package org.wso2.carbon.apimgt.rest.api.authenticator;

import com.google.gson.JsonObject;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService;
import org.wso2.carbon.apimgt.core.dao.impl.DAOFactory;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.ExceptionCodes;
import org.wso2.carbon.apimgt.core.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.core.models.AccessTokenInfo;
import org.wso2.carbon.apimgt.rest.api.authenticator.constants.AuthenticatorConstants;
import org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO;
import org.wso2.carbon.apimgt.rest.api.authenticator.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.rest.api.authenticator.utils.AuthUtil;
import org.wso2.carbon.apimgt.rest.api.authenticator.utils.bean.AuthResponseBean;
import org.wso2.msf4j.Microservice;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.formparam.FormDataParam;

@Path("/login")
@Component(name = "org.wso2.carbon.apimgt.rest.api.authenticator.AuthenticatorAPI", service = {Microservice.class}, immediate = true)
/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/authenticator/AuthenticatorAPI.class */
public class AuthenticatorAPI implements Microservice {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatorAPI.class);

    @Path("/token/{appName}")
    @Consumes({"application/x-www-form-urlencoded", "multipart/form-data"})
    @OPTIONS
    @POST
    @Produces({"application/json"})
    public Response authenticate(@Context Request request, @PathParam("appName") String str, @FormDataParam("username") String str2, @FormDataParam("password") String str3, @FormDataParam("grant_type") String str4, @FormDataParam("validity_period") String str5, @FormDataParam("remember_me") boolean z, @FormDataParam("scopes") String str6) {
        try {
            AuthenticatorService authenticatorService = new AuthenticatorService(APIManagerFactory.getInstance().getKeyManager(), DAOFactory.getSystemApplicationDao());
            AuthResponseBean authResponseBean = new AuthResponseBean();
            String str7 = AuthenticatorConstants.URL_PATH_SEPERATOR + str;
            String str8 = "/login/logout/" + str;
            String str9 = "/login/token/" + str;
            String str10 = (str7.contains(AuthenticatorConstants.EDITOR_APPLICATION) || request.getUri().contains(AuthenticatorConstants.PUBLISHER_APPLICATION)) ? "/api/am/publisher" : AuthenticatorConstants.REST_CONTEXT + str7;
            String str11 = null;
            if (AuthenticatorConstants.REFRESH_GRANT.equals(str4)) {
                str11 = AuthUtil.extractTokenFromHeaders(request, AuthenticatorConstants.REFRESH_TOKEN_2);
                if (str11 == null) {
                    ErrorDTO errorDTO = new ErrorDTO();
                    errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
                    errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
                    return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
                }
            }
            AccessTokenInfo tokens = authenticatorService.getTokens(str7.substring(1), str4, str2, str3, str11, Long.parseLong(str5), null);
            authenticatorService.setAccessTokenData(authResponseBean, tokens);
            String accessToken = tokens.getAccessToken();
            String refreshToken = tokens.getRefreshToken();
            String substring = accessToken.substring(0, accessToken.length() / 2);
            String substring2 = accessToken.substring(accessToken.length() / 2);
            authResponseBean.setPartialToken(substring);
            NewCookie cookieBuilder = AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, substring2, str8, true, true, "");
            NewCookie cookieBuilder2 = AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", substring2, str10, true, true, "");
            if (refreshToken == null || !(AuthenticatorConstants.REFRESH_GRANT.equals(str4) || (AuthenticatorConstants.PASSWORD_GRANT.equals(str4) && z))) {
                return Response.ok(authResponseBean, "application/json").cookie(new NewCookie[]{cookieBuilder, cookieBuilder2}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
            }
            return Response.ok(authResponseBean, "application/json").cookie(new NewCookie[]{cookieBuilder, cookieBuilder2, AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_1, refreshToken.substring(0, refreshToken.length() / 2), str7, true, false, ""), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_2, refreshToken.substring(refreshToken.length() / 2), str9, true, true, "")}).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) == null || !request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "" : "").build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }

    @Path("/logout/{appName}")
    @OPTIONS
    @POST
    @Produces({"application/json"})
    public Response logout(@Context Request request, @PathParam("appName") String str) {
        String str2 = AuthenticatorConstants.URL_PATH_SEPERATOR + str;
        String str3 = "/login/logout/" + str;
        String str4 = str2.contains(AuthenticatorConstants.EDITOR_APPLICATION) ? "/api/am/publisher" : AuthenticatorConstants.REST_CONTEXT + str2;
        String extractTokenFromHeaders = AuthUtil.extractTokenFromHeaders(request, AuthenticatorConstants.ACCESS_TOKEN_2);
        if (extractTokenFromHeaders == null) {
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
            errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
            return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
        }
        try {
            new AuthenticatorService(APIManagerFactory.getInstance().getKeyManager(), DAOFactory.getSystemApplicationDao()).revokeAccessToken(str2.substring(1), extractTokenFromHeaders);
            return Response.ok().cookie(new NewCookie[]{AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, "", str3, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", "", str4, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_1, "", str2, true, false, AuthenticatorConstants.COOKIE_EXPIRE_TIME), AuthUtil.cookieBuilder(AuthenticatorConstants.REFRESH_TOKEN_2, "", str2, true, true, AuthenticatorConstants.COOKIE_EXPIRE_TIME)}).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO2 = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO2).build();
        }
    }

    @GET
    @Path("/login/{appName}")
    @OPTIONS
    @Produces({"application/json"})
    public Response redirect(@Context Request request, @PathParam("appName") String str) {
        try {
            JsonObject authenticationConfigurations = new AuthenticatorService(APIManagerFactory.getInstance().getKeyManager(), DAOFactory.getSystemApplicationDao()).getAuthenticationConfigurations(str);
            return authenticationConfigurations.size() == 0 ? Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Error while creating the OAuth application!").build() : Response.status(Response.Status.OK).entity(authenticationConfigurations).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
        }
    }

    @GET
    @Path("/callback/{appName}")
    @OPTIONS
    @Produces({"application/json"})
    public Response callback(@Context Request request, @PathParam("appName") String str, @QueryParam("code") String str2) {
        String str3;
        String str4 = AuthenticatorConstants.URL_PATH_SEPERATOR + str;
        String str5 = "/login/logout/" + str;
        String str6 = (AuthenticatorConstants.EDITOR_APPLICATION.equals(str) || request.getUri().contains(AuthenticatorConstants.PUBLISHER_APPLICATION)) ? "/api/am/publisher" : AuthenticatorConstants.REST_CONTEXT + str4;
        AuthResponseBean authResponseBean = new AuthResponseBean();
        try {
            AuthenticatorService authenticatorService = new AuthenticatorService(APIManagerFactory.getInstance().getKeyManager(), DAOFactory.getSystemApplicationDao());
            AccessTokenInfo tokens = authenticatorService.getTokens(str, "authorization_code", null, null, null, 0L, str2);
            if (StringUtils.isEmpty(tokens.toString())) {
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Access token generation failed!").build();
            }
            authenticatorService.setAccessTokenData(authResponseBean, tokens);
            String accessToken = tokens.getAccessToken();
            if (log.isDebugEnabled()) {
                log.debug("Received access token for " + str + " application.");
            }
            String substring = accessToken.substring(0, accessToken.length() / 2);
            String substring2 = accessToken.substring(accessToken.length() / 2);
            authResponseBean.setPartialToken(substring);
            NewCookie cookieBuilder = AuthUtil.cookieBuilder(AuthenticatorConstants.ACCESS_TOKEN_2, substring2, str5, true, true, "");
            NewCookie cookieBuilder2 = AuthUtil.cookieBuilder("WSO2_AM_TOKEN_MSF4J", substring2, str6, true, true, "");
            NewCookie cookieBuilder3 = AuthUtil.cookieBuilder(AuthenticatorConstants.AUTH_USER, authResponseBean.getAuthUser(), str4, true, false, "");
            if (log.isDebugEnabled()) {
                log.debug("Set cookies for " + str + " application.");
            }
            String str7 = (String) APIMConfigurationService.getInstance().getApimConfigurations().getEnvironmentConfigurations().getAllowedHosts().get(0);
            if (StringUtils.isEmpty(str7)) {
                if (log.isDebugEnabled()) {
                    log.debug("The first string in the list 'wso2.carbon.apimgt:environmentConfigurations:allowedHosts' configuration is empty.");
                    log.debug("Read UI Service from 'wso2.carbon.apimgt.application:apimBaseUrl' configuration.");
                }
                str3 = ServiceReferenceHolder.getInstance().getAPIMAppConfiguration().getApimBaseUrl();
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("The first string in the list 'wso2.carbon.apimgt:environmentConfigurations:allowedHosts' configuration is not empty. value: " + str7);
                }
                str3 = "https://" + str7 + AuthenticatorConstants.URL_PATH_SEPERATOR;
                log.info("UI Service: {}", str3);
            }
            return (AuthenticatorConstants.PUBLISHER_APPLICATION.equals(str) || AuthenticatorConstants.STORE_APPLICATION.equals(str)) ? Response.status(Response.Status.FOUND).header("Location", new URI(str3 + str + "/login?user_name=" + URLEncoder.encode(authResponseBean.getAuthUser() + "&id_token=" + authResponseBean.getIdToken() + "&partial_token=" + authResponseBean.getPartialToken() + "&scopes=" + authResponseBean.getScopes() + "&validity_period=" + authResponseBean.getValidityPeriod(), "UTF-8").replaceAll("\\+", "%20").replaceAll("%26", "&").replaceAll("%3D", "="))).cookie(new NewCookie[]{cookieBuilder, cookieBuilder2}).build() : Response.status(Response.Status.FOUND).header("Location", new URI(str3 + str)).entity(authResponseBean).cookie(new NewCookie[]{cookieBuilder, cookieBuilder2, cookieBuilder3}).build();
        } catch (APIManagementException e) {
            ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
            log.error(e.getMessage(), e);
            return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
        } catch (UnsupportedEncodingException e2) {
            log.error(e2.getMessage(), e2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        } catch (URISyntaxException e3) {
            log.error(e3.getMessage(), e3);
            return Response.status(e3.getIndex()).build();
        }
    }
}
