package com.evolveum.midpoint.rest.impl;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.audit.api.AuditService;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.model.impl.security.SecurityHelper;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.common.SystemObjectCache;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConcurrencyException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.TunnelException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType;
import java.net.URI;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/evolveum/midpoint/rest/impl/AbstractRestController.class */
public class AbstractRestController {

    @Autowired
    protected AuditService auditService;

    @Autowired
    protected SecurityHelper securityHelper;

    @Autowired
    protected TaskManager taskManager;

    @Autowired
    protected PrismContext prismContext;

    @Autowired
    private SystemObjectCache systemObjectCache;
    protected final Trace logger = TraceManager.getTrace(getClass());
    private final String opNamePrefix = getClass().getName() + ".";
    private final String[] requestMappingPaths = getClass().getAnnotation(RequestMapping.class).value();

    /* JADX INFO: Access modifiers changed from: protected */
    public Task initRequest() {
        Task createTaskInstance = this.taskManager.createTaskInstance(this.opNamePrefix + "restService");
        createTaskInstance.setChannel(SchemaConstants.CHANNEL_REST_URI);
        PrismObject<? extends FocusType> principalObject = getPrincipalObject();
        if (principalObject != null) {
            createTaskInstance.setOwner(principalObject);
        }
        createTaskInstance.getResult().setPropagateHandledErrorAsSuccess(false);
        return createTaskInstance;
    }

    private PrismObject<? extends FocusType> getPrincipalObject() {
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (principal instanceof MidPointPrincipal) {
            return ((MidPointPrincipal) principal).getFocus().asPrismObject();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OperationResult createSubresult(Task task, String str) {
        return task.getResult().createSubresult(this.opNamePrefix + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> createResponse(HttpStatus httpStatus, OperationResult operationResult) {
        return createResponse(httpStatus, null, operationResult, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> ResponseEntity<?> createResponse(HttpStatus httpStatus, T t, OperationResult operationResult) {
        return createResponse(httpStatus, t, operationResult, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> ResponseEntity<?> createResponse(HttpStatus httpStatus, T t, OperationResult operationResult, boolean z) {
        return createResponse(httpStatus, t, operationResult, z, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> ResponseEntity<?> createResponse(HttpStatus httpStatus, T t, OperationResult operationResult, boolean z, HttpHeaders httpHeaders) {
        operationResult.computeStatusIfUnknown();
        if (operationResult.isPartialError()) {
            return createBody(ResponseEntity.status(250), z, t, operationResult);
        }
        if (operationResult.isHandledError()) {
            return createBody(ResponseEntity.status(240), z, t, operationResult);
        }
        ResponseEntity.BodyBuilder status = ResponseEntity.status(httpStatus);
        if (httpHeaders != null && !httpHeaders.isEmpty()) {
            status.headers(httpHeaders);
        }
        return status.body(t);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> createResponseWithLocation(HttpStatus httpStatus, URI uri, OperationResult operationResult) {
        operationResult.computeStatusIfUnknown();
        return operationResult.isPartialError() ? ResponseEntity.status(250).location(uri).body(operationResult) : operationResult.isHandledError() ? ResponseEntity.status(240).location(uri).body(operationResult) : uri == null ? ResponseEntity.status(httpStatus).build() : ResponseEntity.status(httpStatus).location(uri).build();
    }

    protected <T> ResponseEntity<?> createBody(ResponseEntity.BodyBuilder bodyBuilder, boolean z, T t, OperationResult operationResult) {
        return z ? bodyBuilder.body(t) : bodyBuilder.body(operationResult);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> handleException(OperationResult operationResult, Throwable th) {
        Trace trace = this.logger;
        Object[] objArr = new Object[1];
        objArr[0] = operationResult != null ? operationResult.getOperation() : "(null)";
        LoggingUtils.logUnexpectedException(trace, "Got exception while servicing REST request: {}", th, objArr);
        return handleExceptionNoLog(operationResult, th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> handleException(Throwable th) {
        LoggingUtils.logUnexpectedException(this.logger, "Got exception while servicing REST request", th, new Object[0]);
        return handleExceptionNoLog(null, th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> handleExceptionNoLog(@Nullable OperationResult operationResult, Throwable th) {
        if (operationResult != null) {
            if (operationResult.isEmpty()) {
                operationResult.recordFatalError("Unknown exception occurred", th);
            } else {
                operationResult.computeStatus();
            }
        }
        return createErrorResponseBuilder(operationResult, th);
    }

    protected ResponseEntity<?> createErrorResponseBuilder(OperationResult operationResult, Throwable th) {
        return ((th instanceof ObjectNotFoundException) || (th.getMessage() != null && th.getMessage().contains("Cannot convert OID"))) ? createErrorResponseBuilder(HttpStatus.NOT_FOUND, operationResult) : ((th instanceof CommunicationException) || (th instanceof TunnelException)) ? createErrorResponseBuilder(HttpStatus.GATEWAY_TIMEOUT, operationResult) : th instanceof SecurityViolationException ? createErrorResponseBuilder(HttpStatus.FORBIDDEN, operationResult) : th instanceof ConfigurationException ? createErrorResponseBuilder(HttpStatus.BAD_GATEWAY, operationResult) : ((th instanceof ExpressionEvaluationException) || (th instanceof IllegalArgumentException)) ? createErrorResponseBuilder(HttpStatus.BAD_REQUEST, operationResult) : ((th instanceof PolicyViolationException) || (th instanceof ObjectAlreadyExistsException) || (th instanceof ConcurrencyException)) ? createErrorResponseBuilder(HttpStatus.CONFLICT, operationResult) : createErrorResponseBuilder(HttpStatus.INTERNAL_SERVER_ERROR, operationResult);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseEntity<?> createErrorResponseBuilder(HttpStatus httpStatus, OperationResult operationResult) {
        OperationResultType operationResultType;
        if (operationResult != null) {
            operationResult.computeStatusIfUnknown();
            operationResultType = operationResult.createOperationResultType();
        } else {
            operationResultType = null;
        }
        return ResponseEntity.status(httpStatus).body(operationResultType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finishRequest(Task task, OperationResult operationResult) {
        try {
            auditLogout(task, operationResult);
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            throw th;
        }
    }

    private void auditLogout(Task task, OperationResult operationResult) {
        String str;
        PrismObject prismObject;
        if (isAuditingSkipped(operationResult)) {
            return;
        }
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Object principal = authentication.getPrincipal();
        if (principal instanceof MidPointPrincipal) {
            str = ((MidPointPrincipal) principal).getUsername();
            prismObject = ((MidPointPrincipal) principal).getFocus().asPrismObject();
        } else {
            str = null;
            prismObject = null;
        }
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
        auditEventRecord.setInitiator(prismObject);
        auditEventRecord.setParameter(str);
        auditEventRecord.setChannel(SchemaConstants.CHANNEL_REST_URI);
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        auditEventRecord.setOutcome(OperationResultStatus.SUCCESS);
        if (authentication instanceof MidpointAuthentication) {
            auditEventRecord.setSessionIdentifier(authentication.getSessionId());
        }
        this.auditService.audit(auditEventRecord, task, operationResult);
    }

    private boolean isAuditingSkipped(OperationResult operationResult) {
        try {
            return !SecurityUtil.isAuditedLoginAndLogout(this.systemObjectCache.getSystemConfiguration(operationResult).asObjectable(), SchemaConstants.CHANNEL_REST_URI);
        } catch (SchemaException e) {
            this.logger.error("Couldn't get system configuration from cache, skipping REST logout auditing", e);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String controllerBasePath() {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            String servletPath = requestAttributes.getRequest().getServletPath();
            for (String str : this.requestMappingPaths) {
                if (servletPath.startsWith(str)) {
                    return str;
                }
            }
        }
        throw new NullPointerException("Base controller URL could not be determined.");
    }
}
