package org.cloudfoundry.identity.uaa.scim.endpoints;

import com.jayway.jsonpath.JsonPathException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.xalan.templates.Constants;
import org.cloudfoundry.identity.uaa.resources.SearchResults;
import org.cloudfoundry.identity.uaa.resources.SearchResultsFactory;
import org.cloudfoundry.identity.uaa.resources.SimpleAttributeNameMapper;
import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter;
import org.cloudfoundry.identity.uaa.scim.ScimCore;
import org.cloudfoundry.identity.uaa.scim.ScimGroup;
import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException;
import org.cloudfoundry.identity.uaa.scim.exception.MemberAlreadyExistsException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupExternalMembershipManager;
import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.cloudfoundry.identity.uaa.util.UaaPagingUtils;
import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView;
import org.cloudfoundry.identity.uaa.web.ExceptionReport;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.ZoneManagementScopes;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.View;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.12.4.jar:org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.class */
public class ScimGroupEndpoints {
    public static final String E_TAG = "ETag";
    private final ScimGroupProvisioning dao;
    private ScimGroupMembershipManager membershipManager;
    private JdbcScimGroupExternalMembershipManager externalMembershipManager;
    private Map<Class<? extends Exception>, HttpStatus> statuses = new HashMap();
    private HttpMessageConverter<?>[] messageConverters = (HttpMessageConverter[]) new RestTemplate().getMessageConverters().toArray(new HttpMessageConverter[0]);
    private final Log logger = LogFactory.getLog(getClass());
    private SecurityContextAccessor securityContextAccessor = new DefaultSecurityContextAccessor();
    private int groupMaxCount;

    public void setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor) {
        this.securityContextAccessor = securityContextAccessor;
    }

    public void setStatuses(Map<Class<? extends Exception>, HttpStatus> map) {
        this.statuses = map;
    }

    public void setMessageConverters(HttpMessageConverter<?>[] httpMessageConverterArr) {
        this.messageConverters = httpMessageConverterArr;
    }

    public JdbcScimGroupExternalMembershipManager getExternalMembershipManager() {
        return this.externalMembershipManager;
    }

    public void setExternalMembershipManager(JdbcScimGroupExternalMembershipManager jdbcScimGroupExternalMembershipManager) {
        this.externalMembershipManager = jdbcScimGroupExternalMembershipManager;
    }

    public ScimGroupEndpoints(ScimGroupProvisioning scimGroupProvisioning, ScimGroupMembershipManager scimGroupMembershipManager) {
        this.dao = scimGroupProvisioning;
        this.membershipManager = scimGroupMembershipManager;
    }

    private boolean isMember(ScimGroup scimGroup, String str) {
        if (null == str) {
            return true;
        }
        Iterator<ScimGroupMember> it = scimGroup.getMembers().iterator();
        while (it.hasNext()) {
            if (it.next().getMemberId().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private List<ScimGroup> filterForCurrentUser(List<ScimGroup> list, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        int min = Math.min(i2, list.size());
        boolean z = arrayList.size() < min;
        while (z && i <= list.size()) {
            for (ScimGroup scimGroup : UaaPagingUtils.subList(list, i, i2)) {
                scimGroup.setMembers(this.membershipManager.getMembers(scimGroup.getId(), false, IdentityZoneHolder.get().getId()));
                arrayList.add(scimGroup);
                z = arrayList.size() < min;
                if (!z) {
                    break;
                }
            }
            i += i2;
        }
        return arrayList;
    }

    @RequestMapping(value = {"/Groups"}, method = {RequestMethod.GET})
    @ResponseBody
    public SearchResults<?> listGroups(@RequestParam(value = "attributes", required = false) String str, @RequestParam(required = false, defaultValue = "id pr") String str2, @RequestParam(required = false, defaultValue = "created") String str3, @RequestParam(required = false, defaultValue = "ascending") String str4, @RequestParam(required = false, defaultValue = "1") int i, @RequestParam(required = false, defaultValue = "100") int i2) {
        if (i2 > this.groupMaxCount) {
            i2 = this.groupMaxCount;
        }
        try {
            List<ScimGroup> query = this.dao.query(str2, str3, Constants.ATTRVAL_ORDER_ASCENDING.equalsIgnoreCase(str4), IdentityZoneHolder.get().getId());
            List<ScimGroup> filterForCurrentUser = filterForCurrentUser(query, i, i2);
            if (!StringUtils.hasLength(str)) {
                return new SearchResults<>(Arrays.asList(ScimCore.SCHEMAS), filterForCurrentUser, i, i2, query.size());
            }
            try {
                return SearchResultsFactory.buildSearchResultFrom(filterForCurrentUser, i, i2, query.size(), str.split(","), new SimpleAttributeNameMapper(Collections.emptyMap()), Arrays.asList(ScimCore.SCHEMAS));
            } catch (JsonPathException e) {
                throw new ScimException("Invalid attributes: [" + str + "]", HttpStatus.BAD_REQUEST);
            }
        } catch (IllegalArgumentException e2) {
            throw new ScimException("Invalid filter expression: [" + str2 + "]", HttpStatus.BAD_REQUEST);
        }
    }

    @RequestMapping(value = {"/Groups/External/list"}, method = {RequestMethod.GET})
    @ResponseBody
    @Deprecated
    public SearchResults<?> listExternalGroups(@RequestParam(required = false, defaultValue = "1") int i, @RequestParam(required = false, defaultValue = "100") int i2, @RequestParam(required = false, defaultValue = "") String str) {
        return getExternalGroups(i, i2, str, "", "");
    }

    @RequestMapping(value = {"/Groups/External"}, method = {RequestMethod.GET})
    @ResponseBody
    public SearchResults<?> getExternalGroups(@RequestParam(required = false, defaultValue = "1") int i, @RequestParam(required = false, defaultValue = "100") int i2, @RequestParam(required = false, defaultValue = "") String str, @RequestParam(required = false, defaultValue = "") String str2, @RequestParam(required = false, defaultValue = "") String str3) {
        if (StringUtils.hasText(str)) {
            if (StringUtils.hasText(str2) || StringUtils.hasText(str3)) {
                throw new ScimException("Deprecated filter parameter may not be used in conjunction with origin or externalGroup parameters", HttpStatus.BAD_REQUEST);
            }
            try {
                MultiValueMap<String, Object> filterValues = new SimpleSearchQueryConverter().getFilterValues(str, Arrays.asList("origin", "externalgroup"));
                str2 = Optional.ofNullable(filterValues.getFirst("origin")).orElse(str2).toString();
                str3 = Optional.ofNullable(filterValues.getFirst("externalGroup")).orElse(str3).toString();
            } catch (IllegalArgumentException e) {
                throw new ScimException("Filter not supported, please use origin and externalGroup parameters", e, HttpStatus.BAD_REQUEST);
            }
        }
        try {
            ArrayList arrayList = new ArrayList(this.externalMembershipManager.getExternalGroupMappings(IdentityZoneHolder.get().getId()));
            String str4 = str2;
            String str5 = str3;
            arrayList.removeIf(scimGroupExternalMember -> {
                return StringUtils.hasText(str4) && !scimGroupExternalMember.getOrigin().equals(str4);
            });
            arrayList.removeIf(scimGroupExternalMember2 -> {
                return StringUtils.hasText(str5) && !scimGroupExternalMember2.getExternalGroup().equals(str5);
            });
            return SearchResultsFactory.cropAndBuildSearchResultFrom(arrayList, i, i2, arrayList.size(), new String[]{"groupId", SchemaConstants.DISPLAY_NAME_AT, "externalGroup", "origin"}, Arrays.asList(ScimCore.SCHEMAS));
        } catch (IllegalArgumentException e2) {
            throw new ScimException("Invalid filter expression: [" + str + "]", e2, HttpStatus.BAD_REQUEST);
        }
    }

    @RequestMapping(value = {"/Groups/External"}, method = {RequestMethod.POST})
    @ResponseBody
    @ResponseStatus(HttpStatus.CREATED)
    public ScimGroupExternalMember mapExternalGroup(@RequestBody ScimGroupExternalMember scimGroupExternalMember) {
        try {
            return this.externalMembershipManager.mapExternalGroup(StringUtils.hasText(scimGroupExternalMember.getGroupId()) ? scimGroupExternalMember.getGroupId() : getGroupId(scimGroupExternalMember.getDisplayName()), StringUtils.hasText(scimGroupExternalMember.getExternalGroup()) ? scimGroupExternalMember.getExternalGroup().trim() : scimGroupExternalMember.getExternalGroup(), StringUtils.hasText(scimGroupExternalMember.getOrigin()) ? scimGroupExternalMember.getOrigin() : "ldap", IdentityZoneHolder.get().getId());
        } catch (IllegalArgumentException e) {
            throw new ScimException(e.getMessage(), HttpStatus.BAD_REQUEST);
        } catch (MemberAlreadyExistsException e2) {
            throw new ScimException(e2.getMessage(), HttpStatus.CONFLICT);
        } catch (ScimResourceNotFoundException e3) {
            throw new ScimException(e3.getMessage(), HttpStatus.NOT_FOUND);
        }
    }

    @RequestMapping(value = {"/Groups/External/groupId/{groupId}/externalGroup/{externalGroup}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroupExternalMember deprecated2UnmapExternalGroup(@PathVariable String str, @PathVariable String str2) {
        return unmapExternalGroup(str, str2, null);
    }

    @RequestMapping(value = {"/Groups/External/groupId/{groupId}/externalGroup/{externalGroup}/origin/{origin}"}, method = {RequestMethod.DELETE})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public ScimGroupExternalMember unmapExternalGroup(@PathVariable String str, @PathVariable String str2, @PathVariable String str3) {
        try {
            if (!StringUtils.hasText(str3)) {
                str3 = "ldap";
            }
            return this.externalMembershipManager.unmapExternalGroup(str, str2.trim(), str3, IdentityZoneHolder.get().getId());
        } catch (IllegalArgumentException e) {
            throw new ScimException(e.getMessage(), HttpStatus.BAD_REQUEST);
        } catch (MemberAlreadyExistsException e2) {
            throw new ScimException(e2.getMessage(), HttpStatus.CONFLICT);
        } catch (ScimResourceNotFoundException e3) {
            throw new ScimException(e3.getMessage(), HttpStatus.NOT_FOUND);
        }
    }

    @RequestMapping(value = {"/Groups/External/id/{groupId}/{externalGroup}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroupExternalMember deprecatedUnmapExternalGroup(@PathVariable String str, @PathVariable String str2) {
        return unmapExternalGroup(str, str2, "ldap");
    }

    @RequestMapping(value = {"/Groups/External/displayName/{displayName}/externalGroup/{externalGroup}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroupExternalMember unmapExternalGroupUsingName(@PathVariable String str, @PathVariable String str2) {
        return unmapExternalGroupUsingName(str, str2, "ldap");
    }

    @RequestMapping(value = {"/Groups/External/displayName/{displayName}/externalGroup/{externalGroup}/origin/{origin}"}, method = {RequestMethod.DELETE})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public ScimGroupExternalMember unmapExternalGroupUsingName(@PathVariable String str, @PathVariable String str2, @PathVariable String str3) {
        try {
            if (!StringUtils.hasText(str3)) {
                str3 = "ldap";
            }
            return this.externalMembershipManager.unmapExternalGroup(getGroupId(str), str2.trim(), str3, IdentityZoneHolder.get().getId());
        } catch (IllegalArgumentException e) {
            throw new ScimException(e.getMessage(), HttpStatus.BAD_REQUEST);
        } catch (MemberAlreadyExistsException e2) {
            throw new ScimException(e2.getMessage(), HttpStatus.CONFLICT);
        } catch (ScimResourceNotFoundException e3) {
            throw new ScimException(e3.getMessage(), HttpStatus.NOT_FOUND);
        }
    }

    @RequestMapping(value = {"/Groups/External/{displayName}/{externalGroup}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroupExternalMember deprecatedUnmapExternalGroupUsingName(@PathVariable String str, @PathVariable String str2) {
        return unmapExternalGroupUsingName(str, str2);
    }

    private String getGroupId(String str) {
        if (str == null || str.trim().length() == 0) {
            throw new ScimException("Group not found, not name provided", HttpStatus.NOT_FOUND);
        }
        List<ScimGroup> query = this.dao.query("displayName eq \"" + str + XMLConstants.XML_DOUBLE_QUOTE, IdentityZoneHolder.get().getId());
        if (query == null || query.size() == 0) {
            throw new ScimException("Group not found:" + str, HttpStatus.NOT_FOUND);
        }
        return query.get(0).getId();
    }

    @RequestMapping(value = {"/Groups/{groupId}"}, method = {RequestMethod.GET})
    @ResponseBody
    public ScimGroup getGroup(@PathVariable String str, HttpServletResponse httpServletResponse) {
        this.logger.debug("retrieving group with id: " + str);
        ScimGroup retrieve = this.dao.retrieve(str, IdentityZoneHolder.get().getId());
        retrieve.setMembers(this.membershipManager.getMembers(str, false, IdentityZoneHolder.get().getId()));
        addETagHeader(httpServletResponse, retrieve);
        return retrieve;
    }

    @RequestMapping(value = {"/Groups"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.CREATED)
    @ResponseBody
    public ScimGroup createGroup(@RequestBody ScimGroup scimGroup, HttpServletResponse httpServletResponse) {
        scimGroup.setZoneId(IdentityZoneHolder.get().getId());
        ScimGroup create = this.dao.create(scimGroup, IdentityZoneHolder.get().getId());
        if (scimGroup.getMembers() != null) {
            for (ScimGroupMember scimGroupMember : scimGroup.getMembers()) {
                try {
                    this.membershipManager.addMember(create.getId(), scimGroupMember, IdentityZoneHolder.get().getId());
                } catch (ScimException e) {
                    this.logger.warn("Attempt to add invalid member: " + scimGroupMember.getMemberId() + " to group: " + create.getId(), e);
                    this.dao.delete(create.getId(), create.getVersion(), IdentityZoneHolder.get().getId());
                    throw new InvalidScimResourceException("Invalid group member: " + scimGroupMember.getMemberId());
                }
            }
        }
        create.setMembers(this.membershipManager.getMembers(create.getId(), false, IdentityZoneHolder.get().getId()));
        addETagHeader(httpServletResponse, create);
        return create;
    }

    @RequestMapping(value = {"/Groups/{groupId}"}, method = {RequestMethod.PUT})
    @ResponseBody
    public ScimGroup updateGroup(@RequestBody ScimGroup scimGroup, @PathVariable String str, @RequestHeader(value = "If-Match", required = false) String str2, HttpServletResponse httpServletResponse) {
        if (str2 == null) {
            throw new ScimException("Missing If-Match for PUT", HttpStatus.BAD_REQUEST);
        }
        this.logger.debug("updating group: " + str);
        scimGroup.setVersion(getVersion(str, str2));
        ScimGroup group = getGroup(str, httpServletResponse);
        try {
            scimGroup.setZoneId(IdentityZoneHolder.get().getId());
            ScimGroup update = this.dao.update(str, scimGroup, IdentityZoneHolder.get().getId());
            if (scimGroup.getMembers() == null || scimGroup.getMembers().size() <= 0) {
                this.membershipManager.removeMembersByGroupId(update.getId(), IdentityZoneHolder.get().getId());
            } else {
                this.membershipManager.updateOrAddMembers(update.getId(), scimGroup.getMembers(), IdentityZoneHolder.get().getId());
            }
            update.setMembers(this.membershipManager.getMembers(update.getId(), false, IdentityZoneHolder.get().getId()));
            addETagHeader(httpServletResponse, update);
            return update;
        } catch (ScimResourceNotFoundException e) {
            this.logger.error("Error updating group, restoring to previous state: " + group);
            group.setVersion(getVersion(str, "*"));
            this.dao.update(str, group, IdentityZoneHolder.get().getId());
            throw new ScimException(e.getMessage(), e, HttpStatus.BAD_REQUEST);
        } catch (IncorrectResultSizeDataAccessException e2) {
            this.logger.error("Error updating group, restoring to previous state");
            group.setVersion(getVersion(str, "*"));
            this.dao.update(str, group, IdentityZoneHolder.get().getId());
            throw new ScimException(e2.getMessage(), e2, HttpStatus.CONFLICT);
        }
    }

    @RequestMapping(value = {"/Groups/{groupId}"}, method = {RequestMethod.PATCH})
    @ResponseBody
    public ScimGroup patchGroup(@RequestBody ScimGroup scimGroup, @PathVariable String str, @RequestHeader(value = "If-Match", required = false) String str2, HttpServletResponse httpServletResponse) {
        if (str2 == null) {
            throw new ScimException("Missing If-Match for PATCH", HttpStatus.BAD_REQUEST);
        }
        this.logger.debug("patching group: " + str);
        scimGroup.setVersion(getVersion(str, str2));
        ScimGroup group = getGroup(str, httpServletResponse);
        group.patch(scimGroup);
        return updateGroup(group, str, str2, httpServletResponse);
    }

    @RequestMapping(value = {"/Groups/{groupId}"}, method = {RequestMethod.DELETE})
    @ResponseBody
    public ScimGroup deleteGroup(@PathVariable String str, @RequestHeader(value = "If-Match", required = false, defaultValue = "*") String str2, HttpServletResponse httpServletResponse) {
        ScimGroup group = getGroup(str, httpServletResponse);
        this.logger.debug("deleting group: " + group);
        try {
            this.membershipManager.removeMembersByGroupId(str, IdentityZoneHolder.get().getId());
            this.membershipManager.removeMembersByMemberId(str, IdentityZoneHolder.get().getId());
            this.dao.delete(str, getVersion(str, str2), IdentityZoneHolder.get().getId());
            return group;
        } catch (IncorrectResultSizeDataAccessException e) {
            this.logger.debug("error deleting group", e);
            throw new ScimException("error deleting group: " + str, e, HttpStatus.CONFLICT);
        }
    }

    @RequestMapping(value = {"/Groups/zones"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.CREATED)
    @Deprecated
    @ResponseBody
    public ScimGroup addZoneManagers(@RequestBody ScimGroup scimGroup, HttpServletResponse httpServletResponse) {
        if (!scimGroup.getDisplayName().matches(ZoneManagementScopes.ZONE_MANAGING_SCOPE_REGEX)) {
            throw new ScimException("Invalid group name.", HttpStatus.BAD_REQUEST);
        }
        if (scimGroup.getMembers() == null || scimGroup.getMembers().size() == 0) {
            throw new ScimException("Invalid group members, you have to add at least one member.", HttpStatus.BAD_REQUEST);
        }
        try {
            ScimGroup group = getGroup(getGroupId(scimGroup.getDisplayName()), httpServletResponse);
            LinkedList linkedList = new LinkedList(group.getMembers());
            for (ScimGroupMember scimGroupMember : scimGroup.getMembers()) {
                if (!isMember(group, scimGroupMember.getMemberId())) {
                    linkedList.add(scimGroupMember);
                }
            }
            group.setMembers(linkedList);
            return updateGroup(group, group.getId(), String.valueOf(group.getVersion()), httpServletResponse);
        } catch (ScimException e) {
            if (e.getStatus().equals(HttpStatus.NOT_FOUND)) {
                return createGroup(scimGroup, httpServletResponse);
            }
            throw e;
        }
    }

    @RequestMapping(value = {"/Groups/zones/{userId}/{zoneId}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroup deleteZoneAdmin(@PathVariable String str, @PathVariable String str2, HttpServletResponse httpServletResponse) {
        return deleteZoneScope(str, str2, "admin", httpServletResponse);
    }

    @RequestMapping(value = {"/Groups/zones/{userId}/{zoneId}/{scope}"}, method = {RequestMethod.DELETE})
    @ResponseStatus(HttpStatus.OK)
    @Deprecated
    @ResponseBody
    public ScimGroup deleteZoneScope(@PathVariable String str, @PathVariable String str2, @PathVariable String str3, HttpServletResponse httpServletResponse) {
        String str4 = ZoneManagementScopes.ZONES_ZONE_ID_PREFIX + str2 + "." + str3;
        if (!str4.matches(ZoneManagementScopes.ZONE_MANAGING_SCOPE_REGEX)) {
            throw new ScimException("Invalid group name.", HttpStatus.BAD_REQUEST);
        }
        ScimGroup group = getGroup(getGroupId(str4), httpServletResponse);
        if (!StringUtils.hasText(str) || !StringUtils.hasText(str2)) {
            throw new ScimException("User ID and Zone ID are required.", HttpStatus.BAD_REQUEST);
        }
        if (!isMember(group, str)) {
            throw new ScimException("User is not a zone admin.", HttpStatus.NOT_FOUND);
        }
        LinkedList linkedList = new LinkedList();
        for (ScimGroupMember scimGroupMember : group.getMembers()) {
            if (!scimGroupMember.getMemberId().equals(str)) {
                linkedList.add(scimGroupMember);
            }
        }
        group.setMembers(linkedList);
        return updateGroup(group, group.getId(), String.valueOf(group.getVersion()), httpServletResponse);
    }

    @RequestMapping({"/Groups/{groupId}/members/{memberId}"})
    public ResponseEntity<ScimGroupMember> getGroupMembership(@PathVariable String str, @PathVariable String str2) {
        return new ResponseEntity<>(this.membershipManager.getMemberById(str, str2, IdentityZoneHolder.get().getId()), HttpStatus.OK);
    }

    @RequestMapping(value = {"/Groups/{groupId}/members"}, method = {RequestMethod.GET})
    public ResponseEntity<List<ScimGroupMember>> listGroupMemberships(@PathVariable String str, @RequestParam(required = false, defaultValue = "false") boolean z, @RequestParam(required = false, defaultValue = "", name = "filter") String str2) {
        this.dao.retrieve(str, IdentityZoneHolder.get().getId());
        return new ResponseEntity<>(this.membershipManager.getMembers(str, z, IdentityZoneHolder.get().getId()), HttpStatus.OK);
    }

    @RequestMapping(value = {"/Groups/{groupId}/members"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.CREATED)
    @ResponseBody
    public ScimGroupMember addMemberToGroup(@PathVariable String str, @RequestBody ScimGroupMember scimGroupMember) {
        return this.membershipManager.addMember(str, scimGroupMember, IdentityZoneHolder.get().getId());
    }

    @RequestMapping(value = {"/Groups/{groupId}/members/{memberId}"}, method = {RequestMethod.DELETE})
    @ResponseBody
    @ResponseStatus(HttpStatus.OK)
    public ScimGroupMember deleteGroupMembership(@PathVariable String str, @PathVariable String str2) {
        return this.membershipManager.removeMemberById(str, str2, IdentityZoneHolder.get().getId());
    }

    @ExceptionHandler
    public View handleException(Exception exc, HttpServletRequest httpServletRequest) throws ScimException {
        ScimException scimException = new ScimException("Unexpected error", exc, HttpStatus.INTERNAL_SERVER_ERROR);
        if (!(exc instanceof ScimException)) {
            Class<?> cls = exc.getClass();
            Iterator<Class<? extends Exception>> it = this.statuses.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Class<? extends Exception> next = it.next();
                if (next.isAssignableFrom(cls)) {
                    scimException = new ScimException(exc.getMessage(), exc, this.statuses.get(next));
                    break;
                }
            }
        } else {
            scimException = (ScimException) exc;
        }
        return new ConvertingExceptionView(new ResponseEntity(new ExceptionReport(scimException, (httpServletRequest.getParameter("trace") == null || httpServletRequest.getParameter("trace").equals("false")) ? false : true), scimException.getStatus()), this.messageConverters);
    }

    private int getVersion(String str, String str2) {
        String str3;
        String trim = str2.trim();
        while (true) {
            str3 = trim;
            if (!str3.startsWith(XMLConstants.XML_DOUBLE_QUOTE)) {
                break;
            }
            trim = str3.substring(1);
        }
        while (str3.endsWith(XMLConstants.XML_DOUBLE_QUOTE)) {
            str3 = str3.substring(0, str3.length() - 1);
        }
        if (str3.equals("*")) {
            return this.dao.retrieve(str, IdentityZoneHolder.get().getId()).getVersion();
        }
        try {
            return Integer.valueOf(str3).intValue();
        } catch (NumberFormatException e) {
            throw new ScimException("Invalid version match header (should be a version number): " + str2, HttpStatus.BAD_REQUEST);
        }
    }

    private void addETagHeader(HttpServletResponse httpServletResponse, ScimGroup scimGroup) {
        httpServletResponse.setHeader("ETag", XMLConstants.XML_DOUBLE_QUOTE + scimGroup.getVersion() + XMLConstants.XML_DOUBLE_QUOTE);
    }

    public void setGroupMaxCount(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException(String.format("Invalid \"groupMaxCount\" value (got %d). Should be positive number.", Integer.valueOf(i)));
        }
        this.groupMaxCount = i;
    }
}
