package org.gluu.oxd.server.op;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.inject.Injector;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.client.uma.UmaClientFactory;
import org.gluu.oxauth.client.uma.UmaResourceService;
import org.gluu.oxauth.model.uma.JsonLogicNodeParser;
import org.gluu.oxauth.model.uma.UmaResourceWithId;
import org.gluu.oxd.common.Command;
import org.gluu.oxd.common.CoreUtils;
import org.gluu.oxd.common.ErrorResponse;
import org.gluu.oxd.common.ErrorResponseCode;
import org.gluu.oxd.common.Jackson2;
import org.gluu.oxd.common.params.RsModifyParams;
import org.gluu.oxd.common.response.IOpResponse;
import org.gluu.oxd.common.response.RsModifyResponse;
import org.gluu.oxd.rs.protect.resteasy.PatProvider;
import org.gluu.oxd.server.HttpException;
import org.gluu.oxd.server.model.UmaResource;
import org.gluu.oxd.server.service.Rp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxd/server/op/RsModifyOperation.class */
public class RsModifyOperation extends BaseOperation<RsModifyParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RsModifyOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public RsModifyOperation(Command command, Injector injector) {
        super(command, injector, RsModifyParams.class);
    }

    @Override // org.gluu.oxd.server.op.IOperation
    public IOpResponse execute(final RsModifyParams rsModifyParams) throws Exception {
        validate(rsModifyParams);
        Rp rp = getRp();
        new PatProvider() { // from class: org.gluu.oxd.server.op.RsModifyOperation.1
            @Override // org.gluu.oxd.rs.protect.resteasy.PatProvider
            public String getPatToken() {
                return RsModifyOperation.this.getUmaTokenService().getPat(rsModifyParams.getOxdId()).getToken();
            }

            @Override // org.gluu.oxd.rs.protect.resteasy.PatProvider
            public void clearPat() {
            }
        };
        UmaResource umaResource = rp.umaResource(rsModifyParams.getPath(), rsModifyParams.getHttpMethod());
        if (umaResource == null) {
            ErrorResponse errorResponse = new ErrorResponse("invalid_request");
            errorResponse.setErrorDescription("Resource is not protected with path: " + rsModifyParams.getPath() + " and httpMethod: " + rsModifyParams.getHttpMethod() + ". Please protect your resource first with uma_rs_modify command. Check details on " + CoreUtils.DOC_URL);
            LOG.error(errorResponse.getErrorDescription());
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(errorResponse)).build());
        }
        UmaResourceService createResourceService = UmaClientFactory.instance().createResourceService(getDiscoveryService().getUmaDiscoveryByOxdId(rsModifyParams.getOxdId()), getHttpService().getClientEngine());
        org.gluu.oxauth.model.uma.UmaResource resource = getResource(createResourceService, rsModifyParams, umaResource.getId());
        try {
            return update(getUmaTokenService().getPat(rsModifyParams.getOxdId()).getToken(), umaResource.getId(), rp, createResourceService, resource);
        } catch (ClientErrorException e) {
            LOG.debug("Failed to update resource. Entity: " + ((String) e.getResponse().readEntity(String.class)) + ", status: " + e.getResponse().getStatus(), (Throwable) e);
            if (e.getResponse().getStatus() != 400 && e.getResponse().getStatus() != 401) {
                throw e;
            }
            LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and re-try ...");
            return update(getUmaTokenService().obtainPat(rsModifyParams.getOxdId()).getToken(), umaResource.getId(), rp, createResourceService, resource);
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
            throw e2;
        }
    }

    public RsModifyResponse update(String str, String str2, Rp rp, UmaResourceService umaResourceService, org.gluu.oxauth.model.uma.UmaResource umaResource) {
        umaResourceService.updateResource("Bearer " + str, str2, umaResource);
        updateRp(umaResource, rp, str2);
        return new RsModifyResponse(rp.getOxdId());
    }

    private org.gluu.oxauth.model.uma.UmaResource getResource(UmaResourceService umaResourceService, RsModifyParams rsModifyParams, String str) {
        UmaResourceWithId resource = umaResourceService.getResource("Bearer " + getUmaTokenService().getPat(rsModifyParams.getOxdId()).getToken(), str);
        org.gluu.oxauth.model.uma.UmaResource umaResource = new org.gluu.oxauth.model.uma.UmaResource();
        umaResource.setDescription(resource.getDescription());
        umaResource.setIat(resource.getIat());
        umaResource.setIconUri(resource.getIconUri());
        umaResource.setName(resource.getName());
        umaResource.setScopes(rsModifyParams.getScopes());
        umaResource.setScopeExpression(null);
        umaResource.setType(resource.getType());
        if (!Strings.isNullOrEmpty(rsModifyParams.getScopeExpression()) && !rsModifyParams.getScopeExpression().equals("null")) {
            umaResource.setScopeExpression(rsModifyParams.getScopeExpression());
            umaResource.setScopes(JsonLogicNodeParser.parseNode(rsModifyParams.getScopeExpression().toString()).getData());
        }
        return umaResource;
    }

    private void updateRp(org.gluu.oxauth.model.uma.UmaResource umaResource, Rp rp, String str) {
        rp.setUmaProtectedResources((List) rp.getUmaProtectedResources().stream().map(umaResource2 -> {
            if (umaResource2.getId().equals(str)) {
                umaResource2.setScopes(umaResource.getScopes());
                umaResource2.setTicketScopes(umaResource.getScopes());
                umaResource2.setScopeExpressions(null);
                if (!Strings.isNullOrEmpty(umaResource.getScopeExpression()) && !umaResource.getScopeExpression().equals("null")) {
                    umaResource2.setScopeExpressions(Lists.newArrayList(umaResource.getScopeExpression()));
                    umaResource2.setTicketScopes(JsonLogicNodeParser.parseNode(umaResource.getScopeExpression().toString()).getData());
                    umaResource2.setScopes(null);
                }
            }
            return umaResource2;
        }).collect(Collectors.toList()));
        getRpService().update(rp);
    }

    private void validate(RsModifyParams rsModifyParams) {
        if (Strings.isNullOrEmpty(rsModifyParams.getOxdId())) {
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_OXD_ID);
        }
        if (Strings.isNullOrEmpty(rsModifyParams.getHttpMethod())) {
            throw new HttpException(ErrorResponseCode.NO_UMA_HTTP_METHOD);
        }
        if (Strings.isNullOrEmpty(rsModifyParams.getPath())) {
            throw new HttpException(ErrorResponseCode.NO_UMA_PATH_PARAMETER);
        }
        if (Strings.isNullOrEmpty(rsModifyParams.getScopeExpression())) {
            return;
        }
        String scopeExpression = rsModifyParams.getScopeExpression();
        if (!StringUtils.isNotBlank(scopeExpression) || scopeExpression.equalsIgnoreCase("null")) {
            return;
        }
        boolean isNodeValid = JsonLogicNodeParser.isNodeValid(scopeExpression);
        LOG.trace("Scope expression validator - Valid: " + isNodeValid + ", expression: " + scopeExpression);
        if (!isNodeValid) {
            throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
        }
        RsProtectOperation.validateScopeExpression(scopeExpression);
    }
}
