package org.mitre.oauth2.web;

import java.security.Principal;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/mitre/oauth2/web/AccessTokenAPI.class */
public class AccessTokenAPI {

    @Autowired
    private OAuth2TokenEntityService tokenService;
    private static Logger logger = LoggerFactory.getLogger(AccessTokenAPI.class);

    @RequestMapping(value = {""}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getAll(ModelMap modelMap, Principal principal) {
        modelMap.put("entity", this.tokenService.getAllAccessTokensForUser(principal.getName()));
        return "jsonEntityView";
    }

    @RequestMapping(value = {"/{id}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    public String getById(@PathVariable("id") Long l, ModelMap modelMap, Principal principal) {
        OAuth2AccessTokenEntity accessTokenById = this.tokenService.getAccessTokenById(l);
        if (accessTokenById == null) {
            logger.error("getToken failed; token not found: " + l);
            modelMap.put("code", HttpStatus.NOT_FOUND);
            modelMap.put("errorMessage", "The requested token with id " + l + " could not be found.");
            return "jsonErrorView";
        }
        if (accessTokenById.getAuthenticationHolder().getAuthentication().getName().equals(principal.getName())) {
            modelMap.put("entity", accessTokenById);
            return "jsonEntityView";
        }
        logger.error("getToken failed; token does not belong to principal " + principal.getName());
        modelMap.put("code", HttpStatus.FORBIDDEN);
        modelMap.put("errorMessage", "You do not have permission to view this token");
        return "jsonErrorView";
    }
}
