package org.usergrid.rest.applications;

import com.sun.jersey.api.json.JSONWithPadding;
import com.sun.jersey.api.view.Viewable;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.error.OAuthError;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.commons.lang.NotImplementedException;
import org.apache.log4j.spi.LocationInfo;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.codec.Base64;
import org.jboss.netty.handler.codec.rtsp.RtspHeaders;
import org.python.apache.xerces.impl.xs.SchemaSymbols;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.usergrid.management.exceptions.DisabledAdminUserException;
import org.usergrid.management.exceptions.DisabledAppUserException;
import org.usergrid.management.exceptions.UnactivatedAdminUserException;
import org.usergrid.management.exceptions.UnactivatedAppUserException;
import org.usergrid.mq.QueueManager;
import org.usergrid.persistence.Identifier;
import org.usergrid.persistence.Schema;
import org.usergrid.persistence.entities.Application;
import org.usergrid.persistence.entities.User;
import org.usergrid.rest.AbstractContextResource;
import org.usergrid.rest.applications.assets.AssetsResource;
import org.usergrid.rest.applications.events.EventsResource;
import org.usergrid.rest.applications.queues.QueueResource;
import org.usergrid.rest.applications.users.UsersResource;
import org.usergrid.rest.exceptions.AuthErrorInfo;
import org.usergrid.rest.exceptions.RedirectionException;
import org.usergrid.rest.exceptions.SecurityException;
import org.usergrid.rest.security.annotations.RequireApplicationAccess;
import org.usergrid.security.oauth.AccessInfo;
import org.usergrid.security.oauth.ClientCredentialsInfo;
import org.usergrid.security.shiro.utils.SubjectUtils;
import org.usergrid.services.ServiceParameter;
import org.usergrid.utils.StringUtils;

@Produces({"application/json", "application/javascript", "application/x-javascript", "text/ecmascript", "application/ecmascript", "text/jscript"})
@Scope("prototype")
@Component("org.usergrid.rest.applications.ApplicationResource")
/* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/applications/ApplicationResource.class */
public class ApplicationResource extends ServiceResource {
    public static final Logger logger = LoggerFactory.getLogger(ApplicationResource.class);
    UUID applicationId;
    QueueManager queues;
    String errorMsg = "";
    String applicationName;
    String responseType;
    String clientId;
    String redirectUri;
    String scope;
    String state;
    public static final String APIGEE_MOBILE_APM_CONFIG_JSON_KEY = "apigeeMobileConfig";

    public ApplicationResource init(UUID uuid) throws Exception {
        this.applicationId = uuid;
        this.services = this.smf.getServiceManager(uuid);
        this.queues = this.qmf.getQueueManager(uuid);
        return this;
    }

    public QueueManager getQueues() {
        return this.queues;
    }

    @Override // org.usergrid.rest.applications.ServiceResource
    public UUID getApplicationId() {
        return this.applicationId;
    }

    @Path("auth")
    public AuthResource getAuthResource() throws Exception {
        return (AuthResource) getSubResource(AuthResource.class);
    }

    @Path("queues")
    @RequireApplicationAccess
    public QueueResource getQueueResource() throws Exception {
        return ((QueueResource) getSubResource(QueueResource.class)).init(this.queues, "");
    }

    @Path("events")
    @RequireApplicationAccess
    public EventsResource getEventsResource(@Context UriInfo uriInfo) throws Exception {
        ServiceParameter.addParameter(getServiceParameters(), "events");
        PathSegment firstPathSegment = getFirstPathSegment("events");
        if (firstPathSegment != null) {
            addMatrixParams(getServiceParameters(), uriInfo, firstPathSegment);
        }
        return (EventsResource) getSubResource(EventsResource.class);
    }

    @Path("event")
    @RequireApplicationAccess
    public EventsResource getEventResource(@Context UriInfo uriInfo) throws Exception {
        return getEventsResource(uriInfo);
    }

    @Path(Application.COLLECTION_ASSETS)
    @RequireApplicationAccess
    public AssetsResource getAssetsResource(@Context UriInfo uriInfo) throws Exception {
        logger.debug("in assets n applicationResource");
        ServiceParameter.addParameter(getServiceParameters(), Application.COLLECTION_ASSETS);
        PathSegment firstPathSegment = getFirstPathSegment(Application.COLLECTION_ASSETS);
        if (firstPathSegment != null) {
            addMatrixParams(getServiceParameters(), uriInfo, firstPathSegment);
        }
        return (AssetsResource) getSubResource(AssetsResource.class);
    }

    @Path("asset")
    @RequireApplicationAccess
    public AssetsResource getAssetResource(@Context UriInfo uriInfo) throws Exception {
        logger.debug("in asset in applicationResource");
        return getAssetsResource(uriInfo);
    }

    @Path("users")
    public UsersResource getUsers(@Context UriInfo uriInfo) throws Exception {
        logger.debug("ApplicationResource.getUsers");
        ServiceParameter.addParameter(getServiceParameters(), "users");
        PathSegment firstPathSegment = getFirstPathSegment("users");
        if (firstPathSegment != null) {
            addMatrixParams(getServiceParameters(), uriInfo, firstPathSegment);
        }
        return (UsersResource) getSubResource(UsersResource.class);
    }

    @Path(User.ENTITY_TYPE)
    public UsersResource getUsers2(@Context UriInfo uriInfo) throws Exception {
        return getUsers(uriInfo);
    }

    @GET
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    public Response getAccessToken(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, @QueryParam("grant_type") String str2, @QueryParam("username") String str3, @QueryParam("password") String str4, @QueryParam("pin") String str5, @QueryParam("client_id") String str6, @QueryParam("client_secret") String str7, @QueryParam("code") String str8, @QueryParam("ttl") long j, @QueryParam("redirect_uri") String str9, @QueryParam("callback") @DefaultValue("") String str10) throws Exception {
        logger.debug("ApplicationResource.getAccessToken");
        User user = null;
        if (str != null) {
            try {
                if ("BASIC".equals(StringUtils.stringOrSubstringBeforeFirst(str, ' ').toUpperCase())) {
                    String[] split = Base64.decodeToString(StringUtils.stringOrSubstringAfterFirst(str, ' ')).split(":");
                    if (split.length >= 2) {
                        str6 = split[0];
                        str7 = split[1];
                    }
                }
            } catch (OAuthProblemException e) {
                logger.error("OAuth Error", (Throwable) e);
                OAuthResponse buildJSONMessage = OAuthResponse.errorResponse(400).error(e).buildJSONMessage();
                return Response.status(buildJSONMessage.getResponseStatus()).type(jsonMediaType(str10)).entity(wrapWithCallback(buildJSONMessage.getBody(), str10)).build();
            }
        }
        String str11 = "invalid username or password";
        if (GrantType.PASSWORD.toString().equals(str2)) {
            try {
                user = this.management.verifyAppUserPasswordCredentials(this.services.getApplicationId(), str3, str4);
            } catch (DisabledAppUserException e2) {
                str11 = "user disabled";
            } catch (UnactivatedAppUserException e3) {
                str11 = "user not activated";
            } catch (Exception e4) {
            }
        } else if ("pin".equals(str2)) {
            try {
                user = this.management.verifyAppUserPinCredentials(this.services.getApplicationId(), str3, str5);
            } catch (Exception e5) {
            }
        } else if ("client_credentials".equals(str2)) {
            try {
                AccessInfo authorizeClient = this.management.authorizeClient(str6, str7, j);
                if (authorizeClient != null) {
                    return Response.status(200).type(jsonMediaType(str10)).entity(wrapWithCallback(authorizeClient, str10)).build();
                }
            } catch (Exception e6) {
            }
        } else if ("authorization_code".equals(str2)) {
            AccessInfo accessInfo = new AccessInfo();
            accessInfo.setAccessToken(str8);
            return Response.status(200).type(jsonMediaType(str10)).entity(wrapWithCallback(accessInfo, str10)).build();
        }
        if (user == null) {
            OAuthResponse buildJSONMessage2 = OAuthResponse.errorResponse(400).setError(OAuthError.TokenResponse.INVALID_GRANT).setErrorDescription(str11).buildJSONMessage();
            return Response.status(buildJSONMessage2.getResponseStatus()).type(jsonMediaType(str10)).entity(wrapWithCallback(buildJSONMessage2.getBody(), str10)).build();
        }
        String accessTokenForAppUser = this.management.getAccessTokenForAppUser(this.services.getApplicationId(), user.getUuid(), j);
        return Response.status(200).type(jsonMediaType(str10)).entity(wrapWithCallback(new AccessInfo().withExpiresIn(this.tokens.getMaxTokenAgeInSeconds(accessTokenForAppUser)).withAccessToken(accessTokenForAppUser).withProperty(User.ENTITY_TYPE, user), str10)).build();
    }

    @POST
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    @Consumes({"application/x-www-form-urlencoded"})
    public Response getAccessTokenPost(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, @FormParam("grant_type") String str2, @FormParam("username") String str3, @FormParam("password") String str4, @FormParam("pin") String str5, @FormParam("client_id") String str6, @FormParam("client_secret") String str7, @FormParam("code") String str8, @FormParam("ttl") long j, @FormParam("redirect_uri") String str9, @QueryParam("callback") @DefaultValue("") String str10) throws Exception {
        logger.debug("ApplicationResource.getAccessTokenPost");
        return getAccessToken(uriInfo, str, str2, str3, str4, str5, str6, str7, str8, j, str9, str10);
    }

    @POST
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    @Consumes({"application/json"})
    public Response getAccessTokenPostJson(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, Map<String, Object> map, @QueryParam("callback") @DefaultValue("") String str2) throws Exception {
        String str3 = (String) map.get(OAuth.OAUTH_GRANT_TYPE);
        String str4 = (String) map.get("username");
        String str5 = (String) map.get("password");
        String str6 = (String) map.get(OAuth.OAUTH_CLIENT_ID);
        String str7 = (String) map.get(OAuth.OAUTH_CLIENT_SECRET);
        String str8 = (String) map.get("pin");
        String str9 = (String) map.get(OAuth.OAUTH_CODE);
        String str10 = (String) map.get(OAuth.OAUTH_REDIRECT_URI);
        long j = 0;
        if (map.get(RtspHeaders.Values.TTL) != null) {
            try {
                j = Long.parseLong(map.get(RtspHeaders.Values.TTL).toString());
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("ttl must be a number >= 0");
            }
        }
        return getAccessToken(uriInfo, str, str3, str4, str5, str8, str6, str7, str9, j, str10, str2);
    }

    @GET
    @Path(Schema.DICTIONARY_CREDENTIALS)
    @RequireApplicationAccess
    public JSONWithPadding getKeys(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.debug("AuthResource.keys");
        if (!SubjectUtils.isApplicationAdmin(Identifier.fromUUID(this.applicationId))) {
            throw new UnauthorizedException();
        }
        return new JSONWithPadding(createApiResponse().withCredentials(new ClientCredentialsInfo(this.management.getClientIdForApplication(this.services.getApplicationId()), this.management.getClientSecretForApplication(this.services.getApplicationId()))).withAction("get application keys").withSuccess(), str);
    }

    @Path(Schema.DICTIONARY_CREDENTIALS)
    @RequireApplicationAccess
    @POST
    @Produces({"text/html"})
    public JSONWithPadding generateKeys(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.debug("AuthResource.keys");
        if (!SubjectUtils.isApplicationAdmin(Identifier.fromUUID(this.applicationId))) {
            throw new UnauthorizedException();
        }
        return new JSONWithPadding(createApiResponse().withCredentials(new ClientCredentialsInfo(this.management.getClientIdForApplication(this.services.getApplicationId()), this.management.newClientSecretForApplication(this.services.getApplicationId()))).withAction("generate application keys").withSuccess(), str);
    }

    @GET
    @Path("authorize")
    public Viewable showAuthorizeForm(@Context UriInfo uriInfo, @QueryParam("response_type") String str, @QueryParam("client_id") String str2, @QueryParam("redirect_uri") String str3, @QueryParam("scope") String str4, @QueryParam("state") String str5) {
        try {
            if (ClientCredentialsInfo.getUUIDFromClientId(str2) == null) {
                throw SecurityException.mappableSecurityException(AuthErrorInfo.OAUTH2_INVALID_CLIENT, "Unable to authenticate (OAuth). Invalid client_id");
            }
            this.responseType = str;
            this.clientId = str2;
            this.redirectUri = str3;
            this.scope = str4;
            this.state = str5;
            this.applicationName = this.management.getApplicationInfo(this.applicationId).getName();
            return handleViewable("authorize_form", this);
        } catch (RedirectionException e) {
            throw e;
        } catch (Exception e2) {
            return handleViewable("error", e2);
        }
    }

    @POST
    @Produces({"text/html"})
    @Path("authorize")
    public Viewable handleAuthorizeForm(@Context UriInfo uriInfo, @FormParam("response_type") String str, @FormParam("client_id") String str2, @FormParam("redirect_uri") String str3, @FormParam("scope") String str4, @FormParam("state") String str5, @FormParam("username") String str6, @FormParam("password") String str7) {
        try {
            this.responseType = str;
            this.clientId = str2;
            this.redirectUri = str3;
            this.scope = str4;
            this.state = str5;
            User user = null;
            String str8 = "Username or password do not match";
            try {
                user = this.management.verifyAppUserPasswordCredentials(this.services.getApplicationId(), str6, str7);
            } catch (DisabledAdminUserException e) {
                str8 = "user disabled";
            } catch (UnactivatedAdminUserException e2) {
                str8 = "user not activated";
            } catch (Exception e3) {
            }
            if (user != null && org.apache.commons.lang.StringUtils.isNotBlank(str3)) {
                throw new RedirectionException(buildRedirectUriWithAuthCode(str3, str5, this.management.getAccessTokenForAppUser(this.services.getApplicationId(), user.getUuid(), 0L)));
            }
            this.errorMsg = str8;
            this.applicationName = this.management.getApplicationInfo(this.applicationId).getName();
            return handleViewable("authorize_form", this);
        } catch (RedirectionException e4) {
            throw e4;
        } catch (Exception e5) {
            return handleViewable("error", e5);
        }
    }

    @Override // org.usergrid.rest.applications.ServiceResource
    @DELETE
    @RequireApplicationAccess
    public JSONWithPadding executeDelete(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        logger.debug("ApplicationResource.executeDelete");
        throw new NotImplementedException("Application delete is not allowed yet");
    }

    public String getErrorMsg() {
        return this.errorMsg;
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    public String getResponseType() {
        return this.responseType;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public String getScope() {
        return this.scope;
    }

    public String getState() {
        return this.state;
    }

    @Path("notifiers")
    @RequireApplicationAccess
    public AbstractContextResource getNotifiersResource(@Context UriInfo uriInfo) throws Exception {
        Class<?> cls = Class.forName("org.usergrid.rest.applications.notifiers.NotifiersResource");
        logger.debug("NotifiersResource.getNotifiersResource");
        ServiceParameter.addParameter(getServiceParameters(), "notifiers");
        PathSegment firstPathSegment = getFirstPathSegment("notifiers");
        if (firstPathSegment != null) {
            addMatrixParams(getServiceParameters(), uriInfo, firstPathSegment);
        }
        return getSubResource(cls);
    }

    @Path("notifier")
    @RequireApplicationAccess
    public AbstractContextResource getNotifierResource(@Context UriInfo uriInfo) throws Exception {
        return getNotifiersResource(uriInfo);
    }

    private String buildRedirectUriWithAuthCode(String str, String str2, String str3) throws UnsupportedEncodingException {
        String str4 = (!str.contains(LocationInfo.NA) ? str + LocationInfo.NA : str + BeanFactory.FACTORY_BEAN_PREFIX) + "code=" + str3;
        if (org.apache.commons.lang.StringUtils.isNotBlank(str2)) {
            str4 = str4 + "&state=" + URLEncoder.encode(str2, "UTF-8");
        }
        return str4;
    }

    @GET
    @Path("apm/apigeeMobileConfig")
    public JSONWithPadding getAPMConfig(@Context UriInfo uriInfo, @QueryParam("callback") @DefaultValue("callback") String str) throws Exception {
        String str2 = (String) this.services.getApplication().getProperty(APIGEE_MOBILE_APM_CONFIG_JSON_KEY);
        logger.debug("Get Apigee APM config " + str2);
        return new JSONWithPadding(new GenericEntity<String>(str2) { // from class: org.usergrid.rest.applications.ApplicationResource.1
        }, str);
    }
}
