package org.openmetadata.service.security.saml;

import java.io.BufferedReader;
import java.io.IOException;
import java.time.Instant;
import java.util.UUID;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Response;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.TokenInterface;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.RefreshToken;
import org.openmetadata.schema.auth.ServiceTokenType;
import org.openmetadata.schema.auth.TokenRefreshRequest;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.service.Entity;
import org.openmetadata.service.auth.JwtResponse;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.exception.CustomExceptionMessage;
import org.openmetadata.service.jdbi3.TokenRepository;
import org.openmetadata.service.jdbi3.UserRepository;
import org.openmetadata.service.security.AuthenticationCodeFlowHandler;
import org.openmetadata.service.security.JwtFilter;
import org.openmetadata.service.security.SecurityUtil;
import org.openmetadata.service.security.jwt.JWTTokenGenerator;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.TokenUtil;
import org.openmetadata.service.util.UserUtil;
import org.pac4j.core.exception.TechnicalException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/api/v1/saml/refresh"})
/* loaded from: input_file:org/openmetadata/service/security/saml/SamlTokenRefreshServlet.class */
public class SamlTokenRefreshServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenRefreshServlet.class);
    private final TokenRepository tokenRepository = Entity.getTokenRepository();

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            TokenRefreshRequest tokenRefreshRequest = getTokenRefreshRequest(httpServletRequest);
            if (CommonUtil.nullOrEmpty(tokenRefreshRequest.getRefreshToken())) {
                throw new BadRequestException("Token Cannot be Null or Empty String");
            }
            TokenInterface findByToken = this.tokenRepository.findByToken(tokenRefreshRequest.getRefreshToken());
            UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
            User user = userRepository.get(null, findByToken.getUserId(), userRepository.getFieldsWithUserAuth("*"));
            if (user.getIsBot() != null && user.getIsBot().booleanValue()) {
                throw new IllegalArgumentException("User are only allowed to refresh");
            }
            RefreshToken validateAndReturnNewRefresh = validateAndReturnNewRefresh(user.getId(), tokenRefreshRequest);
            JWTAuthMechanism generateJWTToken = JWTTokenGenerator.getInstance().generateJWTToken(user.getName(), UserUtil.getRoleListFromUser(user), !CommonUtil.nullOrEmpty(user.getIsAdmin()) && user.getIsAdmin().booleanValue(), user.getEmail(), 3600L, false, ServiceTokenType.OM_USER);
            JwtResponse jwtResponse = new JwtResponse();
            jwtResponse.setTokenType(JwtFilter.TOKEN_PREFIX);
            jwtResponse.setAccessToken(generateJWTToken.getJWTToken());
            jwtResponse.setRefreshToken(validateAndReturnNewRefresh.getToken().toString());
            jwtResponse.setExpiryDuration(generateJWTToken.getJWTTokenExpiresAt());
            SecurityUtil.writeJsonResponse(httpServletResponse, JsonUtils.pojoToJson(jwtResponse));
        } catch (Exception e) {
            AuthenticationCodeFlowHandler.getErrorMessage(httpServletResponse, new TechnicalException(e));
        }
    }

    private TokenRefreshRequest getTokenRefreshRequest(HttpServletRequest httpServletRequest) throws IOException {
        StringBuilder sb = new StringBuilder();
        BufferedReader reader = httpServletRequest.getReader();
        while (true) {
            String readLine = reader.readLine();
            if (readLine == null) {
                return (TokenRefreshRequest) JsonUtils.readValue(sb.toString(), TokenRefreshRequest.class);
            }
            sb.append(readLine);
        }
    }

    public RefreshToken validateAndReturnNewRefresh(UUID uuid, TokenRefreshRequest tokenRefreshRequest) {
        String refreshToken = tokenRefreshRequest.getRefreshToken();
        RefreshToken findByToken = this.tokenRepository.findByToken(refreshToken);
        if (findByToken.getExpiryDate().compareTo(Long.valueOf(Instant.now().toEpochMilli())) < 0) {
            throw new CustomExceptionMessage(Response.Status.BAD_REQUEST, CatalogExceptionMessage.PASSWORD_RESET_TOKEN_EXPIRED, "Expired token. Please login again : " + findByToken.getToken().toString());
        }
        this.tokenRepository.deleteToken(refreshToken);
        TokenInterface refreshToken2 = TokenUtil.getRefreshToken(uuid, UUID.randomUUID());
        this.tokenRepository.insertToken(refreshToken2);
        return refreshToken2;
    }
}
