package org.wso2.carbon.identity.oauth.uma.resource.endpoint.impl;

import java.net.URI;
import java.net.URISyntaxException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.util.CollectionUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.uma.common.HandleErrorResponseConstants;
import org.wso2.carbon.identity.oauth.uma.common.UMAConstants;
import org.wso2.carbon.identity.oauth.uma.common.exception.UMAClientException;
import org.wso2.carbon.identity.oauth.uma.common.exception.UMAException;
import org.wso2.carbon.identity.oauth.uma.common.exception.UMAServerException;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.dto.CreateResourceDTO;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.dto.ErrorDTO;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.dto.ResourceDetailsDTO;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.dto.UpdateResourceDTO;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.exceptions.ResourceEndpointException;
import org.wso2.carbon.identity.oauth.uma.resource.endpoint.util.ResourceUtils;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.oauth.uma.resource-1.3.8.jar:org/wso2/carbon/identity/oauth/uma/resource/endpoint/impl/ResourceRegistrationApiServiceImpl.class */
public class ResourceRegistrationApiServiceImpl extends ResourceRegistrationApiService {
    private static final Log log = LogFactory.getLog(ResourceRegistrationApiServiceImpl.class);
    private static final String PAT_SCOPE = "uma_protection";
    private static final String AUTH_CONTEXT = "auth-context";
    private static final String OAUTH2_ALLOWED_SCOPES = "oauth2-allowed-scopes";
    private static final String CONSUMER_KEY = "consumer-key";

    @Override // org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService
    public Response registerResource(ResourceDetailsDTO resourceDetailsDTO, MessageContext messageContext) {
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        String consumerKey = getConsumerKey(messageContext);
        String userNameWithDomain = getUserNameWithDomain(messageContext);
        String str = null;
        String str2 = null;
        if (userNameWithDomain != null) {
            str2 = UserCoreUtil.removeDomainFromName(userNameWithDomain);
            str = IdentityUtil.extractDomainFromName(userNameWithDomain);
        }
        if (isValidTokenScope(messageContext) && str2 != null && consumerKey != null) {
            if (CollectionUtils.isEmpty(resourceDetailsDTO.getResource_Scopes())) {
                if (log.isDebugEnabled()) {
                    log.debug("Resource scopes not existing for resource registration request made for client: " + consumerKey + " resource owner: " + userNameWithDomain);
                }
                return Response.status(Response.Status.BAD_REQUEST).entity(getErrorDTO("invalid_request", "Resource scopes are missing")).build();
            }
            try {
                CreateResourceDTO createResponse = ResourceUtils.createResponse(ResourceUtils.getResourceService().registerResource(ResourceUtils.getResource(resourceDetailsDTO), str2, tenantId, consumerKey, str));
                return Response.status(Response.Status.CREATED).entity(createResponse).location(getResourceLocationURI(createResponse)).build();
            } catch (UMAException e) {
                handleErrorResponse("Error when registering resource for client: " + consumerKey, e);
            } catch (URISyntaxException e2) {
                log.error("string could not be parsed as a URI reference.", e2);
            }
        }
        return getUnauthorizedResponseObject();
    }

    @Override // org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService
    public Response getResource(String str, MessageContext messageContext) {
        try {
            if (isValidTokenScope(messageContext) && isResourceOwner(str, messageContext)) {
                return Response.status(Response.Status.OK).entity(ResourceUtils.readResponse(ResourceUtils.getResourceService().getResourceById(str))).build();
            }
        } catch (UMAException e) {
            handleErrorResponse("Error when retrieving resource for client: " + getConsumerKey(messageContext), e);
        }
        return getUnauthorizedResponseObject();
    }

    @Override // org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService
    public Response getResourceIds(MessageContext messageContext) {
        String consumerKey = getConsumerKey(messageContext);
        String userNameWithDomain = getUserNameWithDomain(messageContext);
        String str = null;
        String str2 = null;
        if (userNameWithDomain != null) {
            str2 = UserCoreUtil.removeDomainFromName(userNameWithDomain);
            str = IdentityUtil.extractDomainFromName(userNameWithDomain);
        }
        if (isValidTokenScope(messageContext) && str2 != null && consumerKey != null) {
            try {
                return Response.ok().entity(ResourceUtils.getResourceService().getResourceIds(str2, str, consumerKey)).build();
            } catch (UMAException e) {
                handleErrorResponse("Error when listing resources for client: " + consumerKey + "resource owner: " + userNameWithDomain, e);
            }
        }
        return getUnauthorizedResponseObject();
    }

    @Override // org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService
    public Response updateResource(String str, ResourceDetailsDTO resourceDetailsDTO, MessageContext messageContext) {
        try {
            if (isValidTokenScope(messageContext) && isResourceIdExists(str) && isResourceOwner(str, messageContext)) {
                if (resourceDetailsDTO.getResource_Scopes().isEmpty()) {
                    if (log.isDebugEnabled()) {
                        log.debug("Cannot update resource: " + str + " as resource scopes are not provided.");
                    }
                    return Response.status(Response.Status.BAD_REQUEST).entity(getErrorDTO("invalid_request", "Resource scopes are missing")).build();
                }
                if (ResourceUtils.getResourceService().updateResource(str, ResourceUtils.getResource(resourceDetailsDTO))) {
                    return Response.status(Response.Status.CREATED).entity(new UpdateResourceDTO(str)).build();
                }
            }
        } catch (UMAException e) {
            handleErrorResponse("Error when updating resource for client: " + getConsumerKey(messageContext), e);
        }
        return getUnauthorizedResponseObject();
    }

    @Override // org.wso2.carbon.identity.oauth.uma.resource.endpoint.ResourceRegistrationApiService
    public Response deleteResource(String str, MessageContext messageContext) {
        try {
            if (isValidTokenScope(messageContext) && isResourceIdExists(str) && isResourceOwner(str, messageContext) && ResourceUtils.getResourceService().deleteResource(str)) {
                return Response.status(Response.Status.NO_CONTENT).build();
            }
        } catch (UMAException e) {
            handleErrorResponse("Error when deleting resource for client: " + getConsumerKey(messageContext), e);
        }
        return getUnauthorizedResponseObject();
    }

    private void handleErrorResponse(String str, UMAException uMAException) throws ResourceEndpointException {
        String code = uMAException.getCode();
        String str2 = null;
        Response.Status status = Response.Status.INTERNAL_SERVER_ERROR;
        boolean z = true;
        if (uMAException instanceof UMAServerException) {
            log.error(str, uMAException);
        } else {
            log.error(str + " - " + uMAException.getErrorLogMessage());
            if (log.isDebugEnabled()) {
                log.debug(str, uMAException);
            }
            if (HandleErrorResponseConstants.RESPONSE_DATA_MAP.containsKey(code)) {
                status = Response.Status.fromStatusCode(Integer.parseInt(((String[]) HandleErrorResponseConstants.RESPONSE_DATA_MAP.get(code))[0]));
                str2 = ((String[]) HandleErrorResponseConstants.RESPONSE_DATA_MAP.get(code))[1];
                z = false;
            }
        }
        throw buildResourceEndpointException(status, str2, uMAException.getMessage(), z);
    }

    private ResourceEndpointException buildResourceEndpointException(Response.Status status, String str, String str2, boolean z) {
        return z ? new ResourceEndpointException(status) : new ResourceEndpointException(status, getErrorDTO(str, str2));
    }

    private boolean isResourceIdExists(String str) throws UMAClientException {
        if (!StringUtils.isEmpty(str)) {
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Resource id is not present in the request");
        }
        throw new UMAClientException(UMAConstants.ErrorMessages.ERROR_BAD_REQUEST_RESOURCE_ID_MISSING);
    }

    private String getUserNameWithDomain(MessageContext messageContext) {
        if (!(messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext)) {
            return null;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT);
        if (authenticationContext.getUser() != null) {
            return authenticationContext.getUser().getUserName();
        }
        return null;
    }

    private String getConsumerKey(MessageContext messageContext) {
        if (!(messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext)) {
            return null;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT);
        if (authenticationContext.getParameter(CONSUMER_KEY) != null) {
            return String.valueOf(authenticationContext.getParameter(CONSUMER_KEY));
        }
        return null;
    }

    private boolean isValidTokenScope(MessageContext messageContext) {
        String[] strArr = null;
        if (messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext) {
            strArr = (String[]) ((AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT)).getParameter("oauth2-allowed-scopes");
        }
        return ArrayUtils.contains(strArr, "uma_protection");
    }

    private ErrorDTO getErrorDTO(String str, String str2) {
        ErrorDTO errorDTO = new ErrorDTO();
        errorDTO.setCode(str);
        errorDTO.setDescription(str2);
        return errorDTO;
    }

    private Response getUnauthorizedResponseObject() {
        if (log.isDebugEnabled()) {
            log.debug("Required context information not available in the access token.");
        }
        return Response.status(Response.Status.UNAUTHORIZED).entity(getErrorDTO("Unauthorized", "Unauthorized User.")).build();
    }

    private URI getResourceLocationURI(CreateResourceDTO createResourceDTO) throws URISyntaxException {
        try {
            return new URI(ServiceURLBuilder.create().addPath(new String[]{"/api/identity/oauth2/uma/resourceregistration/v1.0/resource", createResourceDTO.getResourceId()}).build().getAbsolutePublicURL());
        } catch (URLBuilderException e) {
            throw new RuntimeException("Error occurred while building the resource location URI.", e);
        }
    }

    private boolean isResourceOwner(String str, MessageContext messageContext) {
        String consumerKey = getConsumerKey(messageContext);
        String userNameWithDomain = getUserNameWithDomain(messageContext);
        String str2 = null;
        String str3 = null;
        if (userNameWithDomain != null) {
            str3 = UserCoreUtil.removeDomainFromName(userNameWithDomain);
            str2 = IdentityUtil.extractDomainFromName(userNameWithDomain);
        }
        if (str3 == null || consumerKey == null) {
            return false;
        }
        try {
            return ResourceUtils.getResourceService().isResourceOwner(str, str3, str2, consumerKey);
        } catch (UMAException e) {
            handleErrorResponse("Error when checking whether the resource id:" + str + " belongs to user: " + str3 + ", userDomain: " + str2 + " and client ID: " + consumerKey, e);
            return false;
        }
    }
}
