package org.cloudfoundry.identity.uaa.scim;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.util.ObjectUtils;
import org.cloudfoundry.identity.uaa.web.ExceptionReport;
import org.cloudfoundry.identity.uaa.web.ExceptionReportHttpMessageConverter;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.NestedServletException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.3.0.2.jar:org/cloudfoundry/identity/uaa/scim/DisableUserManagementSecurityFilter.class */
public class DisableUserManagementSecurityFilter extends OncePerRequestFilter {
    public static final String INTERNAL_USER_CREATION_IS_CURRENTLY_DISABLED = "Internal User Creation is currently disabled. External User Store is in use.";
    private final IdentityProviderProvisioning identityProviderProvisioning;
    private static String regex1;
    private Pattern pattern1 = Pattern.compile(regex1);
    private List<String> methods1 = Arrays.asList("GET", "POST", "PUT", "DELETE");

    public DisableUserManagementSecurityFilter(IdentityProviderProvisioning identityProviderProvisioning) {
        this.identityProviderProvisioning = identityProviderProvisioning;
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, org.springframework.web.util.NestedServletException] */
    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            if (matches(httpServletRequest)) {
                boolean z = false;
                UaaIdentityProviderDefinition uaaIdentityProviderDefinition = (UaaIdentityProviderDefinition) ObjectUtils.castInstance(this.identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()).getConfig(), UaaIdentityProviderDefinition.class);
                if (uaaIdentityProviderDefinition != null) {
                    z = uaaIdentityProviderDefinition.isDisableInternalUserManagement();
                }
                if (z) {
                    throw new InternalUserManagementDisabledException(INTERNAL_USER_CREATION_IS_CURRENTLY_DISABLED);
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (InternalUserManagementDisabledException e) {
            handleInternalUserManagementDisabledException(httpServletResponse, e);
        } catch (NestedServletException e2) {
            if (!(e2.getRootCause() instanceof InternalUserManagementDisabledException)) {
                throw e2;
            }
            handleInternalUserManagementDisabledException(httpServletResponse, (InternalUserManagementDisabledException) e2.getRootCause());
        }
    }

    private void handleInternalUserManagementDisabledException(HttpServletResponse httpServletResponse, InternalUserManagementDisabledException internalUserManagementDisabledException) throws IOException {
        ExceptionReportHttpMessageConverter exceptionReportHttpMessageConverter = new ExceptionReportHttpMessageConverter();
        httpServletResponse.setStatus(403);
        exceptionReportHttpMessageConverter.write(new ExceptionReport(internalUserManagementDisabledException), MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
    }

    private boolean matches(HttpServletRequest httpServletRequest) {
        return this.pattern1.matcher(getUri(httpServletRequest)).matches() && this.methods1.contains(httpServletRequest.getMethod());
    }

    private String getUri(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getContextPath() == null || httpServletRequest.getContextPath().length() <= 0) ? httpServletRequest.getRequestURI() : httpServletRequest.getServletPath();
    }

    static {
        regex1 = "";
        regex1 = "^/Users/.*/password";
        regex1 += "|^/Users/.*/verify";
        regex1 += "|^/create_account";
        regex1 += "|^/create_account.do";
        regex1 += "|^/accounts/email_sent";
        regex1 += "|^/verify_user";
        regex1 += "|^/change_email";
        regex1 += "|^/change_email.do";
        regex1 += "|^/verify_email";
        regex1 += "|^/change_password";
        regex1 += "|^/change_password.do";
        regex1 += "|^/forgot_password";
        regex1 += "|^/forgot_password.do";
        regex1 += "|^/email_sent";
        regex1 += "|^/reset_password";
        regex1 += "|^/reset_password.do";
    }
}
