package org.xdi.oxauth.uma.ws.rs;

import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.AuthorizationGrantList;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.uma.ResourceSet;
import org.xdi.oxauth.model.uma.ResourceSetStatus;
import org.xdi.oxauth.model.uma.ResourceSetWithId;
import org.xdi.oxauth.model.uma.UmaErrorResponseType;
import org.xdi.oxauth.service.token.TokenService;
import org.xdi.oxauth.service.uma.ResourceSetService;
import org.xdi.oxauth.service.uma.ScopeService;
import org.xdi.oxauth.service.uma.UmaValidationService;
import org.xdi.oxauth.util.ServerUtil;

@Name("resourceSetRegistrationRestWebService")
@Path("/host/rsrc/resource_set")
@Api(value = "/host/rsrc/resource_set", description = "The resource server uses the RESTful API at the authorization server's resource set registration endpoint to create, read, update, and delete resource set descriptions, along with retrieving lists of such descriptions.")
/* loaded from: input_file:org/xdi/oxauth/uma/ws/rs/ResourceSetRegistrationWS.class */
public class ResourceSetRegistrationWS {

    @Logger
    private Log log;

    @In
    private TokenService tokenService;

    @In
    private UmaValidationService umaValidationService;

    @In
    private ResourceSetService resourceSetService;

    @In
    private ErrorResponseFactory errorResponseFactory;

    @In
    private AuthorizationGrantList authorizationGrantList;

    @In
    private ScopeService umaScopeService;

    @Consumes({"application/json"})
    @ApiOperation(value = "Adds a new resource set description using the POST method", notes = "Adds a new resource set description using the POST method. If the request is successful, the authorization server MUST respond with a status message that includes an _id property.")
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @POST
    @Produces({"application/json"})
    public Response createResourceSet(@HeaderParam("Authorization") String str, @ApiParam(value = "Resource set description", required = true) ResourceSet resourceSet) {
        try {
            String generatedId = generatedId();
            this.log.trace("Try to create resource set, id: {0}", new Object[]{generatedId});
            this.umaValidationService.validateAuthorizationWithProtectScope(str);
            return putResourceSetImpl(Response.Status.CREATED, str, generatedId, resourceSet);
        } catch (Exception e) {
            this.log.error("Exception during resource creation", e, new Object[0]);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
        }
    }

    @Path("{rsid}")
    @Consumes({"application/json"})
    @ApiOperation(value = "Updates a previously registered resource set description using the PUT method", notes = "Updates a previously registered resource set description using the PUT method. If the request is successful, the authorization server MUST respond with a status message that includes an \"_id\" property.")
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    @PUT
    public Response updateResourceSet(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource set description ID", required = true) String str2, @ApiParam(value = "Resource set description JSON object", required = true) ResourceSet resourceSet) {
        try {
            this.umaValidationService.validateAuthorizationWithProtectScope(str);
            return putResourceSetImpl(Response.Status.NO_CONTENT, str, str2, resourceSet);
        } catch (Exception e) {
            this.log.error("Exception happened", e, new Object[0]);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
        }
    }

    private synchronized String generatedId() {
        return String.valueOf(System.currentTimeMillis());
    }

    @GET
    @Path("{rsid}")
    @ApiOperation(value = "Reads a previously registered resource set description using the GET method.", notes = "Reads a previously registered resource set description using the GET method. If the request is successful, the authorization server MUST respond with a status message that includes a body containing the referenced resource set description, along with an \"_id\" property.", response = ResourceSet.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    public Response getResourceSet(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource set description object ID", required = true) String str2) {
        try {
            this.umaValidationService.validateAuthorizationWithProtectScope(str);
            this.log.debug("Getting resource set description: '{0}'", new Object[]{str2});
            prepareResourceSetsBranch();
            org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet = new org.xdi.oxauth.model.uma.persistence.ResourceSet();
            resourceSet.setDn(this.resourceSetService.getBaseDnForResourceSet());
            resourceSet.setId(str2);
            List<org.xdi.oxauth.model.uma.persistence.ResourceSet> findResourceSets = this.resourceSetService.findResourceSets(resourceSet);
            if (findResourceSets.size() != 1) {
                this.log.error("Specified resource set description isn't exist", new Object[0]);
                throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.NOT_FOUND)).build());
            }
            org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet2 = findResourceSets.get(0);
            ResourceSetWithId resourceSetWithId = new ResourceSetWithId();
            BeanUtils.copyProperties(resourceSetWithId, resourceSet2);
            resourceSetWithId.setId(resourceSet2.getId());
            resourceSetWithId.setScopes(this.umaScopeService.getScopeUrlsByDns(resourceSet2.getScopes()));
            Response.ResponseBuilder ok = Response.ok();
            ok.entity(ServerUtil.asJson(resourceSetWithId));
            return ok.build();
        } catch (Exception e) {
            this.log.error("Exception happened", e, new Object[0]);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
        }
    }

    @GET
    @ApiOperation(value = "Lists all previously registered resource set identifiers for this user using the GET method.", notes = "Lists all previously registered resource set identifiers for this user using the GET method. The authorization server MUST return the list in the form of a JSON array of {rsid} string values.\n\nThe resource server uses this method as a first step in checking whether its understanding of protected resources is in full synchronization with the authorization server's understanding.", response = ResourceSet.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    public List<String> getResourceSetList(@HeaderParam("Authorization") String str, @QueryParam("scope") @ApiParam(value = "Scope uri", required = false) String str2) {
        try {
            this.log.trace("Getting resource set descriptions.", new Object[0]);
            this.umaValidationService.validateAuthorizationWithProtectScope(str);
            AuthorizationGrant authorizationGrantByAccessToken = this.authorizationGrantList.getAuthorizationGrantByAccessToken(this.tokenService.getTokenFromAuthorizationParameter(str));
            if (authorizationGrantByAccessToken != null) {
                String clientDn = authorizationGrantByAccessToken.getClientDn();
                prepareResourceSetsBranch();
                List<org.xdi.oxauth.model.uma.persistence.ResourceSet> resourceSetsByAssociatedClient = this.resourceSetService.getResourceSetsByAssociatedClient(clientDn);
                ArrayList arrayList = new ArrayList(resourceSetsByAssociatedClient.size());
                for (org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet : resourceSetsByAssociatedClient) {
                    if (StringUtils.isNotBlank(str2)) {
                        List<String> scopeUrlsByDns = this.umaScopeService.getScopeUrlsByDns(resourceSet.getScopes());
                        if (scopeUrlsByDns != null && scopeUrlsByDns.contains(str2)) {
                            arrayList.add(resourceSet.getId());
                        }
                    } else {
                        arrayList.add(resourceSet.getId());
                    }
                }
                return arrayList;
            }
        } catch (Exception e) {
            this.log.error("Exception happened on getResourceSetList()", e, new Object[0]);
            if (e instanceof WebApplicationException) {
                throw e;
            }
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
    }

    @Path("{rsid}")
    @DELETE
    @ApiOperation(value = "Deletes a previously registered resource set description using the DELETE method.", notes = "Deletes a previously registered resource set description using the DELETE method, thereby removing it from the authorization server's protection regime.", response = ResourceSet.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    public Response deleteResourceSet(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource set description ID", required = true) String str2) {
        try {
            this.umaValidationService.validateAuthorizationWithProtectScope(str);
            this.log.debug("Getting resource set descriptions'", new Object[0]);
            prepareResourceSetsBranch();
            org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet = new org.xdi.oxauth.model.uma.persistence.ResourceSet();
            resourceSet.setDn(this.resourceSetService.getBaseDnForResourceSet());
            resourceSet.setId(str2);
            List<org.xdi.oxauth.model.uma.persistence.ResourceSet> findResourceSets = this.resourceSetService.findResourceSets(resourceSet);
            if (findResourceSets.isEmpty()) {
                this.log.error("Specified resource set description doesn't exist", new Object[0]);
                throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.NOT_FOUND)).build());
            }
            this.resourceSetService.remove(findResourceSets);
            return Response.status(Response.Status.NO_CONTENT).build();
        } catch (Exception e) {
            if (e instanceof WebApplicationException) {
                throw e;
            }
            this.log.error("Exception happened", e, new Object[0]);
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
        }
    }

    private Response putResourceSetImpl(Response.Status status, String str, String str2, ResourceSet resourceSet) throws IllegalAccessException, InvocationTargetException, IOException {
        this.log.trace("putResourceSetImpl, rsid: {0}, status:", new Object[]{str2, status.name()});
        AuthorizationGrant authorizationGrantByAccessToken = this.authorizationGrantList.getAuthorizationGrantByAccessToken(this.tokenService.getTokenFromAuthorizationParameter(str));
        String userDn = authorizationGrantByAccessToken.getUserDn();
        String clientId = authorizationGrantByAccessToken.getClientId();
        String clientDn = authorizationGrantByAccessToken.getClientDn();
        org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSetByDn = this.resourceSetService.getResourceSetByDn(status == Response.Status.CREATED ? addResourceSet(str2, resourceSet, userDn, clientId, clientDn) : updateResourceSet(str2, resourceSet, authorizationGrantByAccessToken, clientDn));
        ResourceSetStatus resourceSetStatus = new ResourceSetStatus();
        BeanUtils.copyProperties(resourceSetStatus, resourceSetByDn);
        String asJson = ServerUtil.asJson(resourceSetStatus);
        Response.ResponseBuilder status2 = Response.status(status);
        status2.entity(asJson);
        return status2.build();
    }

    private String addResourceSet(String str, ResourceSet resourceSet, String str2, String str3, String str4) throws IllegalAccessException, InvocationTargetException {
        this.log.debug("Adding new resource set description: '{0}'", new Object[]{str});
        prepareResourceSetsBranch();
        String dnForResourceSet = this.resourceSetService.getDnForResourceSet(str);
        List<String> scopeDNsByUrlsAndAddToLdapIfNeeded = this.umaScopeService.getScopeDNsByUrlsAndAddToLdapIfNeeded(resourceSet.getScopes());
        org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet2 = new org.xdi.oxauth.model.uma.persistence.ResourceSet();
        BeanUtils.copyProperties(resourceSet2, resourceSet);
        resourceSet2.setId(str);
        resourceSet2.setRev("1");
        resourceSet2.setCreator(str2);
        resourceSet2.setDn(dnForResourceSet);
        resourceSet2.setScopes(scopeDNsByUrlsAndAddToLdapIfNeeded);
        Boolean umaKeepClientDuringResourceSetRegistration = ConfigurationFactory.getConfiguration().getUmaKeepClientDuringResourceSetRegistration();
        if (umaKeepClientDuringResourceSetRegistration == null || umaKeepClientDuringResourceSetRegistration.booleanValue()) {
            resourceSet2.setClients(new ArrayList(Arrays.asList(str4)));
        }
        this.resourceSetService.addResourceSet(resourceSet2);
        return dnForResourceSet;
    }

    private String updateResourceSet(String str, ResourceSet resourceSet, AuthorizationGrant authorizationGrant, String str2) throws IllegalAccessException, InvocationTargetException {
        this.log.debug("Updating resource set description: '{0}'.", new Object[]{str});
        prepareResourceSetsBranch();
        org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet2 = new org.xdi.oxauth.model.uma.persistence.ResourceSet();
        resourceSet2.setDn(this.resourceSetService.getBaseDnForResourceSet());
        resourceSet2.setId(str);
        List<org.xdi.oxauth.model.uma.persistence.ResourceSet> findResourceSets = this.resourceSetService.findResourceSets(resourceSet2);
        if (findResourceSets.size() != 1) {
            this.log.error("Specified resource set description doesn't exist", new Object[0]);
            throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.NOT_FOUND)).build());
        }
        org.xdi.oxauth.model.uma.persistence.ResourceSet resourceSet3 = findResourceSets.get(0);
        String dn = resourceSet3.getDn();
        BeanUtils.copyProperties(resourceSet3, resourceSet);
        resourceSet3.setScopes(this.umaScopeService.getScopeDNsByUrlsAndAddToLdapIfNeeded(resourceSet.getScopes()));
        resourceSet3.setRev(String.valueOf(incrementRev(resourceSet3.getRev())));
        this.resourceSetService.updateResourceSet(resourceSet3);
        return dn;
    }

    private int incrementRev(String str) {
        try {
            return Integer.parseInt(str) + 1;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return 1;
        }
    }

    private void prepareResourceSetsBranch() {
        if (this.resourceSetService.containsBranch()) {
            return;
        }
        this.resourceSetService.addBranch();
    }

    @HEAD
    @ApiOperation("Not allowed")
    public Response unsupportedHeadMethod() {
        this.log.error("HEAD method is not allowed", new Object[0]);
        throw new WebApplicationException(Response.status(405).entity("HEAD Method Not Allowed").build());
    }

    @OPTIONS
    @ApiOperation("Not allowed")
    public Response unsupportedOptionsMethod() {
        this.log.error("OPTIONS method is not allowed", new Object[0]);
        throw new WebApplicationException(Response.status(405).entity("OPTIONS Method Not Allowed").build());
    }
}
