package com.greenhat.server.authorization;

import com.greenhat.server.container.server.security.AuthenticationResponse;
import com.greenhat.server.container.server.security.AuthenticationService;
import com.greenhat.server.container.server.security.token.TokenService;
import com.greenhat.server.container.server.security.util.SecurityEnablementService;
import com.greenhat.server.container.shared.Shared;
import com.greenhat.server.container.shared.datamodel.SecurityToken;
import com.greenhat.vie.comms.auth.AuthServiceRefs;
import com.greenhat.vie.comms.auth.AuthSession;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Logger;
import javax.ws.rs.Produces;
import org.apache.commons.codec.binary.Base64;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

@Controller
/* loaded from: input_file:security-config.jar:com/greenhat/server/authorization/AuthorizationServiceController.class */
public class AuthorizationServiceController {
    private final AuthenticationService authService;
    private final String authbaseUrl;
    private final SecurityEnablementService securityEnablementService;
    private final TokenService tokenService;
    private static final Logger logger = Logger.getLogger(AuthorizationServiceController.class.getName());
    private static HashMap<String, String> available_services = new HashMap<>();

    public AuthorizationServiceController(String str, AuthenticationService authenticationService, SecurityEnablementService securityEnablementService, TokenService tokenService) {
        this.authService = authenticationService;
        this.securityEnablementService = securityEnablementService;
        this.authbaseUrl = (str.endsWith("/") ? str : str + "/") + "auth";
        this.tokenService = tokenService;
    }

    @RequestMapping(value = {"/discovery"}, method = {RequestMethod.GET})
    @Produces({"application/json"})
    @ResponseBody
    public AuthServiceRefs discovery() {
        AuthServiceRefs authServiceRefs = new AuthServiceRefs(this.authbaseUrl);
        logger.finest("Discovery ");
        if (this.authService.isUserSecurityEnabled() && this.securityEnablementService.isDomainSecurityEnabled()) {
            for (Map.Entry<String, String> entry : available_services.entrySet()) {
                authServiceRefs.add(entry.getKey(), entry.getValue());
            }
        }
        return authServiceRefs;
    }

    @RequestMapping(value = {AuthServerConstants.SESSION_SIGN_IN_URI}, method = {RequestMethod.POST})
    @Produces({"application/json"})
    @ResponseBody
    public AuthSession sessionSignIn(@RequestHeader String str) throws UnauthorizedException {
        AuthSession authSession = null;
        String[] decodeBasicAuthHeader = decodeBasicAuthHeader(str);
        if (decodeBasicAuthHeader == null || decodeBasicAuthHeader.length != 2) {
            logger.warning("Session sign-in failed. Invaild auth header");
            throw new UnauthorizedException();
        }
        String str2 = decodeBasicAuthHeader[0];
        String str3 = decodeBasicAuthHeader[1];
        logger.finest("Session sign-in for " + str2);
        if (this.authService.isUserSecurityEnabled()) {
            AuthenticationResponse authenticate = this.authService.authenticate(str2, str3);
            if (authenticate.getToken() == null) {
                logger.warning("Session sign-in failed for " + str2);
                throw new UnauthorizedException();
            }
            authSession = new AuthSession(authenticate.getToken().stringValue(), authenticate.getUser().getName());
        }
        return authSession;
    }

    @RequestMapping(value = {AuthServerConstants.SESSION_SIGN_OUT_URI}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.OK)
    public void sessionSignOut(@RequestHeader String str, @RequestBody String str2) throws UnauthorizedException {
        String[] decodeBasicAuthHeader = decodeBasicAuthHeader(str);
        if (decodeBasicAuthHeader == null || decodeBasicAuthHeader.length != 2) {
            logger.warning("Session sign-out failed. Invaild auth header");
            throw new UnauthorizedException();
        }
        String str3 = decodeBasicAuthHeader[0];
        String str4 = formToMap(str2).get("access_token");
        if (str4 == null) {
            logger.warning("Session sign-out called for " + str3 + " but no token was supplied.");
            return;
        }
        logger.finest("Attempting session sign-out for '" + str3 + "' using token " + str4);
        if (this.authService.isUserSecurityEnabled()) {
            SecurityToken securityToken = new SecurityToken(str4);
            AuthenticationResponse isAuthenticated = this.authService.isAuthenticated(securityToken, false);
            if (isAuthenticated == null || isAuthenticated.getToken() == null) {
                logger.warning("Session sign-out failed for " + str3 + ". Unauthorized.");
                throw new UnauthorizedException();
            }
            if (isAuthenticated.getUser().getName().compareTo(str3) == 0) {
                this.authService.unauthenticate(securityToken);
            } else {
                logger.finest("Session sign-out failed for " + str3 + ". Mismatched token.");
            }
        }
    }

    @RequestMapping(value = {AuthServerConstants.TOKEN_URI}, method = {RequestMethod.POST})
    @Produces({"application/json"})
    @ResponseBody
    public AuthSession token(@RequestHeader String str, @RequestBody String str2) throws UnauthorizedException {
        Map<String, String> formToMap = formToMap(str2);
        AuthSession authSession = null;
        String str3 = formToMap.get("access_token");
        String str4 = formToMap.get("token_type");
        String str5 = formToMap.get("grant_type");
        String[] decodeBasicAuthHeader = decodeBasicAuthHeader(str);
        if (decodeBasicAuthHeader == null || decodeBasicAuthHeader.length != 2) {
            logger.warning("Session refresh failed. Invaild auth header");
            throw new UnauthorizedException();
        }
        String str6 = decodeBasicAuthHeader[0];
        String str7 = decodeBasicAuthHeader[1];
        if (str3 == null || "urn:jazz:params:oauth:token-type:session".compareTo(str4) != 0 || "urn:jazz:params:oauth:grant-type:session_continuation".compareTo(str5) != 0) {
            logger.warning("Session refresh failed. Malformed request");
            throw new UnauthorizedException();
        }
        if (this.authService.isUserSecurityEnabled()) {
            logger.finest("Attempting session refresh for '" + str6 + "' using token " + str3);
            SecurityToken securityToken = new SecurityToken(str3);
            AuthenticationResponse isAuthenticated = this.authService.isAuthenticated(securityToken, true);
            if (isAuthenticated.isAuthenticated()) {
                authSession = new AuthSession(isAuthenticated.getToken().stringValue(), isAuthenticated.getUser().getName());
            } else {
                if (isAuthenticated == null || isAuthenticated.getToken() == null) {
                    logger.warning("Session refresh failed for " + str6 + ". Unauthorized.");
                    throw new UnauthorizedException();
                }
                if (isAuthenticated.getUser().getName().compareTo(str6) != 0) {
                    logger.warning("Session refresh failed for " + str6 + ". Mismatched token.");
                    throw new BadTokenException();
                }
                this.authService.unauthenticate(securityToken);
                AuthenticationResponse authenticate = this.authService.authenticate(str6, str7);
                if (authenticate.getToken() == null) {
                    logger.warning("Session refresh failed for " + str6);
                    throw new UnauthorizedException();
                }
                authSession = new AuthSession(authenticate.getToken().stringValue(), authenticate.getUser().getName());
            }
        }
        return authSession;
    }

    @RequestMapping(value = {AuthServerConstants.INTROSPECTION_URI}, method = {RequestMethod.GET})
    @Produces({"application/json"})
    @ResponseBody
    public AuthSession introspect(@RequestParam(required = true) String str) throws UnauthorizedException {
        AuthSession authSession;
        if (str == null) {
            logger.warning("Token introspection failed. Malformed request");
            throw new UnauthorizedException();
        }
        if (this.authService.isUserSecurityEnabled()) {
            logger.finest("Attempting introspection of token " + str);
            AuthenticationResponse isAuthenticated = this.authService.isAuthenticated(new SecurityToken(str), false);
            authSession = (isAuthenticated == null || !isAuthenticated.isAuthenticated()) ? new AuthSession(str, Shared.EMPTY_STRING) : new AuthSession(isAuthenticated.getToken().stringValue(), isAuthenticated.getUser().getName());
        } else {
            authSession = new AuthSession(str, Shared.EMPTY_STRING);
        }
        return authSession;
    }

    @RequestMapping(value = {AuthServerConstants.PERSISTENT_TOKEN_URI}, method = {RequestMethod.GET})
    @Produces({"text/plain"})
    @ResponseBody
    public String persistentToken(@RequestHeader String str) throws UnauthorizedException {
        String str2 = null;
        String[] decodeBasicAuthHeader = decodeBasicAuthHeader(str);
        if (decodeBasicAuthHeader == null || decodeBasicAuthHeader.length != 2) {
            logger.warning("Persistent token sign-in failed. Invalid auth header");
            throw new UnauthorizedException();
        }
        String str3 = decodeBasicAuthHeader[0];
        String str4 = decodeBasicAuthHeader[1];
        logger.finest("Persistent token sign-in for " + str3);
        if (this.authService.isUserSecurityEnabled()) {
            if (this.authService.authenticate(str3, str4).getToken() == null) {
                logger.warning("Sign-in failed for " + str3);
                throw new UnauthorizedException();
            }
            str2 = this.tokenService.generatePersistentToken(str3, TokenService.FOREVER, Shared.EMPTY_STRING).token.token;
        }
        return str2;
    }

    private String[] decodeBasicAuthHeader(String str) {
        String[] strArr = null;
        try {
            strArr = new String(Base64.decodeBase64(str.substring(6).getBytes())).split(":");
        } catch (Exception e) {
            logger.warning("decodeAuthHeader failed. header=" + str + ". e=" + e);
        }
        return strArr;
    }

    private Map<String, String> formToMap(String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            for (String str2 : str.split("&")) {
                String[] split = str2.split("=");
                String decode = URLDecoder.decode(split[0], "UTF-8");
                String decode2 = URLDecoder.decode(split[1], "UTF-8");
                if (decode.length() > 0) {
                    linkedHashMap.put(decode, decode2);
                }
            }
        } catch (Exception e) {
            logger.warning("formToMap failed. formText=" + str);
        }
        return linkedHashMap;
    }

    static {
        available_services.put("http://jazz.net/auth/jsa/session-signin", AuthServerConstants.SESSION_SIGN_IN_URI);
        available_services.put("http://jazz.net/auth/jsa/token", AuthServerConstants.TOKEN_URI);
        available_services.put("http://jazz.net/auth/jsa/introspection", AuthServerConstants.INTROSPECTION_URI);
        available_services.put("http://jazz.net/auth/jsa/deauthorize", AuthServerConstants.SESSION_SIGN_OUT_URI);
    }
}
