package org.forgerock.openam.entitlement.rest;

import com.sun.identity.entitlement.Application;
import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.shared.debug.Debug;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.forgerock.openam.entitlement.ResourceType;
import org.forgerock.openam.entitlement.configuration.ResourceTypeSmsAttributes;
import org.forgerock.openam.entitlement.configuration.SmsAttribute;
import org.forgerock.openam.entitlement.service.ApplicationServiceFactory;
import org.forgerock.openam.entitlement.service.ResourceTypeService;
import org.forgerock.openam.errors.ExceptionMappingHandler;
import org.forgerock.openam.rest.RestUtils;
import org.forgerock.openam.rest.resource.ContextHelper;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.javax.inject.Named;
import org.forgerock.openam.sdk.org.apache.commons.lang.RandomStringUtils;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ActionRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ActionResponse;
import org.forgerock.openam.sdk.org.forgerock.json.resource.BadRequestException;
import org.forgerock.openam.sdk.org.forgerock.json.resource.CreateRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.DeleteRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.Filter;
import org.forgerock.openam.sdk.org.forgerock.json.resource.NotFoundException;
import org.forgerock.openam.sdk.org.forgerock.json.resource.PatchRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.QueryRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.openam.sdk.org.forgerock.json.resource.QueryResponse;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ReadRequest;
import org.forgerock.openam.sdk.org.forgerock.json.resource.RequestHandler;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ResourceException;
import org.forgerock.openam.sdk.org.forgerock.json.resource.ResourceResponse;
import org.forgerock.openam.sdk.org.forgerock.json.resource.UpdateRequest;
import org.forgerock.openam.sdk.org.forgerock.services.context.Context;
import org.forgerock.openam.sdk.org.forgerock.util.Function;
import org.forgerock.openam.sdk.org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.openam.sdk.org.forgerock.util.promise.Promise;
import org.forgerock.openam.sdk.org.forgerock.util.query.QueryFilter;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.xacml.v3.ResourceTypeImportStep;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/ApplicationV1Filter.class */
public class ApplicationV1Filter implements Filter {
    public static final String RESOURCE_TYPE_UUIDS = "resourceTypeUuids";
    public static final String ACTIONS = "actions";
    public static final String RESOURCES = "resources";
    public static final String APPLICATION_NAME = "name";
    public static final String APPLICATION_DISPLAY_NAME = "displayName";
    public static final String REALM = "realm";
    private final ResourceTypeService resourceTypeService;
    private final ApplicationServiceFactory applicationServiceFactory;
    private final ExceptionMappingHandler<EntitlementException, ResourceException> resourceErrorHandler;
    private final ContextHelper contextHelper;
    private final ApplicationV1FilterTransformer applicationTransformer;
    private final Debug debug;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/ApplicationV1Filter$ActionsToQuery.class */
    public static final class ActionsToQuery implements Function<Map.Entry<String, Boolean>, QueryFilter<SmsAttribute>, NeverThrowsException> {
        private ActionsToQuery() {
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.util.Function
        public QueryFilter<SmsAttribute> apply(Map.Entry<String, Boolean> entry) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.ACTIONS, entry.getKey() + "=" + entry.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/entitlement/rest/ApplicationV1Filter$ResourcesToQuery.class */
    public static final class ResourcesToQuery implements Function<String, QueryFilter<SmsAttribute>, NeverThrowsException> {
        private ResourcesToQuery() {
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.util.Function
        public QueryFilter<SmsAttribute> apply(String str) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.PATTERNS, str);
        }
    }

    @Inject
    public ApplicationV1Filter(ResourceTypeService resourceTypeService, ApplicationServiceFactory applicationServiceFactory, ExceptionMappingHandler<EntitlementException, ResourceException> exceptionMappingHandler, ContextHelper contextHelper, ApplicationV1FilterTransformer applicationV1FilterTransformer, @Named("frRest") Debug debug) {
        this.resourceTypeService = resourceTypeService;
        this.applicationServiceFactory = applicationServiceFactory;
        this.resourceErrorHandler = exceptionMappingHandler;
        this.contextHelper = contextHelper;
        this.applicationTransformer = applicationV1FilterTransformer;
        this.debug = debug;
    }

    public Promise<ResourceResponse, ResourceException> filterCreate(Context context, CreateRequest createRequest, RequestHandler requestHandler) {
        JsonValue content = createRequest.getContent();
        Map<String, Boolean> asMap = content.get("actions").asMap(Boolean.class);
        Collection<String> asCollection = content.get("resources").asCollection(String.class);
        String asString = content.get("realm").asString();
        String realm = this.contextHelper.getRealm(context);
        if (asMap == null) {
            return new BadRequestException("Invalid actions defined in request").asPromise();
        }
        if (asCollection == null) {
            return new BadRequestException("Invalid resources defined in request").asPromise();
        }
        if (!realm.equals(asString)) {
            return this.resourceErrorHandler.handleError(context, createRequest, new EntitlementException(EntitlementException.INVALID_APP_REALM, asString, realm)).asPromise();
        }
        try {
            content.put("resourceTypeUuids", JsonValue.array(findOrCreateResourceType(asMap, asCollection, context, createRequest).getUUID()));
            return this.applicationTransformer.transform(requestHandler.handleCreate(context, createRequest), context);
        } catch (EntitlementException e) {
            this.debug.error("Error filtering application create CREST request", e);
            return this.resourceErrorHandler.handleError(context, createRequest, e).asPromise();
        }
    }

    private ResourceType findOrCreateResourceType(Map<String, Boolean> map, Collection<String> collection, Context context, CreateRequest createRequest) throws EntitlementException {
        Subject subject = this.contextHelper.getSubject(context);
        String realm = this.contextHelper.getRealm(context);
        Set<ResourceType> resourceTypes = this.resourceTypeService.getResourceTypes(QueryFilter.and(QueryFilter.and(CollectionUtils.transformSet(map.entrySet(), new ActionsToQuery())), QueryFilter.and(CollectionUtils.transformSet(collection, new ResourcesToQuery()))), subject, realm);
        return !resourceTypes.isEmpty() ? resourceTypes.iterator().next() : this.resourceTypeService.saveResourceType(subject, realm, ResourceType.builder().setName(generateResourceTypeName(createRequest)).setActions(map).setPatterns(collection).setDescription("Generated resource type").generateUUID().build());
    }

    private String generateResourceTypeName(CreateRequest createRequest) throws EntitlementException {
        String newResourceId = createRequest.getNewResourceId();
        if (newResourceId == null) {
            newResourceId = createRequest.getContent().get("name").asString();
            if (newResourceId == null) {
                throw new EntitlementException(401, "name");
            }
        }
        return newResourceId + ResourceTypeImportStep.TYPE + RandomStringUtils.randomNumeric(4);
    }

    public Promise<ResourceResponse, ResourceException> filterUpdate(Context context, UpdateRequest updateRequest, RequestHandler requestHandler) {
        JsonValue content = updateRequest.getContent();
        Map asMap = content.get("actions").asMap(Boolean.class);
        Collection asCollection = content.get("resources").asCollection(String.class);
        String asString = content.get("realm").asString();
        String realm = this.contextHelper.getRealm(context);
        if (asMap == null) {
            return new BadRequestException("Invalid actions defined in request").asPromise();
        }
        if (asCollection == null) {
            return new BadRequestException("Invalid resources defined in request").asPromise();
        }
        if (!realm.equals(asString)) {
            return this.resourceErrorHandler.handleError(context, updateRequest, new EntitlementException(EntitlementException.INVALID_APP_REALM, asString, realm)).asPromise();
        }
        Subject subject = this.contextHelper.getSubject(context);
        String resourcePath = updateRequest.getResourcePath();
        try {
            Application application = this.applicationServiceFactory.create(subject, realm).getApplication(resourcePath);
            if (application == null) {
                return new NotFoundException("Unable to find application " + resourcePath).asPromise();
            }
            if (application.getResourceTypeUuids().size() != 1) {
                return new BadRequestException("Cannot modify application with more than one resource type using version 1.0 of this endpoint").asPromise();
            }
            String next = application.getResourceTypeUuids().iterator().next();
            ResourceType resourceType = this.resourceTypeService.getResourceType(subject, realm, next);
            boolean z = false;
            if (!asMap.equals(resourceType.getActions())) {
                z = true;
                resourceType = resourceType.populatedBuilder().setActions(asMap).build();
            }
            if (!asCollection.equals(resourceType.getPatterns())) {
                z = true;
                resourceType = resourceType.populatedBuilder().setPatterns(asCollection).build();
            }
            if (z) {
                this.resourceTypeService.updateResourceType(subject, realm, resourceType);
            }
            content.put("resourceTypeUuids", JsonValue.array(next));
            return this.applicationTransformer.transform(requestHandler.handleUpdate(context, updateRequest), context);
        } catch (EntitlementException e) {
            this.debug.error("Error filtering application update CREST request", e);
            return this.resourceErrorHandler.handleError(context, updateRequest, e).asPromise();
        }
    }

    public Promise<ResourceResponse, ResourceException> filterDelete(Context context, DeleteRequest deleteRequest, RequestHandler requestHandler) {
        return requestHandler.handleDelete(context, deleteRequest);
    }

    public Promise<QueryResponse, ResourceException> filterQuery(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler, RequestHandler requestHandler) {
        final ArrayList arrayList = new ArrayList();
        return this.applicationTransformer.transform(requestHandler.handleQuery(context, queryRequest, new QueryResourceHandler() { // from class: org.forgerock.openam.entitlement.rest.ApplicationV1Filter.1
            public boolean handleResource(ResourceResponse resourceResponse) {
                return arrayList.add(resourceResponse);
            }
        }), context, queryRequest, queryResourceHandler, arrayList);
    }

    public Promise<ResourceResponse, ResourceException> filterRead(Context context, ReadRequest readRequest, RequestHandler requestHandler) {
        return this.applicationTransformer.transform(requestHandler.handleRead(context, readRequest), context);
    }

    public Promise<ResourceResponse, ResourceException> filterPatch(Context context, PatchRequest patchRequest, RequestHandler requestHandler) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<ActionResponse, ResourceException> filterAction(Context context, ActionRequest actionRequest, RequestHandler requestHandler) {
        return RestUtils.generateUnsupportedOperation();
    }
}
