package org.wso2.carbon.apimgt.authenticator;

import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.authenticator.constants.AuthenticatorConstants;
import org.wso2.carbon.apimgt.authenticator.dto.ErrorDTO;
import org.wso2.carbon.apimgt.authenticator.utils.AuthUtil;
import org.wso2.carbon.apimgt.authenticator.utils.bean.AuthResponseBean;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.ExceptionCodes;
import org.wso2.msf4j.Microservice;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.formparam.FormDataParam;

@Path("/oauth")
/* loaded from: input_file:org/wso2/carbon/apimgt/authenticator/AuthenticatorAPI.class */
public class AuthenticatorAPI implements Microservice {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatorAPI.class);

    @Path("/token")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @POST
    @Produces({"application/json"})
    public Response authenticate(@Context Request request, @FormDataParam("username") String str, @FormDataParam("password") String str2, @FormDataParam("grant_type") String str3, @FormDataParam("validity_period") String str4, @FormDataParam("remember_me") boolean z, @FormDataParam("scopes") String str5) {
        try {
            LoginTokenService loginTokenService = new LoginTokenService();
            AuthResponseBean authResponseBean = new AuthResponseBean();
            String appContext = AuthUtil.getAppContext(request);
            String str6 = appContext.contains("editor") ? "/api/am/publisher" : AuthenticatorConstants.REST_CONTEXT + appContext;
            String str7 = null;
            if (AuthenticatorConstants.REFRESH_GRANT.equals(str3)) {
                str7 = AuthUtil.extractTokenFromHeaders(request.getHeaders(), AuthenticatorConstants.REFRESH_TOKEN_2);
                if (str7 == null) {
                    ErrorDTO errorDTO = new ErrorDTO();
                    errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
                    errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
                    return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
                }
            }
            String tokens = loginTokenService.getTokens(authResponseBean, appContext.substring(1), str, str2, str3, str7, str5.split(" "), Long.parseLong(str4));
            String str8 = tokens.split(":")[0];
            String str9 = null;
            if (tokens.split(":").length > 1) {
                str9 = tokens.split(":")[1];
            }
            String substring = str8.substring(0, str8.length() / 2);
            String substring2 = str8.substring(str8.length() / 2);
            NewCookie cookieBuilder = AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_1, substring, appContext, true, false, "");
            NewCookie cookieBuilder2 = AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, substring2, appContext, true, true, "");
            NewCookie cookieBuilder3 = AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", substring2, str6, true, true, "");
            if (str9 == null || !(AuthenticatorConstants.REFRESH_GRANT.equals(str3) || (AuthenticatorConstants.PASSWORD_GRANT.equals(str3) && z))) {
                return Response.ok(authResponseBean, "application/json").cookie(new NewCookie[]{cookieBuilder, cookieBuilder2, cookieBuilder3}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
            }
            return Response.ok(authResponseBean, "application/json").cookie(new NewCookie[]{cookieBuilder, cookieBuilder2, cookieBuilder3, AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_1, str9.substring(0, str9.length() / 2), appContext, true, false, ""), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_2, str9.substring(str9.length() / 2), appContext, true, true, "")}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }

    @POST
    @Produces({"application/json"})
    @Path("/revoke")
    public Response logout(@Context Request request) {
        String appContext = AuthUtil.getAppContext(request);
        String str = appContext.contains("editor") ? "/api/am/publisher" : AuthenticatorConstants.REST_CONTEXT + appContext;
        String extractTokenFromHeaders = AuthUtil.extractTokenFromHeaders(request.getHeaders(), AuthenticatorConstants.ACCESS_TOKEN_2);
        if (extractTokenFromHeaders == null) {
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
            errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
        }
        try {
            new LoginTokenService().revokeAccessToken(appContext.substring(1), extractTokenFromHeaders);
            return Response.ok().cookie(new NewCookie[]{AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, "", appContext, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", "", str, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_1, "", appContext, true, false, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_2, "", appContext, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME)}).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }
}
