package com.unboundid.scim.wink;

import com.unboundid.scim.data.BaseResource;
import com.unboundid.scim.marshal.Unmarshaller;
import com.unboundid.scim.marshal.json.JsonUnmarshaller;
import com.unboundid.scim.marshal.xml.XmlUnmarshaller;
import com.unboundid.scim.schema.ResourceDescriptor;
import com.unboundid.scim.sdk.AttributePath;
import com.unboundid.scim.sdk.Debug;
import com.unboundid.scim.sdk.DeleteResourceRequest;
import com.unboundid.scim.sdk.ForbiddenException;
import com.unboundid.scim.sdk.GetResourceRequest;
import com.unboundid.scim.sdk.GetResourcesRequest;
import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.NotModifiedException;
import com.unboundid.scim.sdk.OAuthToken;
import com.unboundid.scim.sdk.OAuthTokenHandler;
import com.unboundid.scim.sdk.OAuthTokenStatus;
import com.unboundid.scim.sdk.PageParameters;
import com.unboundid.scim.sdk.PatchResourceRequest;
import com.unboundid.scim.sdk.PostResourceRequest;
import com.unboundid.scim.sdk.PreconditionFailedException;
import com.unboundid.scim.sdk.PutResourceRequest;
import com.unboundid.scim.sdk.ResourceNotFoundException;
import com.unboundid.scim.sdk.ResourceSchemaBackend;
import com.unboundid.scim.sdk.Resources;
import com.unboundid.scim.sdk.SCIMBackend;
import com.unboundid.scim.sdk.SCIMConstants;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMFilter;
import com.unboundid.scim.sdk.SCIMQueryAttributes;
import com.unboundid.scim.sdk.SCIMRequest;
import com.unboundid.scim.sdk.SortParameters;
import com.unboundid.scim.sdk.UnauthorizedException;
import java.io.InputStream;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.batik.util.XMLConstants;
import org.springframework.security.oauth2.common.OAuth2AccessToken;

/* loaded from: input_file:WEB-INF/lib/scim-sdk-1.8.0.jar:com/unboundid/scim/wink/AbstractSCIMResource.class */
public abstract class AbstractSCIMResource extends AbstractStaticResource {
    private final SCIMApplication application;
    private final OAuthTokenHandler tokenHandler;
    private final ResourceSchemaBackend resourceSchemaBackend;

    public AbstractSCIMResource(SCIMApplication sCIMApplication, OAuthTokenHandler oAuthTokenHandler) {
        this.application = sCIMApplication;
        this.tokenHandler = oAuthTokenHandler;
        this.resourceSchemaBackend = new ResourceSchemaBackend(sCIMApplication);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response getUser(RequestContext requestContext, String str, String str2) {
        Response.ResponseBuilder error;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor;
        ResourceDescriptor resourceDescriptor2 = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            Debug.debugException(e);
            error = error(e, requestContext);
            if (0 != 0) {
                this.application.getStatsForResource(resourceDescriptor2.getName()).incrementStat("get-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        SCIMQueryAttributes sCIMQueryAttributes = new SCIMQueryAttributes(resourceDescriptor, (String) requestContext.getUriInfo().getQueryParameters().getFirst(SCIMConstants.QUERY_PARAMETER_ATTRIBUTES));
        GetResourceRequest getResourceRequest = new GetResourceRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, str2, sCIMQueryAttributes, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, getResourceRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("get-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            getResourceRequest = new GetResourceRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, str2, sCIMQueryAttributes, requestContext.getRequest());
        }
        BaseResource resource = backend.getResource(getResourceRequest);
        error = Response.status(Response.Status.OK);
        setResponseEntity(error, requestContext.getProduceMediaType(), resource);
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.GET_OK);
        error.contentLocation(resource.getMeta().getLocation());
        error.tag(resource.getMeta().getVersion());
        if (requestContext.getProduceMediaType() == MediaType.APPLICATION_JSON_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.GET_RESPONSE_JSON);
        } else if (requestContext.getProduceMediaType() == MediaType.APPLICATION_XML_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.GET_RESPONSE_XML);
        }
        return error.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response getUsers(RequestContext requestContext, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        Response.ResponseBuilder status;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            status = Response.status(e.getStatusCode());
            setResponseEntity(status, requestContext.getProduceMediaType(), e);
            if (resourceDescriptor != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("query-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        SCIMQueryAttributes sCIMQueryAttributes = new SCIMQueryAttributes(resourceDescriptor, (String) requestContext.getUriInfo().getQueryParameters().getFirst(SCIMConstants.QUERY_PARAMETER_ATTRIBUTES));
        SCIMFilter parse = (str2 == null || str2.isEmpty()) ? null : resourceDescriptor.getSchema().equalsIgnoreCase("urn:unboundid:schemas:scim:ldap:1.0") ? SCIMFilter.parse(str2, resourceDescriptor.getSchema()) : SCIMFilter.parse(str2);
        SortParameters sortParameters = (str5 == null || str5.isEmpty()) ? null : new SortParameters(AttributePath.parse(str5, resourceDescriptor.getSchema()), str6);
        int i = -1;
        int i2 = -1;
        if (str7 != null && !str7.isEmpty()) {
            try {
                i = Integer.parseInt(str7);
                if (i <= 0) {
                    throw new InvalidResourceException("The pagination startIndex value '" + str7 + "' is invalid because it is not greater than zero");
                }
            } catch (NumberFormatException e2) {
                Debug.debugException(e2);
                throw new InvalidResourceException("The pagination startIndex value '" + str7 + "' is not parsable");
            }
        }
        if (str8 != null && !str8.isEmpty()) {
            try {
                i2 = Integer.parseInt(str8);
                if (i2 <= 0) {
                    throw new InvalidResourceException("The pagination count value '" + str8 + "' is invalid because it is not greater than zero");
                }
            } catch (NumberFormatException e3) {
                Debug.debugException(e3);
                throw new InvalidResourceException("The pagination count value '" + str8 + "' is not parsable");
            }
        }
        PageParameters pageParameters = (i < 0 || i2 < 0) ? i >= 0 ? new PageParameters(i, 0) : i2 >= 0 ? new PageParameters(1, i2) : null : new PageParameters(i, i2);
        GetResourcesRequest getResourcesRequest = new GetResourcesRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, parse, str3, str4, sortParameters, pageParameters, sCIMQueryAttributes, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, getResourcesRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("query-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            getResourcesRequest = new GetResourcesRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, parse, str3, str4, sortParameters, pageParameters, sCIMQueryAttributes, requestContext.getRequest());
        }
        Resources resources = backend.getResources(getResourcesRequest);
        status = Response.status(Response.Status.OK);
        setResponseEntity(status, requestContext.getProduceMediaType(), resources);
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.QUERY_OK);
        if (requestContext.getProduceMediaType() == MediaType.APPLICATION_JSON_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.QUERY_RESPONSE_JSON);
        } else if (requestContext.getProduceMediaType() == MediaType.APPLICATION_XML_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.QUERY_RESPONSE_XML);
        }
        return status.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response postUser(RequestContext requestContext, String str, InputStream inputStream) {
        Response.ResponseBuilder error;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor;
        Unmarshaller xmlUnmarshaller;
        ResourceDescriptor resourceDescriptor2 = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            Debug.debugException(e);
            error = error(e, requestContext);
            if (0 != 0) {
                this.application.getStatsForResource(resourceDescriptor2.getName()).incrementStat("post-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        if (requestContext.getConsumeMediaType().equals(MediaType.APPLICATION_JSON_TYPE)) {
            xmlUnmarshaller = new JsonUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.POST_CONTENT_JSON);
        } else {
            xmlUnmarshaller = new XmlUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.POST_CONTENT_XML);
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        BaseResource unmarshal = xmlUnmarshaller.unmarshal(inputStream, resourceDescriptor, BaseResource.BASE_RESOURCE_FACTORY);
        SCIMQueryAttributes sCIMQueryAttributes = new SCIMQueryAttributes(resourceDescriptor, (String) requestContext.getUriInfo().getQueryParameters().getFirst(SCIMConstants.QUERY_PARAMETER_ATTRIBUTES));
        PostResourceRequest postResourceRequest = new PostResourceRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, postResourceRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("post-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            postResourceRequest = new PostResourceRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        }
        BaseResource postResource = backend.postResource(postResourceRequest);
        error = Response.status(Response.Status.CREATED);
        setResponseEntity(error, requestContext.getProduceMediaType(), postResource);
        error.location(postResource.getMeta().getLocation());
        error.tag(postResource.getMeta().getVersion());
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.POST_OK);
        if (requestContext.getProduceMediaType() == MediaType.APPLICATION_JSON_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.POST_RESPONSE_JSON);
        } else if (requestContext.getProduceMediaType() == MediaType.APPLICATION_XML_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.POST_RESPONSE_XML);
        }
        return error.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response putUser(RequestContext requestContext, String str, String str2, InputStream inputStream) {
        Response.ResponseBuilder error;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor;
        Unmarshaller xmlUnmarshaller;
        ResourceDescriptor resourceDescriptor2 = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            Debug.debugException(e);
            error = error(e, requestContext);
            if (0 != 0) {
                this.application.getStatsForResource(resourceDescriptor2.getName()).incrementStat("put-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        if (requestContext.getConsumeMediaType().equals(MediaType.APPLICATION_JSON_TYPE)) {
            xmlUnmarshaller = new JsonUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PUT_CONTENT_JSON);
        } else {
            xmlUnmarshaller = new XmlUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PUT_CONTENT_XML);
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        BaseResource unmarshal = xmlUnmarshaller.unmarshal(inputStream, resourceDescriptor, BaseResource.BASE_RESOURCE_FACTORY);
        SCIMQueryAttributes sCIMQueryAttributes = new SCIMQueryAttributes(resourceDescriptor, (String) requestContext.getUriInfo().getQueryParameters().getFirst(SCIMConstants.QUERY_PARAMETER_ATTRIBUTES));
        PutResourceRequest putResourceRequest = new PutResourceRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, str2, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, putResourceRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("put-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            putResourceRequest = new PutResourceRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, str2, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        }
        BaseResource putResource = backend.putResource(putResourceRequest);
        error = Response.status(Response.Status.OK);
        setResponseEntity(error, requestContext.getProduceMediaType(), putResource);
        error.contentLocation(putResource.getMeta().getLocation());
        error.tag(putResource.getMeta().getVersion());
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PUT_OK);
        if (requestContext.getProduceMediaType() == MediaType.APPLICATION_JSON_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PUT_RESPONSE_JSON);
        } else if (requestContext.getProduceMediaType() == MediaType.APPLICATION_XML_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PUT_RESPONSE_XML);
        }
        return error.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response patchUser(RequestContext requestContext, String str, String str2, InputStream inputStream) {
        Response.ResponseBuilder error;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor;
        Unmarshaller xmlUnmarshaller;
        ResourceDescriptor resourceDescriptor2 = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            Debug.debugException(e);
            error = error(e, requestContext);
            if (0 != 0) {
                this.application.getStatsForResource(resourceDescriptor2.getName()).incrementStat("patch-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        if (requestContext.getConsumeMediaType().equals(MediaType.APPLICATION_JSON_TYPE)) {
            xmlUnmarshaller = new JsonUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PATCH_CONTENT_JSON);
        } else {
            xmlUnmarshaller = new XmlUnmarshaller();
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PATCH_CONTENT_XML);
        }
        BaseResource unmarshal = xmlUnmarshaller.unmarshal(inputStream, resourceDescriptor, BaseResource.BASE_RESOURCE_FACTORY);
        SCIMQueryAttributes sCIMQueryAttributes = new SCIMQueryAttributes(resourceDescriptor, (String) requestContext.getUriInfo().getQueryParameters().getFirst(SCIMConstants.QUERY_PARAMETER_ATTRIBUTES));
        PatchResourceRequest patchResourceRequest = new PatchResourceRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, str2, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, patchResourceRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("patch-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            patchResourceRequest = new PatchResourceRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, str2, unmarshal.getScimObject(), sCIMQueryAttributes, requestContext.getRequest());
        }
        BaseResource patchResource = backend.patchResource(patchResourceRequest);
        if (sCIMQueryAttributes.allAttributesRequested()) {
            error = Response.status(Response.Status.NO_CONTENT);
        } else {
            error = Response.status(Response.Status.OK);
            setResponseEntity(error, requestContext.getProduceMediaType(), patchResource);
        }
        error.contentLocation(patchResource.getMeta().getLocation());
        error.tag(patchResource.getMeta().getVersion());
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PATCH_OK);
        if (requestContext.getProduceMediaType() == MediaType.APPLICATION_JSON_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PATCH_RESPONSE_JSON);
        } else if (requestContext.getProduceMediaType() == MediaType.APPLICATION_XML_TYPE) {
            this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.PATCH_RESPONSE_XML);
        }
        return error.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response deleteUser(RequestContext requestContext, String str, String str2) {
        Response.ResponseBuilder error;
        SCIMBackend backend;
        ResourceDescriptor resourceDescriptor;
        ResourceDescriptor resourceDescriptor2 = null;
        try {
            backend = getBackend(str);
            resourceDescriptor = backend.getResourceDescriptor(str);
        } catch (SCIMException e) {
            Debug.debugException(e);
            error = error(e, requestContext);
            if (0 != 0) {
                this.application.getStatsForResource(resourceDescriptor2.getName()).incrementStat("delete-" + e.getStatusCode());
            }
        }
        if (resourceDescriptor == null) {
            throw new ResourceNotFoundException(str + " is not a valid resource endpoint");
        }
        String authID = requestContext.getAuthID();
        if (authID == null && this.tokenHandler == null) {
            throw new UnauthorizedException("Invalid credentials");
        }
        DeleteResourceRequest deleteResourceRequest = new DeleteResourceRequest(requestContext.getUriInfo().getBaseUri(), authID, resourceDescriptor, str2, requestContext.getRequest());
        if (authID == null) {
            AtomicReference atomicReference = new AtomicReference();
            Response validateOAuthToken = validateOAuthToken(requestContext, deleteResourceRequest, atomicReference, this.tokenHandler);
            if (validateOAuthToken != null) {
                this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat("delete-" + validateOAuthToken.getStatus());
                return validateOAuthToken;
            }
            deleteResourceRequest = new DeleteResourceRequest(requestContext.getUriInfo().getBaseUri(), (String) atomicReference.get(), resourceDescriptor, str2, requestContext.getRequest());
        }
        backend.deleteResource(deleteResourceRequest);
        error = Response.status(Response.Status.OK);
        this.application.getStatsForResource(resourceDescriptor.getName()).incrementStat(ResourceStats.DELETE_OK);
        return error.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Response validateOAuthToken(RequestContext requestContext, SCIMRequest sCIMRequest, AtomicReference<String> atomicReference, OAuthTokenHandler oAuthTokenHandler) {
        List requestHeader = requestContext.getHeaders().getRequestHeader("Authorization");
        if (requestHeader == null || requestHeader.isEmpty()) {
            Response.ResponseBuilder status = Response.status(401);
            status.header("WWW-Authenticate", "Bearer realm=\"SCIM\"");
            return status.build();
        }
        if (requestHeader.size() > 1) {
            return invalidRequest("The Authorization header has too many values", requestContext.getProduceMediaType());
        }
        String[] split = ((String) requestHeader.get(0)).split(" ");
        if (split.length != 2 || !split[0].equalsIgnoreCase(OAuth2AccessToken.BEARER_TYPE) || split[1].length() <= 0) {
            if (split.length != 2 || !split[0].equalsIgnoreCase("Basic") || split[1].length() <= 0) {
                return invalidRequest("The Authorization header was malformed", requestContext.getProduceMediaType());
            }
            Response.ResponseBuilder status2 = Response.status(401);
            status2.header("WWW-Authenticate", "Basic realm=\"SCIM\"");
            setResponseEntity(status2, requestContext.getProduceMediaType(), new UnauthorizedException(null));
            return status2.build();
        }
        try {
            OAuthToken decodeOAuthToken = oAuthTokenHandler.decodeOAuthToken(split[1]);
            if (decodeOAuthToken == null) {
                return invalidRequest("Could not decode the access token", requestContext.getProduceMediaType());
            }
            if (!oAuthTokenHandler.isTokenAuthentic(decodeOAuthToken)) {
                return invalidToken("The access token is not authentic", requestContext.getProduceMediaType());
            }
            if (!oAuthTokenHandler.isTokenForThisServer(decodeOAuthToken)) {
                return invalidToken("The access token is not intended for this server", requestContext.getProduceMediaType());
            }
            if (oAuthTokenHandler.isTokenExpired(decodeOAuthToken)) {
                return invalidToken("The access token is expired", requestContext.getProduceMediaType());
            }
            OAuthTokenStatus validateToken = oAuthTokenHandler.validateToken(decodeOAuthToken, sCIMRequest);
            if (validateToken.getErrorCode().equals(OAuthTokenStatus.ErrorCode.INVALID_TOKEN)) {
                return invalidToken(validateToken.getErrorDescription(), requestContext.getProduceMediaType());
            }
            if (validateToken.getErrorCode().equals(OAuthTokenStatus.ErrorCode.INSUFFICIENT_SCOPE)) {
                return insufficientScope(validateToken.getScope(), validateToken.getErrorDescription(), requestContext.getProduceMediaType());
            }
            String authzDN = oAuthTokenHandler.getAuthzDN(decodeOAuthToken);
            if (authzDN == null) {
                return invalidToken("The access token did not contain an authorization DN", requestContext.getProduceMediaType());
            }
            atomicReference.set(authzDN);
            return null;
        } catch (Throwable th) {
            Debug.debugException(th);
            return invalidRequest(th.getMessage(), requestContext.getProduceMediaType());
        }
    }

    private static Response invalidRequest(String str, MediaType mediaType) {
        Response.ResponseBuilder status = Response.status(400);
        String str2 = "Bearer realm=\"SCIM\", error=\"invalid_request\"";
        if (str != null && !str.isEmpty()) {
            str2 = str2 + ", error_description=\"" + str + XMLConstants.XML_DOUBLE_QUOTE;
        }
        status.header("WWW-Authenticate", str2);
        setResponseEntity(status, mediaType, new InvalidResourceException(str));
        return status.build();
    }

    private static Response invalidToken(String str, MediaType mediaType) {
        Response.ResponseBuilder status = Response.status(401);
        String str2 = "Bearer realm=\"SCIM\", error=\"invalid_token\"";
        if (str != null && !str.isEmpty()) {
            str2 = str2 + ", error_description=\"" + str + XMLConstants.XML_DOUBLE_QUOTE;
        }
        status.header("WWW-Authenticate", str2);
        setResponseEntity(status, mediaType, new UnauthorizedException(str));
        return status.build();
    }

    private static Response insufficientScope(String str, String str2, MediaType mediaType) {
        Response.ResponseBuilder status = Response.status(403);
        String str3 = "Bearer realm=\"SCIM\", error=\"insufficient_scope\"";
        if (str2 != null && !str2.isEmpty()) {
            str3 = str3 + ", error_description=\"" + str2 + XMLConstants.XML_DOUBLE_QUOTE;
        }
        if (str != null && !str.isEmpty()) {
            str3 = str3 + ", scope=\"" + str + XMLConstants.XML_DOUBLE_QUOTE;
        }
        status.header("WWW-Authenticate", str3);
        setResponseEntity(status, mediaType, new ForbiddenException(str2));
        return status.build();
    }

    private SCIMBackend getBackend(String str) {
        return str.equals(SCIMConstants.RESOURCE_ENDPOINT_SCHEMAS) ? this.resourceSchemaBackend : this.application.getBackend();
    }

    private Response.ResponseBuilder error(SCIMException sCIMException, RequestContext requestContext) {
        Response.ResponseBuilder status = Response.status(sCIMException.getStatusCode());
        if (sCIMException instanceof NotModifiedException) {
            status.tag(((NotModifiedException) sCIMException).getVersion());
        } else {
            if (sCIMException instanceof PreconditionFailedException) {
                status.tag(((PreconditionFailedException) sCIMException).getVersion());
            }
            setResponseEntity(status, requestContext.getProduceMediaType(), sCIMException);
        }
        return status;
    }
}
