package org.mitre.uma.web;

import com.google.common.base.Strings;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.oauth2.web.AuthenticationUtilities;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.service.ResourceSetService;
import org.mitre.uma.view.ResourceSetEntityAbbreviatedView;
import org.mitre.uma.view.ResourceSetEntityView;
import org.mitre.util.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/resource_set/resource_set"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/uma/web/ResourceSetRegistrationEndpoint.class */
public class ResourceSetRegistrationEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class);
    public static final String DISCOVERY_URL = "resource_set";
    public static final String URL = "resource_set/resource_set";

    @Autowired
    private ResourceSetService resourceSetService;

    @Autowired
    private ConfigurationPropertiesBean config;

    @Autowired
    private SystemScopeService scopeService;
    private JsonParser parser = new JsonParser();

    @RequestMapping(method = {RequestMethod.POST}, produces = {"application/json"}, consumes = {"application/json"})
    public String createResourceSet(@RequestBody String str, Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        ResourceSet parseResourceSet = parseResourceSet(str);
        if (parseResourceSet == null) {
            logger.warn("Resource set registration missing body.");
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("error_description", "Resource request was missing body.");
            return "jsonErrorView";
        }
        if (!(authentication instanceof OAuth2Authentication)) {
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "This call must be made with an OAuth token");
            return "jsonErrorView";
        }
        parseResourceSet.setClientId(((OAuth2Authentication) authentication).getOAuth2Request().getClientId());
        parseResourceSet.setOwner(authentication.getName());
        ResourceSet validateScopes = validateScopes(parseResourceSet);
        if (Strings.isNullOrEmpty(validateScopes.getName()) || validateScopes.getScopes() == null) {
            logger.warn("Resource set registration missing one or more required fields.");
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Resource request was missing one or more required fields.");
            return "jsonErrorView";
        }
        ResourceSet saveNew = this.resourceSetService.saveNew(validateScopes);
        model.addAttribute("code", HttpStatus.CREATED);
        model.addAttribute("entity", saveNew);
        model.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, this.config.getIssuer() + URL + "/" + saveNew.getId());
        return ResourceSetEntityAbbreviatedView.VIEWNAME;
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String readResourceSet(@PathVariable("id") Long l, Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            model.addAttribute("error", "not_found");
            return "jsonErrorView";
        }
        ResourceSet validateScopes = validateScopes(byId);
        if (authentication.getName().equals(validateScopes.getOwner())) {
            model.addAttribute("entity", validateScopes);
            return ResourceSetEntityView.VIEWNAME;
        }
        logger.warn("Unauthorized resource set request from wrong user; expected " + validateScopes.getOwner() + " got " + authentication.getName());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "jsonErrorView";
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.PUT}, consumes = {"application/json"}, produces = {"application/json"})
    public String updateResourceSet(@PathVariable("id") Long l, @RequestBody String str, Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        ResourceSet parseResourceSet = parseResourceSet(str);
        if (parseResourceSet == null || Strings.isNullOrEmpty(parseResourceSet.getName()) || parseResourceSet.getScopes() == null || parseResourceSet.getId() == null || !parseResourceSet.getId().equals(l)) {
            logger.warn("Resource set registration missing one or more required fields.");
            model.addAttribute("code", HttpStatus.BAD_REQUEST);
            model.addAttribute("errorMessage", "Resource request was missing one or more required fields.");
            return "jsonErrorView";
        }
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            model.addAttribute("error", "not_found");
            return "jsonErrorView";
        }
        if (authentication.getName().equals(byId.getOwner())) {
            model.addAttribute("entity", this.resourceSetService.update(byId, parseResourceSet));
            model.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, this.config.getIssuer() + URL + "/" + byId.getId());
            return ResourceSetEntityAbbreviatedView.VIEWNAME;
        }
        logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "jsonErrorView";
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    public String deleteResourceSet(@PathVariable("id") Long l, Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        ResourceSet byId = this.resourceSetService.getById(l);
        if (byId == null) {
            model.addAttribute("code", HttpStatus.NOT_FOUND);
            model.addAttribute("error", "not_found");
            return "jsonErrorView";
        }
        if (!authentication.getName().equals(byId.getOwner())) {
            logger.warn("Unauthorized resource set request from bad user; expected " + byId.getOwner() + " got " + authentication.getName());
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return "jsonErrorView";
        }
        if (!(authentication instanceof OAuth2Authentication) || ((OAuth2Authentication) authentication).getOAuth2Request().getClientId().equals(byId.getClientId())) {
            this.resourceSetService.remove(byId);
            model.addAttribute("code", HttpStatus.NO_CONTENT);
            return "httpCodeView";
        }
        logger.warn("Unauthorized resource set request from bad client; expected " + byId.getClientId() + " got " + ((OAuth2Authentication) authentication).getOAuth2Request().getClientId());
        model.addAttribute("code", HttpStatus.FORBIDDEN);
        return "jsonErrorView";
    }

    @RequestMapping(method = {RequestMethod.GET}, produces = {"application/json"})
    public String listResourceSets(Model model, Authentication authentication) {
        AuthenticationUtilities.ensureOAuthScope(authentication, "uma_protection");
        String name = authentication.getName();
        Collections.emptySet();
        Collection allForOwnerAndClient = authentication instanceof OAuth2Authentication ? this.resourceSetService.getAllForOwnerAndClient(name, ((OAuth2Authentication) authentication).getOAuth2Request().getClientId()) : this.resourceSetService.getAllForOwner(name);
        HashSet hashSet = new HashSet();
        Iterator it = allForOwnerAndClient.iterator();
        while (it.hasNext()) {
            hashSet.add(((ResourceSet) it.next()).getId().toString());
        }
        model.addAttribute("entity", hashSet);
        return "jsonEntityView";
    }

    private ResourceSet parseResourceSet(String str) {
        try {
            JsonElement parse = this.parser.parse(str);
            if (!parse.isJsonObject()) {
                return null;
            }
            JsonObject asJsonObject = parse.getAsJsonObject();
            ResourceSet resourceSet = new ResourceSet();
            resourceSet.setId(JsonUtils.getAsLong(asJsonObject, "_id"));
            resourceSet.setName(JsonUtils.getAsString(asJsonObject, "name"));
            resourceSet.setIconUri(JsonUtils.getAsString(asJsonObject, "icon_uri"));
            resourceSet.setType(JsonUtils.getAsString(asJsonObject, "type"));
            resourceSet.setScopes(JsonUtils.getAsStringSet(asJsonObject, "scopes"));
            resourceSet.setUri(JsonUtils.getAsString(asJsonObject, "uri"));
            return resourceSet;
        } catch (JsonParseException e) {
            return null;
        }
    }

    private ResourceSet validateScopes(ResourceSet resourceSet) {
        resourceSet.setScopes(this.scopeService.toStrings(this.scopeService.removeRestrictedAndReservedScopes(this.scopeService.fromStrings(resourceSet.getScopes()))));
        return resourceSet;
    }
}
