package edu.internet2.middleware.grouper.ws.scim.membership;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.exception.MemberAddException;
import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
import edu.internet2.middleware.grouper.membership.MembershipResult;
import edu.internet2.middleware.grouper.ws.scim.TierFilter;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.provider.SubjectTypeEnum;
import edu.psu.swe.scim.server.exception.UnableToCreateResourceException;
import edu.psu.swe.scim.server.exception.UnableToDeleteResourceException;
import edu.psu.swe.scim.server.exception.UnableToRetrieveExtensionsException;
import edu.psu.swe.scim.server.exception.UnableToRetrieveResourceException;
import edu.psu.swe.scim.server.exception.UnableToUpdateResourceException;
import edu.psu.swe.scim.server.provider.Provider;
import edu.psu.swe.scim.server.provider.UpdateRequest;
import edu.psu.swe.scim.spec.protocol.filter.AttributeComparisonExpression;
import edu.psu.swe.scim.spec.protocol.filter.CompareOperator;
import edu.psu.swe.scim.spec.protocol.filter.FilterResponse;
import edu.psu.swe.scim.spec.protocol.filter.LogicalExpression;
import edu.psu.swe.scim.spec.protocol.filter.LogicalOperator;
import edu.psu.swe.scim.spec.protocol.search.Filter;
import edu.psu.swe.scim.spec.protocol.search.PageRequest;
import edu.psu.swe.scim.spec.protocol.search.SortRequest;
import edu.psu.swe.scim.spec.resources.ScimExtension;
import edu.psu.swe.scim.spec.resources.ScimResource;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

@ApplicationScoped
@Named
/* loaded from: input_file:edu/internet2/middleware/grouper/ws/scim/membership/TierMembershipService.class */
public class TierMembershipService implements Provider<MembershipResource> {
    private static final Log LOG = LogFactory.getLog(TierMembershipService.class);

    public MembershipResource create(MembershipResource membershipResource) throws UnableToCreateResourceException {
        LOG.info("Starting to create a membership: " + membershipResource);
        try {
            try {
                GrouperSession start = GrouperSession.start(TierFilter.retrieveSubjectFromRemoteUser());
                Group group = null;
                if (membershipResource.getOwner() == null || membershipResource.getMember() == null) {
                    throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "owner or member propery is missing in the request body.");
                }
                OwnerGroup owner = membershipResource.getOwner();
                if (StringUtils.isNotBlank(owner.getValue())) {
                    group = GroupFinder.findByUuid(start, owner.getValue(), false);
                    if (group == null) {
                        throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Group with uuid value " + owner.getValue() + " doesn't exist.");
                    }
                }
                if (group == null && StringUtils.isNotBlank(owner.getSystemName())) {
                    group = GroupFinder.findByName(start, owner.getSystemName(), false);
                    if (group == null) {
                        throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Group with systemName " + owner.getSystemName() + " doesn't exist.");
                    }
                }
                if (group == null && owner.getIdIndex() != null) {
                    group = GroupFinder.findByIdIndexSecure(owner.getIdIndex(), false, new QueryOptions());
                    if (group == null) {
                        throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Group with idIndex " + owner.getIdIndex() + " doesn't exist.");
                    }
                }
                if (group == null) {
                    throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Please provide correct uuid value or system name or idIndex for the group.");
                }
                Subject findByIdOrIdentifier = SubjectFinder.findByIdOrIdentifier(membershipResource.getMember().getValue(), false);
                if (findByIdOrIdentifier == null) {
                    throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Group or Member with id " + membershipResource.getMember().getValue() + " doesn't exist.");
                }
                if (!group.addMember(findByIdOrIdentifier, false)) {
                    throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Member already exists.");
                }
                Membership immediateMembership = group.getImmediateMembership(Group.getDefaultList(), findByIdOrIdentifier, true, true);
                boolean z = false;
                if (membershipResource.getDisabledTime() != null) {
                    immediateMembership.setDisabledTime(Timestamp.valueOf(membershipResource.getDisabledTime()));
                    z = true;
                }
                if (membershipResource.getEnabledTime() != null) {
                    immediateMembership.setEnabledTime(Timestamp.valueOf(membershipResource.getEnabledTime()));
                    z = true;
                }
                if (z) {
                    immediateMembership.update();
                }
                MembershipResource buildMembershipResourceFromMembership = buildMembershipResourceFromMembership(immediateMembership);
                GrouperSession.stopQuietly(start);
                return buildMembershipResourceFromMembership;
            } catch (MemberAddException e) {
                throw new UnableToCreateResourceException(Response.Status.BAD_REQUEST, "Please fix the request and try again.");
            } catch (InsufficientPrivilegeException e2) {
                throw new UnableToCreateResourceException(Response.Status.FORBIDDEN, "User doesn't have sufficient priviliges.");
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly((GrouperSession) null);
            throw th;
        }
    }

    public MembershipResource update(UpdateRequest<MembershipResource> updateRequest) throws UnableToUpdateResourceException {
        LOG.info("Starting to update a membership with id: " + ((MembershipResource) updateRequest.getOriginal()).getId());
        try {
            try {
                GrouperSession start = GrouperSession.start(TierFilter.retrieveSubjectFromRemoteUser());
                MembershipResource membershipResource = (MembershipResource) updateRequest.getOriginal();
                MembershipResource membershipResource2 = (MembershipResource) updateRequest.getResource();
                Membership findByUuid = MembershipFinder.findByUuid(start, membershipResource.getId(), false, false);
                if (findByUuid == null) {
                    throw new UnableToUpdateResourceException(Response.Status.NOT_FOUND, "Membership with id " + membershipResource.getId() + " doesn't exist.");
                }
                boolean z = false;
                if (membershipResource2.getDisabledTime() != null) {
                    findByUuid.setDisabledTime(Timestamp.valueOf(membershipResource2.getDisabledTime()));
                    z = true;
                }
                if (membershipResource2.getEnabledTime() != null) {
                    findByUuid.setEnabledTime(Timestamp.valueOf(membershipResource2.getEnabledTime()));
                    z = true;
                }
                if (z) {
                    findByUuid.update();
                }
                MembershipResource buildMembershipResourceFromMembership = buildMembershipResourceFromMembership(findByUuid);
                GrouperSession.stopQuietly(start);
                return buildMembershipResourceFromMembership;
            } catch (InsufficientPrivilegeException e) {
                throw new UnableToUpdateResourceException(Response.Status.FORBIDDEN, "User doesn't have sufficient priviliges.");
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly((GrouperSession) null);
            throw th;
        }
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public MembershipResource m7get(String str) throws UnableToRetrieveResourceException {
        LOG.info("Starting to retrieve a membership with id: " + str);
        try {
            try {
                GrouperSession start = GrouperSession.start(TierFilter.retrieveSubjectFromRemoteUser());
                Membership findByUuid = MembershipFinder.findByUuid(start, str, false, false);
                if (findByUuid == null) {
                    throw new UnableToRetrieveResourceException(Response.Status.NOT_FOUND, "Membership with id " + str + " doesn't exist.");
                }
                MembershipResource buildMembershipResourceFromMembership = buildMembershipResourceFromMembership(findByUuid);
                GrouperSession.stopQuietly(start);
                return buildMembershipResourceFromMembership;
            } catch (InsufficientPrivilegeException e) {
                throw new UnableToRetrieveResourceException(Response.Status.FORBIDDEN, "User doesn't have sufficient priviliges.");
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly((GrouperSession) null);
            throw th;
        }
    }

    private MembershipResource buildMembershipResourceFromMembership(Membership membership) {
        MembershipResource membershipResource = new MembershipResource();
        membershipResource.setId(membership.getUuid());
        if (membership.isImmediate()) {
            membershipResource.setEnabled(Boolean.valueOf(membership.isEnabled()));
            membershipResource.setDisabledTime(membership.getDisabledTime() != null ? membership.getDisabledTime().toLocalDateTime() : null);
            membershipResource.setEnabledTime(membership.getEnabledTime() != null ? membership.getEnabledTime().toLocalDateTime() : null);
        } else {
            membershipResource.setEnabled(null);
            membershipResource.setDisabledTime(null);
            membershipResource.setEnabledTime(null);
        }
        membershipResource.setMembershipType(membership.isImmediate() ? "immediate" : "effective");
        Member member = new Member();
        Subject subject = membership.getMember().getSubject();
        member.setValue(subject.getId());
        member.setDisplay(subject.getName());
        if (subject.getTypeName().equalsIgnoreCase(SubjectTypeEnum.PERSON.getName())) {
            member.setRef("../Users/" + subject.getId());
        } else {
            member.setRef("../Groups/" + subject.getId());
        }
        membershipResource.setMember(member);
        Group ownerGroup = membership.getOwnerGroup();
        OwnerGroup ownerGroup2 = new OwnerGroup();
        ownerGroup2.setDisplay(ownerGroup.getDisplayName());
        ownerGroup2.setRef("../Groups/" + ownerGroup.getUuid());
        ownerGroup2.setSystemName(ownerGroup.getName());
        ownerGroup2.setValue(ownerGroup.getUuid());
        membershipResource.setOwner(ownerGroup2);
        return membershipResource;
    }

    private void buildMembershipFinder(String str, String str2, MembershipFinder membershipFinder, GrouperSession grouperSession) throws IllegalArgumentException {
        String lowerCase = str.toLowerCase();
        if (lowerCase.equals("groupid")) {
            Group findByUuid = GroupFinder.findByUuid(grouperSession, str2, false);
            if (findByUuid == null) {
                throw new IllegalArgumentException("Group with id/uuid " + str2 + " cannot be found.");
            }
            membershipFinder.addGroup(findByUuid);
            return;
        }
        if (lowerCase.equals("groupname")) {
            Group findByName = GroupFinder.findByName(grouperSession, str2, false);
            if (findByName == null) {
                throw new IllegalArgumentException("Group with name " + str2 + " cannot be found.");
            }
            membershipFinder.addGroup(findByName);
            return;
        }
        if (lowerCase.equals("groupidindex")) {
            if (!org.apache.commons.lang3.StringUtils.isNumeric(str2)) {
                throw new IllegalArgumentException("Group idIndex can only be a numeric value.");
            }
            Group findByIdIndexSecure = GroupFinder.findByIdIndexSecure(Long.valueOf(str2), false, new QueryOptions());
            if (findByIdIndexSecure == null) {
                throw new IllegalArgumentException("Group with idIndex " + str2 + " cannot be found.");
            }
            membershipFinder.addGroup(findByIdIndexSecure);
            return;
        }
        if (lowerCase.equals("subjectid")) {
            Subject findById = SubjectFinder.findById(str2, false);
            if (findById == null) {
                throw new IllegalArgumentException("Subject with id " + str2 + " cannot be found.");
            }
            membershipFinder.addSubject(findById);
            return;
        }
        if (!lowerCase.equals("subjectidentifier")) {
            throw new IllegalArgumentException("Invalid attribute name " + lowerCase + " provided.");
        }
        Subject findByIdentifier = SubjectFinder.findByIdentifier(str2, false);
        if (findByIdentifier == null) {
            throw new IllegalArgumentException("Subject with identifier " + str2 + " cannot be found.");
        }
        membershipFinder.addSubject(findByIdentifier);
    }

    public FilterResponse<MembershipResource> find(Filter filter, PageRequest pageRequest, SortRequest sortRequest) throws UnableToRetrieveResourceException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("groupid");
        arrayList.add("groupname");
        arrayList.add("groupidindex");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("subjectid");
        arrayList2.add("subjectidentifier");
        FilterResponse<MembershipResource> filterResponse = new FilterResponse<>();
        MembershipFinder membershipFinder = new MembershipFinder();
        try {
            try {
                GrouperSession start = GrouperSession.start(TierFilter.retrieveSubjectFromRemoteUser());
                if (filter == null) {
                    throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Must pass in group and/or subject");
                }
                AttributeComparisonExpression expression = filter.getExpression();
                if (expression instanceof AttributeComparisonExpression) {
                    AttributeComparisonExpression attributeComparisonExpression = expression;
                    String fullAttributeName = attributeComparisonExpression.getAttributePath().getFullAttributeName();
                    String obj = attributeComparisonExpression.getCompareValue().toString();
                    if (attributeComparisonExpression.getOperation() != CompareOperator.EQ) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "only eq comparison operator is allowed.");
                    }
                    buildMembershipFinder(fullAttributeName, obj, membershipFinder, start);
                } else {
                    if (!(expression instanceof LogicalExpression)) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "only attribute comparison and logical expressions are allowed.");
                    }
                    LogicalExpression logicalExpression = (LogicalExpression) expression;
                    AttributeComparisonExpression left = logicalExpression.getLeft();
                    AttributeComparisonExpression right = logicalExpression.getRight();
                    LogicalOperator operator = logicalExpression.getOperator();
                    if (!(left instanceof AttributeComparisonExpression) || !(right instanceof AttributeComparisonExpression)) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Only one level deep logical expression is allowed.");
                    }
                    AttributeComparisonExpression attributeComparisonExpression2 = left;
                    AttributeComparisonExpression attributeComparisonExpression3 = right;
                    String fullAttributeName2 = attributeComparisonExpression2.getAttributePath().getFullAttributeName();
                    String obj2 = attributeComparisonExpression2.getCompareValue().toString();
                    CompareOperator operation = attributeComparisonExpression2.getOperation();
                    String fullAttributeName3 = attributeComparisonExpression3.getAttributePath().getFullAttributeName();
                    String obj3 = attributeComparisonExpression3.getCompareValue().toString();
                    CompareOperator operation2 = attributeComparisonExpression3.getOperation();
                    if (arrayList.contains(fullAttributeName2.toLowerCase()) && arrayList.contains(fullAttributeName3.toLowerCase())) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Left and right attributes cannot be same type.");
                    }
                    if (arrayList2.contains(fullAttributeName2.toLowerCase()) && arrayList2.contains(fullAttributeName3.toLowerCase())) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Left and right attributes cannot be same type.");
                    }
                    if (operation != CompareOperator.EQ || operation2 != CompareOperator.EQ) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Only eq operator is allowed.");
                    }
                    if (operator != LogicalOperator.AND) {
                        throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, "Only AND logical operator is allowed.");
                    }
                    buildMembershipFinder(fullAttributeName2, obj2, membershipFinder, start);
                    buildMembershipFinder(fullAttributeName3, obj3, membershipFinder, start);
                }
                MembershipResult findMembershipResult = membershipFinder.findMembershipResult();
                ArrayList arrayList3 = new ArrayList();
                findMembershipResult.getMembershipsOwnersMembers().forEach(objArr -> {
                    arrayList3.add(buildMembershipResourceFromMembership((Membership) objArr[0]));
                });
                filterResponse.setResources(arrayList3);
                PageRequest pageRequest2 = new PageRequest();
                pageRequest2.setCount(Integer.valueOf(arrayList3.size()));
                pageRequest2.setStartIndex(0);
                filterResponse.setPageRequest(pageRequest2);
                filterResponse.setTotalResults(arrayList3.size());
                GrouperSession.stopQuietly(start);
                return filterResponse;
            } catch (IllegalArgumentException e) {
                throw new UnableToRetrieveResourceException(Response.Status.BAD_REQUEST, e.getMessage());
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly((GrouperSession) null);
            throw th;
        }
    }

    public void delete(String str) throws UnableToDeleteResourceException {
        LOG.info("Starting to delete membership with id: " + str);
        try {
            try {
                GrouperSession start = GrouperSession.start(TierFilter.retrieveSubjectFromRemoteUser());
                Membership findByUuid = MembershipFinder.findByUuid(start, str, false, false);
                if (findByUuid == null) {
                    throw new UnableToDeleteResourceException(Response.Status.NOT_FOUND, "Membership with id " + str + " doesn't exist.");
                }
                findByUuid.delete();
                GrouperSession.stopQuietly(start);
            } catch (InsufficientPrivilegeException e) {
                throw new UnableToDeleteResourceException(Response.Status.FORBIDDEN, "User doesn't have sufficient priviliges.");
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly((GrouperSession) null);
            throw th;
        }
    }

    public List<Class<? extends ScimExtension>> getExtensionList() throws UnableToRetrieveExtensionsException {
        return Collections.emptyList();
    }

    /* renamed from: update, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ ScimResource m8update(UpdateRequest updateRequest) throws UnableToUpdateResourceException {
        return update((UpdateRequest<MembershipResource>) updateRequest);
    }
}
