package org.apereo.cas.uma.web.controllers.permission;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicket;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicketFactory;
import org.apereo.cas.uma.ticket.resource.ResourceSet;
import org.apereo.cas.uma.ticket.resource.repository.ResourceSetRepository;
import org.apereo.cas.uma.web.controllers.BaseUmaEndpointController;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;

@Controller("umaPermissionRegistrationEndpointController")
/* loaded from: input_file:org/apereo/cas/uma/web/controllers/permission/UmaPermissionRegistrationEndpointController.class */
public class UmaPermissionRegistrationEndpointController extends BaseUmaEndpointController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UmaPermissionRegistrationEndpointController.class);
    private final TicketRegistry ticketRegistry;

    public UmaPermissionRegistrationEndpointController(UmaPermissionTicketFactory umaPermissionTicketFactory, ResourceSetRepository resourceSetRepository, CasConfigurationProperties casConfigurationProperties, TicketRegistry ticketRegistry) {
        super(umaPermissionTicketFactory, resourceSetRepository, casConfigurationProperties);
        this.ticketRegistry = ticketRegistry;
    }

    @PostMapping(value = {"//oauth2.0/permission"}, consumes = {"application/json"}, produces = {"application/json"})
    public ResponseEntity handle(@RequestBody String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            CommonProfile authenticatedProfile = getAuthenticatedProfile(httpServletRequest, httpServletResponse, "uma_protection");
            UmaPermissionRegistrationRequest umaPermissionRegistrationRequest = (UmaPermissionRegistrationRequest) MAPPER.readValue(str, UmaPermissionRegistrationRequest.class);
            if (umaPermissionRegistrationRequest == null) {
                MultiValueMap<String, Object> buildResponseEntityErrorModel = buildResponseEntityErrorModel(HttpStatus.NOT_FOUND, "UMA request cannot be found or parsed");
                return new ResponseEntity(buildResponseEntityErrorModel, buildResponseEntityErrorModel, HttpStatus.BAD_REQUEST);
            }
            Optional<ResourceSet> byId = this.umaResourceSetRepository.getById(umaPermissionRegistrationRequest.getResourceId());
            if (!byId.isPresent()) {
                MultiValueMap<String, Object> buildResponseEntityErrorModel2 = buildResponseEntityErrorModel(HttpStatus.NOT_FOUND, "Requested resource-set cannot be found");
                return new ResponseEntity(buildResponseEntityErrorModel2, buildResponseEntityErrorModel2, HttpStatus.BAD_REQUEST);
            }
            ResourceSet resourceSet = byId.get();
            if (!resourceSet.getOwner().equals(authenticatedProfile.getId())) {
                MultiValueMap<String, Object> buildResponseEntityErrorModel3 = buildResponseEntityErrorModel(HttpStatus.FORBIDDEN, "Resource-set owner does not match the authenticated profile");
                return new ResponseEntity(buildResponseEntityErrorModel3, buildResponseEntityErrorModel3, HttpStatus.BAD_REQUEST);
            }
            UmaPermissionTicket create = this.umaPermissionTicketFactory.create(resourceSet, umaPermissionRegistrationRequest.getScopes(), umaPermissionRegistrationRequest.getClaims());
            if (create != null) {
                this.ticketRegistry.addTicket(create);
                return new ResponseEntity(CollectionUtils.wrap("ticket", create.getId(), "code", HttpStatus.CREATED), HttpStatus.OK);
            }
            MultiValueMap<String, Object> buildResponseEntityErrorModel4 = buildResponseEntityErrorModel(HttpStatus.INTERNAL_SERVER_ERROR, "Unable to generate permission ticket");
            return new ResponseEntity(buildResponseEntityErrorModel4, buildResponseEntityErrorModel4, HttpStatus.BAD_REQUEST);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return new ResponseEntity("Unable to complete the permission registration request.", HttpStatus.BAD_REQUEST);
        }
    }
}
