package org.zaproxy.zap.extension.users;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sf.json.JSONException;
import net.sf.json.JSONObject;
import org.apache.log4j.Logger;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.model.Model;
import org.zaproxy.zap.authentication.AuthenticationMethodType;
import org.zaproxy.zap.extension.api.API;
import org.zaproxy.zap.extension.api.ApiAction;
import org.zaproxy.zap.extension.api.ApiDynamicActionImplementor;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiImplementor;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiResponseList;
import org.zaproxy.zap.extension.api.ApiResponseSet;
import org.zaproxy.zap.extension.api.ApiView;
import org.zaproxy.zap.extension.authentication.ExtensionAuthentication;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;

/* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/zaproxy/zap/extension/users/UsersAPI.class */
public class UsersAPI extends ApiImplementor {
    private static final Logger log = Logger.getLogger(UsersAPI.class);
    private static final String PREFIX = "users";
    private static final String VIEW_USERS_LIST = "usersList";
    private static final String VIEW_GET_USER_BY_ID = "getUserById";
    private static final String VIEW_GET_AUTH_CREDENTIALS = "getAuthenticationCredentials";
    private static final String VIEW_GET_AUTH_CREDENTIALS_CONFIG_PARAMETERS = "getAuthenticationCredentialsConfigParams";
    private static final String ACTION_NEW_USER = "newUser";
    private static final String ACTION_REMOVE_USER = "removeUser";
    private static final String ACTION_SET_ENABLED = "setUserEnabled";
    private static final String ACTION_SET_NAME = "setUserName";
    private static final String ACTION_SET_AUTH_CREDENTIALS = "setAuthenticationCredentials";
    public static final String PARAM_CONTEXT_ID = "contextId";
    public static final String PARAM_USER_ID = "userId";
    private static final String PARAM_USER_NAME = "name";
    private static final String PARAM_ENABLED = "enabled";
    private static final String PARAM_CREDENTIALS_CONFIG_PARAMS = "authCredentialsConfigParams";
    private ExtensionUserManagement extension;
    private Map<Integer, ApiDynamicActionImplementor> loadedAuthenticationMethodActions;

    public UsersAPI(ExtensionUserManagement extensionUserManagement) {
        this.extension = extensionUserManagement;
        addApiView(new ApiView(VIEW_USERS_LIST, (String[]) null, new String[]{"contextId"}));
        addApiView(new ApiView(VIEW_GET_USER_BY_ID, (String[]) null, new String[]{"contextId", PARAM_USER_ID}));
        addApiView(new ApiView(VIEW_GET_AUTH_CREDENTIALS_CONFIG_PARAMETERS, new String[]{"contextId"}));
        addApiView(new ApiView(VIEW_GET_AUTH_CREDENTIALS, new String[]{"contextId", PARAM_USER_ID}));
        addApiAction(new ApiAction(ACTION_NEW_USER, new String[]{"contextId", "name"}));
        addApiAction(new ApiAction(ACTION_REMOVE_USER, new String[]{"contextId", PARAM_USER_ID}));
        addApiAction(new ApiAction(ACTION_SET_ENABLED, new String[]{"contextId", PARAM_USER_ID, PARAM_ENABLED}));
        addApiAction(new ApiAction(ACTION_SET_NAME, new String[]{"contextId", PARAM_USER_ID, "name"}));
        addApiAction(new ApiAction(ACTION_SET_AUTH_CREDENTIALS, new String[]{"contextId", PARAM_USER_ID}, new String[]{PARAM_CREDENTIALS_CONFIG_PARAMS}));
        if (Control.getSingleton() != null) {
            ExtensionAuthentication extensionAuthentication = (ExtensionAuthentication) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAuthentication.NAME);
            this.loadedAuthenticationMethodActions = new HashMap();
            if (extensionAuthentication != null) {
                for (AuthenticationMethodType authenticationMethodType : extensionAuthentication.getAuthenticationMethodTypes()) {
                    ApiDynamicActionImplementor setCredentialsForUserApiAction = authenticationMethodType.getSetCredentialsForUserApiAction();
                    if (setCredentialsForUserApiAction != null) {
                        this.loadedAuthenticationMethodActions.put(Integer.valueOf(authenticationMethodType.getUniqueIdentifier()), setCredentialsForUserApiAction);
                    }
                }
            }
        }
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public String getPrefix() {
        return PREFIX;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiView(String str, JSONObject jSONObject) throws ApiException {
        List arrayList;
        log.debug("handleApiView " + str + " " + jSONObject.toString());
        boolean z = -1;
        switch (str.hashCode()) {
            case -580597074:
                if (str.equals(VIEW_GET_AUTH_CREDENTIALS)) {
                    z = 2;
                    break;
                }
                break;
            case 356806342:
                if (str.equals(VIEW_USERS_LIST)) {
                    z = false;
                    break;
                }
                break;
            case 1810897843:
                if (str.equals(VIEW_GET_USER_BY_ID)) {
                    z = true;
                    break;
                }
                break;
            case 1998321974:
                if (str.equals(VIEW_GET_AUTH_CREDENTIALS_CONFIG_PARAMETERS)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                ApiResponseList apiResponseList = new ApiResponseList(str);
                if (hasContextId(jSONObject)) {
                    arrayList = this.extension.getContextUserAuthManager(getContextId(jSONObject)).getUsers();
                } else {
                    arrayList = new ArrayList();
                    Iterator<Context> it = Model.getSingleton().getSession().getContexts().iterator();
                    while (it.hasNext()) {
                        arrayList.addAll(this.extension.getContextUserAuthManager(it.next().getIndex()).getUsers());
                    }
                }
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    apiResponseList.addItem(buildResponseFromUser((User) it2.next()));
                }
                return apiResponseList;
            case true:
                return buildResponseFromUser(getUser(jSONObject));
            case true:
                return getUser(jSONObject).getAuthenticationCredentials().getApiResponseRepresentation();
            case true:
                return this.loadedAuthenticationMethodActions.get(Integer.valueOf(ApiUtils.getContextByParamId(jSONObject, "contextId").getAuthenticationMethod().getType().getUniqueIdentifier())).buildParamsDescription();
            default:
                throw new ApiException(ApiException.Type.BAD_VIEW);
        }
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiAction(String str, JSONObject jSONObject) throws ApiException {
        log.debug("handleApiAction " + str + " " + jSONObject.toString());
        boolean z = -1;
        switch (str.hashCode()) {
            case -28498124:
                if (str.equals(ACTION_SET_ENABLED)) {
                    z = 2;
                    break;
                }
                break;
            case 657531682:
                if (str.equals(ACTION_SET_AUTH_CREDENTIALS)) {
                    z = 4;
                    break;
                }
                break;
            case 1098610287:
                if (str.equals(ACTION_REMOVE_USER)) {
                    z = true;
                    break;
                }
                break;
            case 1722653560:
                if (str.equals(ACTION_SET_NAME)) {
                    z = 3;
                    break;
                }
                break;
            case 1845246347:
                if (str.equals(ACTION_NEW_USER)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Context contextByParamId = ApiUtils.getContextByParamId(jSONObject, "contextId");
                User user = new User(contextByParamId.getIndex(), ApiUtils.getNonEmptyStringParam(jSONObject, "name"));
                user.setAuthenticationCredentials(contextByParamId.getAuthenticationMethod().createAuthenticationCredentials());
                this.extension.getContextUserAuthManager(contextByParamId.getIndex()).addUser(user);
                return new ApiResponseElement(PARAM_USER_ID, String.valueOf(user.getId()));
            case true:
                return this.extension.getContextUserAuthManager(ApiUtils.getIntParam(jSONObject, "contextId")).removeUserById(ApiUtils.getIntParam(jSONObject, PARAM_USER_ID)) ? ApiResponseElement.OK : ApiResponseElement.FAIL;
            case true:
                try {
                    getUser(jSONObject).setEnabled(jSONObject.getBoolean(PARAM_ENABLED));
                    return ApiResponseElement.OK;
                } catch (JSONException e) {
                    throw new ApiException(ApiException.Type.BAD_FORMAT, "enabled - should be boolean");
                }
            case true:
                String string = jSONObject.getString("name");
                if (string == null || string.isEmpty()) {
                    throw new ApiException(ApiException.Type.MISSING_PARAMETER, "name");
                }
                getUser(jSONObject).setName(string);
                return ApiResponseElement.OK;
            case true:
                JSONObject params = jSONObject.has(PARAM_CREDENTIALS_CONFIG_PARAMS) ? API.getParams(jSONObject.getString(PARAM_CREDENTIALS_CONFIG_PARAMS)) : new JSONObject();
                Context contextByParamId2 = ApiUtils.getContextByParamId(jSONObject, "contextId");
                params.put("contextId", Integer.valueOf(contextByParamId2.getIndex()));
                params.put(PARAM_USER_ID, Integer.valueOf(getUserId(jSONObject)));
                this.loadedAuthenticationMethodActions.get(Integer.valueOf(contextByParamId2.getAuthenticationMethod().getType().getUniqueIdentifier())).handleAction(params);
                return ApiResponseElement.OK;
            default:
                throw new ApiException(ApiException.Type.BAD_ACTION);
        }
    }

    private ApiResponse buildResponseFromUser(User user) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", user.getName());
        hashMap.put("id", Integer.toString(user.getId()));
        hashMap.put("contextId", Integer.toString(user.getContextId()));
        hashMap.put(PARAM_ENABLED, Boolean.toString(user.isEnabled()));
        hashMap.put("credentials", user.getAuthenticationCredentials().getApiResponseRepresentation().toJSON().toString());
        return new ApiResponseSet("user", hashMap);
    }

    private int getUserId(JSONObject jSONObject) throws ApiException {
        return ApiUtils.getIntParam(jSONObject, PARAM_USER_ID);
    }

    private User getUser(JSONObject jSONObject) throws ApiException {
        int contextId = getContextId(jSONObject);
        User userById = this.extension.getContextUserAuthManager(contextId).getUserById(getUserId(jSONObject));
        if (userById == null) {
            throw new ApiException(ApiException.Type.USER_NOT_FOUND, PARAM_USER_ID);
        }
        return userById;
    }

    private int getContextId(JSONObject jSONObject) throws ApiException {
        return ApiUtils.getIntParam(jSONObject, "contextId");
    }

    private boolean hasContextId(JSONObject jSONObject) {
        try {
            jSONObject.getInt("contextId");
            return true;
        } catch (JSONException e) {
            return false;
        }
    }
}
