package org.mitre.uma.web;

import com.google.common.collect.Sets;
import com.google.gson.Gson;
import java.util.HashSet;
import java.util.Iterator;
import org.mitre.uma.model.Claim;
import org.mitre.uma.model.Policy;
import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.service.ResourceSetService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/api/resourceset"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/uma/web/PolicyAPI.class */
public class PolicyAPI {
    private static final Logger logger = LoggerFactory.getLogger(PolicyAPI.class);
    public static final String URL = "api/resourceset";
    public static final String POLICYURL = "/policy";
    private Gson gson = new Gson();

    @Autowired
    private ResourceSetService resourceSetService;

    @RequestMapping(value = {""}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getResourceSetsForCurrentUser(Model model, Authentication authentication) {
        model.addAttribute("entity", this.resourceSetService.getAllForOwner(authentication.getName()));
        return "jsonEntityView";
    }

    @RequestMapping(value = {"/{rsid}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getResourceSet(@PathVariable("rsid") Long l, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (byId.getOwner().equals(authentication.getName())) {
            model.addAttribute("entity", byId);
            return "jsonEntityView";
        }
        logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    public String deleteResourceSet(@PathVariable("rsid") Long l, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (byId.getOwner().equals(authentication.getName())) {
            this.resourceSetService.remove(byId);
            model.addAttribute("code", HttpStatus.NO_CONTENT);
            return "httpCodeView";
        }
        logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}/policy"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getPoliciesForResourceSet(@PathVariable("rsid") Long l, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (byId.getOwner().equals(authentication.getName())) {
            model.addAttribute("entity", byId.getPolicies());
            return "jsonEntityView";
        }
        logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}/policy"}, method = {RequestMethod.POST}, produces = {"application/json"})
    public String createNewPolicyForResourceSet(@PathVariable("rsid") Long l, @RequestBody String str, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (!byId.getOwner().equals(authentication.getName())) {
            logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return "httpCodeView";
        }
        Policy policy = (Policy) this.gson.fromJson(str, Policy.class);
        if (policy.getId() != null) {
            logger.warn("Tried to add a policy with a non-null ID: " + policy.getId());
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            return "httpCodeView";
        }
        for (Claim claim : policy.getClaimsRequired()) {
            if (claim.getId() != null) {
                logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId());
                model.addAttribute("code", HttpStatus.BAD_REQUEST);
                return "httpCodeView";
            }
        }
        byId.getPolicies().add(policy);
        Sets.SetView difference = Sets.difference(new HashSet(this.resourceSetService.update(byId, byId).getPolicies()), new HashSet(byId.getPolicies()));
        if (difference.size() == 1) {
            model.addAttribute("entity", (Policy) difference.iterator().next());
            return "jsonEntityView";
        }
        logger.warn("Unexpected result trying to add a new policy object: " + difference);
        model.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}/policy/{pid}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getPolicy(@PathVariable("rsid") Long l, @PathVariable("pid") Long l2, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (!byId.getOwner().equals(authentication.getName())) {
            logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return "httpCodeView";
        }
        for (Policy policy : byId.getPolicies()) {
            if (policy.getId().equals(l2)) {
                model.addAttribute("entity", policy);
                return "jsonEntityView";
            }
        }
        model.addAttribute("code", HttpStatus.NOT_FOUND);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}/policy/{pid}"}, method = {RequestMethod.PUT}, consumes = {"application/json"}, produces = {"application/json"})
    public String setClaimsForResourceSet(@PathVariable("rsid") Long l, @PathVariable("pid") Long l2, @RequestBody String str, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            return "httpCodeView";
        }
        if (!byId.getOwner().equals(authentication.getName())) {
            logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return "httpCodeView";
        }
        Policy policy = (Policy) this.gson.fromJson(str, Policy.class);
        if (!l2.equals(policy.getId())) {
            logger.warn("Policy ID mismatch, expected " + l2 + " got " + policy.getId());
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            return "httpCodeView";
        }
        for (Policy policy2 : byId.getPolicies()) {
            if (policy2.getId().equals(l2)) {
                HashSet hashSet = new HashSet();
                Iterator it = policy2.getClaimsRequired().iterator();
                while (it.hasNext()) {
                    hashSet.add(((Claim) it.next()).getId());
                }
                for (Claim claim : policy.getClaimsRequired()) {
                    if (claim.getId() != null && !hashSet.contains(claim.getId())) {
                        logger.warn("Tried to add a policy with a an unmatched claim ID: got " + claim.getId() + " expected " + hashSet);
                        model.addAttribute("code", HttpStatus.BAD_REQUEST);
                        return "httpCodeView";
                    }
                }
                policy2.setClaimsRequired(policy.getClaimsRequired());
                policy2.setName(policy.getName());
                policy2.setScopes(policy.getScopes());
                this.resourceSetService.update(byId, byId);
                model.addAttribute("entity", policy2);
                return "jsonEntityView";
            }
        }
        model.addAttribute("code", HttpStatus.NOT_FOUND);
        return "httpCodeView";
    }

    @RequestMapping(value = {"/{rsid}/policy/{pid}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    public String deleteResourceSet(@PathVariable("rsid") Long l, @PathVariable("pid") Long l2, Model model, Authentication authentication) {
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            model.addAttribute("error", "not_found");
            return "jsonErrorView";
        }
        if (!authentication.getName().equals(byId.getOwner())) {
            logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return "jsonErrorView";
        }
        for (Policy policy : byId.getPolicies()) {
            if (policy.getId().equals(l2)) {
                byId.getPolicies().remove(policy);
                this.resourceSetService.update(byId, byId);
                model.addAttribute("code", HttpStatus.NO_CONTENT);
                return "httpCodeView";
            }
        }
        model.addAttribute("code", HttpStatus.NOT_FOUND);
        return "httpCodeView";
    }
}
