package org.xdi.oxauth.uma.ws.rs;

import com.google.common.collect.Lists;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.AuthorizationGrantList;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.uma.UmaResource;
import org.xdi.oxauth.model.uma.UmaResourceResponse;
import org.xdi.oxauth.model.uma.UmaResourceWithId;
import org.xdi.oxauth.service.token.TokenService;
import org.xdi.oxauth.uma.service.UmaResourceService;
import org.xdi.oxauth.uma.service.UmaScopeService;
import org.xdi.oxauth.uma.service.UmaValidationService;
import org.xdi.oxauth.util.ServerUtil;

@Path("/host/rsrc/resource_set")
@Api(value = "/host/rsrc/resource_set", description = "The resource server uses the RESTful API at the authorization server's resource set registration endpoint to create, read, update, and delete resource set descriptions, along with retrieving lists of such descriptions.")
/* loaded from: input_file:org/xdi/oxauth/uma/ws/rs/UmaResourceRegistrationWS.class */
public class UmaResourceRegistrationWS {
    private static final int NOT_ALLOWED_STATUS = 405;

    @Inject
    private Logger log;

    @Inject
    private TokenService tokenService;

    @Inject
    private UmaValidationService umaValidationService;

    @Inject
    private UmaResourceService resourceService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private AuthorizationGrantList authorizationGrantList;

    @Inject
    private UmaScopeService umaScopeService;

    @Inject
    private AppConfiguration appConfiguration;

    @Consumes({"application/json"})
    @ApiOperation(value = "Adds a new resource description using the POST method", notes = "Adds a new resource description using the POST method. If the request is successful, the authorization server MUST respond with a status message that includes an _id property.")
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @POST
    @Produces({"application/json"})
    public Response createResource(@HeaderParam("Authorization") String str, @ApiParam(value = "Resource description", required = true) UmaResource umaResource) {
        try {
            String uuid = UUID.randomUUID().toString();
            this.log.trace("Try to create resource, id: {}", uuid);
            this.umaValidationService.assertHasProtectionScope(str);
            return putResourceImpl(Response.Status.CREATED, str, uuid, umaResource);
        } catch (Exception e) {
            this.log.error("Exception during resource creation", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            return throwUmaInternalErrorException();
        }
    }

    @Path("{rsid}")
    @Consumes({"application/json"})
    @ApiOperation(value = "Updates a previously registered resource set description using the PUT method", notes = "Updates a previously registered resource set description using the PUT method. If the request is successful, the authorization server MUST respond with a status message that includes an \"_id\" property.")
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    @PUT
    public Response updateResource(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource description ID", required = true) String str2, @ApiParam(value = "Resource description JSON object", required = true) UmaResource umaResource) {
        try {
            this.umaValidationService.assertHasProtectionScope(str);
            return putResourceImpl(Response.Status.OK, str, str2, umaResource);
        } catch (Exception e) {
            this.log.error("Exception during resource update, rsId: " + str2 + ", message: " + e.getMessage(), e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            return throwUmaInternalErrorException();
        }
    }

    @GET
    @Path("{rsid}")
    @ApiOperation(value = "Reads a previously registered resource description using the GET method.", notes = "Reads a previously registered resource description using the GET method. If the request is successful, the authorization server MUST respond with a status message that includes a body containing the referenced resource set description, along with an \"_id\" property.", response = UmaResource.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    public Response getResource(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource description object ID", required = true) String str2) {
        try {
            this.umaValidationService.assertHasProtectionScope(str);
            this.log.debug("Getting resource description: '{}'", str2);
            org.xdi.oxauth.model.uma.persistence.UmaResource resourceById = this.resourceService.getResourceById(str2);
            UmaResourceWithId umaResourceWithId = new UmaResourceWithId();
            umaResourceWithId.setId(resourceById.getId());
            umaResourceWithId.setName(resourceById.getName());
            umaResourceWithId.setDescription(resourceById.getDescription());
            umaResourceWithId.setIconUri(resourceById.getIconUri());
            umaResourceWithId.setScopes(this.umaScopeService.getScopeIdsByDns(resourceById.getScopes()));
            umaResourceWithId.setType(resourceById.getType());
            Response.ResponseBuilder ok = Response.ok();
            ok.entity(ServerUtil.asJson(umaResourceWithId));
            return ok.build();
        } catch (Exception e) {
            this.log.error("Exception happened", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            this.errorResponseFactory.throwUmaInternalErrorException();
            return null;
        }
    }

    @GET
    @ApiOperation(value = "Lists all previously registered resource set identifiers for this user using the GET method.", notes = "Lists all previously registered resource set identifiers for this user using the GET method. The authorization server MUST return the list in the form of a JSON array of {rsid} string values.\n\nThe resource server uses this method as a first step in checking whether its understanding of protected resources is in full synchronization with the authorization server's understanding.", response = UmaResource.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    @Produces({"application/json"})
    public List<String> getResourceList(@HeaderParam("Authorization") String str, @QueryParam("scope") @ApiParam(value = "Scope uri", required = false) String str2) {
        try {
            this.log.trace("Getting list of resource descriptions.");
            List<org.xdi.oxauth.model.uma.persistence.UmaResource> resourcesByAssociatedClient = this.resourceService.getResourcesByAssociatedClient(this.umaValidationService.assertHasProtectionScope(str).getClientDn());
            ArrayList arrayList = new ArrayList(resourcesByAssociatedClient.size());
            for (org.xdi.oxauth.model.uma.persistence.UmaResource umaResource : resourcesByAssociatedClient) {
                if (StringUtils.isNotBlank(str2)) {
                    List<String> scopeIdsByDns = this.umaScopeService.getScopeIdsByDns(umaResource.getScopes());
                    if (scopeIdsByDns != null && scopeIdsByDns.contains(str2)) {
                        arrayList.add(umaResource.getId());
                    }
                } else {
                    arrayList.add(umaResource.getId());
                }
            }
            return arrayList;
        } catch (Exception e) {
            this.log.error("Exception happened on getResourceList()", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            this.errorResponseFactory.throwUmaInternalErrorException();
            return Lists.newArrayList();
        }
    }

    @Path("{rsid}")
    @DELETE
    @ApiOperation(value = "Deletes a previously registered resource set description using the DELETE method.", notes = "Deletes a previously registered resource set description using the DELETE method, thereby removing it from the authorization server's protection regime.", response = UmaResource.class)
    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized")})
    public Response deleteResource(@HeaderParam("Authorization") String str, @PathParam("rsid") @ApiParam(value = "Resource description ID", required = true) String str2) {
        try {
            this.log.debug("Deleting resource descriptions'");
            this.umaValidationService.assertHasProtectionScope(str);
            this.resourceService.remove(str2);
            return Response.status(Response.Status.NO_CONTENT).build();
        } catch (Exception e) {
            this.log.error("Error on DELETE Resource - " + e.getMessage(), e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            return throwUmaInternalErrorException();
        }
    }

    private Response putResourceImpl(Response.Status status, String str, String str2, UmaResource umaResource) throws IllegalAccessException, InvocationTargetException, IOException {
        this.log.trace("putResourceImpl, rsid: {}, status:", str2, status.name());
        AuthorizationGrant authorizationGrantByAccessToken = this.authorizationGrantList.getAuthorizationGrantByAccessToken(this.tokenService.getTokenFromAuthorizationParameter(str));
        org.xdi.oxauth.model.uma.persistence.UmaResource resourceByDn = this.resourceService.getResourceByDn(status == Response.Status.CREATED ? addResource(str2, umaResource, authorizationGrantByAccessToken.getUserDn(), authorizationGrantByAccessToken.getClientDn()) : updateResource(str2, umaResource));
        UmaResourceResponse umaResourceResponse = new UmaResourceResponse();
        umaResourceResponse.setId(resourceByDn.getId());
        return Response.status(status).entity(ServerUtil.asJson(umaResourceResponse)).build();
    }

    private String addResource(String str, UmaResource umaResource, String str2, String str3) throws IllegalAccessException, InvocationTargetException {
        this.log.debug("Adding new resource: '{}'", str);
        String dnForResource = this.resourceService.getDnForResource(str);
        List<String> scopeDNsByIdsAndAddToLdapIfNeeded = this.umaScopeService.getScopeDNsByIdsAndAddToLdapIfNeeded(umaResource.getScopes());
        org.xdi.oxauth.model.uma.persistence.UmaResource umaResource2 = new org.xdi.oxauth.model.uma.persistence.UmaResource();
        umaResource2.setName(umaResource.getName());
        umaResource2.setDescription(umaResource.getDescription());
        umaResource2.setIconUri(umaResource.getIconUri());
        umaResource2.setId(str);
        umaResource2.setRev("1");
        umaResource2.setCreator(str2);
        umaResource2.setDn(dnForResource);
        umaResource2.setScopes(scopeDNsByIdsAndAddToLdapIfNeeded);
        umaResource2.setClients(new ArrayList(Collections.singletonList(str3)));
        this.resourceService.addResource(umaResource2);
        return dnForResource;
    }

    private String updateResource(String str, UmaResource umaResource) throws IllegalAccessException, InvocationTargetException {
        this.log.debug("Updating resource description: '{}'.", str);
        org.xdi.oxauth.model.uma.persistence.UmaResource resourceById = this.resourceService.getResourceById(str);
        if (resourceById == null) {
            return (String) throwNotFoundException(str);
        }
        resourceById.setName(umaResource.getName());
        resourceById.setDescription(umaResource.getDescription());
        resourceById.setIconUri(umaResource.getIconUri());
        resourceById.setScopes(this.umaScopeService.getScopeDNsByIdsAndAddToLdapIfNeeded(umaResource.getScopes()));
        resourceById.setRev(String.valueOf(incrementRev(resourceById.getRev())));
        resourceById.setType(umaResource.getType());
        this.resourceService.updateResource(resourceById);
        return resourceById.getDn();
    }

    private int incrementRev(String str) {
        try {
            return Integer.parseInt(str) + 1;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return 1;
        }
    }

    private <T> T throwNotFoundException(String str) {
        this.log.error("Specified resource set description doesn't exist, id: " + str);
        this.errorResponseFactory.throwUmaNotFoundException();
        return null;
    }

    private Response throwUmaInternalErrorException() {
        this.errorResponseFactory.throwUmaInternalErrorException();
        return null;
    }

    @HEAD
    @ApiOperation("Not allowed")
    public Response unsupportedHeadMethod() {
        this.log.error("HEAD method is not allowed");
        throw new WebApplicationException(Response.status(NOT_ALLOWED_STATUS).entity("HEAD Method Not Allowed").build());
    }

    @OPTIONS
    @ApiOperation("Not allowed")
    public Response unsupportedOptionsMethod() {
        this.log.error("OPTIONS method is not allowed");
        throw new WebApplicationException(Response.status(NOT_ALLOWED_STATUS).entity("OPTIONS Method Not Allowed").build());
    }
}
