package org.cloudfoundry.identity.uaa.scim.endpoints;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.rest.SearchResults;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.servlet.View;

@Controller
/* loaded from: input_file:org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.class */
public class UserIdConversionEndpoints implements InitializingBean {
    private ScimUserEndpoints scimUserEndpoints;
    private final Log logger = LogFactory.getLog(getClass());
    private SecurityContextAccessor securityContextAccessor = new DefaultSecurityContextAccessor();
    private boolean enabled = true;
    private Set<Pattern> patterns = new HashSet();

    public UserIdConversionEndpoints() {
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) eq (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) co (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) sw (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) gt (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) ge (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) lt (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("(.*?)([a-z0-9]*) le (.*?)([\\s]*.*)", 2));
        this.patterns.add(Pattern.compile("pr (.*?)([a-z0-9]*)([\\s]*.*)", 2));
    }

    void setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor) {
        this.securityContextAccessor = securityContextAccessor;
    }

    public void setScimUserEndpoints(ScimUserEndpoints scimUserEndpoints) {
        this.scimUserEndpoints = scimUserEndpoints;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    @RequestMapping(value = {"/ids/Users"}, method = {RequestMethod.GET})
    @ResponseBody
    public SearchResults<?> findUsers(@RequestParam(required = true, defaultValue = "") String str, @RequestParam(required = false, defaultValue = "ascending") String str2, @RequestParam(required = false, defaultValue = "1") int i, @RequestParam(required = false, defaultValue = "100") int i2) {
        if (!this.enabled) {
            this.logger.warn("Request from user " + this.securityContextAccessor.getAuthenticationInfo() + " received at disabled Id translation endpoint with filter:" + str);
            throw new UnsupportedOperationException();
        }
        String trim = str.trim();
        checkFilter(trim);
        return this.scimUserEndpoints.findUsers("id,userName", trim, "userName", str2, i, i2);
    }

    @ExceptionHandler
    public View handleException(Exception exc, HttpServletRequest httpServletRequest) throws ScimException {
        return this.scimUserEndpoints.handleException(exc, httpServletRequest);
    }

    @ExceptionHandler({UnsupportedOperationException.class})
    @ResponseStatus(HttpStatus.NOT_FOUND)
    public void handleException() {
    }

    private void checkFilter(String str) {
        if (str.isEmpty()) {
            throw new ScimException("a 'filter' parameter is required", HttpStatus.BAD_REQUEST);
        }
        String lowerCase = str.toLowerCase();
        if (lowerCase.contains("groups.")) {
            throw new ScimException("Invalid filter expression: [" + str + "] (no group filters allowed on /ids/Users)", HttpStatus.BAD_REQUEST);
        }
        Iterator<Pattern> it = this.patterns.iterator();
        while (it.hasNext()) {
            Matcher matcher = it.next().matcher(lowerCase);
            if (matcher.matches()) {
                String group = matcher.group(2);
                if (!"username".equals(group) && !"id".equals(group)) {
                    throw new ScimException("Invalid filter expression: [" + str + "] (no " + group + " filters allowed on /ids/Users)", HttpStatus.BAD_REQUEST);
                }
            }
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.scimUserEndpoints, "ScimUserEndpoints must be set");
    }
}
