package org.jfrog.access.server.rest.resource.oauth;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.models.properties.StringProperty;
import java.security.Principal;
import java.util.List;
import java.util.stream.Collectors;
import javassist.compiler.TokenId;
import javax.annotation.Nonnull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.jfrog.access.common.AccessAuthz;
import org.jfrog.access.server.exception.TokenNotFoundException;
import org.jfrog.access.server.model.Token;
import org.jfrog.access.server.rest.RestConstants;
import org.jfrog.access.server.rest.exception.UnauthorizedRestException;
import org.jfrog.access.server.rest.model.ErrorsModel;
import org.jfrog.access.server.rest.model.MessageModel;
import org.jfrog.access.server.service.auth.AuthenticationService;
import org.jfrog.access.server.service.auth.AuthorizationService;
import org.jfrog.access.server.service.auth.model.AccessPrincipal;
import org.jfrog.access.server.service.token.CreatedSignedToken;
import org.jfrog.access.server.service.token.TokenService;
import org.jfrog.access.server.service.token.TokenSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Api("OAuth")
@Path("/v1/oauth")
@Component
/* loaded from: input_file:WEB-INF/lib/access-server-rest-2.0.1.jar:org/jfrog/access/server/rest/resource/oauth/OAuthResource.class */
public class OAuthResource {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuthResource.class);

    @Autowired
    private TokenService tokenService;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private AuthorizationService authorizationService;

    @Path(AccessAuthz.TOKEN)
    @POST
    @ApiResponses({@ApiResponse(code = 400, message = "Refresh token expired", response = TokenResponseErrorModel.class), @ApiResponse(code = TokenId.FloatConstant, message = "Refresh token not found", response = TokenResponseErrorModel.class)})
    @ApiImplicitParams({@ApiImplicitParam(name = "Authorization", paramType = "header", dataType = StringProperty.TYPE, defaultValue = "Bearer ACCESS-TOKEN")})
    @Consumes({"application/x-www-form-urlencoded", "application/json"})
    @ApiOperation(value = "Create or refresh an access token", response = TokenResponseModel.class)
    @Produces({RestConstants.APPLICATION_JSON_UTF_8})
    public Response handleToken(TokenRequestEntityModel tokenRequestEntityModel) {
        TokenResponseModel refreshToken;
        log.debug("handle token - grant_type: {}", tokenRequestEntityModel.getGrantTypeString());
        GrantType grantType = tokenRequestEntityModel.getGrantType();
        TokenSpec tokenSpec = tokenRequestEntityModel.toTokenSpec();
        switch (grantType) {
            case ClientCredentials:
                refreshToken = createToken(tokenSpec);
                break;
            case RefreshToken:
                refreshToken = refreshToken(tokenSpec, tokenRequestEntityModel.getRefreshToken());
                break;
            default:
                throw newGrantTypeNotSupportedException(tokenRequestEntityModel.getGrantTypeString());
        }
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoStore(true);
        cacheControl.setNoCache(true);
        return Response.ok(refreshToken).cacheControl(cacheControl).build();
    }

    private TokenResponseModel createToken(@Nonnull TokenSpec tokenSpec) {
        return createTokenModel(this.tokenService.createToken(tokenSpec));
    }

    private TokenResponseModel refreshToken(@Nonnull TokenSpec tokenSpec, @Nonnull String str) {
        return createTokenModel(this.tokenService.refreshToken(str, tokenSpec));
    }

    private TokenResponseModel createTokenModel(CreatedSignedToken createdSignedToken) {
        Long expiresIn = createdSignedToken.getTokenSpec().getExpiresIn();
        Long l = expiresIn.longValue() <= 0 ? null : expiresIn;
        TokenResponseModel tokenResponseModel = new TokenResponseModel();
        tokenResponseModel.setAccessToken(createdSignedToken.getAccessToken().getTokenValue());
        tokenResponseModel.setRefreshToken(createdSignedToken.getRefreshToken());
        tokenResponseModel.setExpiresIn(l);
        tokenResponseModel.setScope(createdSignedToken.getScope());
        tokenResponseModel.setTokenType("Bearer");
        return tokenResponseModel;
    }

    @ApiResponses({@ApiResponse(code = TokenId.FloatConstant, message = "Token not found")})
    @Path("token/{token_id}")
    @ApiImplicitParams({@ApiImplicitParam(name = "Authorization", paramType = "header", dataType = StringProperty.TYPE, defaultValue = "Bearer ACCESS-TOKEN")})
    @HEAD
    @ApiOperation("Check an access token exists")
    public Response tokenExists(@PathParam("token_id") String str) {
        return this.tokenService.tokenExists(str) ? Response.ok().build() : Response.status(TokenId.FloatConstant).build();
    }

    @ApiResponses({@ApiResponse(code = TokenId.FloatConstant, message = "Token not found", response = ErrorsModel.class)})
    @Path("token/{token_id}")
    @ApiImplicitParams({@ApiImplicitParam(name = "Authorization", paramType = "header", dataType = StringProperty.TYPE, defaultValue = "Bearer ACCESS-TOKEN")})
    @ApiOperation(value = "Delete an access token", code = 204, notes = "Delete the access token by its ID ('tid')")
    @DELETE
    public Response deleteToken(@PathParam("token_id") String str) {
        log.debug("delete token by ID: {}", str);
        return deleteTokenById(str);
    }

    private Response deleteTokenById(String str) {
        this.tokenService.revokeTokenById(str);
        return Response.noContent().build();
    }

    @Path("token/revoke")
    @POST
    @ApiResponses({@ApiResponse(code = 400, message = "Token not specified", response = TokenResponseErrorModel.class)})
    @ApiImplicitParams({@ApiImplicitParam(name = "Authorization", paramType = "header", dataType = StringProperty.TYPE, defaultValue = "Bearer ACCESS-TOKEN")})
    @Consumes({"application/x-www-form-urlencoded", "application/json"})
    @ApiOperation(value = "Revoke a token", response = MessageModel.class, notes = "Revoke a token, either by the access token or the refresh token.  \nThe response message can contain two possible codes when the response is `200`:  \n* `OK` - if the token was actually revoked successfully  \n* `NOT_FOUND` - if the token was not found, i.e. probably already revoked")
    @Produces({RestConstants.APPLICATION_JSON_UTF_8})
    public Response revokeToken(TokenRevokeEntityModel tokenRevokeEntityModel) {
        MessageModel messageModel;
        if (tokenRevokeEntityModel == null || StringUtils.isBlank(tokenRevokeEntityModel.getToken())) {
            throw new TokenRequestException(TokenResponseErrorCode.InvalidRequest, "token is required");
        }
        TokenType fromSignature = tokenRevokeEntityModel.getTokenTypeHint() == null ? TokenType.AccessToken : TokenType.fromSignature(tokenRevokeEntityModel.getTokenTypeHint());
        try {
            this.tokenService.revokeToken(tokenRevokeEntityModel.getToken());
            messageModel = new MessageModel(MessageModel.CODE_OK, "Token revoked", null);
        } catch (TokenNotFoundException e) {
            log.warn("Ignoring revoke token request, token not found.");
            log.debug("Ignoring revoke token request, token not found.", (Throwable) e);
            messageModel = new MessageModel(MessageModel.CODE_NOT_FOUND, "Token not found", null);
        }
        return Response.ok(messageModel, RestConstants.APPLICATION_JSON_UTF_8).build();
    }

    private TokenRequestException newGrantTypeNotSupportedException(String str) {
        log.debug("grant_type not supported: {}", str);
        return new TokenRequestException(TokenResponseErrorCode.UnsupportedGrantType, "Unsupported grant_type: " + str);
    }

    @GET
    @Path(AccessAuthz.TOKEN)
    @ApiImplicitParams({@ApiImplicitParam(name = "Authorization", paramType = "header", dataType = StringProperty.TYPE, defaultValue = "Bearer ACCESS-TOKEN")})
    @ApiOperation(value = "Get information on existing tokens", response = TokensResponseModel.class, notes = "Returns the information of all tokens owned by the authenticated service.")
    @Produces({RestConstants.APPLICATION_JSON_UTF_8})
    public Response getTokenInfos() {
        Principal loggedInPrincipal = this.authenticationService.getLoggedInPrincipal();
        if (!(loggedInPrincipal instanceof AccessPrincipal)) {
            throw new UnauthorizedRestException();
        }
        List<Token> tokensByOwner = this.tokenService.getTokensByOwner(((AccessPrincipal) loggedInPrincipal).getFormattedName());
        TokensResponseModel tokensResponseModel = new TokensResponseModel();
        tokensResponseModel.setTokens((List) tokensByOwner.stream().map(TokenInfoModel::new).collect(Collectors.toList()));
        return Response.ok(tokensResponseModel, RestConstants.APPLICATION_JSON_UTF_8).build();
    }
}
