package org.cloudfoundry.identity.uaa.scim;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.util.ObjectUtils;
import org.cloudfoundry.identity.uaa.web.ExceptionReport;
import org.cloudfoundry.identity.uaa.web.ExceptionReportHttpMessageConverter;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/scim/DisableUserManagementSecurityFilter.class */
public class DisableUserManagementSecurityFilter extends OncePerRequestFilter {
    private final IdentityProviderProvisioning identityProviderProvisioning;
    private static String regex;
    private Pattern pattern = Pattern.compile(regex);
    private List<String> methods = Arrays.asList("GET", "POST", "PUT", "DELETE");

    public DisableUserManagementSecurityFilter(IdentityProviderProvisioning identityProviderProvisioning) {
        this.identityProviderProvisioning = identityProviderProvisioning;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (matches(httpServletRequest)) {
            boolean z = false;
            UaaIdentityProviderDefinition uaaIdentityProviderDefinition = (UaaIdentityProviderDefinition) ObjectUtils.castInstance(this.identityProviderProvisioning.retrieveByOrigin("uaa", IdentityZoneHolder.get().getId()).getConfig(), UaaIdentityProviderDefinition.class);
            if (uaaIdentityProviderDefinition != null) {
                z = uaaIdentityProviderDefinition.isDisableInternalUserManagement();
            }
            if (z) {
                ExceptionReportHttpMessageConverter exceptionReportHttpMessageConverter = new ExceptionReportHttpMessageConverter();
                httpServletResponse.setStatus(403);
                exceptionReportHttpMessageConverter.write(new ExceptionReport(new InternalUserManagementDisabledException("Internal User Creation is currently disabled. External User Store is in use.")), MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean matches(HttpServletRequest httpServletRequest) {
        return this.pattern.matcher(getUri(httpServletRequest)).matches() && this.methods.contains(httpServletRequest.getMethod());
    }

    private String getUri(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getContextPath() == null || httpServletRequest.getContextPath().length() <= 0) ? httpServletRequest.getRequestURI() : httpServletRequest.getServletPath();
    }

    static {
        regex = "";
        regex = "^/Users.*";
        regex += "|^/create_account";
        regex += "|^/create_account.do";
        regex += "|^/accounts/email_sent";
        regex += "|^/verify_user";
        regex += "|^/change_email";
        regex += "|^/change_email.do";
        regex += "|^/verify_email";
        regex += "|^/change_password";
        regex += "|^/change_password.do";
        regex += "|^/forgot_password";
        regex += "|^/forgot_password.do";
        regex += "|^/email_sent";
        regex += "|^/reset_password";
        regex += "|^/reset_password.do";
    }
}
