package com.mobi.jaas.rest;

import com.mobi.jaas.api.config.MobiConfiguration;
import com.mobi.jaas.api.engines.EngineManager;
import com.mobi.jaas.api.ontologies.usermanagement.Role;
import com.mobi.jaas.api.ontologies.usermanagement.User;
import com.mobi.jaas.api.principals.UserPrincipal;
import com.mobi.jaas.api.token.TokenManager;
import com.mobi.rdf.api.Literal;
import com.mobi.rest.util.ErrorUtils;
import com.mobi.rest.util.MobiWebException;
import com.mobi.rest.util.RestUtils;
import com.mobi.web.security.util.RestSecurityUtils;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.SignedJWT;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.security.Principal;
import java.text.ParseException;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.StringTokenizer;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api("/session")
@Path("/session")
@Component(service = {AuthRest.class}, immediate = true)
/* loaded from: input_file:com/mobi/jaas/rest/AuthRest.class */
public class AuthRest {
    static final String REQUIRED_ROLE = "user";
    private final Logger log = LoggerFactory.getLogger(getClass().getName());
    private EngineManager engineManager;
    private MobiConfiguration configuration;
    private TokenManager tokenManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mobi/jaas/rest/AuthRest$UserCredentials.class */
    public static class UserCredentials {
        private String username;
        private String password;

        UserCredentials(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public String getPassword() {
            return this.password;
        }

        public String getUsername() {
            return this.username;
        }
    }

    @Reference
    void setEngineManager(EngineManager engineManager) {
        this.engineManager = engineManager;
    }

    @Reference
    void setConfiguration(MobiConfiguration mobiConfiguration) {
        this.configuration = mobiConfiguration;
    }

    @Reference
    void setTokenManager(TokenManager tokenManager) {
        this.tokenManager = tokenManager;
    }

    @GET
    @Produces({"text/plain"})
    @ApiOperation("Gets the current user token")
    public Response getCurrentUser(@Context ContainerRequestContext containerRequestContext) {
        Optional optActiveUsername = RestUtils.optActiveUsername(containerRequestContext);
        if (optActiveUsername.isPresent()) {
            this.log.debug("Found username in request headers");
            return Response.ok(optActiveUsername.get()).build();
        }
        this.log.debug("No username found in request headers. Generating unauthenticated token.");
        return createResponse(this.tokenManager.generateUnauthToken(), null);
    }

    @POST
    @Produces({"text/plain"})
    @ApiOperation("Logs in into Mobi creating a new token")
    public Response login(@Context ContainerRequestContext containerRequestContext, @QueryParam("username") String str, @QueryParam("password") String str2) {
        Optional<UserCredentials> processFormAuth = processFormAuth(str, str2);
        if (!processFormAuth.isPresent()) {
            this.log.debug("Could not find creds from Form Auth. Trying BASIC Auth...");
            processFormAuth = processBasicAuth(containerRequestContext);
            if (!processFormAuth.isPresent()) {
                this.log.debug("Could not find creds from BASIC Auth.");
                return Response.status(Response.Status.UNAUTHORIZED).build();
            }
        }
        UserCredentials userCredentials = processFormAuth.get();
        this.log.debug("Attempting to login in as " + str);
        if (!authenticated(userCredentials.getUsername(), userCredentials.getPassword())) {
            this.log.debug("Authentication failed.");
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        SignedJWT generateAuthToken = this.tokenManager.generateAuthToken(((Literal) ((User) this.engineManager.retrieveUser(userCredentials.getUsername()).orElseThrow(() -> {
            return new IllegalStateException("User " + userCredentials.getUsername() + " not found and should be present");
        })).getUsername().orElseThrow(() -> {
            return new IllegalStateException("User must have username");
        })).stringValue());
        this.log.debug("Authentication successful.");
        return createResponse(generateAuthToken, userCredentials.getUsername());
    }

    @Produces({"text/plain"})
    @DELETE
    @ApiOperation("Logs out of Mobi by setting unauth token")
    public Response logout() {
        this.log.debug("Requested logout. Generating unauthenticated token.");
        return createResponse(this.tokenManager.generateUnauthToken(), null);
    }

    private Response createResponse(SignedJWT signedJWT, String str) {
        this.log.debug("Setting token in response.");
        return (str != null ? Response.ok(str) : Response.ok()).cookie(new NewCookie[]{this.tokenManager.createSecureTokenNewCookie(signedJWT)}).build();
    }

    private boolean authenticated(String str, String str2) {
        return doAuthenticate(str, str2).isPresent();
    }

    private Optional<UserCredentials> processBasicAuth(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null) {
            this.log.debug("No authorization header.");
            return Optional.empty();
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new String(Base64.decodeBase64(headerString.replaceAll("Basic ", "").getBytes())), ":");
        if (stringTokenizer.countTokens() >= 2) {
            return Optional.of(new UserCredentials(stringTokenizer.nextToken(), stringTokenizer.nextToken()));
        }
        this.log.debug("Missing authorization information.");
        return Optional.empty();
    }

    private Optional<UserCredentials> processFormAuth(String str, String str2) {
        return (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) ? Optional.of(new UserCredentials(str, str2)) : Optional.empty();
    }

    private Optional<Subject> doAuthenticate(String str, String str2) {
        Subject subject = new Subject();
        if (!RestSecurityUtils.authenticateUser("mobi", subject, str, str2, this.configuration)) {
            return Optional.empty();
        }
        this.log.debug("Authentication successful, retrieving UserPrincipals");
        List list = (List) subject.getPrincipals().stream().filter(principal -> {
            return principal instanceof UserPrincipal;
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            this.log.debug("No UserPrincipals found");
            return Optional.empty();
        }
        boolean z = false;
        Iterator it = this.engineManager.getUserRoles(((Principal) list.get(0)).getName()).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((Role) it.next()).getResource().stringValue().contains(REQUIRED_ROLE)) {
                z = true;
                break;
            }
        }
        if (z) {
            this.log.debug("User has required role");
            return Optional.of(subject);
        }
        this.log.debug("User does not have the required role user");
        return Optional.empty();
    }

    private MobiWebException handleIOError(IOException iOException) {
        return handleError("Problem Creating JWT Token", iOException);
    }

    private MobiWebException handleJOSEError(JOSEException jOSEException) {
        return handleError("Problem Creating or Verifying JWT Token", jOSEException);
    }

    private MobiWebException handleParseError(ParseException parseException) {
        return handleError("Problem Parsing JWT Token", parseException);
    }

    private MobiWebException handleError(String str, Exception exc) {
        this.log.error(str, exc);
        return ErrorUtils.sendError(str, Response.Status.INTERNAL_SERVER_ERROR);
    }
}
