package org.forgerock.openidm.servlet.internal;

import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.resource.Context;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.SecurityContext;
import org.forgerock.json.resource.ServerContext;
import org.forgerock.json.resource.ServiceUnavailableException;
import org.forgerock.json.resource.servlet.HttpServletContextFactory;
import org.forgerock.json.resource.servlet.SecurityContextFactory;
import org.forgerock.script.Script;
import org.forgerock.script.ScriptEntry;
import org.forgerock.script.engine.Utils;
import org.forgerock.script.exception.ScriptThrownException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/servlet/internal/IDMSecurityContextFactory.class */
public class IDMSecurityContextFactory implements HttpServletContextFactory {
    private static final Logger logger = LoggerFactory.getLogger(IDMSecurityContextFactory.class);
    private final List<ScriptEntry> augmentationScripts;

    public IDMSecurityContextFactory(List<ScriptEntry> list) {
        this.augmentationScripts = list;
    }

    public Context createContext(HttpServletRequest httpServletRequest) throws ResourceException {
        SecurityContext createContext = SecurityContextFactory.getHttpServletContextFactory().createContext(httpServletRequest);
        Iterator<ScriptEntry> it = this.augmentationScripts.iterator();
        while (it.hasNext()) {
            augmentContext(it.next(), createContext);
        }
        if (isSecurityContextPopulated(createContext)) {
            return createContext;
        }
        logger.warn("Rejecting invocation as required context to allow invocation not populated");
        throw new ServiceUnavailableException("Rejecting invocation as required context to allow invocation not populated");
    }

    private boolean isSecurityContextPopulated(SecurityContext securityContext) {
        try {
            JsonValue jsonValue = new JsonValue(securityContext.getAuthorizationId());
            if (!StringUtils.isEmpty(securityContext.getAuthenticationId()) && !StringUtils.isEmpty(jsonValue.get("id").asString()) && !StringUtils.isEmpty(jsonValue.get("component").asString())) {
                if (jsonValue.get("roles").isList()) {
                    return true;
                }
            }
            return false;
        } catch (NullPointerException e) {
            return false;
        }
    }

    private void augmentContext(ScriptEntry scriptEntry, SecurityContext securityContext) throws ResourceException {
        if (!scriptEntry.isActive()) {
            throw new ServiceUnavailableException("Failed to execute inactive script: " + scriptEntry.getName().toString());
        }
        Script script = scriptEntry.getScript(new ServerContext(securityContext));
        script.put("security", securityContext);
        try {
            script.eval();
        } catch (ScriptThrownException e) {
            throw e.toResourceException(500, "Security Context augmentation script '" + scriptEntry.getName().toString() + "' resulted in an error");
        } catch (Throwable th) {
            ResourceException adapt = Utils.adapt(th);
            logger.warn("augment script {} encountered exception with detail {} ", new Object[]{scriptEntry.getName().getName(), adapt.getDetail(), adapt});
            throw adapt;
        }
    }
}
