package li.strolch.rest.endpoint;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import java.text.MessageFormat;
import java.util.Base64;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.HEAD;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import li.strolch.exception.StrolchException;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.InvalidCredentialsException;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.helper.XmlConstants;
import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.IPrivilege;
import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Usage;
import li.strolch.rest.RestfulStrolchComponent;
import li.strolch.rest.StrolchRestfulConstants;
import li.strolch.rest.StrolchSessionHandler;
import li.strolch.rest.helper.ResponseUtil;
import li.strolch.rest.model.Result;
import org.eclipse.persistence.logging.SessionLog;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("strolch/authentication")
/* loaded from: input_file:WEB-INF/lib/li.strolch.rest-1.4.0.jar:li/strolch/rest/endpoint/AuthenticationService.class */
public class AuthenticationService {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationService.class);

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Consumes({MediaType.APPLICATION_JSON})
    public Response authenticate(@Context HttpServletRequest httpServletRequest, @Context HttpHeaders httpHeaders, String str) {
        JsonObject asJsonObject = new JsonParser().parse(str).getAsJsonObject();
        JsonObject jsonObject = new JsonObject();
        try {
            try {
                StringBuilder sb = new StringBuilder();
                JsonElement jsonElement = asJsonObject.get(XmlConstants.XML_ATTR_USERNAME);
                if (jsonElement == null || jsonElement.getAsString().length() < 2) {
                    sb.append("Username was not given or is too short!");
                }
                JsonElement jsonElement2 = asJsonObject.get("password");
                if (jsonElement2 == null) {
                    if (sb.length() > 0) {
                        sb.append("\n");
                    }
                    sb.append("Password was not given!");
                }
                byte[] decode = jsonElement2 == null ? new byte[0] : Base64.getDecoder().decode(jsonElement2.getAsString());
                if (decode.length < 3) {
                    if (sb.length() > 0) {
                        sb.append("\n");
                    }
                    sb.append("Password not given or too short!");
                }
                if (sb.length() != 0) {
                    jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("Could not log in due to: {0}", sb.toString()));
                    return Response.status(Response.Status.BAD_REQUEST).entity(jsonObject).build();
                }
                Certificate authenticate = RestfulStrolchComponent.getInstance().getSessionHandler().authenticate(jsonElement.getAsString(), decode);
                PrivilegeContext privilegeContext = RestfulStrolchComponent.getInstance().getContainer().getPrivilegeHandler().getPrivilegeContext(authenticate);
                jsonObject.addProperty(XmlConstants.XML_ATTR_SESSION_ID, authenticate.getSessionId());
                jsonObject.addProperty(XmlConstants.XML_ATTR_AUTH_TOKEN, authenticate.getAuthToken());
                jsonObject.addProperty(XmlConstants.XML_ATTR_USERNAME, authenticate.getUsername());
                jsonObject.addProperty("firstname", authenticate.getFirstname());
                jsonObject.addProperty("lastname", authenticate.getLastname());
                jsonObject.addProperty("locale", authenticate.getLocale().toString());
                if (!authenticate.getPropertyMap().isEmpty()) {
                    JsonObject jsonObject2 = new JsonObject();
                    jsonObject.add(SessionLog.PROPERTIES, jsonObject2);
                    for (String str2 : authenticate.getPropertyMap().keySet()) {
                        jsonObject2.addProperty(str2, authenticate.getPropertyMap().get(str2));
                    }
                }
                if (!authenticate.getUserRoles().isEmpty()) {
                    JsonArray jsonArray = new JsonArray();
                    jsonObject.add("roles", jsonArray);
                    Iterator<String> it = authenticate.getUserRoles().iterator();
                    while (it.hasNext()) {
                        jsonArray.add(new JsonPrimitive(it.next()));
                    }
                }
                if (!privilegeContext.getPrivilegeNames().isEmpty()) {
                    JsonArray jsonArray2 = new JsonArray();
                    jsonObject.add("privileges", jsonArray2);
                    for (String str3 : privilegeContext.getPrivilegeNames()) {
                        IPrivilege privilege = privilegeContext.getPrivilege(str3);
                        JsonObject jsonObject3 = new JsonObject();
                        jsonArray2.add(jsonObject3);
                        jsonObject3.addProperty("name", str3);
                        jsonObject3.addProperty("allAllowed", Boolean.valueOf(privilege.isAllAllowed()));
                        Set<String> allowList = privilege.getAllowList();
                        if (!allowList.isEmpty()) {
                            JsonArray jsonArray3 = new JsonArray();
                            jsonObject3.add("allowList", jsonArray3);
                            Iterator<String> it2 = allowList.iterator();
                            while (it2.hasNext()) {
                                jsonArray3.add(new JsonPrimitive(it2.next()));
                            }
                        }
                    }
                }
                boolean isSecureCookie = RestfulStrolchComponent.getInstance().isSecureCookie();
                if (isSecureCookie && !httpServletRequest.getScheme().equals("https")) {
                    logger.warn("Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!");
                }
                return Response.ok().entity(jsonObject.toString()).header(HttpHeaders.AUTHORIZATION, authenticate.getAuthToken()).cookie(new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, authenticate.getAuthToken(), "/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1L), isSecureCookie)).build();
            } catch (StrolchException | PrivilegeException e) {
                logger.error(e.getMessage(), (Throwable) e);
                jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("Could not log in due to: {0}", e.getMessage()));
                return Response.status(Response.Status.FORBIDDEN).entity(jsonObject).build();
            }
        } catch (InvalidCredentialsException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            jsonObject.addProperty(ResponseUtil.MSG, "Could not log in as the given credentials are invalid");
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject).build();
        } catch (AccessDeniedException e3) {
            logger.error(e3.getMessage(), (Throwable) e3);
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("Could not log in due to: {0}", e3.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject).build();
        } catch (Exception e4) {
            logger.error(e4.getMessage(), (Throwable) e4);
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("{0}: {1}", e4.getClass().getName(), e4.getMessage()));
            return Response.serverError().entity(jsonObject).build();
        }
    }

    @Path("{authToken}")
    @Consumes({MediaType.APPLICATION_JSON})
    @DELETE
    @Produces({MediaType.APPLICATION_JSON})
    public Response invalidateSession(@PathParam("authToken") String str) {
        JsonObject jsonObject = new JsonObject();
        try {
            StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
            Certificate validate = sessionHandler.validate(str);
            sessionHandler.invalidate(validate);
            jsonObject.addProperty(XmlConstants.XML_ATTR_USERNAME, validate.getUsername());
            jsonObject.addProperty(XmlConstants.XML_ATTR_AUTH_TOKEN, str);
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("{0} has been logged out.", validate.getUsername()));
            return Response.ok().entity(jsonObject.toString()).build();
        } catch (StrolchException | PrivilegeException e) {
            logger.error(e.getMessage(), (Throwable) e);
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("Could not logout due to: {0}", e.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject).build();
        } catch (Exception e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("{0}: {1}", e2.getClass().getName(), e2.getMessage()));
            return Response.serverError().entity(jsonObject).build();
        }
    }

    @Path("{authToken}")
    @HEAD
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    public Response validateSessions(@PathParam("authToken") String str) {
        try {
            RestfulStrolchComponent.getInstance().getSessionHandler().validate(str);
            return Response.ok().build();
        } catch (StrolchException | PrivilegeException e) {
            logger.error(e.getMessage(), (Throwable) e);
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(ResponseUtil.MSG, MessageFormat.format("Session invalid: {0}", e.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson((JsonElement) jsonObject)).build();
        } catch (Exception e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            String message = e2.getMessage();
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(ResponseUtil.MSG, MessageFormat.format("Session invalid: {0}: {1}", e2.getClass().getName(), message));
            return Response.serverError().entity(new Gson().toJson((JsonElement) jsonObject2)).build();
        }
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Path("challenge")
    public Response initiateChallenge(String str) {
        JsonObject asJsonObject = new JsonParser().parse(str).getAsJsonObject();
        RestfulStrolchComponent.getInstance().getSessionHandler().initiateChallengeFor(Usage.byValue(asJsonObject.get(XmlConstants.XML_ATTR_USAGE).getAsString()), asJsonObject.get(XmlConstants.XML_ATTR_USERNAME).getAsString());
        return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @Path("challenge")
    @PUT
    public Response validateChallenge(@Context HttpServletRequest httpServletRequest, String str) {
        JsonObject asJsonObject = new JsonParser().parse(str).getAsJsonObject();
        Certificate validateChallenge = RestfulStrolchComponent.getInstance().getSessionHandler().validateChallenge(asJsonObject.get(XmlConstants.XML_ATTR_USERNAME).getAsString(), asJsonObject.get("challenge").getAsString());
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(XmlConstants.XML_ATTR_AUTH_TOKEN, validateChallenge.getAuthToken());
        boolean isSecureCookie = RestfulStrolchComponent.getInstance().isSecureCookie();
        if (isSecureCookie && !httpServletRequest.getScheme().equals("https")) {
            logger.warn("Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!");
        }
        return Response.ok().entity(jsonObject.toString()).header(HttpHeaders.AUTHORIZATION, validateChallenge.getAuthToken()).cookie(new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, validateChallenge.getAuthToken(), "/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1L), isSecureCookie)).build();
    }
}
