package org.wso2.carbon.identity.oauth.scope.endpoint.impl;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.impl.UriInfoImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.scope.endpoint.Constants;
import org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService;
import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeDTO;
import org.wso2.carbon.identity.oauth.scope.endpoint.dto.ScopeToUpdateDTO;
import org.wso2.carbon.identity.oauth.scope.endpoint.util.ScopeUtils;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException;
import org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants;
import org.wso2.carbon.identity.oauth2.bean.Scope;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.oauth.scope-6.11.112.jar:org/wso2/carbon/identity/oauth/scope/endpoint/impl/ScopesApiServiceImpl.class */
public class ScopesApiServiceImpl extends ScopesApiService {
    private static final Log LOG = LogFactory.getLog(ScopesApiServiceImpl.class);
    private static final String INTERNAL_SCOPE_PREFIX = "internal_";

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response registerScope(ScopeDTO scopeDTO) {
        Scope scope = null;
        try {
            validateAddRequest(scopeDTO);
            scope = ScopeUtils.getOAuth2ScopeService().registerScope(ScopeUtils.getScope(scopeDTO));
        } catch (IdentityOAuth2ScopeException e) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e, true, LOG);
        } catch (IdentityOAuth2ScopeClientException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client Error while registering scope \n" + scopeDTO.toString(), e2);
            }
            if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getCode().equals(e2.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.CONFLICT, Response.Status.CONFLICT.getReasonPhrase(), e2, false, LOG);
            } else if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_ADD_INTERNAL_SCOPE.getCode().equals(e2.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.FORBIDDEN, Response.Status.FORBIDDEN.getReasonPhrase(), e2, false, LOG);
            } else {
                ScopeUtils.handleErrorResponse(Response.Status.BAD_REQUEST, Response.Status.BAD_REQUEST.getReasonPhrase(), e2, false, LOG);
            }
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return Response.status(Response.Status.CREATED).location(buildURIForHeader(scopeDTO.getName())).entity(scope).build();
    }

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response getScope(String str) {
        Scope scope = null;
        try {
            scope = ScopeUtils.getOAuth2ScopeService().getScope(str);
        } catch (IdentityOAuth2ScopeClientException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client Error while getting scope " + str, e);
            }
            if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getCode().equals(e.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.NOT_FOUND, Response.Status.NOT_FOUND.getReasonPhrase(), e, false, LOG);
            } else {
                ScopeUtils.handleErrorResponse(Response.Status.BAD_REQUEST, Response.Status.BAD_REQUEST.getReasonPhrase(), e, false, LOG);
            }
        } catch (IdentityOAuth2ScopeException e2) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e2, true, LOG);
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return Response.status(Response.Status.OK).entity(ScopeUtils.getScopeDTO(scope)).build();
    }

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response getScopes(Integer num, Integer num2, Boolean bool, String str) {
        Set set = null;
        try {
            set = ScopeUtils.getOAuth2ScopeService().getScopes(num, num2, bool, str);
        } catch (IdentityOAuth2ScopeException e) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e, true, LOG);
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return Response.status(Response.Status.OK).entity(ScopeUtils.getScopeDTOs(set)).build();
    }

    public Response getScopes(Integer num, Integer num2) {
        return getScopes(num, num2, false, null);
    }

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response isScopeExists(String str) {
        boolean z = false;
        try {
            z = ScopeUtils.getOAuth2ScopeService().isScopeExists(str);
        } catch (IdentityOAuth2ScopeException e) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e, true, LOG);
        } catch (IdentityOAuth2ScopeClientException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client Error while getting scope existence of scope name " + str, e2);
            }
            ScopeUtils.handleErrorResponse(Response.Status.BAD_REQUEST, Response.Status.BAD_REQUEST.getReasonPhrase(), e2, false, LOG);
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return z ? Response.status(Response.Status.OK).build() : Response.status(Response.Status.NOT_FOUND).entity(ScopeUtils.getCorrelation()).build();
    }

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response updateScope(ScopeToUpdateDTO scopeToUpdateDTO, String str) {
        ScopeDTO scopeDTO = null;
        try {
            validateUpdateRequest(str);
            scopeDTO = ScopeUtils.getScopeDTO(ScopeUtils.getOAuth2ScopeService().updateScope(ScopeUtils.getUpdatedScope(scopeToUpdateDTO, str)));
        } catch (IdentityOAuth2ScopeClientException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client Error while updating scope \n" + scopeToUpdateDTO.toString(), e);
            }
            if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getCode().equals(e.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.NOT_FOUND, Response.Status.NOT_FOUND.getReasonPhrase(), e, false, LOG);
            } else if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_UPDATE_INTERNAL_SCOPE.getCode().equals(e.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.FORBIDDEN, Response.Status.FORBIDDEN.getReasonPhrase(), e, false, LOG);
            } else {
                ScopeUtils.handleErrorResponse(Response.Status.BAD_REQUEST, Response.Status.BAD_REQUEST.getReasonPhrase(), e, false, LOG);
            }
        } catch (IdentityOAuth2ScopeException e2) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e2, true, LOG);
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return Response.status(Response.Status.OK).entity(scopeDTO).build();
    }

    @Override // org.wso2.carbon.identity.oauth.scope.endpoint.ScopesApiService
    public Response deleteScope(String str) {
        try {
            validateDeleteRequest(str);
            ScopeUtils.getOAuth2ScopeService().deleteScope(str);
        } catch (IdentityOAuth2ScopeClientException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client Error while deleting scope " + str, e);
            }
            if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getCode().equals(e.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.NOT_FOUND, Response.Status.NOT_FOUND.getReasonPhrase(), e, false, LOG);
            } else if (Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_DELETE_INTERNAL_SCOPE.getCode().equals(e.getErrorCode())) {
                ScopeUtils.handleErrorResponse(Response.Status.FORBIDDEN, Response.Status.FORBIDDEN.getReasonPhrase(), e, false, LOG);
            } else {
                ScopeUtils.handleErrorResponse(Response.Status.BAD_REQUEST, Response.Status.BAD_REQUEST.getReasonPhrase(), e, false, LOG);
            }
        } catch (IdentityOAuth2ScopeException e2) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), e2, true, LOG);
        } catch (Throwable th) {
            ScopeUtils.handleErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, Response.Status.INTERNAL_SERVER_ERROR.getReasonPhrase(), th, true, LOG);
        }
        return Response.status(Response.Status.OK).build();
    }

    private static URI buildURIForHeader(String str) {
        Message currentMessage;
        String endpointURIPath = IdentityUtil.getEndpointURIPath((String.format("/t/%s", getTenantDomainFromContext()) + Constants.SERVER_API_PATH_COMPONENT) + str, false, true);
        URI create = URI.create(endpointURIPath);
        if (!create.isAbsolute() && (currentMessage = PhaseInterceptorChain.getCurrentMessage()) != null) {
            UriInfoImpl uriInfoImpl = new UriInfoImpl(currentMessage.getExchange().getInMessage(), (MultivaluedMap) null);
            try {
                return new URI(uriInfoImpl.getBaseUri().getScheme(), uriInfoImpl.getBaseUri().getAuthority(), endpointURIPath, null, null);
            } catch (URISyntaxException e) {
                LOG.error("Server encountered an error while building the location URL with scheme: " + uriInfoImpl.getBaseUri().getScheme() + ", authority: " + uriInfoImpl.getBaseUri().getAuthority() + ", url: " + endpointURIPath, e);
            }
        }
        return create;
    }

    private static String getTenantDomainFromContext() {
        return ((Map) IdentityUtil.threadLocalProperties.get()).get("TenantNameFromContext") != null ? (String) ((Map) IdentityUtil.threadLocalProperties.get()).get("TenantNameFromContext") : "carbon.super";
    }

    private void validateAddRequest(ScopeDTO scopeDTO) throws IdentityOAuth2ScopeClientException {
        if (scopeDTO.getName() == null || !scopeDTO.getName().startsWith(INTERNAL_SCOPE_PREFIX)) {
            return;
        }
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        if (!isUserAuthorized(username)) {
            throw new IdentityOAuth2ScopeClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_ADD_INTERNAL_SCOPE.getCode(), String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_ADD_INTERNAL_SCOPE.getMessage(), username));
        }
    }

    private void validateUpdateRequest(String str) throws IdentityOAuth2ScopeClientException {
        if (str == null || !str.startsWith(INTERNAL_SCOPE_PREFIX)) {
            return;
        }
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        if (!isUserAuthorized(username)) {
            throw new IdentityOAuth2ScopeClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_UPDATE_INTERNAL_SCOPE.getCode(), String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_UPDATE_INTERNAL_SCOPE.getMessage(), username));
        }
    }

    private void validateDeleteRequest(String str) throws IdentityOAuth2ScopeClientException {
        if (str == null || !str.startsWith(INTERNAL_SCOPE_PREFIX)) {
            return;
        }
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        if (!isUserAuthorized(username)) {
            throw new IdentityOAuth2ScopeClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_DELETE_INTERNAL_SCOPE.getCode(), String.format(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_AUTHORIZED_DELETE_INTERNAL_SCOPE.getMessage(), username));
        }
    }

    private boolean isUserAuthorized(String str) {
        try {
            return CarbonContext.getThreadLocalCarbonContext().getUserRealm().getAuthorizationManager().isUserAuthorized(str, "/permission/admin", "ui.execute");
        } catch (UserStoreException e) {
            LOG.error("Error while validating user authorization of user: " + str, e);
            return false;
        }
    }
}
