package com.evolveum.polygon.connector.msgraphapi;

import com.evolveum.polygon.connector.msgraphapi.ObjectProcessing;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeDelta;
import org.identityconnectors.framework.common.objects.AttributeInfoBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.SchemaBuilder;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.common.objects.filter.ContainsAllValuesFilter;
import org.identityconnectors.framework.common.objects.filter.ContainsFilter;
import org.identityconnectors.framework.common.objects.filter.EqualsFilter;
import org.identityconnectors.framework.common.objects.filter.Filter;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:com/evolveum/polygon/connector/msgraphapi/RoleProcessing.class */
public class RoleProcessing extends ObjectProcessing {
    public static final String ROLE_NAME = "Role";
    public static final ObjectClass ROLE = new ObjectClass(ROLE_NAME);
    private static final String ROLES = "/roleManagement/directory/roleDefinitions";
    private static final String ROLE_ASSIGNMENT = "/roleManagement/directory/roleAssignments";
    private static final String USERS = "/users";
    private static final String ATTR_ID = "id";
    private static final String ATTR_DESCRIPTION = "description";
    private static final String ATTR_DISPLAY_NAME = "displayName";
    private static final String ATTR_IS_BUILT_IN = "isBuiltIn";
    private static final String ATTR_IS_ENABLED = "isEnabled";
    private static final String ATTR_RESOURCE_SCOPES = "resourceScopes";
    private static final String ATTR_TEMPLATE_ID = "templateId";
    private static final String ATTR_VERSION = "version";
    private static final String ATTR_ROLE_PERMISSIONS = "rolePermissions";
    private static final String ATTR_ALLOWED_RESOURCE_ACTIONS = "allowedResourceActions";
    private static final String ATTR_ROLE_PERMISSIONS_ALL = "rolePermissions.allowedResourceActions";
    private static final String ATTR_INHERIT_PERMISSIONS_FROM_ODATA_CONTEXT = "inheritsPermissionsFrom@odata.context";
    private static final String ATTR_INHERIT_PERMISSIONS_FROM = "inheritsPermissionsFrom";
    private static final String ATTR_INHERIT_PERMISSIONS_FROM_ALL = "inheritsPermissionsFrom.id";
    private static final String ATTR_MEMBERS = "members";

    public RoleProcessing(GraphEndpoint graphEndpoint) {
        super(graphEndpoint, ICFPostMapper.builder().build());
    }

    public void buildRoleObjectClass(SchemaBuilder schemaBuilder) {
        schemaBuilder.defineObjectClass(objectClassInfo());
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    protected String type() {
        return ROLE_NAME;
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    protected ObjectClassInfo objectClassInfo() {
        ObjectClassInfoBuilder objectClassInfoBuilder = new ObjectClassInfoBuilder();
        objectClassInfoBuilder.setType(type());
        AttributeInfoBuilder attributeInfoBuilder = new AttributeInfoBuilder(ATTR_IS_ENABLED);
        attributeInfoBuilder.setType(Boolean.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder.build());
        AttributeInfoBuilder attributeInfoBuilder2 = new AttributeInfoBuilder(ATTR_IS_BUILT_IN);
        attributeInfoBuilder2.setRequired(false).setType(Boolean.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder2.build());
        AttributeInfoBuilder attributeInfoBuilder3 = new AttributeInfoBuilder(ATTR_TEMPLATE_ID);
        attributeInfoBuilder3.setRequired(false).setType(String.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder3.build());
        AttributeInfoBuilder attributeInfoBuilder4 = new AttributeInfoBuilder("version");
        attributeInfoBuilder4.setRequired(false).setType(String.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder4.build());
        AttributeInfoBuilder attributeInfoBuilder5 = new AttributeInfoBuilder(ATTR_DESCRIPTION);
        attributeInfoBuilder5.setRequired(false).setType(String.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder5.build());
        AttributeInfoBuilder attributeInfoBuilder6 = new AttributeInfoBuilder(ATTR_RESOURCE_SCOPES);
        attributeInfoBuilder6.setRequired(false).setType(String.class).setMultiValued(true).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder6.build());
        AttributeInfoBuilder attributeInfoBuilder7 = new AttributeInfoBuilder(ATTR_ROLE_PERMISSIONS_ALL);
        attributeInfoBuilder7.setRequired(false).setType(String.class).setMultiValued(true).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder7.build());
        AttributeInfoBuilder attributeInfoBuilder8 = new AttributeInfoBuilder(ATTR_INHERIT_PERMISSIONS_FROM_ODATA_CONTEXT);
        attributeInfoBuilder8.setRequired(false).setType(String.class).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder8.build());
        AttributeInfoBuilder attributeInfoBuilder9 = new AttributeInfoBuilder(ATTR_INHERIT_PERMISSIONS_FROM_ALL);
        attributeInfoBuilder9.setRequired(false).setType(String.class).setMultiValued(true).setCreateable(false).setUpdateable(false).setReadable(true);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder9.build());
        AttributeInfoBuilder attributeInfoBuilder10 = new AttributeInfoBuilder(ATTR_MEMBERS);
        attributeInfoBuilder10.setType(String.class).setCreateable(true).setUpdateable(true).setReadable(true).setMultiValued(true).setReturnedByDefault(false);
        objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder10.build());
        return objectClassInfoBuilder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Uid createRole(Set<Attribute> set) {
        throw new UnsupportedOperationException("Create operation is not supported for Roles!");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<AttributeDelta> updateRole(Uid uid, Set<AttributeDelta> set, OperationOptions operationOptions) {
        LOG.info("Start updateRole, Uid: {0}, attrsDelta: {1}", new Object[]{uid, set});
        for (AttributeDelta attributeDelta : set) {
            LOG.info("attrDelta: {0}", new Object[]{attributeDelta});
            if (attributeDelta.getName().equalsIgnoreCase(ATTR_MEMBERS)) {
                LOG.info("addMembersToRole", new Object[0]);
                addOrRemoveMember(uid, attributeDelta, ROLE_ASSIGNMENT, operationOptions);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void delete(Uid uid) {
        throw new UnsupportedOperationException("Delete operation is not supported for Roles!");
    }

    protected void addOrRemoveMember(Uid uid, AttributeDelta attributeDelta, String str, OperationOptions operationOptions) {
        LOG.info("addOrRemoveMember {0} , {1} , {2}", new Object[]{uid, attributeDelta, str});
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        String uidValue = uid.getUidValue();
        LOG.info("path: {0}", new Object[]{sb});
        roleProcessRemove(sb, attributeDelta.getValuesToRemove(), uidValue, operationOptions);
        List valuesToAdd = attributeDelta.getValuesToAdd();
        if (valuesToAdd == null || valuesToAdd.isEmpty()) {
            return;
        }
        for (Object obj : valuesToAdd) {
            if (obj != null) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("principalId", (String) obj);
                jSONObject.put("directoryScopeId", "/");
                jSONObject.put("roleDefinitionId", uidValue);
                LOG.ok("json: {0}", new Object[]{jSONObject});
                postRequestNoContent(sb.toString(), jSONObject);
            }
        }
    }

    private void postRequestNoContent(String str, JSONObject jSONObject) {
        LOG.info("path: {0} , json: {1}", new Object[]{str, jSONObject});
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        URI uri = graphEndpoint.getUri(graphEndpoint.createURIBuilder().setPath(str));
        LOG.info("uri {0}", new Object[]{uri});
        LOG.info("HttpEntityEnclosingRequestBase request", new Object[0]);
        HttpPost httpPost = new HttpPost(uri);
        LOG.info("create true - HTTP POST {0}", new Object[]{uri});
        graphEndpoint.callRequestNoContent(httpPost, null, jSONObject);
    }

    private void roleProcessRemove(StringBuilder sb, List<Object> list, String str, OperationOptions operationOptions) {
        if (list == null || list.isEmpty()) {
            return;
        }
        for (Object obj : list) {
            if (obj != null) {
                String str2 = (String) obj;
                String roleAssignmentId = getRoleAssignmentId(operationOptions, str, str2);
                LOG.info("executeDeleteOperation principalId: {0} , sbPath: {1}", new Object[]{str2, sb});
                executeDeleteOperation(roleAssignmentId, sb.toString());
            }
        }
    }

    private void executeDeleteOperation(String str, String str2) {
        LOG.info("Delete object of roleAssignment, id: {0}, Path: {1}", new Object[]{str, str2});
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        URIBuilder createURIBuilder = graphEndpoint.createURIBuilder();
        createURIBuilder.setPath(str2 + "/" + str);
        LOG.info("Uri for delete: {0}", new Object[]{createURIBuilder});
        graphEndpoint.callRequest(new HttpDelete(graphEndpoint.getUri(createURIBuilder)), false);
    }

    public void executeQueryForRole(Filter filter, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        LOG.info("executeQueryForRole() Query: {0}", new Object[]{filter});
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        if (!(filter instanceof EqualsFilter)) {
            if (filter instanceof ContainsFilter) {
                LOG.info("Query is instance of ContainsFilter: {0}", new Object[]{filter});
                ContainsFilter containsFilter = (ContainsFilter) filter;
                String name = containsFilter.getAttribute().getName();
                String attributeFirstValue = getAttributeFirstValue(containsFilter);
                if (Arrays.asList(ATTR_DISPLAY_NAME).contains(name)) {
                    graphEndpoint.executeListRequest(ROLES, "$filter=startswith(" + name + ",'" + attributeFirstValue + "')", operationOptions, false, createJSONObjectHandler(resultsHandler));
                    return;
                }
                return;
            }
            if (!(filter instanceof ContainsAllValuesFilter)) {
                if (filter == null) {
                    LOG.info("Query is null", new Object[0]);
                    graphEndpoint.executeListRequest(ROLES, null, operationOptions, false, createJSONObjectHandler(resultsHandler));
                    return;
                }
                return;
            }
            LOG.info("[QUERY] - ContainsAllValuesFilter - query: {0}", new Object[]{filter});
            ContainsAllValuesFilter containsAllValuesFilter = (ContainsAllValuesFilter) filter;
            String name2 = containsAllValuesFilter.getAttribute().getName();
            String attributeFirstValue2 = getAttributeFirstValue(containsAllValuesFilter);
            LOG.info("[QUERY] - ContainsAllValuesFilter - name is: {0} and value is: {1}", new Object[]{name2, attributeFirstValue2});
            listUserRoleMembership(operationOptions, attributeFirstValue2, (operationOptions2, jSONObject) -> {
                String string = jSONObject.getString("roleDefinitionId");
                LOG.info("[QUERY] - ContainsAllValuesFilter - roleUID: {0}", new Object[]{string});
                return handleJSONObject(operationOptions2, graphEndpoint.executeGetRequest("/roleManagement/directory/roleDefinitions/" + string, null, operationOptions), resultsHandler);
            });
            return;
        }
        EqualsFilter equalsFilter = (EqualsFilter) filter;
        String name3 = equalsFilter.getAttribute().getName();
        LOG.info("Query is instance of EqualsFilter: {0}", new Object[]{filter});
        if (equalsFilter.getAttribute() instanceof Uid) {
            LOG.info("((EqualsFilter) query).getAttribute() instanceof Uid", new Object[0]);
            Uid attribute = ((EqualsFilter) filter).getAttribute();
            if (attribute.getUidValue() == null) {
                invalidAttributeValue("Uid", filter);
            }
            StringBuilder sb = new StringBuilder();
            sb.append(ROLES).append("/").append(attribute.getUidValue());
            handleJSONObject(operationOptions, graphEndpoint.executeGetRequest(sb.toString(), null, operationOptions), resultsHandler);
            return;
        }
        if (!(equalsFilter.getAttribute() instanceof Name)) {
            if (ATTR_DISPLAY_NAME.equals(name3)) {
                graphEndpoint.executeListRequest(ROLES, "$filter=" + name3 + " eq '" + getAttributeFirstValue(equalsFilter) + "'", operationOptions, false, createJSONObjectHandler(resultsHandler));
            }
        } else {
            LOG.info("((EqualsFilter) query).getAttribute() instanceof Name", new Object[0]);
            String nameValue = ((EqualsFilter) filter).getAttribute().getNameValue();
            if (nameValue == null) {
                invalidAttributeValue("Name", filter);
            }
            graphEndpoint.executeListRequest(ROLES, "$filter=displayName eq '" + nameValue + "'", operationOptions, false, createJSONObjectHandler(resultsHandler));
        }
    }

    private JSONObject saturateRoleMembership(JSONObject jSONObject) {
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        String string = jSONObject.getString("id");
        LOG.info("[GET] - saturateRoleMembership(), for role with UID: {0}", new Object[]{string});
        jSONObject.put(ATTR_MEMBERS, getJSONArray(graphEndpoint.executeListRequest(ROLE_ASSIGNMENT, "$select=principalId&$filter=roleDefinitionId eq '" + string + "'", null, true), "principalId"));
        return jSONObject;
    }

    private void listUserRoleMembership(OperationOptions operationOptions, String str, ObjectProcessing.JSONObjectHandler jSONObjectHandler) {
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        LOG.info("[GET] - listUserRoleMembership(), for user with UID: {0}", new Object[]{str});
        graphEndpoint.executeListRequest(ROLE_ASSIGNMENT, "$select=roleDefinitionId&$filter=principalId eq '" + str + "'", operationOptions, true, jSONObjectHandler);
    }

    private String getRoleAssignmentId(OperationOptions operationOptions, String str, String str2) {
        GraphEndpoint graphEndpoint = getGraphEndpoint();
        LOG.info("[GET] - getRoleAssignmentId(), for role with UID: {0}", new Object[]{str});
        JSONArray executeListRequest = graphEndpoint.executeListRequest(ROLE_ASSIGNMENT, "$select=id&$filter=roleDefinitionId eq '" + str + "' and principalId eq '" + str2 + "'", operationOptions, true);
        LOG.info("[GET] - roleMembers: {0}", new Object[]{executeListRequest});
        return (String) getIdFromAssignmentObject(executeListRequest, "id", String.class);
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    protected boolean handleJSONObject(OperationOptions operationOptions, JSONObject jSONObject, ResultsHandler resultsHandler) {
        LOG.info("processingRoleObjectFromGET (Object)", new Object[0]);
        if (shouldSaturate(operationOptions, ROLE_NAME, ATTR_MEMBERS)) {
            jSONObject = saturateRoleMembership(jSONObject);
        }
        ConnectorObjectBuilder convertRoleJSONObjectToConnectorObject = convertRoleJSONObjectToConnectorObject(jSONObject);
        incompleteIfNecessary(operationOptions, ROLE_NAME, ATTR_MEMBERS, convertRoleJSONObjectToConnectorObject);
        ConnectorObject build = convertRoleJSONObjectToConnectorObject.build();
        LOG.info("processingRoleObjectFromGET, role: {0}, \n\tconnectorObject: {1}", new Object[]{jSONObject.get("id"), build});
        return resultsHandler.handle(build);
    }

    private ConnectorObjectBuilder convertRoleJSONObjectToConnectorObject(JSONObject jSONObject) {
        LOG.info("convertRoleJSONObjectToConnectorObject", new Object[0]);
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(ROLE);
        getUIDIfExists(jSONObject, "id", connectorObjectBuilder);
        getNAMEIfExists(jSONObject, ATTR_DISPLAY_NAME, connectorObjectBuilder);
        getIfExists(jSONObject, ATTR_DESCRIPTION, String.class, connectorObjectBuilder);
        getIfExists(jSONObject, ATTR_IS_BUILT_IN, Boolean.class, connectorObjectBuilder);
        getIfExists(jSONObject, ATTR_IS_ENABLED, Boolean.class, connectorObjectBuilder);
        getIfExists(jSONObject, ATTR_TEMPLATE_ID, String.class, connectorObjectBuilder);
        getIfExists(jSONObject, "version", String.class, connectorObjectBuilder);
        getRoleInheritPermissionsIfExists(jSONObject, ATTR_INHERIT_PERMISSIONS_FROM_ODATA_CONTEXT, String.class, connectorObjectBuilder);
        getRolePermissionsIfExists(jSONObject, ATTR_ROLE_PERMISSIONS, ATTR_ALLOWED_RESOURCE_ACTIONS, String.class, connectorObjectBuilder);
        getFromArrayIfExists(jSONObject, ATTR_INHERIT_PERMISSIONS_FROM, "id", String.class, connectorObjectBuilder);
        getMultiIfExists(jSONObject, ATTR_RESOURCE_SCOPES, connectorObjectBuilder);
        getMultiIfExists(jSONObject, ATTR_MEMBERS, connectorObjectBuilder);
        return connectorObjectBuilder;
    }

    public String getNameAttribute() {
        return ATTR_DISPLAY_NAME;
    }

    public String getUIDAttribute() {
        return "id";
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    public /* bridge */ /* synthetic */ MSGraphConfiguration getConfiguration() {
        return super.getConfiguration();
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    public /* bridge */ /* synthetic */ SchemaTranslator getSchemaTranslator() {
        return super.getSchemaTranslator();
    }

    @Override // com.evolveum.polygon.connector.msgraphapi.ObjectProcessing
    public /* bridge */ /* synthetic */ GraphEndpoint getGraphEndpoint() {
        return super.getGraphEndpoint();
    }
}
