package org.mitre.uma.web;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import java.util.Set;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.oauth2.web.AuthenticationUtilities;
import org.mitre.uma.model.PermissionTicket;
import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.service.PermissionService;
import org.mitre.uma.service.ResourceSetService;
import org.mitre.util.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/permission"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/uma/web/PermissionRegistrationEndpoint.class */
public class PermissionRegistrationEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(PermissionRegistrationEndpoint.class);
    public static final String URL = "permission";

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private ResourceSetService resourceSetService;

    @Autowired
    private SystemScopeService scopeService;
    private JsonParser parser = new JsonParser();

    @RequestMapping(method = {RequestMethod.POST}, consumes = {"application/json"}, produces = {"application/json"})
    public String getPermissionTicket(@RequestBody String str, Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        try {
            JsonElement parse = this.parser.parse(str);
            if (!parse.isJsonObject()) {
                model.addAttribute("code", HttpStatus.BAD_REQUEST);
                model.addAttribute("errorMessage", "Malformed JSON request.");
                return "jsonErrorView";
            }
            JsonObject asJsonObject = parse.getAsJsonObject();
            Long asLong = JsonUtils.getAsLong(asJsonObject, "resource_set_id");
            Set asStringSet = JsonUtils.getAsStringSet(asJsonObject, "scopes");
            if (asLong == null || asStringSet == null || asStringSet.isEmpty()) {
                model.addAttribute("code", HttpStatus.BAD_REQUEST);
                model.addAttribute("errorMessage", "Missing required component of permission registration request.");
                return "jsonErrorView";
            }
            Set strings = this.scopeService.toStrings(this.scopeService.removeRestrictedAndReservedScopes(this.scopeService.fromStrings(asStringSet)));
            ResourceSet byId = this.resourceSetService.getById(asLong);
            if (byId == null) {
                model.addAttribute("code", HttpStatus.NOT_FOUND);
                model.addAttribute("errorMessage", "Requested resource set not found: " + asLong);
                return "jsonErrorView";
            }
            if (!byId.getOwner().equals(authentication.getName())) {
                model.addAttribute("code", HttpStatus.FORBIDDEN);
                model.addAttribute("errorMessage", "Party requesting permission is not owner of resource set, expected " + byId.getOwner() + " got " + authentication.getName());
                return "jsonErrorView";
            }
            PermissionTicket createTicket = this.permissionService.createTicket(byId, strings);
            if (createTicket == null) {
                model.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
                model.addAttribute("errorMessage", "Unable to save permission and generate ticket.");
                return "jsonErrorView";
            }
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(AuthorizationRequestEndpoint.TICKET, createTicket.getTicket());
            model.addAttribute("entity", jsonObject);
            model.addAttribute("code", HttpStatus.CREATED);
            return "jsonEntityView";
        } catch (JsonParseException e) {
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Malformed JSON request.");
            return "jsonErrorView";
        }
    }
}
