package org.forgerock.openam.oauth2.rest;

import com.google.inject.Inject;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.AttributeSchema;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.inject.Named;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.ActionResponse;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.CollectionResourceProvider;
import org.forgerock.json.resource.CreateRequest;
import org.forgerock.json.resource.DeleteRequest;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.PatchRequest;
import org.forgerock.json.resource.PermanentException;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourceResponse;
import org.forgerock.json.resource.Responses;
import org.forgerock.json.resource.UpdateRequest;
import org.forgerock.openam.cts.CTSPersistentStore;
import org.forgerock.openam.cts.api.fields.OAuthTokenField;
import org.forgerock.openam.cts.api.filter.TokenFilterBuilder;
import org.forgerock.openam.cts.exceptions.CoreTokenException;
import org.forgerock.openam.forgerockrest.utils.PrincipalRestUtils;
import org.forgerock.openam.oauth2.OAuth2AuditLogger;
import org.forgerock.openam.rest.RestUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.services.context.Context;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

/* loaded from: input_file:org/forgerock/openam/oauth2/rest/ClientResource.class */
public class ClientResource implements CollectionResourceProvider {
    private final Debug logger = Debug.getInstance("OAuth2Provider");
    private final OAuth2AuditLogger auditLogger;
    private final ClientResourceManager manager;
    private final CTSPersistentStore store;
    private final Debug debug;
    private ServiceSchemaManager serviceSchemaManager;
    private ServiceSchema serviceSchema;

    @Inject
    public ClientResource(ClientResourceManager clientResourceManager, CTSPersistentStore cTSPersistentStore, OAuth2AuditLogger oAuth2AuditLogger, @Named("frRest") Debug debug) {
        this.serviceSchemaManager = null;
        this.serviceSchema = null;
        this.store = cTSPersistentStore;
        this.manager = clientResourceManager;
        this.auditLogger = oAuth2AuditLogger;
        this.debug = debug;
        try {
            this.serviceSchemaManager = new ServiceSchemaManager("AgentService", (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()));
            this.serviceSchema = this.serviceSchemaManager.getOrganizationSchema().getSubSchema("OAuth2Client");
        } catch (Exception e) {
            this.logger.error("Unable to get Client Schema", e);
            if (oAuth2AuditLogger.isAuditLogEnabled()) {
                oAuth2AuditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", "Unable to get Client Schema"}, null);
            }
        }
    }

    public ClientResource(ClientResourceManager clientResourceManager, CTSPersistentStore cTSPersistentStore, ServiceSchemaManager serviceSchemaManager, OAuth2AuditLogger oAuth2AuditLogger, Debug debug) {
        this.serviceSchemaManager = null;
        this.serviceSchema = null;
        this.store = cTSPersistentStore;
        this.manager = clientResourceManager;
        this.auditLogger = oAuth2AuditLogger;
        this.debug = debug;
        try {
            this.serviceSchemaManager = serviceSchemaManager;
            this.serviceSchema = this.serviceSchemaManager.getOrganizationSchema().getSubSchema("OAuth2Client");
        } catch (Exception e) {
            this.logger.error("Unable to get Client Schema", e);
            if (oAuth2AuditLogger.isAuditLogEnabled()) {
                oAuth2AuditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", "Unable to get Client Schema"}, null);
            }
        }
    }

    public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest actionRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<ActionResponse, ResourceException> actionInstance(Context context, String str, ActionRequest actionRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest createRequest) {
        ArrayList arrayList;
        ArrayList arrayList2;
        String principalNameFromServerContext = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        HashMap hashMap = new HashMap();
        try {
            if (this.serviceSchema == null || this.serviceSchemaManager == null) {
                if (this.debug.errorEnabled()) {
                    this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": No serviceSchema available.");
                }
                throw new PermanentException(500, "", (Throwable) null);
            }
            Map map = (Map) createRequest.getContent().getObject();
            String str = null;
            if (map == null || map.isEmpty()) {
                if (this.debug.errorEnabled()) {
                    this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": No client definition.");
                }
                throw new PermanentException(400, "Missing client definition", (Throwable) null);
            }
            String newResourceId = createRequest.getNewResourceId();
            if (map.containsKey("client_id") && (arrayList2 = (ArrayList) map.remove("client_id")) != null && !arrayList2.isEmpty()) {
                newResourceId = (String) arrayList2.iterator().next();
            }
            if (newResourceId == null || newResourceId.isEmpty()) {
                this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": No client ID.");
                throw new PermanentException(400, "Missing client id", (Throwable) null);
            }
            if (map.containsKey("realm") && (arrayList = (ArrayList) map.remove("realm")) != null && !arrayList.isEmpty()) {
                str = (String) arrayList.iterator().next();
            }
            if (!map.containsKey("userpassword") || ((String) ((ArrayList) map.get("userpassword")).iterator().next()).isEmpty()) {
                if (this.debug.errorEnabled()) {
                    this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": Resource ID: " + newResourceId + ": No user password.");
                }
                throw new PermanentException(400, "Missing user password", (Throwable) null);
            }
            if (!map.containsKey("com.forgerock.openam.oauth2provider.clientType")) {
                this.debug.error("ClientResource :: CREATE by" + principalNameFromServerContext + ": Resource ID: " + newResourceId + ": No client type.");
                throw new PermanentException(400, "Missing client type", (Throwable) null);
            }
            String str2 = (String) ((ArrayList) map.get("com.forgerock.openam.oauth2provider.clientType")).iterator().next();
            if (!str2.equals("Confidential") && !str2.equals("Public")) {
                this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": Resource ID: " + newResourceId + ": No client type.");
                throw new PermanentException(400, "Missing client type", (Throwable) null);
            }
            HashMap hashMap2 = new HashMap();
            for (Map.Entry entry : map.entrySet()) {
                ArrayList arrayList3 = (ArrayList) entry.getValue();
                HashSet hashSet = new HashSet();
                if (isSingle((String) entry.getKey())) {
                    hashSet.add((String) ((ArrayList) entry.getValue()).get(0));
                } else {
                    for (int i = 0; i < arrayList3.size(); i++) {
                        hashSet.add("[" + i + "]=" + ((String) arrayList3.get(i)));
                    }
                }
                hashMap2.put((String) entry.getKey(), hashSet);
            }
            HashSet hashSet2 = new HashSet();
            hashSet2.add("OAuth2Client");
            hashMap2.put("AgentType", hashSet2);
            HashSet hashSet3 = new HashSet();
            hashSet3.add("Active");
            hashMap2.put("sunIdentityServerDeviceStatus", hashSet3);
            this.manager.createIdentity(str, newResourceId, hashMap2);
            hashMap.put("success", "true");
            ResourceResponse newResourceResponse = Responses.newResourceResponse("results", String.valueOf(Time.currentTimeMillis()), new JsonValue(hashMap));
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logAccessMessage("CREATED_CLIENT", new String[]{"CREATED_CLIENT", hashMap.toString()}, null);
            }
            return Promises.newResultPromise(newResourceResponse);
        } catch (SSOException e) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": Unable to create client due to SSO exception.", e);
            }
            return new InternalServerErrorException("Unable to create client", e).asPromise();
        } catch (IdRepoException e2) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": Unable to create client due to IdRepo exception.", e2);
            }
            return new InternalServerErrorException("Unable to create client", e2).asPromise();
        } catch (PermanentException e3) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: CREATE by " + principalNameFromServerContext + ": Unable to create client due to exception.", e3);
            }
            return e3.asPromise();
        } catch (BadRequestException e4) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", new String[]{"FAILED_CREATE_CLIENT", hashMap.toString()}, null);
            }
            this.debug.error("ClientResource :: CREATE : Unable to create client due to Bad Request.", e4);
            return e4.asPromise();
        }
    }

    private boolean isSingle(String str) throws BadRequestException {
        AttributeSchema attributeSchema = this.serviceSchema.getAttributeSchema(str);
        if (attributeSchema == null) {
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource.isSingle() : Invalid OAuth2 Client attribute, " + str);
            }
            throw new BadRequestException("Invalid OAuth2 Client attribute, " + str);
        }
        AttributeSchema.UIType uIType = attributeSchema.getUIType();
        if (uIType != null) {
            return (uIType.equals(AttributeSchema.UIType.UNORDEREDLIST) || uIType.equals(AttributeSchema.UIType.ORDEREDLIST)) ? false : true;
        }
        return true;
    }

    public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String str, DeleteRequest deleteRequest) {
        String principalNameFromServerContext = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        HashMap hashMap = new HashMap();
        try {
            String additionalParameter = deleteRequest.getAdditionalParameter("realm");
            if (additionalParameter == null) {
                additionalParameter = "/";
            }
            this.manager.deleteIdentity(str, additionalParameter);
            try {
                this.store.deleteOnQueryAsync(new TokenFilterBuilder().and().withAttribute(OAuthTokenField.CLIENT_ID.getField(), str).withAttribute(OAuthTokenField.REALM.getField(), additionalParameter).build());
                hashMap.put("success", "true");
                JsonValue jsonValue = new JsonValue(hashMap);
                ResourceResponse newResourceResponse = Responses.newResourceResponse("results", "1", jsonValue);
                if (this.auditLogger.isAuditLogEnabled()) {
                    this.auditLogger.logAccessMessage("DELETED_CLIENT", new String[]{"DELETED_CLIENT", jsonValue.toString()}, null);
                    if (this.debug.messageEnabled()) {
                        this.debug.error("ClientResource :: DELETE by " + principalNameFromServerContext + ": delete client with ID, " + str);
                    }
                }
                return Promises.newResultPromise(newResourceResponse);
            } catch (CoreTokenException e) {
                if (this.auditLogger.isAuditLogEnabled()) {
                    this.auditLogger.logErrorMessage("FAILED_DELETE_CLIENT", new String[]{"FAILED_DELETE_CLIENT", hashMap.toString()}, null);
                }
                if (this.debug.errorEnabled()) {
                    this.debug.error("ClientResource :: DELETE by " + principalNameFromServerContext + ": Unable to delete client with ID, " + str);
                }
                throw new InternalServerErrorException("Unable to delete client", e);
            }
        } catch (InternalServerErrorException e2) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_DELETE_CLIENT", new String[]{"FAILED_DELETE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: DELETE by " + principalNameFromServerContext + ": Unable to delete client with ID, " + str, e2);
            }
            return new InternalServerErrorException("Unable to delete client", e2).asPromise();
        } catch (SSOException e3) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_DELETE_CLIENT", new String[]{"FAILED_DELETE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: DELETE by " + principalNameFromServerContext + ": Unable to delete client with ID, " + str, e3);
            }
            return new InternalServerErrorException("Unable to delete client", e3).asPromise();
        } catch (IdRepoException e4) {
            hashMap.put("success", "false");
            if (this.auditLogger.isAuditLogEnabled()) {
                this.auditLogger.logErrorMessage("FAILED_DELETE_CLIENT", new String[]{"FAILED_DELETE_CLIENT", hashMap.toString()}, null);
            }
            if (this.debug.errorEnabled()) {
                this.debug.error("ClientResource :: DELETE by " + principalNameFromServerContext + ": Unable to delete client with ID, " + str, e4);
            }
            return new InternalServerErrorException("Unable to delete client", e4).asPromise();
        }
    }

    public Promise<ResourceResponse, ResourceException> patchInstance(Context context, String str, PatchRequest patchRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<ResourceResponse, ResourceException> readInstance(Context context, String str, ReadRequest readRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String str, UpdateRequest updateRequest) {
        return RestUtils.generateUnsupportedOperation();
    }
}
