package org.forgerock.openidm.script.impl;

import java.io.File;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.script.ScriptException;
import javax.script.SimpleBindings;
import org.apache.commons.lang3.StringUtils;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.References;
import org.apache.felix.scr.annotations.Service;
import org.forgerock.json.crypto.JsonCrypto;
import org.forgerock.json.crypto.JsonCryptoException;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.fluent.JsonValueException;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.Context;
import org.forgerock.json.resource.CreateRequest;
import org.forgerock.json.resource.DeleteRequest;
import org.forgerock.json.resource.ForbiddenException;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.NotSupportedException;
import org.forgerock.json.resource.PatchRequest;
import org.forgerock.json.resource.PersistenceConfig;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResultHandler;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.RequestHandler;
import org.forgerock.json.resource.Resource;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResultHandler;
import org.forgerock.json.resource.ServerContext;
import org.forgerock.json.resource.ServiceUnavailableException;
import org.forgerock.json.resource.UpdateRequest;
import org.forgerock.openidm.config.enhanced.JSONEnhancedConfig;
import org.forgerock.openidm.core.IdentityServer;
import org.forgerock.openidm.crypto.CryptoService;
import org.forgerock.openidm.quartz.impl.ExecutionException;
import org.forgerock.openidm.quartz.impl.ScheduledService;
import org.forgerock.script.Script;
import org.forgerock.script.ScriptEntry;
import org.forgerock.script.engine.ScriptEngineFactory;
import org.forgerock.script.exception.ScriptThrownException;
import org.forgerock.script.registry.ScriptRegistryImpl;
import org.forgerock.script.scope.Function;
import org.forgerock.script.scope.FunctionFactory;
import org.forgerock.script.scope.Parameter;
import org.forgerock.script.scope.ResourceFunctions;
import org.forgerock.script.source.DirectoryContainer;
import org.ops4j.pax.swissbox.extender.BundleWatcher;
import org.ops4j.pax.swissbox.extender.ManifestEntry;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(name = ScriptRegistryService.PID, policy = ConfigurationPolicy.REQUIRE, metatype = true, description = "OpenIDM Script Registry Service", immediate = true)
@Service
@References({@Reference(name = "CryptoServiceReference", referenceInterface = CryptoService.class, bind = "bindCryptoService", unbind = "unbindCryptoService", cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC), @Reference(name = "PersistenceConfigReference", referenceInterface = PersistenceConfig.class, bind = "setPersistenceConfig", unbind = "unsetPersistenceConfig", cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC), @Reference(name = "ScriptEngineFactoryReference", referenceInterface = ScriptEngineFactory.class, bind = "addingEntries", unbind = "removingEntries", cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC), @Reference(name = "FunctionReference", referenceInterface = Function.class, bind = "bindFunction", unbind = "unbindFunction", cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC, target = "(org.forgerock.openidm.script.name=*)")})
@Properties({@Property(name = "service.vendor", value = {"ForgeRock AS."}), @Property(name = "service.description", value = {"OpenIDM Script Registry Service"}), @Property(name = "openidm.router.prefix", value = {"/script*"})})
/* loaded from: input_file:org/forgerock/openidm/script/impl/ScriptRegistryService.class */
public class ScriptRegistryService extends ScriptRegistryImpl implements RequestHandler, ScheduledService {
    public static final Set<String> reservedNames;
    public static final String SCRIPT_NAME = "org.forgerock.openidm.script.name";
    public static final String PID = "org.forgerock.openidm.script";
    private static final Logger logger;
    private static final String PROP_IDENTITY_SERVER = "identityServer";
    private static final String PROP_OPENIDM = "openidm";
    private static final String PROP_CONSOLE = "console";
    private static final String SOURCE_DIRECTORY = "directory";
    private static final String SOURCE_FILE = "file";
    private static final String SOURCE_SUBDIRECTORIES = "subdirectories";
    private static final String SOURCE_VISIBILITY = "visibility";
    private static final String SOURCE_TYPE = "type";
    private final ConcurrentMap<String, Object> openidm = new ConcurrentHashMap();
    private static final ConcurrentMap<String, Object> propertiesCache;
    private BundleWatcher<ManifestEntry> manifestWatcher;

    /* loaded from: input_file:org/forgerock/openidm/script/impl/ScriptRegistryService$Action.class */
    private enum Action {
        eval
    }

    /* loaded from: input_file:org/forgerock/openidm/script/impl/ScriptRegistryService$IdentityServerFunctions.class */
    private enum IdentityServerFunctions implements Function<Object> {
        getProperty { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.IdentityServerFunctions.1
            public Object call(Parameter parameter, Function<?> function, Object... objArr) throws ResourceException, NoSuchMethodException {
                boolean z = false;
                if (objArr.length < 1 || objArr.length > 3) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage(name(), objArr));
                }
                if (objArr.length == 3) {
                    z = ((Boolean) objArr[2]).booleanValue();
                }
                if (!(objArr[0] instanceof String)) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage(name(), objArr));
                }
                String str = (String) objArr[0];
                Object obj = null;
                if (z) {
                    obj = ScriptRegistryService.propertiesCache.get(str);
                }
                if (null == obj) {
                    obj = IdentityServer.getInstance().getProperty(str, objArr.length == 2 ? objArr[1] : null, Object.class);
                    ScriptRegistryService.propertiesCache.putIfAbsent(str, obj);
                }
                return obj;
            }
        },
        getWorkingLocation { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.IdentityServerFunctions.2
            public Object call(Parameter parameter, Function function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr.length != 0) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage(name(), objArr));
                }
                return IdentityServer.getInstance().getWorkingLocation().getAbsolutePath();
            }
        },
        getProjectLocation { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.IdentityServerFunctions.3
            public Object call(Parameter parameter, Function function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr.length != 0) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage(name(), objArr));
                }
                return IdentityServer.getInstance().getProjectLocation().getAbsolutePath();
            }
        },
        getInstallLocation { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.IdentityServerFunctions.4
            public Object call(Parameter parameter, Function function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr.length != 0) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage(name(), objArr));
                }
                return IdentityServer.getInstance().getInstallLocation().getAbsolutePath();
            }
        };

        static final long serialVersionUID = 1;
    }

    @Activate
    protected void activate(ComponentContext componentContext) throws Exception {
        JsonValue configurationAsJson = JSONEnhancedConfig.newInstance().getConfigurationAsJson(componentContext);
        setConfiguration(configurationAsJson.required().asMap());
        HashMap hashMap = new HashMap();
        for (IdentityServerFunctions identityServerFunctions : IdentityServerFunctions.values()) {
            hashMap.put(identityServerFunctions.name(), identityServerFunctions);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put("log", new Function<Void>() { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.1
            public Void call(Parameter parameter, Function<?> function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr.length <= 0 || !(objArr[0] instanceof String)) {
                    return null;
                }
                System.out.println((String) objArr[0]);
                return null;
            }

            /* renamed from: call, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m4call(Parameter parameter, Function function, Object[] objArr) throws ResourceException, NoSuchMethodException {
                return call(parameter, (Function<?>) function, objArr);
            }
        });
        put(PROP_IDENTITY_SERVER, hashMap);
        put(PROP_CONSOLE, hashMap2);
        put(PROP_OPENIDM, this.openidm);
        JsonValue jsonValue = configurationAsJson.get("properties");
        if (jsonValue.isMap()) {
            for (Map.Entry entry : jsonValue.asMap().entrySet()) {
                if (!PROP_IDENTITY_SERVER.equals(entry.getKey()) && !PROP_OPENIDM.equals(entry.getKey()) && !PROP_CONSOLE.equals(entry.getKey())) {
                    put((String) entry.getKey(), entry.getValue());
                }
            }
        }
        try {
            JsonValue jsonValue2 = configurationAsJson.get("sources");
            if (!jsonValue2.isNull()) {
                for (String str : jsonValue2.keys()) {
                    addSourceUnit(new DirectoryContainer(str, new File(jsonValue2.get(str).get(SOURCE_DIRECTORY).asString()).toURI().toURL()));
                }
            }
            setRegistryLevelScriptClassLoader(getClass().getClassLoader());
            logger.info("OpenIDM Script Service component is activated.");
        } catch (Exception e) {
            logger.error("Error loading sources", e);
            throw e;
        }
    }

    @Modified
    protected void modified(ComponentContext componentContext) {
        JsonValue configurationAsJson = JSONEnhancedConfig.newInstance().getConfigurationAsJson(componentContext);
        setConfiguration(configurationAsJson.required().asMap());
        propertiesCache.clear();
        Set hashSet = null != getBindings() ? new HashSet(getBindings().keySet()) : Collections.emptySet();
        hashSet.remove(PROP_OPENIDM);
        hashSet.remove(PROP_IDENTITY_SERVER);
        hashSet.remove(PROP_CONSOLE);
        JsonValue jsonValue = configurationAsJson.get("properties");
        if (jsonValue.isMap()) {
            for (Map.Entry entry : jsonValue.asMap().entrySet()) {
                if (!PROP_IDENTITY_SERVER.equals(entry.getKey()) && !PROP_OPENIDM.equals(entry.getKey()) && !PROP_CONSOLE.equals(entry.getKey())) {
                    put((String) entry.getKey(), entry.getValue());
                    hashSet.remove(entry.getKey());
                }
            }
        }
        if (!hashSet.isEmpty()) {
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                getBindings().remove((String) it.next());
            }
        }
        logger.info("OpenIDM Script Service component is modified.");
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        if (null != this.manifestWatcher) {
            this.manifestWatcher.stop();
        }
        propertiesCache.clear();
        this.openidm.clear();
        setBindings(null);
        logger.info("OpenIDM Script Service component is deactivated.");
    }

    public void setPersistenceConfig(PersistenceConfig persistenceConfig) {
        super.setPersistenceConfig(persistenceConfig);
        this.openidm.put("create", ResourceFunctions.CREATE);
        this.openidm.put("read", ResourceFunctions.READ);
        this.openidm.put("update", ResourceFunctions.UPDATE);
        this.openidm.put("patch", ResourceFunctions.PATCH);
        this.openidm.put("query", ResourceFunctions.QUERY);
        this.openidm.put("delete", ResourceFunctions.DELETE);
        this.openidm.put("action", ResourceFunctions.ACTION);
        logger.info("Resource functions are enabled");
    }

    public void unsetPersistenceConfig(PersistenceConfig persistenceConfig) {
        this.openidm.remove("create", ResourceFunctions.CREATE);
        this.openidm.remove("read", ResourceFunctions.READ);
        this.openidm.remove("update", ResourceFunctions.UPDATE);
        this.openidm.remove("patch", ResourceFunctions.PATCH);
        this.openidm.remove("query", ResourceFunctions.QUERY);
        this.openidm.remove("delete", ResourceFunctions.DELETE);
        this.openidm.remove("action", ResourceFunctions.ACTION);
        super.setPersistenceConfig((PersistenceConfig) null);
        logger.info("Resource functions are disabled");
    }

    protected void bindCryptoService(final CryptoService cryptoService) {
        this.openidm.put("encrypt", new Function<JsonValue>() { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.2
            static final long serialVersionUID = 1;

            public JsonValue call(Parameter parameter, Function<?> function, Object... objArr) throws ResourceException, NoSuchMethodException {
                JsonValue jsonValue;
                String str;
                if (objArr.length != 3) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("encrypt", objArr));
                }
                if ((objArr[0] instanceof Map) || (objArr[0] instanceof List) || (objArr[0] instanceof String) || (objArr[0] instanceof Number) || (objArr[0] instanceof Boolean)) {
                    jsonValue = new JsonValue(objArr[0]);
                } else {
                    if (!(objArr[0] instanceof JsonValue)) {
                        throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("encrypt", objArr));
                    }
                    jsonValue = (JsonValue) objArr[0];
                }
                if (objArr[1] instanceof String) {
                    str = (String) objArr[1];
                } else {
                    if (objArr[0] != null) {
                        throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("encrypt", objArr));
                    }
                    str = "AES/CBC/PKCS5Padding";
                }
                if (!(objArr[2] instanceof String)) {
                    throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("encrypt", objArr));
                }
                try {
                    return cryptoService.encrypt(jsonValue, str, (String) objArr[2]);
                } catch (JsonCryptoException e) {
                    throw new InternalServerErrorException(e.getMessage(), e);
                }
            }

            /* renamed from: call, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m5call(Parameter parameter, Function function, Object[] objArr) throws ResourceException, NoSuchMethodException {
                return call(parameter, (Function<?>) function, objArr);
            }
        });
        this.openidm.put("decrypt", new Function<JsonValue>() { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.3
            static final long serialVersionUID = 1;

            public JsonValue call(Parameter parameter, Function<?> function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr.length == 1 && ((objArr[0] instanceof Map) || (objArr[0] instanceof JsonValue))) {
                    return cryptoService.decrypt(objArr[0] instanceof JsonValue ? (JsonValue) objArr[0] : new JsonValue(objArr[0]));
                }
                throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("decrypt", objArr));
            }

            /* renamed from: call, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m6call(Parameter parameter, Function function, Object[] objArr) throws ResourceException, NoSuchMethodException {
                return call(parameter, (Function<?>) function, objArr);
            }
        });
        this.openidm.put("isEncrypted", new Function<Boolean>() { // from class: org.forgerock.openidm.script.impl.ScriptRegistryService.4
            static final long serialVersionUID = 1;

            public Boolean call(Parameter parameter, Function<?> function, Object... objArr) throws ResourceException, NoSuchMethodException {
                if (objArr == null || objArr.length == 0) {
                    return false;
                }
                if (objArr.length == 1) {
                    return Boolean.valueOf(JsonCrypto.isJsonCrypto(objArr[0] instanceof JsonValue ? (JsonValue) objArr[0] : new JsonValue(objArr[0])));
                }
                throw new NoSuchMethodException(FunctionFactory.getNoSuchMethodMessage("isEncrypted", objArr));
            }

            /* renamed from: call, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ Object m7call(Parameter parameter, Function function, Object[] objArr) throws ResourceException, NoSuchMethodException {
                return call(parameter, (Function<?>) function, objArr);
            }
        });
        logger.info("Crypto functions are enabled");
    }

    protected void unbindCryptoService(CryptoService cryptoService) {
        this.openidm.remove("encrypt");
        this.openidm.remove("decrypt");
        this.openidm.remove("isEncrypted");
        logger.info("Crypto functions are disabled");
    }

    protected void bindFunction(Function function, Map map) {
        Object obj = map.get(SCRIPT_NAME);
        if ((obj instanceof String) && StringUtils.isNotBlank((String) obj) && !reservedNames.contains((String) obj)) {
            this.openidm.put((String) obj, function);
            logger.info("openidm.{} function is enabled", obj);
        }
    }

    protected void unbindFunction(Function function, Map map) {
        Object obj = map.get(SCRIPT_NAME);
        if ((obj instanceof String) && StringUtils.isNotBlank((String) obj) && !reservedNames.contains((String) obj)) {
            this.openidm.remove(obj, function);
            logger.info("openidm.{} function is disabled", obj);
        }
    }

    public ScriptEntry takeScript(JsonValue jsonValue) throws ScriptException {
        JsonValue clone = jsonValue.clone();
        if (clone.get("name").isNull()) {
            JsonValue jsonValue2 = clone.get(SOURCE_FILE);
            if (!jsonValue2.isNull()) {
                clone.put("name", jsonValue2.asString());
            }
        }
        return super.takeScript(clone);
    }

    private boolean isSourceUnit(String str) {
        return "name".equals(str) || "request-binding".equals(str) || "revision".equals(str) || "source".equals(str) || SOURCE_TYPE.equals(str) || SOURCE_VISIBILITY.equals(str) || "auto-detect".equals(str) || SOURCE_FILE.equals(str);
    }

    public void handleAction(ServerContext serverContext, ActionRequest actionRequest, ResultHandler<JsonValue> resultHandler) {
        String resourceName = actionRequest.getResourceName();
        JsonValue content = actionRequest.getContent();
        HashMap hashMap = new HashMap();
        JsonValue jsonValue = new JsonValue(new HashMap());
        if (resourceName != null) {
            try {
                if (!"".equals(resourceName)) {
                    throw new NotSupportedException("Actions are not supported for resource instances");
                }
            } catch (ResourceException e) {
                resultHandler.handleError(e);
                return;
            } catch (IllegalArgumentException e2) {
                resultHandler.handleError(new BadRequestException(e2.getMessage(), e2));
                return;
            } catch (Exception e3) {
                resultHandler.handleError(new InternalServerErrorException(e3.getMessage(), e3));
                return;
            }
        }
        for (String str : content.keys()) {
            if (isSourceUnit(str)) {
                jsonValue.put(str, content.get(str).getObject());
            } else {
                hashMap.put(str, content.get(str).getObject());
            }
        }
        ScriptEntry takeScript = takeScript(jsonValue);
        hashMap.putAll(actionRequest.getAdditionalParameters());
        switch ((Action) actionRequest.getActionAsEnum(Action.class)) {
            case eval:
                if (!takeScript.isActive()) {
                    throw new ServiceUnavailableException();
                }
                resultHandler.handleResult(new JsonValue(takeScript.getScript(serverContext).eval(new SimpleBindings(hashMap))));
                return;
            default:
                throw new BadRequestException("Unrecognized action ID " + actionRequest.getAction());
        }
    }

    public void handleQuery(ServerContext serverContext, QueryRequest queryRequest, QueryResultHandler queryResultHandler) {
        queryResultHandler.handleError(new NotSupportedException("Query operations are not supported"));
    }

    public void handleRead(ServerContext serverContext, ReadRequest readRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Read operations are not supported"));
    }

    public void handleCreate(ServerContext serverContext, CreateRequest createRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Create operations are not supported"));
    }

    public void handleDelete(ServerContext serverContext, DeleteRequest deleteRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Delete operations are not supported"));
    }

    public void handlePatch(ServerContext serverContext, PatchRequest patchRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Patch operations are not supported"));
    }

    public void handleUpdate(ServerContext serverContext, UpdateRequest updateRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Update operations are not supported"));
    }

    public void execute(ServerContext serverContext, Map<String, Object> map) throws ExecutionException {
        try {
            String str = (String) map.get("scheduler.config-name");
            JsonValue jsonValue = new JsonValue(map).get("scheduler.invokeContext");
            JsonValue clone = jsonValue.get("script").expect(Map.class).clone();
            if (clone.get("name").isNull() && !clone.get(SOURCE_FILE).isNull()) {
                clone.put("name", clone.get(SOURCE_FILE).getObject());
            }
            if (clone.isNull()) {
                throw new ExecutionException("No valid script '" + str + "' configured in schedule.");
            }
            execScript(serverContext, takeScript(clone), jsonValue.get("input"));
        } catch (ScriptException e) {
            throw new ExecutionException(e);
        } catch (ResourceException e2) {
            throw new ExecutionException(e2);
        } catch (JsonValueException e3) {
            throw new ExecutionException(e3);
        }
    }

    private void execScript(Context context, ScriptEntry scriptEntry, JsonValue jsonValue) throws ForbiddenException, InternalServerErrorException {
        if (null == scriptEntry || !scriptEntry.isActive()) {
            return;
        }
        Script script = scriptEntry.getScript(context);
        script.put("object", jsonValue.getObject());
        try {
            script.eval();
        } catch (ScriptException e) {
            throw new InternalServerErrorException("script encountered exception", e);
        } catch (ScriptThrownException e2) {
            throw new ForbiddenException(e2.getValue().toString());
        }
    }

    static {
        HashSet hashSet = new HashSet(15);
        hashSet.add("create");
        hashSet.add("read");
        hashSet.add("update");
        hashSet.add("patch");
        hashSet.add("query");
        hashSet.add("delete");
        hashSet.add("action");
        hashSet.add("encrypt");
        hashSet.add("decrypt");
        hashSet.add("isEncrypted");
        for (IdentityServerFunctions identityServerFunctions : IdentityServerFunctions.values()) {
            hashSet.add(identityServerFunctions.name());
        }
        reservedNames = Collections.unmodifiableSet(hashSet);
        logger = LoggerFactory.getLogger(ScriptRegistryService.class);
        propertiesCache = new ConcurrentHashMap();
    }
}
