specified does not support inexact lookup.");
            return false;
        } catch (IOException e) {
            this.log.error("{} I/O error issuing API response", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
            return false;
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        HttpServletRequest httpServletRequest;
        HttpServletResponse httpServletResponse;
        JsonGenerator useDefaultPrettyPrinter;
        profileRequestContext.ensureSubcontext(LockoutManagerContext.class).setKey(this.key);
        try {
            httpServletRequest = getHttpServletRequest();
            httpServletResponse = getHttpServletResponse();
        } catch (IOException e) {
            this.log.error("{} I/O error responding to request", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
        }
        if (!$assertionsDisabled && (httpServletResponse == null || httpServletRequest == null)) {
            throw new AssertionError();
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
        if (!"GET".equals(httpServletRequest.getMethod())) {
            if ("POST".equals(httpServletRequest.getMethod())) {
                try {
                } catch (IOException e2) {
                    sendError(500, "Internal Server Error", "Lockout manager error.");
                }
                if (!getLockoutManager().increment(profileRequestContext)) {
                    throw new IOException();
                }
                httpServletResponse.setStatus(204);
                return;
            }
            if ("DELETE".equals(httpServletRequest.getMethod())) {
                try {
                    if (!getLockoutManager().clear(profileRequestContext)) {
                        throw new IOException();
                    }
                    httpServletResponse.setStatus(204);
                } catch (IOException e3) {
                    sendError(500, "Internal Server Error", "Lockout manager error.");
                }
            } else {
                this.log.warn("{} Invalid method: {}", getLogPrefix(), httpServletRequest.getMethod());
                sendError(405, "Unknown Operation", "Only GET, POST, and DELETE are supported.");
            }
            return;
        }
        try {
            if (this.inexact) {
                Iterable enumerate = getLockoutManager().enumerate(profileRequestContext);
                if (enumerate != null) {
                    httpServletResponse.setStatus(200);
                    useDefaultPrettyPrinter = new JsonFactory().createGenerator(httpServletResponse.getOutputStream()).useDefaultPrettyPrinter();
                    try {
                        useDefaultPrettyPrinter.setCodec(this.objectMapper);
                        useDefaultPrettyPrinter.writeStartObject();
                        useDefaultPrettyPrinter.writeObjectFieldStart("data");
                        useDefaultPrettyPrinter.writeStringField("id", this.managerId + "/" + this.key);
                        useDefaultPrettyPrinter.writeStringField("type", "lockout-keys");
                        useDefaultPrettyPrinter.writeArrayFieldStart("data");
                        Iterator it = enumerate.iterator();
                        while (it.hasNext()) {
                            useDefaultPrettyPrinter.writeString((String) it.next());
                        }
                        useDefaultPrettyPrinter.writeEndArray();
                        useDefaultPrettyPrinter.writeEndObject();
                        useDefaultPrettyPrinter.writeEndObject();
                        if (useDefaultPrettyPrinter != null) {
                            useDefaultPrettyPrinter.close();
                        }
                    } finally {
                    }
                } else {
                    sendError(500, "Internal Server Error", "Lockout manager error.");
                }
            } else {
                boolean check = getLockoutManager().check(profileRequestContext);
                httpServletResponse.setStatus(200);
                useDefaultPrettyPrinter = new JsonFactory().createGenerator(httpServletResponse.getOutputStream()).useDefaultPrettyPrinter();
                try {
                    useDefaultPrettyPrinter.setCodec(this.objectMapper);
                    useDefaultPrettyPrinter.writeStartObject();
                    useDefaultPrettyPrinter.writeObjectFieldStart("data");
                    useDefaultPrettyPrinter.writeStringField("type", "lockout-statuses");
                    useDefaultPrettyPrinter.writeStringField("id", this.managerId + "/" + this.key);
                    useDefaultPrettyPrinter.writeObjectFieldStart("attributes");
                    useDefaultPrettyPrinter.writeBooleanField("lockout", check);
                    useDefaultPrettyPrinter.writeEndObject();
                    useDefaultPrettyPrinter.writeEndObject();
                    if (useDefaultPrettyPrinter != null) {
                        useDefaultPrettyPrinter.close();
                    }
                } finally {
                }
            }
        } catch (IOException e4) {
            sendError(500, "Internal Server Error", "Lockout manager error.");
        }
        return;
        this.log.error("{} I/O error responding to request", getLogPrefix(), e);
        ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
    }

    @Nullable
    private AccountLockoutManager setupLockoutManager(@Nonnull RequestContext requestContext) {
        this.managerId = (String) requestContext.getFlowScope().get(MANAGER_ID);
        if (this.managerId == null) {
            this.log.warn("{} No {} flow variable found in request", getLogPrefix(), MANAGER_ID);
            return null;
        }
        if ($assertionsDisabled || this.managerId != null) {
            return (AccountLockoutManager) getBean(requestContext, this.managerId, AccountLockoutManager.class);
        }
        throw new AssertionError();
    }

    @Nonnull
    private AccountLockoutManager getLockoutManager() {
        if (!$assertionsDisabled && !isPreExecuteCalled()) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || this.lockoutManager != null) {
            return this.lockoutManager;
        }
        throw new AssertionError();
    }

    private void sendError(int i, @Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2) throws IOException {
        HttpServletResponse httpServletResponse = getHttpServletResponse();
        if (!$assertionsDisabled && httpServletResponse == null) {
            throw new AssertionError();
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
        httpServletResponse.setStatus(i);
        Error error = new Error();
        Errors errors = new Errors();
        errors.setErrors(CollectionSupport.singletonList(error));
        error.setStatus(Integer.toString(i));
        error.setTitle(str);
        error.setDetail(str2);
        this.objectMapper.writer().withDefaultPrettyPrinter().writeValue(httpServletResponse.getOutputStream(), errors);
    }

    static {
        $assertionsDisabled = !DoLockoutManagerOperation.class.desiredAssertionStatus();
    }
}
