package org.aktin.broker.auth.cred;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.aktin.broker.rest.Authenticated;
import org.aktin.broker.rest.RequireAdmin;
import org.aktin.broker.server.auth.HttpBearerAuthentication;

@Path("auth")
/* loaded from: input_file:org/aktin/broker/auth/cred/AuthEndpoint.class */
public class AuthEndpoint {
    private static final Logger log = Logger.getLogger(AuthEndpoint.class.getName());

    @Inject
    private TokenManager tokens;

    @Path("login")
    @Consumes({"application/xml"})
    @POST
    @Produces({"text/plain"})
    public String authenticateUser(Credentials credentials) {
        Token authenticate = this.tokens.authenticate(credentials.username, credentials.password.toCharArray());
        if (authenticate != null) {
            log.log(Level.INFO, "Login successful: {0}", credentials.username);
            return authenticate.getGUID();
        }
        log.log(Level.INFO, "Access denied for {0}", credentials.username);
        throw new ClientErrorException(Response.Status.UNAUTHORIZED);
    }

    private Token resolveTokenFromBearerHeader(String str) throws ClientErrorException {
        String extractBearerToken = HttpBearerAuthentication.extractBearerToken(str);
        if (extractBearerToken == null) {
            throw new ClientErrorException(Response.Status.BAD_REQUEST);
        }
        Token lookupToken = this.tokens.lookupToken(extractBearerToken);
        if (lookupToken == null) {
            throw new ClientErrorException(Response.Status.BAD_REQUEST);
        }
        return lookupToken;
    }

    @GET
    @RequireAdmin
    @Path("status")
    @Produces({"application/xml"})
    @Authenticated
    public Status getStatus(@HeaderParam("Authorization") String str) {
        Token resolveTokenFromBearerHeader = resolveTokenFromBearerHeader(str);
        Status status = new Status();
        status.issued = resolveTokenFromBearerHeader.issuedTimeMillis();
        return status;
    }

    @RequireAdmin
    @Path("logout")
    @Consumes({"text/plain"})
    @POST
    @Produces({"application/json"})
    @Authenticated
    public String logout(@HeaderParam("Authorization") String str) {
        Token resolveTokenFromBearerHeader = resolveTokenFromBearerHeader(str);
        resolveTokenFromBearerHeader.invalidate();
        return "{duration=" + (System.currentTimeMillis() - resolveTokenFromBearerHeader.issuedTimeMillis()) + "}";
    }
}
