package org.forgerock.openam.entitlement.rest;

import com.sun.identity.entitlement.EntitlementException;
import com.sun.identity.entitlement.Privilege;
import com.sun.identity.shared.debug.Debug;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.inject.Inject;
import org.apache.commons.lang.StringUtils;
import org.forgerock.api.annotations.Action;
import org.forgerock.api.annotations.ApiError;
import org.forgerock.api.annotations.CollectionProvider;
import org.forgerock.api.annotations.Create;
import org.forgerock.api.annotations.Delete;
import org.forgerock.api.annotations.Handler;
import org.forgerock.api.annotations.Operation;
import org.forgerock.api.annotations.Parameter;
import org.forgerock.api.annotations.Query;
import org.forgerock.api.annotations.Read;
import org.forgerock.api.annotations.Schema;
import org.forgerock.api.annotations.Update;
import org.forgerock.api.enums.QueryType;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.ActionResponse;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.CollectionResourceProvider;
import org.forgerock.json.resource.CreateRequest;
import org.forgerock.json.resource.DeleteRequest;
import org.forgerock.json.resource.NotSupportedException;
import org.forgerock.json.resource.PatchRequest;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourceResponse;
import org.forgerock.json.resource.Responses;
import org.forgerock.json.resource.UpdateRequest;
import org.forgerock.openam.entitlement.rest.model.json.PolicyRequest;
import org.forgerock.openam.errors.ExceptionMappingHandler;
import org.forgerock.openam.rest.RestUtils;
import org.forgerock.openam.rest.query.QueryResponsePresentation;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.services.context.Context;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

@CollectionProvider(details = @Handler(title = "i18n:api-descriptor/PolicyResource#title", description = "i18n:api-descriptor/PolicyResource#description", mvccSupported = false, resourceSchema = @Schema(schemaResource = "PolicyResource.schema.json")), pathParam = @Parameter(name = "resourceId", type = "string", description = "i18n:api-descriptor/PolicyResource#pathparam.description"))
/* loaded from: input_file:org/forgerock/openam/entitlement/rest/PolicyResource.class */
public final class PolicyResource implements CollectionResourceProvider {
    private static final Debug DEBUG = Debug.getInstance("amPolicy");
    private final PolicyParser policyParser;
    private final PolicyStoreProvider policyStoreProvider;
    private final ExceptionMappingHandler<EntitlementException, ResourceException> resourceErrorHandler;
    private final PolicyEvaluatorFactory factory;
    private final PolicyRequestFactory requestFactory;

    @Inject
    public PolicyResource(PolicyEvaluatorFactory policyEvaluatorFactory, PolicyRequestFactory policyRequestFactory, PolicyParser policyParser, PolicyStoreProvider policyStoreProvider, ExceptionMappingHandler<EntitlementException, ResourceException> exceptionMappingHandler) {
        Reject.ifNull(new Object[]{policyEvaluatorFactory, policyRequestFactory, policyParser, policyStoreProvider, exceptionMappingHandler});
        this.factory = policyEvaluatorFactory;
        this.requestFactory = policyRequestFactory;
        this.policyParser = policyParser;
        this.policyStoreProvider = policyStoreProvider;
        this.resourceErrorHandler = exceptionMappingHandler;
    }

    @Action(operationDescription = @Operation(errors = {@ApiError(code = 405, description = "i18n:api-descriptor/PolicyResource#error.405.description"), @ApiError(code = 500, description = "i18n:api-descriptor/PolicyResource#error.500.description"), @ApiError(code = 501, description = "i18n:api-descriptor/PolicyResource#error.501.description")}, description = "i18n:api-descriptor/PolicyResource#evaluate.action.description"), request = @Schema(schemaResource = "PolicyResource.evaluate.action.request.schema.json"), response = @Schema(schemaResource = "PolicyResource.action.response.schema.json"))
    public Promise<ActionResponse, ResourceException> evaluate(Context context, ActionRequest actionRequest) {
        return actionCollection(context, actionRequest);
    }

    @Action(operationDescription = @Operation(errors = {@ApiError(code = 405, description = "i18n:api-descriptor/PolicyResource#error.405.description"), @ApiError(code = 500, description = "i18n:api-descriptor/PolicyResource#error.500.description"), @ApiError(code = 501, description = "i18n:api-descriptor/PolicyResource#error.501.description")}, description = "i18n:api-descriptor/PolicyResource#evaluatetree.action.description"), request = @Schema(schemaResource = "PolicyResource.evaluatetree.action.request.schema.json"), response = @Schema(schemaResource = "PolicyResource.action.response.schema.json"))
    public Promise<ActionResponse, ResourceException> evaluateTree(Context context, ActionRequest actionRequest) {
        return actionCollection(context, actionRequest);
    }

    public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest actionRequest) {
        String action = actionRequest.getAction();
        PolicyAction action2 = PolicyAction.getAction(action);
        if (!PolicyAction.isEvaluateAction(action2)) {
            String str = "Action '" + action + "' not implemented for this resource";
            NotSupportedException notSupportedException = new NotSupportedException(str);
            DEBUG.error(str, notSupportedException);
            return notSupportedException.asPromise();
        }
        try {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Rendering policy request for action " + action);
            }
            PolicyRequest buildRequest = this.requestFactory.buildRequest(action2, context, actionRequest);
            PolicyEvaluator evaluator = this.factory.getEvaluator(buildRequest.getRestSubject(), buildRequest.getApplication());
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Evaluating policy request for action " + action + " under realm " + buildRequest.getRealm() + " within the application context " + buildRequest.getApplication());
            }
            return Promises.newResultPromise(Responses.newActionResponse(this.policyParser.printEntitlements(evaluator.routePolicyRequest(buildRequest))));
        } catch (EntitlementException e) {
            DEBUG.error("Error evaluating policy request", e);
            return this.resourceErrorHandler.handleError(context, actionRequest, e).asPromise();
        }
    }

    public Promise<ActionResponse, ResourceException> actionInstance(Context context, String str, ActionRequest actionRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    @Create(operationDescription = @Operation(errors = {@ApiError(code = 400, description = "i18n:api-descriptor/PolicyResource#error.400.description"), @ApiError(code = 403, description = "i18n:api-descriptor/PolicyResource#error.403.description")}, description = "i18n:api-descriptor/PolicyResource#create.description"))
    public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest createRequest) {
        try {
            String newResourceId = createRequest.getNewResourceId();
            Privilege parsePolicy = this.policyParser.parsePolicy(newResourceId, createRequest.getContent());
            if (StringUtils.isNotBlank(newResourceId) && !newResourceId.equals(parsePolicy.getName())) {
                DEBUG.error("PolicyResource :: CREATE : Resource name and JSON body name do not match.");
                throw new EntitlementException(13);
            }
            if (StringUtils.isBlank(newResourceId)) {
                newResourceId = parsePolicy.getName();
            }
            if (!newResourceId.equals(DN.escapeAttributeValue(newResourceId))) {
                throw new EntitlementException(771);
            }
            this.policyStoreProvider.getPolicyStore(context).create(parsePolicy);
            return Promises.newResultPromise(policyResource(parsePolicy));
        } catch (EntitlementException e) {
            DEBUG.error("PolicyResource :: CREATE : Error performing create for policy, " + ((String) null), e);
            return this.resourceErrorHandler.handleError(context, createRequest, e).asPromise();
        }
    }

    @Delete(operationDescription = @Operation(errors = {@ApiError(code = 400, description = "i18n:api-descriptor/PolicyResource#error.400.description"), @ApiError(code = 403, description = "i18n:api-descriptor/PolicyResource#error.403.description")}, description = "i18n:api-descriptor/PolicyResource#delete.description"))
    public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String str, DeleteRequest deleteRequest) {
        try {
            this.policyStoreProvider.getPolicyStore(context).delete(str);
            if (DEBUG.messageEnabled()) {
                DEBUG.message("PolicyResource :: DELETE : Deleted policy with ID, " + str);
            }
            return Promises.newResultPromise(Responses.newResourceResponse(str, "0", JsonValue.json(JsonValue.object(new Map.Entry[0]))));
        } catch (EntitlementException e) {
            return this.resourceErrorHandler.handleError(context, "PolicyResource :: DELETE : Error performing delete for policy, " + str, deleteRequest, e).asPromise();
        }
    }

    public Promise<ResourceResponse, ResourceException> patchInstance(Context context, String str, PatchRequest patchRequest) {
        return RestUtils.generateUnsupportedOperation();
    }

    @Query(operationDescription = @Operation(errors = {@ApiError(code = 400, description = "i18n:api-descriptor/PolicyResource#error.400.description")}, description = "i18n:api-descriptor/PolicyResource#query.description"), type = QueryType.FILTER, queryableFields = {"*"})
    public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler) {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<Privilege> it = this.policyStoreProvider.getPolicyStore(context).query(queryRequest).iterator();
            while (it.hasNext()) {
                arrayList.add(policyResource(it.next()));
            }
            QueryResponsePresentation.enableDeprecatedRemainingQueryResponse(queryRequest);
            return QueryResponsePresentation.perform(queryResourceHandler, queryRequest, arrayList);
        } catch (IllegalArgumentException e) {
            DEBUG.error("PolicyResource :: QUERY : Error querying policy collection due to bad request.", e);
            return new BadRequestException(e.getMessage()).asPromise();
        } catch (EntitlementException e2) {
            DEBUG.error("PolicyResource :: QUERY : Error querying policy collection.", e2);
            return this.resourceErrorHandler.handleError(context, queryRequest, e2).asPromise();
        }
    }

    @Read(operationDescription = @Operation(errors = {@ApiError(code = 400, description = "i18n:api-descriptor/PolicyResource#error.400.description")}, description = "i18n:api-descriptor/PolicyResource#read.description"))
    public Promise<ResourceResponse, ResourceException> readInstance(Context context, String str, ReadRequest readRequest) {
        try {
            return Promises.newResultPromise(policyResource(this.policyStoreProvider.getPolicyStore(context).read(str)));
        } catch (EntitlementException e) {
            DEBUG.error("PolicyResource :: READ : Error reading policy, " + str + ".", e);
            return this.resourceErrorHandler.handleError(context, readRequest, e).asPromise();
        }
    }

    @Update(operationDescription = @Operation(errors = {@ApiError(code = 400, description = "i18n:api-descriptor/PolicyResource#error.400.description"), @ApiError(code = 404, description = "i18n:api-descriptor/PolicyResource#error.404.description")}, description = "i18n:api-descriptor/PolicyResource#update.description"))
    public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String str, UpdateRequest updateRequest) {
        try {
            return Promises.newResultPromise(policyResource(this.policyStoreProvider.getPolicyStore(context).update(str, this.policyParser.parsePolicy(str, updateRequest.getContent()))));
        } catch (EntitlementException e) {
            DEBUG.error("PolicyResource :: UPDATE : Error updating policy, " + str + ".", e);
            return this.resourceErrorHandler.handleError(context, updateRequest, e).asPromise();
        }
    }

    private ResourceResponse policyResource(Privilege privilege) throws EntitlementException {
        return Responses.newResourceResponse(privilege.getName(), policyRevision(privilege), this.policyParser.printPolicy(privilege));
    }

    private String policyRevision(Privilege privilege) {
        return Long.toString(privilege.getLastModifiedDate());
    }
}
