package org.usergrid.rest.management;

import com.sun.jersey.api.view.Viewable;
import java.net.URLEncoder;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.error.OAuthError;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.spi.LocationInfo;
import org.apache.shiro.codec.Base64;
import org.jboss.netty.handler.codec.rtsp.RtspHeaders;
import org.python.apache.xerces.impl.xs.SchemaSymbols;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.usergrid.management.UserInfo;
import org.usergrid.management.exceptions.DisabledAdminUserException;
import org.usergrid.management.exceptions.UnactivatedAdminUserException;
import org.usergrid.persistence.entities.User;
import org.usergrid.rest.AbstractContextResource;
import org.usergrid.rest.exceptions.RedirectionException;
import org.usergrid.rest.management.organizations.OrganizationsResource;
import org.usergrid.rest.management.users.UsersResource;
import org.usergrid.security.oauth.AccessInfo;
import org.usergrid.security.shiro.utils.SubjectUtils;
import org.usergrid.utils.JsonUtils;

@Path("/management")
@Produces({"application/json", "application/javascript", "application/x-javascript", "text/ecmascript", "application/ecmascript", "text/jscript"})
@Scope("singleton")
@Component
/* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/management/ManagementResource.class */
public class ManagementResource extends AbstractContextResource {
    private static final Logger logger = LoggerFactory.getLogger(ManagementResource.class);
    String errorMsg = "";
    String responseType;
    String clientId;
    String redirectUri;
    String scope;
    String state;

    public ManagementResource() {
        logger.info("ManagementResource initialized");
    }

    private static String wrapWithCallback(AccessInfo accessInfo, String str) {
        return wrapWithCallback(JsonUtils.mapToJsonString(accessInfo), str);
    }

    private static String wrapWithCallback(String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            str = str2 + "(" + str + ")";
        }
        return str;
    }

    private static MediaType jsonMediaType(String str) {
        return StringUtils.isNotBlank(str) ? new MediaType("application", "javascript") : MediaType.APPLICATION_JSON_TYPE;
    }

    @Path("organizations")
    public OrganizationsResource getOrganizations() {
        return (OrganizationsResource) getSubResource(OrganizationsResource.class);
    }

    @Path("orgs")
    public OrganizationsResource getOrganizations2() {
        return (OrganizationsResource) getSubResource(OrganizationsResource.class);
    }

    @Path("users")
    public UsersResource getUsers() {
        return (UsersResource) getSubResource(UsersResource.class);
    }

    @GET
    @Path("me")
    public Response getAccessTokenLight(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, @QueryParam("grant_type") String str2, @QueryParam("username") String str3, @QueryParam("password") String str4, @QueryParam("client_id") String str5, @QueryParam("client_secret") String str6, @QueryParam("ttl") long j, @QueryParam("access_token") String str7, @QueryParam("callback") @DefaultValue("") String str8) throws Exception {
        return getAccessTokenInternal(uriInfo, str, str2, str3, str4, str5, str6, j, str8, false);
    }

    @GET
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    public Response getAccessToken(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, @QueryParam("grant_type") String str2, @QueryParam("username") String str3, @QueryParam("password") String str4, @QueryParam("client_id") String str5, @QueryParam("client_secret") String str6, @QueryParam("ttl") long j, @QueryParam("callback") @DefaultValue("") String str7) throws Exception {
        return getAccessTokenInternal(uriInfo, str, str2, str3, str4, str5, str6, j, str7, true);
    }

    private Response getAccessTokenInternal(UriInfo uriInfo, String str, String str2, String str3, String str4, String str5, String str6, long j, String str7, boolean z) throws Exception {
        String str8;
        UserInfo userInfo = null;
        try {
            if (SubjectUtils.getUser() != null) {
                userInfo = SubjectUtils.getUser();
            }
            logger.info("ManagementResource.getAccessToken with username: {}", str3);
            str8 = "invalid username or password";
        } catch (OAuthProblemException e) {
            logger.error("OAuth Error", (Throwable) e);
            OAuthResponse buildJSONMessage = OAuthResponse.errorResponse(400).error(e).buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).type(jsonMediaType(str7)).entity(wrapWithCallback(buildJSONMessage.getBody(), str7)).build();
        }
        if (userInfo == null) {
            if (str != null && "BASIC".equals(org.usergrid.utils.StringUtils.stringOrSubstringBeforeFirst(str, ' ').toUpperCase())) {
                String[] split = Base64.decodeToString(org.usergrid.utils.StringUtils.stringOrSubstringAfterFirst(str, ' ')).split(":");
                if (split.length >= 2) {
                    str5 = split[0].toLowerCase();
                    str6 = split[1];
                }
            }
            if (GrantType.PASSWORD.toString().equals(str2)) {
                try {
                    userInfo = this.management.verifyAdminUserPasswordCredentials(str3, str4);
                    if (userInfo != null) {
                        logger.info("found user from verify: {}", userInfo.getUuid());
                    }
                } catch (DisabledAdminUserException e2) {
                    str8 = "user disabled";
                    logger.error("failed token check", (Throwable) e2);
                } catch (UnactivatedAdminUserException e3) {
                    str8 = "user not activated";
                    logger.error("failed token check", (Throwable) e3);
                } catch (Exception e4) {
                    logger.error("failed token check", (Throwable) e4);
                }
            } else if ("client_credentials".equals(str2)) {
                try {
                    AccessInfo authorizeClient = this.management.authorizeClient(str5, str6, j);
                    if (authorizeClient != null) {
                        return Response.status(200).type(jsonMediaType(str7)).entity(wrapWithCallback(authorizeClient, str7)).build();
                    }
                } catch (Exception e5) {
                    logger.error("failed authorizeClient", (Throwable) e5);
                }
            }
            logger.error("OAuth Error", (Throwable) e);
            OAuthResponse buildJSONMessage2 = OAuthResponse.errorResponse(400).error(e).buildJSONMessage();
            return Response.status(buildJSONMessage2.getResponseStatus()).type(jsonMediaType(str7)).entity(wrapWithCallback(buildJSONMessage2.getBody(), str7)).build();
        }
        if (userInfo == null) {
            OAuthResponse buildJSONMessage3 = OAuthResponse.errorResponse(400).setError(OAuthError.TokenResponse.INVALID_GRANT).setErrorDescription(str8).buildJSONMessage();
            return Response.status(buildJSONMessage3.getResponseStatus()).type(jsonMediaType(str7)).entity(wrapWithCallback(buildJSONMessage3.getBody(), str7)).build();
        }
        String accessTokenForAdminUser = this.management.getAccessTokenForAdminUser(userInfo.getUuid(), j);
        Long lastAdminPasswordChange = this.management.getLastAdminPasswordChange(userInfo.getUuid());
        AccessInfo withPasswordChanged = z ? new AccessInfo().withExpiresIn(this.tokens.getMaxTokenAgeInSeconds(accessTokenForAdminUser)).withAccessToken(accessTokenForAdminUser).withProperty(User.ENTITY_TYPE, this.management.getAdminUserOrganizationData(userInfo.getUuid())).withPasswordChanged(lastAdminPasswordChange) : new AccessInfo().withExpiresIn(this.tokens.getMaxTokenAgeInSeconds(accessTokenForAdminUser)).withAccessToken(accessTokenForAdminUser).withPasswordChanged(lastAdminPasswordChange);
        this.management.countAdminUserAction(userInfo, "login");
        return Response.status(200).type(jsonMediaType(str7)).entity(wrapWithCallback(withPasswordChanged, str7)).build();
    }

    @POST
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    @Consumes({"application/x-www-form-urlencoded"})
    public Response getAccessTokenPost(@Context UriInfo uriInfo, @FormParam("grant_type") String str, @HeaderParam("Authorization") String str2, @FormParam("username") String str3, @FormParam("password") String str4, @FormParam("client_id") String str5, @FormParam("ttl") long j, @FormParam("client_secret") String str6, @QueryParam("callback") @DefaultValue("") String str7) throws Exception {
        logger.info("ManagementResource.getAccessTokenPost");
        return getAccessTokenInternal(uriInfo, str2, str, str3, str4, str5, str6, j, str7, true);
    }

    @POST
    @Path("me")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response getAccessTokenLightPost(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, @QueryParam("grant_type") String str2, @QueryParam("username") String str3, @QueryParam("password") String str4, @QueryParam("client_id") String str5, @QueryParam("client_secret") String str6, @QueryParam("ttl") long j, @QueryParam("access_token") String str7, @QueryParam("callback") @DefaultValue("") String str8) throws Exception {
        return getAccessTokenInternal(uriInfo, str, str2, str3, str4, str5, str6, j, str8, false);
    }

    @POST
    @Path(SchemaSymbols.ATTVAL_TOKEN)
    @Consumes({"application/json"})
    public Response getAccessTokenPostJson(@Context UriInfo uriInfo, @HeaderParam("Authorization") String str, Map<String, Object> map, @QueryParam("callback") @DefaultValue("") String str2) throws Exception {
        String str3 = (String) map.get(OAuth.OAUTH_GRANT_TYPE);
        String str4 = (String) map.get("username");
        String str5 = (String) map.get("password");
        String str6 = (String) map.get(OAuth.OAUTH_CLIENT_ID);
        String str7 = (String) map.get(OAuth.OAUTH_CLIENT_SECRET);
        long j = 0;
        if (map.get(RtspHeaders.Values.TTL) != null) {
            try {
                j = Long.parseLong(map.get(RtspHeaders.Values.TTL).toString());
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("ttl must be a number >= 0");
            }
        }
        return getAccessTokenInternal(uriInfo, str, str3, str4, str5, str6, str7, j, str2, true);
    }

    @POST
    @Path("me")
    @Consumes({"application/json"})
    public Response getAccessTokenMePostJson(@Context UriInfo uriInfo, Map<String, Object> map, @QueryParam("callback") @DefaultValue("") String str, @HeaderParam("Authorization") String str2) throws Exception {
        String str3 = (String) map.get(OAuth.OAUTH_GRANT_TYPE);
        String str4 = (String) map.get("username");
        String str5 = (String) map.get("password");
        String str6 = (String) map.get(OAuth.OAUTH_CLIENT_ID);
        String str7 = (String) map.get(OAuth.OAUTH_CLIENT_SECRET);
        long j = 0;
        if (map.get(RtspHeaders.Values.TTL) != null) {
            try {
                j = Long.parseLong(map.get(RtspHeaders.Values.TTL).toString());
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("ttl must be a number >= 0");
            }
        }
        return getAccessTokenInternal(uriInfo, str2, str3, str4, str5, str6, str7, j, str, false);
    }

    @GET
    @Produces({"text/html"})
    @Path("authorize")
    public Viewable showAuthorizeForm(@Context UriInfo uriInfo, @QueryParam("response_type") String str, @QueryParam("client_id") String str2, @QueryParam("redirect_uri") String str3, @QueryParam("scope") String str4, @QueryParam("state") String str5) {
        this.responseType = str;
        this.clientId = str2;
        this.redirectUri = str3;
        this.scope = str4;
        this.state = str5;
        return handleViewable("authorize_form", this);
    }

    @POST
    @Produces({"text/html"})
    @Path("authorize")
    public Viewable handleAuthorizeForm(@Context UriInfo uriInfo, @FormParam("response_type") String str, @FormParam("client_id") String str2, @FormParam("redirect_uri") String str3, @FormParam("scope") String str4, @FormParam("state") String str5, @FormParam("username") String str6, @FormParam("password") String str7) {
        try {
            this.responseType = str;
            this.clientId = str2;
            this.redirectUri = str3;
            this.scope = str4;
            this.state = str5;
            UserInfo userInfo = null;
            try {
                userInfo = this.management.verifyAdminUserPasswordCredentials(str6, str7);
            } catch (Exception e) {
            }
            if (userInfo == null || !StringUtils.isNotBlank(str3)) {
                this.errorMsg = "Username or password do not match";
                return handleViewable("authorize_form", this);
            }
            String str8 = (!str3.contains(LocationInfo.NA) ? str3 + LocationInfo.NA : str3 + BeanFactory.FACTORY_BEAN_PREFIX) + "code=" + this.management.getAccessTokenForAdminUser(userInfo.getUuid(), 0L);
            if (StringUtils.isNotBlank(str5)) {
                String str9 = str8 + "&state=" + URLEncoder.encode(str5, "UTF-8");
            }
            throw new RedirectionException(str5);
        } catch (RedirectionException e2) {
            throw e2;
        } catch (Exception e3) {
            return handleViewable("error", e3);
        }
    }

    public String getErrorMsg() {
        return this.errorMsg;
    }

    public String getResponseType() {
        return this.responseType;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public String getScope() {
        return this.scope;
    }

    public String getState() {
        return this.state;
    }
}
