package li.strolch.rest.endpoint;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HEAD;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.NewCookie;
import jakarta.ws.rs.core.Response;
import java.text.MessageFormat;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import li.strolch.exception.StrolchException;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.InvalidCredentialsException;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.IPrivilege;
import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Usage;
import li.strolch.rest.RestfulStrolchComponent;
import li.strolch.rest.StrolchRestfulConstants;
import li.strolch.rest.StrolchSessionHandler;
import li.strolch.rest.filters.AuthenticationRequestFilter;
import li.strolch.rest.helper.ResponseUtil;
import li.strolch.utils.helper.ExceptionHelper;
import li.strolch.utils.iso8601.ISO8601;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("strolch/authentication")
/* loaded from: input_file:li/strolch/rest/endpoint/AuthenticationService.class */
public class AuthenticationService {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationService.class);

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response authenticate(@Context HttpServletRequest httpServletRequest, @Context HttpHeaders httpHeaders, String str) {
        JsonObject asJsonObject = JsonParser.parseString(str).getAsJsonObject();
        try {
            try {
                if (!asJsonObject.has("username") || asJsonObject.get("username").getAsString().length() < 2) {
                    logger.error("Authentication failed: Username was not given or is too short!");
                    JsonObject jsonObject = new JsonObject();
                    jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", "Username was not given or is too short!"));
                    return Response.status(Response.Status.BAD_REQUEST).entity(jsonObject.toString()).build();
                }
                if (!asJsonObject.has("password") || asJsonObject.get("password").getAsString().length() < 3) {
                    logger.error("Authentication failed: Password was not given or is too short!");
                    JsonObject jsonObject2 = new JsonObject();
                    jsonObject2.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", "Password was not given or is too short!"));
                    return Response.status(Response.Status.BAD_REQUEST).entity(jsonObject2.toString()).build();
                }
                String asString = asJsonObject.get("username").getAsString();
                String asString2 = asJsonObject.get("password").getAsString();
                boolean z = asJsonObject.has("keepAlive") && asJsonObject.get("keepAlive").getAsBoolean();
                char[] charArray = new String(Base64.getDecoder().decode(asString2)).toCharArray();
                if (charArray.length >= 3) {
                    StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
                    String remoteIp = AuthenticationRequestFilter.getRemoteIp(httpServletRequest);
                    return getAuthenticationResponse(httpServletRequest, sessionHandler.authenticate(asString, charArray, remoteIp, Usage.ANY, z), remoteIp, true);
                }
                logger.error("Authentication failed: Password was not given or is too short!");
                JsonObject jsonObject3 = new JsonObject();
                jsonObject3.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", "Password was not given or is too short!"));
                return Response.status(Response.Status.BAD_REQUEST).entity(jsonObject3.toString()).build();
            } catch (StrolchException | PrivilegeException e) {
                logger.error(e.getMessage(), e);
                JsonObject jsonObject4 = new JsonObject();
                jsonObject4.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", e.getMessage()));
                return Response.status(Response.Status.FORBIDDEN).entity(jsonObject4.toString()).build();
            }
        } catch (Exception e2) {
            logger.error(e2.getMessage(), e2);
            String message = e2.getMessage();
            JsonObject jsonObject5 = new JsonObject();
            jsonObject5.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("{0}: {1}", e2.getClass().getName(), message));
            return Response.serverError().entity(jsonObject5.toString()).build();
        } catch (InvalidCredentialsException e3) {
            logger.error("Authentication failed due to: " + e3.getMessage());
            JsonObject jsonObject6 = new JsonObject();
            jsonObject6.addProperty(StrolchRestfulConstants.MSG, "Could not log in as the given credentials are invalid");
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject6.toString()).build();
        } catch (AccessDeniedException e4) {
            logger.error("Authentication failed due to: " + e4.getMessage());
            JsonObject jsonObject7 = new JsonObject();
            jsonObject7.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", e4.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject7.toString()).build();
        }
    }

    @POST
    @Produces({"application/json"})
    @Path("sso")
    public Response authenticateSingleSignOn(@Context HttpServletRequest httpServletRequest, @Context HttpHeaders httpHeaders) {
        try {
            StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
            String remoteIp = AuthenticationRequestFilter.getRemoteIp(httpServletRequest);
            return getAuthenticationResponse(httpServletRequest, sessionHandler.authenticateSingleSignOn(httpServletRequest.getUserPrincipal(), remoteIp), remoteIp, true);
        } catch (AccessDeniedException e) {
            logger.error("Authentication failed due to: " + e.getMessage());
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", e.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject.toString()).build();
        } catch (StrolchException | PrivilegeException e2) {
            logger.error(e2.getMessage(), e2);
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not log in due to: {0}", e2.getMessage()));
            return Response.status(Response.Status.FORBIDDEN).entity(jsonObject2.toString()).build();
        } catch (Exception e3) {
            logger.error(e3.getMessage(), e3);
            String message = e3.getMessage();
            JsonObject jsonObject3 = new JsonObject();
            jsonObject3.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("{0}: {1}", e3.getClass().getName(), message));
            return Response.serverError().entity(jsonObject3.toString()).build();
        } catch (InvalidCredentialsException e4) {
            logger.error("Authentication failed due to: " + e4.getMessage());
            JsonObject jsonObject4 = new JsonObject();
            jsonObject4.addProperty(StrolchRestfulConstants.MSG, "Could not log in as the given credentials are invalid");
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject4.toString()).build();
        }
    }

    @Produces({"application/json"})
    @DELETE
    @Path("{authToken}")
    @Consumes({"application/json"})
    public Response invalidateSession(@Context HttpServletRequest httpServletRequest, @PathParam("authToken") String str) {
        JsonObject jsonObject = new JsonObject();
        try {
            StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
            Certificate validate = sessionHandler.validate(str, AuthenticationRequestFilter.getRemoteIp(httpServletRequest));
            sessionHandler.invalidate(validate);
            jsonObject.addProperty("username", validate.getUsername());
            jsonObject.addProperty("authToken", str);
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("{0} has been logged out.", validate.getUsername()));
            return Response.ok().entity(jsonObject.toString()).build();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("{0}: {1}", e.getClass().getName(), e.getMessage()));
            return Response.serverError().entity(jsonObject.toString()).build();
        } catch (StrolchException | PrivilegeException e2) {
            logger.error("Failed to invalidate session due to: " + e2.getMessage());
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Could not logout due to: {0}", e2.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(jsonObject.toString()).build();
        }
    }

    @Produces({"application/json"})
    @HEAD
    @Path("{authToken}")
    @Consumes({"application/json"})
    public Response validateSession(@Context HttpServletRequest httpServletRequest, @PathParam("authToken") String str) {
        try {
            RestfulStrolchComponent.getInstance().getSessionHandler().validate(str, AuthenticationRequestFilter.getRemoteIp(httpServletRequest));
            return Response.ok().build();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            String message = e.getMessage();
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}: {1}", e.getClass().getName(), message));
            return Response.serverError().entity(new Gson().toJson(jsonObject)).build();
        } catch (StrolchException | PrivilegeException e2) {
            logger.error("Session validation failed: " + e2.getMessage());
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}", e2.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson(jsonObject2)).build();
        }
    }

    @Produces({"application/json"})
    @GET
    @Path("{authToken}")
    @Consumes({"application/json"})
    public Response getValidatedSession(@Context HttpServletRequest httpServletRequest, @PathParam("authToken") String str) {
        try {
            StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
            String remoteIp = AuthenticationRequestFilter.getRemoteIp(httpServletRequest);
            return getAuthenticationResponse(httpServletRequest, sessionHandler.validate(str, remoteIp), remoteIp, false);
        } catch (StrolchException | PrivilegeException e) {
            logger.error("Session validation failed: " + e.getMessage());
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}", e.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson(jsonObject)).build();
        } catch (Exception e2) {
            logger.error(e2.getMessage(), e2);
            String message = e2.getMessage();
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}: {1}", e2.getClass().getName(), message));
            return Response.serverError().entity(new Gson().toJson(jsonObject2)).build();
        }
    }

    @Produces({"application/json"})
    @PUT
    @Path("{authToken}")
    @Consumes({"application/json"})
    public Response refreshSession(@Context HttpServletRequest httpServletRequest, @PathParam("authToken") String str) {
        try {
            StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
            String remoteIp = AuthenticationRequestFilter.getRemoteIp(httpServletRequest);
            return getAuthenticationResponse(httpServletRequest, sessionHandler.refreshSession(sessionHandler.validate(str, remoteIp), remoteIp), remoteIp, true);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            String message = e.getMessage();
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}: {1}", e.getClass().getName(), message));
            return Response.serverError().entity(new Gson().toJson(jsonObject)).build();
        } catch (StrolchException | PrivilegeException e2) {
            logger.error("Session validation failed: " + e2.getMessage());
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(StrolchRestfulConstants.MSG, MessageFormat.format("Session invalid: {0}", e2.getMessage()));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson(jsonObject2)).build();
        }
    }

    @POST
    @Produces({"application/json"})
    @Path("challenge")
    public Response initiateChallenge(@Context HttpServletRequest httpServletRequest, String str) {
        try {
            JsonObject asJsonObject = JsonParser.parseString(str).getAsJsonObject();
            String asString = asJsonObject.get("username").getAsString();
            String asString2 = asJsonObject.get("usage").getAsString();
            RestfulStrolchComponent.getInstance().getSessionHandler().initiateChallengeFor(Usage.byValue(asString2), asString, AuthenticationRequestFilter.getRemoteIp(httpServletRequest));
            return ResponseUtil.toResponse();
        } catch (PrivilegeException e) {
            logger.error("Challenge initialization failed: " + e.getMessage());
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(StrolchRestfulConstants.MSG, ExceptionHelper.getExceptionMessage(e));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson(jsonObject)).build();
        }
    }

    @PUT
    @Produces({"application/json"})
    @Path("challenge")
    public Response validateChallenge(@Context HttpServletRequest httpServletRequest, String str) {
        try {
            JsonObject asJsonObject = JsonParser.parseString(str).getAsJsonObject();
            String asString = asJsonObject.get("username").getAsString();
            String asString2 = asJsonObject.get("challenge").getAsString();
            RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
            StrolchSessionHandler sessionHandler = restfulStrolchComponent.getSessionHandler();
            Certificate validateChallenge = sessionHandler.validateChallenge(asString, asString2, AuthenticationRequestFilter.getRemoteIp(httpServletRequest));
            int cookieMaxAge = getCookieMaxAge(validateChallenge, restfulStrolchComponent, sessionHandler.getSessionMaxKeepAliveMinutes());
            LocalDateTime plusSeconds = LocalDateTime.now().plusSeconds(cookieMaxAge);
            JsonObject jsonObject = new JsonObject();
            String authToken = validateChallenge.getAuthToken();
            jsonObject.addProperty("authToken", authToken);
            return setCookiesAndReturnResponse(httpServletRequest, restfulStrolchComponent, cookieMaxAge, plusSeconds, jsonObject, authToken);
        } catch (PrivilegeException e) {
            logger.error("Challenge validation failed: " + e.getMessage());
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(StrolchRestfulConstants.MSG, ExceptionHelper.getExceptionMessage(e));
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Gson().toJson(jsonObject2)).build();
        }
    }

    private Response getAuthenticationResponse(HttpServletRequest httpServletRequest, Certificate certificate, String str, boolean z) {
        RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
        StrolchSessionHandler sessionHandler = restfulStrolchComponent.getSessionHandler();
        int sessionMaxKeepAliveMinutes = sessionHandler.getSessionMaxKeepAliveMinutes();
        int cookieMaxAge = getCookieMaxAge(certificate, restfulStrolchComponent, sessionMaxKeepAliveMinutes);
        LocalDateTime plusSeconds = LocalDateTime.now().plusSeconds(cookieMaxAge);
        JsonObject jsonObject = new JsonObject();
        PrivilegeContext validate = restfulStrolchComponent.getContainer().getPrivilegeHandler().validate(certificate, str);
        jsonObject.addProperty("sessionId", certificate.getSessionId());
        String authToken = certificate.getAuthToken();
        jsonObject.addProperty("authToken", authToken);
        jsonObject.addProperty("username", certificate.getUsername());
        jsonObject.addProperty("firstname", certificate.getFirstname());
        jsonObject.addProperty("lastname", certificate.getLastname());
        jsonObject.addProperty("locale", certificate.getLocale().toLanguageTag());
        jsonObject.addProperty("keepAlive", Boolean.valueOf(certificate.isKeepAlive()));
        jsonObject.addProperty("keepAliveMinutes", Integer.valueOf(sessionMaxKeepAliveMinutes));
        jsonObject.addProperty("cookieMaxAge", Integer.valueOf(cookieMaxAge));
        jsonObject.addProperty("authorizationExpiration", ISO8601.toString(plusSeconds));
        jsonObject.addProperty("refreshAllowed", Boolean.valueOf(sessionHandler.isRefreshAllowed()));
        jsonObject.addProperty("usage", certificate.getUsage().getValue());
        if (!certificate.getPropertyMap().isEmpty()) {
            JsonObject jsonObject2 = new JsonObject();
            jsonObject.add("properties", jsonObject2);
            for (String str2 : certificate.getPropertyMap().keySet()) {
                jsonObject2.addProperty(str2, (String) certificate.getPropertyMap().get(str2));
            }
        }
        if (!certificate.getUserRoles().isEmpty()) {
            JsonArray jsonArray = new JsonArray();
            jsonObject.add("roles", jsonArray);
            Iterator it = certificate.getUserRoles().iterator();
            while (it.hasNext()) {
                jsonArray.add(new JsonPrimitive((String) it.next()));
            }
        }
        if (!validate.getPrivilegeNames().isEmpty()) {
            JsonArray jsonArray2 = new JsonArray();
            jsonObject.add("privileges", jsonArray2);
            for (String str3 : validate.getPrivilegeNames()) {
                IPrivilege privilege = validate.getPrivilege(str3);
                JsonObject jsonObject3 = new JsonObject();
                jsonArray2.add(jsonObject3);
                jsonObject3.addProperty("name", str3);
                jsonObject3.addProperty("allAllowed", Boolean.valueOf(privilege.isAllAllowed()));
                Set allowList = privilege.getAllowList();
                if (!allowList.isEmpty()) {
                    JsonArray jsonArray3 = new JsonArray();
                    jsonObject3.add("allowList", jsonArray3);
                    Iterator it2 = allowList.iterator();
                    while (it2.hasNext()) {
                        jsonArray3.add(new JsonPrimitive((String) it2.next()));
                    }
                }
            }
        }
        return z ? setCookiesAndReturnResponse(httpServletRequest, restfulStrolchComponent, cookieMaxAge, plusSeconds, jsonObject, authToken) : Response.ok().entity(jsonObject.toString()).header("Authorization", authToken).build();
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [java.time.ZonedDateTime] */
    private static Response setCookiesAndReturnResponse(HttpServletRequest httpServletRequest, RestfulStrolchComponent restfulStrolchComponent, int i, LocalDateTime localDateTime, JsonObject jsonObject, String str) {
        boolean isSecureCookie = restfulStrolchComponent.isSecureCookie();
        if (isSecureCookie && !httpServletRequest.getScheme().equals("https")) {
            logger.error("Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!");
        }
        String iso8601 = ISO8601.toString(localDateTime);
        String domain = restfulStrolchComponent.isDomainSet() ? restfulStrolchComponent.getDomain() : httpServletRequest.getServerName();
        String str2 = (restfulStrolchComponent.isPathSet() ? restfulStrolchComponent.getPath() : "/") + ";SameSite=Strict";
        Date from = Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
        return Response.ok().entity(jsonObject.toString()).header("Authorization", str).cookie(new NewCookie[]{getNewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, str, str2, domain, 1, "Strolch Authorization header", i, from, isSecureCookie, false)}).cookie(new NewCookie[]{getNewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION_EXPIRATION_DATE, iso8601, str2, domain, 1, "Strolch Authorization Expiration Date", i, from, isSecureCookie, false)}).build();
    }

    private static int getCookieMaxAge(Certificate certificate, RestfulStrolchComponent restfulStrolchComponent, int i) {
        return certificate.isKeepAlive() ? (int) TimeUnit.MINUTES.toSeconds(i) : restfulStrolchComponent.getCookieMaxAge();
    }

    private static NewCookie getNewCookie(String str, String str2, String str3, String str4, int i, String str5, int i2, Date date, boolean z, boolean z2) {
        return new NewCookie.Builder(str).value(str2).path(str3).domain(str4).version(i).comment(str5).maxAge(i2).expiry(date).secure(z).httpOnly(z2).build();
    }
}
