package org.mitre.oauth2.web;

import java.security.Principal;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.view.TokenApiView;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/api/tokens"})
@Controller
@PreAuthorize("hasRole('ROLE_USER')")
/* loaded from: input_file:org/mitre/oauth2/web/TokenAPI.class */
public class TokenAPI {

    @Autowired
    private OAuth2TokenEntityService tokenService;

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private OIDCTokenService oidcTokenService;
    private static Logger logger = LoggerFactory.getLogger(TokenAPI.class);

    @RequestMapping(value = {"/access"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getAllAccessTokens(ModelMap modelMap, Principal principal) {
        modelMap.put("entity", this.tokenService.getAllAccessTokensForUser(principal.getName()));
        return TokenApiView.VIEWNAME;
    }

    @RequestMapping(value = {"/access/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getAccessTokenById(@PathVariable("id") Long l, ModelMap modelMap, Principal principal) {
        OAuth2AccessTokenEntity accessTokenById = this.tokenService.getAccessTokenById(l);
        if (accessTokenById == null) {
            logger.error("getToken failed; token not found: " + l);
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested token with id " + l + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        if (accessTokenById.getAuthenticationHolder().getAuthentication().getName().equals(principal.getName())) {
            modelMap.put("entity", accessTokenById);
            return TokenApiView.VIEWNAME;
        }
        logger.error("getToken failed; token does not belong to principal " + principal.getName());
        modelMap.put("code", HttpStatus.FORBIDDEN);
        modelMap.put("errorMessage", "You do not have permission to view this token");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/access/{id}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    public String deleteAccessTokenById(@PathVariable("id") Long l, ModelMap modelMap, Principal principal) {
        OAuth2AccessTokenEntity accessTokenById = this.tokenService.getAccessTokenById(l);
        if (accessTokenById == null) {
            logger.error("getToken failed; token not found: " + l);
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested token with id " + l + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        if (accessTokenById.getAuthenticationHolder().getAuthentication().getName().equals(principal.getName())) {
            this.tokenService.revokeAccessToken(accessTokenById);
            return HttpCodeView.VIEWNAME;
        }
        logger.error("getToken failed; token does not belong to principal " + principal.getName());
        modelMap.put("code", HttpStatus.FORBIDDEN);
        modelMap.put("errorMessage", "You do not have permission to view this token");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/client/{clientId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String getAccessTokensByClientId(@PathVariable("clientId") String str, ModelMap modelMap, Principal principal) {
        ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(str);
        if (loadClientByClientId != null) {
            modelMap.put("entity", this.tokenService.getAccessTokensForClient(loadClientByClientId));
            return TokenApiView.VIEWNAME;
        }
        modelMap.put("code", HttpStatus.NOT_FOUND);
        modelMap.put("errorMessage", "The requested client with id " + str + " could not be found.");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/registration/{clientId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String getRegistrationTokenByClientId(@PathVariable("clientId") String str, ModelMap modelMap, Principal principal) {
        ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(str);
        if (loadClientByClientId == null) {
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested client with id " + str + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        OAuth2AccessTokenEntity registrationAccessTokenForClient = this.tokenService.getRegistrationAccessTokenForClient(loadClientByClientId);
        if (registrationAccessTokenForClient != null) {
            modelMap.put("entity", registrationAccessTokenForClient);
            return TokenApiView.VIEWNAME;
        }
        modelMap.put("code", HttpStatus.NOT_FOUND);
        modelMap.put("errorMessage", "No registration token could be found.");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/registration/{clientId}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String str, ModelMap modelMap, Principal principal) {
        ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(str);
        if (loadClientByClientId == null) {
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested client with id " + str + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        OAuth2AccessTokenEntity saveAccessToken = this.tokenService.saveAccessToken(this.oidcTokenService.rotateRegistrationAccessTokenForClient(loadClientByClientId));
        if (saveAccessToken != null) {
            modelMap.put("entity", saveAccessToken);
            return TokenApiView.VIEWNAME;
        }
        modelMap.put("code", HttpStatus.NOT_FOUND);
        modelMap.put("errorMessage", "No registration token could be found.");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/refresh"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getAllRefreshTokens(ModelMap modelMap, Principal principal) {
        modelMap.put("entity", this.tokenService.getAllRefreshTokensForUser(principal.getName()));
        return TokenApiView.VIEWNAME;
    }

    @RequestMapping(value = {"/refresh/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getRefreshTokenById(@PathVariable("id") Long l, ModelMap modelMap, Principal principal) {
        OAuth2RefreshTokenEntity refreshTokenById = this.tokenService.getRefreshTokenById(l);
        if (refreshTokenById == null) {
            logger.error("refresh token not found: " + l);
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested token with id " + l + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        if (refreshTokenById.getAuthenticationHolder().getAuthentication().getName().equals(principal.getName())) {
            modelMap.put("entity", refreshTokenById);
            return TokenApiView.VIEWNAME;
        }
        logger.error("refresh token " + l + " does not belong to principal " + principal.getName());
        modelMap.put("code", HttpStatus.FORBIDDEN);
        modelMap.put("errorMessage", "You do not have permission to view this token");
        return JsonErrorView.VIEWNAME;
    }

    @RequestMapping(value = {"/refresh/{id}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    public String deleteRefreshTokenById(@PathVariable("id") Long l, ModelMap modelMap, Principal principal) {
        OAuth2RefreshTokenEntity refreshTokenById = this.tokenService.getRefreshTokenById(l);
        if (refreshTokenById == null) {
            logger.error("refresh token not found: " + l);
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested token with id " + l + " could not be found.");
            return JsonErrorView.VIEWNAME;
        }
        if (refreshTokenById.getAuthenticationHolder().getAuthentication().getName().equals(principal.getName())) {
            this.tokenService.revokeRefreshToken(refreshTokenById);
            return HttpCodeView.VIEWNAME;
        }
        logger.error("refresh token " + l + " does not belong to principal " + principal.getName());
        modelMap.put("code", HttpStatus.FORBIDDEN);
        modelMap.put("errorMessage", "You do not have permission to view this token");
        return JsonErrorView.VIEWNAME;
    }
}
