package com.orientechnologies.orient.server.network.protocol.http.command.post;

import com.orientechnologies.common.concur.lock.OLockException;
import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.exception.OSecurityAccessException;
import com.orientechnologies.orient.core.metadata.security.OSecurityUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.server.OTokenHandler;
import com.orientechnologies.orient.server.network.protocol.http.OHttpRequest;
import com.orientechnologies.orient.server.network.protocol.http.OHttpResponse;
import com.orientechnologies.orient.server.network.protocol.http.OHttpUtils;
import com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAbstract;
import com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAuthProxy;
import java.io.IOException;
import java.util.Locale;
import java.util.Map;

/* loaded from: input_file:com/orientechnologies/orient/server/network/protocol/http/command/post/OServerCommandPostAuthToken.class */
public class OServerCommandPostAuthToken extends OServerCommandAbstract {
    private static final String[] NAMES = {"POST|token/*"};
    private static final String RESPONSE_FORMAT = "indent:-1,attribSameRow";
    private volatile OTokenHandler tokenHandler;

    @Override // com.orientechnologies.orient.server.network.protocol.http.command.OServerCommand
    public String[] getNames() {
        return NAMES;
    }

    private void init() {
        if (this.tokenHandler == null && this.server.getContextConfiguration().getValueAsBoolean(OGlobalConfiguration.NETWORK_HTTP_USE_TOKEN)) {
            this.tokenHandler = this.server.getTokenHandler();
        }
    }

    @Override // com.orientechnologies.orient.server.network.protocol.http.command.OServerCommand
    public boolean execute(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws Exception {
        init();
        oHttpRequest.setDatabaseName(checkSyntax(oHttpRequest.getUrl(), 2, "Syntax error: token/<database>")[1]);
        oHttpRequest.getData().commandInfo = "Generate authentication token";
        Map<String, String> urlEncodedContent = oHttpRequest.getUrlEncodedContent();
        if (urlEncodedContent == null) {
            sendError(oHttpRequest, oHttpResponse, new ODocument().field("error", "missing_auth_data"));
            return false;
        }
        String str = "";
        String lowerCase = urlEncodedContent.get("grant_type").toLowerCase(Locale.ENGLISH);
        String str2 = urlEncodedContent.get(OServerCommandAuthProxy.USERNAME_CONF);
        String str3 = urlEncodedContent.get("password");
        if (!lowerCase.equals("password")) {
            sendError(oHttpRequest, oHttpResponse, new ODocument().field("error", "unsupported_grant_type"));
            return false;
        }
        if (authenticate(str2, str3, oHttpRequest.getDatabaseName()) == null) {
            sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.getDatabaseName());
            return false;
        }
        if (this.tokenHandler == null) {
            sendError(oHttpRequest, oHttpResponse, new ODocument().field("error", "unsupported_grant_type"));
            return false;
        }
        ODatabaseDocument oDatabaseDocument = null;
        try {
            try {
                oDatabaseDocument = this.server.openDatabase(oHttpRequest.getDatabaseName(), str2, str3);
                OSecurityUser user = oDatabaseDocument.getUser();
                if (user != null) {
                    str = new String(this.tokenHandler.getSignedWebToken(oDatabaseDocument, user));
                }
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            } catch (OSecurityAccessException e) {
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            } catch (OLockException e2) {
                OLogManager.instance().error(this, "Cannot access to the database '" + oHttpRequest.getDatabaseName() + "'", e2, new Object[0]);
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            }
            oHttpResponse.writeRecord(new ODocument().field("access_token", str).field("expires_in", 3600), RESPONSE_FORMAT, null);
            return false;
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            throw th;
        }
    }

    protected String authenticate(String str, String str2, String str3) throws IOException {
        ODatabaseDocument oDatabaseDocument = null;
        String str4 = null;
        try {
            try {
                oDatabaseDocument = this.server.openDatabase(str3, str, str2);
                str4 = oDatabaseDocument.getUser() == null ? "<server user>" : oDatabaseDocument.getUser().getDocument().getIdentity().toString();
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            } catch (OLockException e) {
                OLogManager.instance().error(this, "Cannot access to the database '" + str3 + "'", e, new Object[0]);
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            } catch (OSecurityAccessException e2) {
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
            }
            return str4;
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            throw th;
        }
    }

    protected void sendError(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse, ODocument oDocument) throws IOException {
        oHttpResponse.send(OHttpUtils.STATUS_BADREQ_CODE, OHttpUtils.STATUS_BADREQ_DESCRIPTION, OHttpUtils.CONTENT_JSON, oDocument.toJSON(), null);
    }

    protected void sendAuthorizationRequest(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse, String str) throws IOException {
        String str2 = null;
        String header = oHttpRequest.getHeader("X-Requested-With");
        if (header == null || !header.equals("XMLHttpRequest")) {
            str2 = this.server.getSecurity().getAuthenticationHeader(str);
            this.server.getSecurity().getAuthenticationHeaders(str).entrySet().forEach(entry -> {
                oHttpResponse.addHeader((String) entry.getKey(), (String) entry.getValue());
            });
        }
        if (isJsonResponse(oHttpResponse)) {
            sendJsonError(oHttpResponse, OHttpUtils.STATUS_BADREQ_CODE, OHttpUtils.STATUS_BADREQ_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", str2);
        } else {
            oHttpResponse.send(OHttpUtils.STATUS_AUTH_CODE, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", str2);
        }
    }
}
