package org.wso2.carbon.apimgt.rest.api.authenticator;

import com.google.gson.JsonObject;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.core.api.IdentityProvider;
import org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.ExceptionCodes;
import org.wso2.carbon.apimgt.core.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.core.models.AccessTokenInfo;
import org.wso2.carbon.apimgt.rest.api.authenticator.constants.AuthenticatorConstants;
import org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO;
import org.wso2.carbon.apimgt.rest.api.authenticator.factories.AuthenticatorAPIFactory;
import org.wso2.carbon.apimgt.rest.api.authenticator.utils.AuthUtil;
import org.wso2.carbon.apimgt.rest.api.authenticator.utils.bean.AuthResponseBean;
import org.wso2.msf4j.Microservice;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.formparam.FormDataParam;

@Path("/login")
@Component(name = "org.wso2.carbon.apimgt.rest.api.authenticator.AuthenticatorAPI", service = {Microservice.class}, immediate = true)
/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/authenticator/AuthenticatorAPI.class */
public class AuthenticatorAPI implements Microservice {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatorAPI.class);

    @Path("/token/{appName}")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @OPTIONS
    @POST
    @Produces({"application/json"})
    public Response authenticate(@Context Request request, @PathParam("appName") String str, @FormDataParam("username") String str2, @FormDataParam("password") String str3, @FormDataParam("assertion") String str4, @FormDataParam("grant_type") String str5, @FormDataParam("validity_period") String str6, @FormDataParam("remember_me") boolean z, @FormDataParam("scopes") String str7) {
        try {
            AuthenticatorService service = AuthenticatorAPIFactory.getInstance().getService();
            IdentityProvider identityProvider = APIManagerFactory.getInstance().getIdentityProvider();
            HashMap hashMap = new HashMap();
            String str8 = null;
            String applicationScopes = service.getApplicationScopes(str);
            if (AuthenticatorConstants.REFRESH_GRANT.equals(str5)) {
                str8 = AuthUtil.extractTokenFromHeaders(request, AuthenticatorConstants.REFRESH_TOKEN_2, APIMConfigurationService.getInstance().getEnvironmentConfigurations().getEnvironmentLabel());
                if (str8 == null) {
                    ErrorDTO errorDTO = new ErrorDTO();
                    errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
                    errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
                    return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
                }
            }
            Map<String, String> contextPaths = AuthUtil.getContextPaths(str);
            AccessTokenInfo tokens = service.getTokens(str, str5, str2, str3, str8, Long.parseLong(str6), null, str4, identityProvider, applicationScopes);
            AuthResponseBean responseBeanFromTokenInfo = service.getResponseBeanFromTokenInfo(tokens);
            service.setupAccessTokenParts(hashMap, responseBeanFromTokenInfo, tokens.getAccessToken(), contextPaths, false);
            String refreshToken = tokens.getRefreshToken();
            if (refreshToken == null || !(AuthenticatorConstants.REFRESH_GRANT.equals(str5) || (AuthenticatorConstants.PASSWORD_GRANT.equals(str5) && z))) {
                return Response.ok(responseBeanFromTokenInfo, "application/json").cookie(new NewCookie[]{hashMap.get(AuthenticatorConstants.Context.REST_API_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT)}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
            }
            service.setupRefreshTokenParts(hashMap, refreshToken, contextPaths);
            return Response.ok(responseBeanFromTokenInfo, "application/json").cookie(new NewCookie[]{hashMap.get(AuthenticatorConstants.Context.REST_API_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT), hashMap.get(AuthenticatorConstants.Context.APP_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGIN_CONTEXT)}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }

    @Path("/signup/{appName}")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @OPTIONS
    @POST
    @Produces({"application/json"})
    public Response authenticateSignUp(@Context Request request, @PathParam("appName") String str, @FormDataParam("grant_type") String str2, @FormDataParam("validity_period") String str3) {
        try {
            AuthenticatorService service = AuthenticatorAPIFactory.getInstance().getService();
            IdentityProvider identityProvider = APIManagerFactory.getInstance().getIdentityProvider();
            HashMap hashMap = new HashMap();
            Map<String, String> contextPaths = AuthUtil.getContextPaths(str);
            AccessTokenInfo tokens = service.getTokens(str, str2, null, null, null, Long.parseLong(str3), null, null, identityProvider, "apim:self-signup");
            AuthResponseBean responseBeanFromTokenInfo = service.getResponseBeanFromTokenInfo(tokens);
            service.setupAccessTokenParts(hashMap, responseBeanFromTokenInfo, tokens.getAccessToken(), contextPaths, false);
            return Response.ok(responseBeanFromTokenInfo, "application/json").cookie(new NewCookie[]{hashMap.get(AuthenticatorConstants.Context.REST_API_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT)}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
        }
    }

    @Path("/logout/{appName}")
    @OPTIONS
    @POST
    @Produces({"application/json"})
    public Response logout(@Context Request request, @PathParam("appName") String str) {
        Map<String, String> contextPaths = AuthUtil.getContextPaths(str);
        String environmentLabel = APIMConfigurationService.getInstance().getEnvironmentConfigurations().getEnvironmentLabel();
        String extractTokenFromHeaders = AuthUtil.extractTokenFromHeaders(request, AuthenticatorConstants.ACCESS_TOKEN_2, environmentLabel);
        if (extractTokenFromHeaders == null) {
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
            errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
        }
        try {
            AuthenticatorAPIFactory.getInstance().getService().revokeAccessToken(str, extractTokenFromHeaders);
            return Response.ok().cookie(new NewCookie[]{AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, "", contextPaths.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT), true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME, environmentLabel), AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", "", contextPaths.get(AuthenticatorConstants.Context.REST_API_CONTEXT), true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME, environmentLabel), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_1, "", contextPaths.get(AuthenticatorConstants.Context.APP_CONTEXT), true, false, AuthenticatorConstants.COOKIE_EXPIRE_TIME, environmentLabel), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_2, "", contextPaths.get(AuthenticatorConstants.Context.APP_CONTEXT), true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME, environmentLabel)}).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }

    @GET
    @Path("/login/{appName}")
    @OPTIONS
    @Produces({"application/json"})
    public Response redirect(@Context Request request, @PathParam("appName") String str) {
        try {
            JsonObject authenticationConfigurations = AuthenticatorAPIFactory.getInstance().getService().getAuthenticationConfigurations(str);
            return authenticationConfigurations.size() == 0 ? Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Error while creating the OAuth application!").build() : Response.status(Response.Status.OK).entity(authenticationConfigurations).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
        }
    }

    @GET
    @Path("/callback/{appName}")
    @OPTIONS
    @Produces({"application/json"})
    public Response callback(@Context Request request, @PathParam("appName") String str, @QueryParam("code") String str2) {
        try {
            AuthenticatorService service = AuthenticatorAPIFactory.getInstance().getService();
            HashMap hashMap = new HashMap();
            Map<String, String> contextPaths = AuthUtil.getContextPaths(str);
            AccessTokenInfo tokens = service.getTokens(str, "authorization_code", null, null, null, 0L, str2, null, null, service.getApplicationScopes(str));
            AuthResponseBean responseBeanFromTokenInfo = service.getResponseBeanFromTokenInfo(tokens);
            service.setupAccessTokenParts(hashMap, responseBeanFromTokenInfo, tokens.getAccessToken(), contextPaths, true);
            log.debug("Set cookies for {} application.", str);
            return (AuthenticatorConstants.PUBLISHER_APPLICATION.equals(str) || AuthenticatorConstants.STORE_APPLICATION.equals(str)) ? Response.status(Response.Status.FOUND).header("Location", service.getUIServiceRedirectionURI(str, responseBeanFromTokenInfo)).cookie(new NewCookie[]{hashMap.get(AuthenticatorConstants.Context.REST_API_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT)}).build() : Response.status(Response.Status.FOUND).header("Location", service.getUIServiceRedirectionURI(str, null)).entity(responseBeanFromTokenInfo).cookie(new NewCookie[]{hashMap.get(AuthenticatorConstants.Context.REST_API_CONTEXT), hashMap.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT), hashMap.get(AuthenticatorConstants.AUTH_USER)}).build();
        } catch (UnsupportedEncodingException e) {
            log.error(e.getMessage(), e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        } catch (URISyntaxException e2) {
            log.error(e2.getMessage(), e2);
            return Response.status(e2.getIndex()).build();
        } catch (APIManagementException e3) {
            ErrorDTO errorDTO = AuthUtil.getErrorDTO(e3.getErrorHandler(), null);
            log.error(e3.getMessage(), e3);
            return Response.status(e3.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
        }
    }
}
