package com.ibm.ws.security.wim.scim20.rest;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.wim.scim20.SCIMService;
import com.ibm.websphere.security.wim.scim20.exceptions.AuthorizationException;
import com.ibm.websphere.security.wim.scim20.exceptions.InvalidFilterException;
import com.ibm.websphere.security.wim.scim20.exceptions.InvalidSyntaxException;
import com.ibm.websphere.security.wim.scim20.exceptions.InvalidValueException;
import com.ibm.websphere.security.wim.scim20.exceptions.InvalidVersionException;
import com.ibm.websphere.security.wim.scim20.exceptions.MutabilityException;
import com.ibm.websphere.security.wim.scim20.exceptions.NotFoundException;
import com.ibm.websphere.security.wim.scim20.exceptions.NotImplementedException;
import com.ibm.websphere.security.wim.scim20.exceptions.SCIMException;
import com.ibm.websphere.security.wim.scim20.exceptions.TooManyResultsException;
import com.ibm.websphere.security.wim.scim20.exceptions.UniquenessException;
import com.ibm.websphere.security.wim.scim20.model.ListResponse;
import com.ibm.websphere.security.wim.scim20.model.SearchRequest;
import com.ibm.websphere.security.wim.scim20.model.groups.Group;
import com.ibm.websphere.security.wim.scim20.model.users.User;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.wim.scim20.SCIMServiceV20;
import com.ibm.ws.security.wim.scim20.SCIMUtil;
import com.ibm.ws.security.wim.scim20.TraceConstants;
import com.ibm.wsspi.rest.handler.RESTHandler;
import com.ibm.wsspi.rest.handler.RESTRequest;
import com.ibm.wsspi.rest.handler.RESTResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {RESTHandler.class}, configurationPolicy = ConfigurationPolicy.IGNORE, immediate = true, property = {"service.vendor=IBM", "com.ibm.wsspi.rest.handler.root=/scim", "com.ibm.wsspi.rest.handler.custom.security=true"})
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/wim/scim20/rest/SCIMRESTHandler.class */
public class SCIMRESTHandler implements RESTHandler {
    private static final String ENDPOINT_GROUPS = "Groups";
    private static final String ENDPOINT_USERS = "Users";
    private static final String ENDPOINT_RESOURCE_TYPES = "ResourceTypes";
    private static final String ENDPOINT_SCHEMAS = "Users";
    private static final String ENDPOINT_ME = "Me";
    private static final String ENDPOINT_SERVICE_PROVIDER_CONFIG = "ServiceProviderConfig";
    private static final String ENDPOINT_SEARCH = ".search";
    public final SCIMService serviceV20 = new SCIMServiceV20();
    static final long serialVersionUID = 1778210061521583629L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", SCIMRESTHandler.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private static final Set<String> REQUIRED_ROLES_READ = new HashSet(Arrays.asList("Administrator", "Reader"));
    private static final Set<String> REQUIRED_ROLES_WRITE = new HashSet(Arrays.asList("Administrator"));

    private static void handleDelete(SCIMService sCIMService, RESTRequest rESTRequest, RESTResponse rESTResponse) throws InvalidSyntaxException, NotFoundException, AuthorizationException {
        checkHasWriteRole(rESTRequest);
        String resourceId = RESTUtil.getResourceId(rESTRequest.getPath());
        if (resourceId == null || resourceId.trim().isEmpty()) {
            throw new InvalidSyntaxException("No resource ID was found for the DELETE operation.");
        }
        String enpoint = RESTUtil.getEnpoint(rESTRequest.getPath());
        if (ENDPOINT_GROUPS.equals(enpoint)) {
            sCIMService.deleteGroup(resourceId);
        } else {
            if (!"Users".equals(enpoint)) {
                throw new NotFoundException("The endpoint '" + enpoint + "' does not exist.");
            }
            sCIMService.deleteUser(resourceId);
        }
    }

    private static Object handleGet(SCIMService sCIMService, RESTRequest rESTRequest, RESTResponse rESTResponse) throws NotFoundException, InvalidValueException, InvalidFilterException, TooManyResultsException, AuthorizationException {
        checkHasReadRole(rESTRequest);
        String path = rESTRequest.getPath();
        String enpoint = RESTUtil.getEnpoint(path);
        String resourceId = RESTUtil.getResourceId(path);
        if (ENDPOINT_GROUPS.equals(enpoint)) {
            return (resourceId == null || resourceId.trim().isEmpty()) ? sCIMService.getGroups(RESTUtil.getFilter(rESTRequest), RESTUtil.getAttributes(rESTRequest), RESTUtil.getExcludedAttributes(rESTRequest)) : sCIMService.getGroup(resourceId, RESTUtil.getAttributes(rESTRequest));
        }
        if (ENDPOINT_RESOURCE_TYPES.equals(enpoint)) {
            return (resourceId == null || resourceId.trim().isEmpty()) ? sCIMService.getResourceType(resourceId) : sCIMService.getResourceTypes();
        }
        if ("Users".equals(enpoint)) {
            return (resourceId == null || resourceId.trim().isEmpty()) ? sCIMService.getSchemas() : sCIMService.getSchemas(resourceId);
        }
        if (ENDPOINT_SERVICE_PROVIDER_CONFIG.equals(enpoint)) {
            return sCIMService.getServiceProviderConfig();
        }
        if (ENDPOINT_ME.equals(enpoint)) {
            return sCIMService.getMe(RESTUtil.getAttributes(rESTRequest), RESTUtil.getExcludedAttributes(rESTRequest));
        }
        if ("Users".equals(enpoint)) {
            return (resourceId == null || resourceId.trim().isEmpty()) ? sCIMService.getUsers(RESTUtil.getFilter(rESTRequest), RESTUtil.getAttributes(rESTRequest), RESTUtil.getExcludedAttributes(rESTRequest)) : sCIMService.getUser(resourceId, RESTUtil.getAttributes(rESTRequest), RESTUtil.getExcludedAttributes(rESTRequest));
        }
        throw new NotFoundException("The endpoint '" + enpoint + "' does not exist.");
    }

    private static Object handlePost(SCIMService sCIMService, RESTRequest rESTRequest, RESTResponse rESTResponse) throws InvalidSyntaxException, NotFoundException, JsonParseException, JsonMappingException, UniquenessException, InvalidValueException, IOException, InvalidFilterException, TooManyResultsException, AuthorizationException {
        String enpoint = RESTUtil.getEnpoint(rESTRequest.getPath());
        String resourceId = RESTUtil.getResourceId(rESTRequest.getPath());
        if (ENDPOINT_SEARCH.equals(enpoint) || ENDPOINT_SEARCH.equals(resourceId)) {
            if (!ENDPOINT_GROUPS.equals(enpoint) && !"Users".equals(enpoint) && !ENDPOINT_SEARCH.equals(enpoint)) {
                throw new NotFoundException("The endpoint '" + enpoint + "' does not exist.");
            }
            checkHasReadRole(rESTRequest);
            return sCIMService.getResources(enpoint, (SearchRequest) SCIMUtil.deserialize(getContent(rESTRequest), SearchRequest.class));
        }
        checkHasWriteRole(rESTRequest);
        if (ENDPOINT_GROUPS.equals(enpoint)) {
            return sCIMService.createGroup((Group) SCIMUtil.deserialize(getContent(rESTRequest), Group.class));
        }
        if ("Users".equals(enpoint)) {
            return sCIMService.createUser((User) SCIMUtil.deserialize(getContent(rESTRequest), User.class));
        }
        throw new NotFoundException("The endpoint '" + enpoint + "' does not exist.");
    }

    private static Object handlePut(SCIMService sCIMService, RESTRequest rESTRequest, RESTResponse rESTResponse) throws InvalidSyntaxException, NotFoundException, JsonParseException, JsonMappingException, MutabilityException, InvalidValueException, IOException, AuthorizationException {
        checkHasWriteRole(rESTRequest);
        String resourceId = RESTUtil.getResourceId(rESTRequest.getPath());
        if (resourceId == null || resourceId.trim().isEmpty()) {
            throw new InvalidSyntaxException("The SCIM PUT operation requires a resource ID in the URL.");
        }
        String enpoint = RESTUtil.getEnpoint(rESTRequest.getPath());
        if (ENDPOINT_GROUPS.equals(enpoint)) {
            return sCIMService.updateGroup(resourceId, (Group) SCIMUtil.deserialize(getContent(rESTRequest), Group.class));
        }
        if ("Users".equals(enpoint)) {
            return sCIMService.updateUser(resourceId, (User) SCIMUtil.deserialize(getContent(rESTRequest), User.class));
        }
        throw new NotFoundException("The endpoint '" + enpoint + "' does not exist.");
    }

    private static String getContent(RESTRequest rESTRequest) throws InvalidSyntaxException {
        String str = null;
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(rESTRequest.getInputStream(), StandardCharsets.UTF_8));
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                stringBuffer.append(readLine);
            }
            str = stringBuffer.toString();
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", "327", (Object) null, new Object[]{rESTRequest});
                }
            }
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", "321", (Object) null, new Object[]{rESTRequest});
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", "327", (Object) null, new Object[]{rESTRequest});
                }
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", "327", (Object) null, new Object[]{rESTRequest});
                }
            }
            throw th;
        }
        if (str == null || str.trim().isEmpty()) {
            throw new InvalidSyntaxException("It was expected that the request contained content, but no content was found on the request.");
        }
        return str;
    }

    private SCIMService getServiceForRequest(RESTRequest rESTRequest) throws InvalidVersionException {
        RESTUtil.getApiVersion(rESTRequest.getPath());
        return this.serviceV20;
    }

    @FFDCIgnore({SCIMException.class})
    public void handleRequest(RESTRequest rESTRequest, RESTResponse rESTResponse) throws IOException {
        int i;
        String str = null;
        try {
            SCIMService serviceForRequest = getServiceForRequest(rESTRequest);
            String method = rESTRequest.getMethod();
            if ("GET".equalsIgnoreCase(method)) {
                i = 200;
                str = SCIMUtil.serialize(handleGet(serviceForRequest, rESTRequest, rESTResponse));
            } else if ("DELETE".equalsIgnoreCase(method)) {
                handleDelete(serviceForRequest, rESTRequest, rESTResponse);
                i = 204;
            } else if ("POST".equalsIgnoreCase(method)) {
                Object handlePost = handlePost(serviceForRequest, rESTRequest, rESTResponse);
                i = handlePost instanceof ListResponse ? 200 : 201;
                str = SCIMUtil.serialize(handlePost);
            } else {
                if (!"PUT".equalsIgnoreCase(method)) {
                    throw new NotImplementedException("The SCIM service does not supported the request operation: '" + (method == null ? "null" : method.toUpperCase() + "'"));
                }
                i = 200;
                str = SCIMUtil.serialize(handlePut(serviceForRequest, rESTRequest, rESTResponse));
            }
        } catch (SCIMException e) {
            i = e.getHttpCode().intValue();
            str = e.asJson();
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.wim.scim20.rest.SCIMRESTHandler", "412", this, new Object[]{rESTRequest, rESTResponse});
            i = 500;
            str = ("{\"schemas\" : \"urn:ietf:params:scim:api:messages:2.0:Error\"\"detail\" : \"" + e2.getMessage() + "\"") + "\"status\" : 500}";
        }
        rESTResponse.setStatus(i);
        if (str != null) {
            rESTResponse.getWriter().write(str);
        }
        rESTResponse.getWriter().flush();
        rESTResponse.getWriter().close();
    }

    private static void checkHasWriteRole(RESTRequest rESTRequest) throws AuthorizationException {
        if (!rESTRequest.isUserInRole("Administrator")) {
            throw new AuthorizationException("The 'Administrator' role is required to create, delete, or update a resource.", REQUIRED_ROLES_WRITE);
        }
    }

    private static void checkHasReadRole(RESTRequest rESTRequest) throws AuthorizationException {
        if (!rESTRequest.isUserInRole("Reader") && !rESTRequest.isUserInRole("Administrator")) {
            throw new AuthorizationException("The 'Administrator' or 'Reader' role is required to read a resource.", REQUIRED_ROLES_READ);
        }
    }
}
