package org.forgerock.openidm.restlet;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.json.fluent.JsonPointer;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.fluent.JsonValueException;
import org.forgerock.json.resource.JsonResource;
import org.forgerock.json.resource.JsonResourceException;
import org.forgerock.json.resource.restlet.JsonResourceRestlet;
import org.forgerock.openidm.filterregistration.ServletFilterRegistrator;
import org.forgerock.openidm.http.ContextRegistrator;
import org.forgerock.openidm.objset.ObjectSetContext;
import org.forgerock.openidm.scope.ScopeFactory;
import org.forgerock.openidm.script.Script;
import org.forgerock.openidm.script.ScriptException;
import org.forgerock.openidm.script.ScriptThrownException;
import org.forgerock.openidm.script.Scripts;
import org.forgerock.restlet.RestletRouterServlet;
import org.ops4j.pax.web.extender.whiteboard.ServletMapping;
import org.ops4j.pax.web.extender.whiteboard.runtime.DefaultServletMapping;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.http.NamespaceException;
import org.restlet.Request;
import org.restlet.Restlet;
import org.restlet.resource.ResourceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/restlet/Servlet.class */
public class Servlet extends RestletRouterServlet {
    private static final long serialVersionUID = 1;
    static final Logger logger = LoggerFactory.getLogger(Servlet.class);
    private static final String PATH_PROPERTY = "openidm.restlet.path";
    private ComponentContext context;
    private ServiceRegistration serviceRegistration;
    List<Script> augmentSecurityContext = new CopyOnWriteArrayList();
    protected HashMap<JsonResource, Restlet> restlets = new HashMap<>();
    protected Map<ServletFilterRegistrator, Script> filterRegistratorMap = new HashMap();
    public ScopeFactory scopeFactory;

    /* loaded from: input_file:org/forgerock/openidm/restlet/Servlet$CustomRestlet.class */
    private class CustomRestlet extends JsonResourceRestlet {
        private static final String USERID_ID = "id";
        public static final String USERID_COMPONENT = "component";
        public static final String OPENIDM_ROLES = "openidm-roles";
        public static final String USERID = "userid";
        public static final String USERNAME = "username";

        public CustomRestlet(JsonResource jsonResource) {
            super(jsonResource);
        }

        public JsonValue newContext(Request request) {
            JsonValue newContext = super.newContext(request);
            JsonValue jsonValue = newContext.get("security");
            JsonValue jsonValue2 = new JsonValue(request.getAttributes());
            try {
                JsonValue singleEntry = singleEntry(jsonValue2, "openidm.username");
                JsonValue singleEntry2 = singleEntry(jsonValue2, "openidm.resource");
                JsonValue singleEntry3 = singleEntry(jsonValue2, "openidm.userid");
                JsonValue listEntry = listEntry(jsonValue2, "openidm.roles");
                if (singleEntry(jsonValue2, "openidm.authinvoked").isNull()) {
                    Servlet.logger.warn("Rejecting invocation as required context to allow invocation not populated");
                    throw new RuntimeException("Rejecting invocation as required context to allow invocation not populated");
                }
                if (jsonValue.get(USERNAME).isNull()) {
                    Servlet.logger.debug("username not populated from principal, try to get from params {}", jsonValue);
                    jsonValue.put(USERNAME, singleEntry.required().asString());
                }
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                if (!singleEntry2.isNull()) {
                    linkedHashMap.put(USERID_COMPONENT, singleEntry2.asString());
                }
                if (!singleEntry3.isNull()) {
                    linkedHashMap.put(USERID_ID, singleEntry3.asString());
                }
                if (!singleEntry2.isNull() || !singleEntry3.isNull()) {
                    jsonValue.put(USERID, linkedHashMap);
                }
                if (!listEntry.isNull()) {
                    jsonValue.put(OPENIDM_ROLES, listEntry.asList());
                }
                if (Servlet.this.augmentSecurityContext != null && Servlet.this.augmentSecurityContext.size() > 0) {
                    Iterator<Script> it = Servlet.this.augmentSecurityContext.iterator();
                    while (it.hasNext()) {
                        augmentContext(it.next(), request, jsonValue);
                    }
                }
                jsonValue.get(USERNAME).required();
                jsonValue.get(USERID).required();
                jsonValue.get(USERID).get(USERID_COMPONENT).required();
                jsonValue.get(USERID).get(USERID_ID).required();
                jsonValue.get(OPENIDM_ROLES).required();
                Servlet.logger.debug("New populated context: {}", newContext);
                return newContext;
            } catch (JsonValueException e) {
                Servlet.logger.warn("Security context not populated correctly: {}", e.getMessage(), e);
                throw e;
            } catch (JsonResourceException e2) {
                Servlet.logger.warn("Failure in augmenting security context: {}", e2.getMessage(), e2);
                throw new ResourceException(e2);
            }
        }

        private void augmentContext(Script script, Request request, JsonValue jsonValue) throws JsonResourceException {
            Map newScope = Servlet.this.newScope();
            try {
                newScope.put("request", request);
                newScope.put("security", jsonValue.getObject());
                script.exec(newScope);
            } catch (ScriptThrownException e) {
                throw e.toJsonResourceException((String) null);
            } catch (ScriptException e2) {
                throw e2.toJsonResourceException("Failure in executing security context augment script: " + e2.getMessage());
            }
        }

        private JsonValue singleEntry(JsonValue jsonValue, String str) {
            JsonValue jsonValue2 = jsonValue.get(str);
            if (jsonValue2.isString() || jsonValue2.isNumber() || jsonValue2.isBoolean()) {
                return jsonValue2;
            }
            if (jsonValue2.isList()) {
                if (jsonValue2.size() > 1) {
                    Servlet.logger.warn("Expecting only one paramter in {} List parameter, passed {}", str, Integer.valueOf(jsonValue2.size()));
                }
                return jsonValue2.get(0);
            }
            Object object = jsonValue2.getObject();
            if (object instanceof Set) {
                Iterator it = ((Set) object).iterator();
                if (it.hasNext()) {
                    Object next = it.next();
                    if (it.hasNext()) {
                        Servlet.logger.warn("Expecting only one paramter in {} Set parameter, passed {}", str, Integer.valueOf(jsonValue2.size()));
                    }
                    return new JsonValue(next);
                }
            }
            return new JsonValue((Object) null, new JsonPointer(str));
        }

        private JsonValue listEntry(JsonValue jsonValue, String str) {
            JsonValue jsonValue2 = jsonValue.get(str);
            if (jsonValue2.isList()) {
                return jsonValue2;
            }
            Object object = jsonValue2.getObject();
            return object instanceof Set ? new JsonValue(new ArrayList((Set) object)) : new JsonValue((Object) null, new JsonPointer(str));
        }
    }

    protected synchronized void bindRestlet(Restlet restlet, Map<String, Object> map) {
        Object obj = map.get(PATH_PROPERTY);
        if (obj == null || !(obj instanceof String)) {
            return;
        }
        attach((String) obj, restlet);
    }

    protected synchronized void unbindRestlet(Restlet restlet, Map<String, Object> map) {
        Object obj = map.get(PATH_PROPERTY);
        if (obj == null || !(obj instanceof String)) {
            return;
        }
        detach(restlet);
    }

    protected synchronized void bindJsonResource(JsonResource jsonResource, Map<String, Object> map) {
        Restlet customRestlet = new CustomRestlet(jsonResource);
        this.restlets.put(jsonResource, customRestlet);
        bindRestlet(customRestlet, map);
    }

    protected synchronized void unbindJsonResource(JsonResource jsonResource, Map<String, Object> map) {
        Restlet restlet = this.restlets.get(jsonResource);
        if (restlet != null) {
            unbindRestlet(restlet, map);
            this.restlets.remove(jsonResource);
        }
    }

    protected synchronized void bindRegistrator(ServletFilterRegistrator servletFilterRegistrator, Map<String, Object> map) {
        JsonValue jsonValue = servletFilterRegistrator.getConfiguration().get("scriptExtensions").get("augmentSecurityContext");
        if (jsonValue.isNull()) {
            return;
        }
        Script newInstance = Scripts.newInstance("Servlet", jsonValue);
        this.filterRegistratorMap.put(servletFilterRegistrator, newInstance);
        this.augmentSecurityContext.add(newInstance);
        logger.debug("Registered script {}", newInstance);
    }

    protected synchronized void unbindRegistrator(ServletFilterRegistrator servletFilterRegistrator, Map<String, Object> map) {
        Script remove = this.filterRegistratorMap.remove(servletFilterRegistrator);
        if (remove != null) {
            this.augmentSecurityContext.remove(remove);
            logger.debug("Deregistered script {}", remove);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Object> newScope() {
        return this.scopeFactory.newInstance(ObjectSetContext.get());
    }

    protected synchronized void activate(ComponentContext componentContext) throws ServletException, NamespaceException {
        this.context = componentContext;
        new JsonValue(new HashMap());
        DefaultServletMapping defaultServletMapping = new DefaultServletMapping();
        defaultServletMapping.setHttpContextId("openidm");
        defaultServletMapping.setAlias("/openidm");
        defaultServletMapping.setServlet(this);
        defaultServletMapping.setServletName("OpenIDM REST");
        this.serviceRegistration = FrameworkUtil.getBundle(ContextRegistrator.class).getBundleContext().registerService(ServletMapping.class.getName(), defaultServletMapping, (Dictionary) null);
        logger.debug("Registered servlet at {}", "/openidm");
    }

    protected synchronized void deactivate(ComponentContext componentContext) {
        if (null != this.serviceRegistration) {
            this.serviceRegistration.unregister();
        }
        this.context = null;
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ObjectSetContext.clear();
        try {
            super.service(httpServletRequest, httpServletResponse);
        } finally {
            ObjectSetContext.clear();
        }
    }

    protected void bindScopeFactory(ScopeFactory scopeFactory) {
        this.scopeFactory = scopeFactory;
    }

    protected void unbindScopeFactory(ScopeFactory scopeFactory) {
        if (this.scopeFactory == scopeFactory) {
            this.scopeFactory = null;
        }
    }
}
