package org.neo4j.server.rest.dbms;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.logging.ConsoleLogger;
import org.neo4j.server.configuration.ServerSettings;
import org.neo4j.server.rest.repr.AuthorizationRepresentation;
import org.neo4j.server.rest.repr.BadInputException;
import org.neo4j.server.rest.repr.ExceptionRepresentation;
import org.neo4j.server.rest.repr.InputFormat;
import org.neo4j.server.rest.repr.OutputFormat;
import org.neo4j.server.rest.repr.Representation;
import org.neo4j.server.rest.transactional.error.Neo4jError;
import org.neo4j.server.rest.web.CustomStatusType;
import org.neo4j.server.security.auth.SecurityCentral;
import org.neo4j.server.security.auth.User;
import org.neo4j.server.security.auth.exception.TooManyAuthenticationAttemptsException;

@Path(AuthenticationService.AUTHENTICATION_PATH)
/* loaded from: input_file:org/neo4j/server/rest/dbms/AuthenticationService.class */
public class AuthenticationService {
    public static final String AUTHENTICATION_PATH = "/authentication";
    private final SecurityCentral security;
    private final InputFormat input;
    private final OutputFormat output;
    private final ConsoleLogger log;
    private final boolean authEnabled;

    public AuthenticationService(@Context SecurityCentral securityCentral, @Context InputFormat inputFormat, @Context Config config, @Context OutputFormat outputFormat, @Context ConsoleLogger consoleLogger) {
        this.security = securityCentral;
        this.input = inputFormat;
        this.output = outputFormat;
        this.log = consoleLogger;
        this.authEnabled = ((Boolean) config.get(ServerSettings.authorization_enabled)).booleanValue();
    }

    @POST
    public Response authenticate(@Context HttpServletRequest httpServletRequest, String str) {
        try {
            Map<String, Object> readMap = this.input.readMap(str, new String[0]);
            String string = getString(readMap, UserService.USERNAME);
            if (this.security.authenticate(string, getString(readMap, UserService.PASSWORD))) {
                return this.output.ok(new AuthorizationRepresentation(this.security.userForName(string)));
            }
            this.log.warn("Failed authentication attempt for '%s' from %s", new Object[]{string, httpServletRequest.getRemoteAddr()});
            return this.output.response(CustomStatusType.UNPROCESSABLE, (Representation) new ExceptionRepresentation(new Neo4jError((Status) Status.Security.AuthenticationFailed, "Invalid username and/or password.")));
        } catch (TooManyAuthenticationAttemptsException e) {
            return this.output.response(CustomStatusType.TOO_MANY, (Representation) new ExceptionRepresentation(new Neo4jError(e.status(), e)));
        } catch (BadInputException e2) {
            return this.output.badRequestWithoutLegacyStacktrace(e2);
        } catch (IllegalArgumentException e3) {
            return this.output.response(CustomStatusType.UNPROCESSABLE, (Representation) new ExceptionRepresentation(new Neo4jError((Status) Status.Request.Invalid, e3.getMessage())));
        }
    }

    @GET
    public Response metadata(@HeaderParam("Authorization") String str) {
        if (!this.authEnabled) {
            return this.output.ok();
        }
        if (str == null) {
            return this.output.unauthorized(new ExceptionRepresentation(new Neo4jError((Status) Status.Security.AuthorizationFailed, "No authorization token supplied.")), "None");
        }
        String extractToken = AuthenticateHeaders.extractToken(str);
        if (extractToken.length() == 0) {
            return this.output.response((Response.StatusType) Response.Status.BAD_REQUEST, (Representation) new ExceptionRepresentation(new Neo4jError((Status) Status.Request.InvalidFormat, "Invalid Authorization header.")));
        }
        User userForToken = this.security.userForToken(extractToken);
        return userForToken.privileges().APIAccess() ? this.output.ok(new AuthorizationRepresentation(userForToken)) : this.output.unauthorized(new ExceptionRepresentation(new Neo4jError((Status) Status.Security.AuthorizationFailed, "Invalid authorization token supplied.")), "None");
    }

    private String getString(Map<String, Object> map, String str) throws IllegalArgumentException {
        Object obj = map.get(str);
        if (obj == null) {
            throw new IllegalArgumentException(String.format("Required parameter '%s' is missing.", str));
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        throw new IllegalArgumentException(String.format("Expected '%s' to be a string.", str));
    }
}
