package org.keycloak.secretstore.boundary;

import com.google.common.net.HttpHeaders;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Base64;
import java.util.UUID;
import javax.annotation.Resource;
import javax.annotation.security.PermitAll;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import net.glxn.qrgen.core.scheme.SchemeUtil;
import org.keycloak.secretstore.api.Token;
import org.keycloak.secretstore.api.TokenService;
import org.keycloak.secretstore.common.UsernamePasswordConverter;
import org.keycloak.secretstore.common.ZonedDateTimeAdapter;
import org.keycloak.secretstore.entity.TokenCreateResponse;
import org.keycloak.secretstore.entity.TokenErrorResponse;
import org.keycloak.secretstore.entity.rest.TokenUpdateRequest;

@Path("tokens")
@PermitAll
@Consumes({"application/json"})
@Produces({"application/json"})
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/keycloak/secretstore/boundary/TokenEndpoint.class */
public class TokenEndpoint {

    @Resource
    SessionContext sessionContext;

    @Context
    HttpServletRequest request;

    @Context
    ServletContext servletContext;

    @Inject
    TokenService tokenService;

    @Context
    UriInfo uriInfo;

    @Inject
    UsernamePasswordConverter usernamePasswordConverter;

    @Inject
    ZonedDateTimeAdapter zonedDateTimeAdapter;

    @GET
    @Path("/")
    public Response listMyTokens() {
        return Response.ok(this.tokenService.getByPrincipalForDistribution(this.sessionContext.getCallerPrincipal().getName())).build();
    }

    @Path("/{tokenId}")
    @DELETE
    public Response revoke(@PathParam("tokenId") String str) {
        String name = this.sessionContext.getCallerPrincipal().getName();
        Token byIdForTrustedConsumers = this.tokenService.getByIdForTrustedConsumers(UUID.fromString(str));
        if (byIdForTrustedConsumers == null || !name.equals(byIdForTrustedConsumers.getPrincipal())) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        this.tokenService.revoke(UUID.fromString(str));
        return Response.noContent().build();
    }

    @GET
    @Path("create")
    public Response createFromRedirect() {
        URI uri;
        Token create = create(this.sessionContext.getCallerPrincipal().getKeycloakSecurityContext().getRefreshToken());
        try {
            String property = System.getProperty("secretstore.redirectTo");
            if (null == property || property.isEmpty()) {
                return Response.ok("Redirect URL was not specified but token was created.").build();
            }
            if (property.toLowerCase().startsWith("http")) {
                uri = new URI(property);
            } else {
                URI absolutePath = this.uriInfo.getAbsolutePath();
                uri = new URI(absolutePath.getScheme(), absolutePath.getUserInfo(), absolutePath.getHost(), absolutePath.getPort(), property.replace("{tokenId}", create.getId().toString()), absolutePath.getQuery(), absolutePath.getFragment());
            }
            return Response.seeOther(uri).build();
        } catch (URISyntaxException e) {
            e.printStackTrace();
            return Response.ok("Could not redirect back to the original URL, but token was created.").build();
        }
    }

    @POST
    @Path("create")
    public Response createFromBasicAuth() throws Exception {
        String[] split = this.request.getHeader(HttpHeaders.AUTHORIZATION).trim().split("\\s+");
        if (split.length != 2) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new TokenErrorResponse("Invalid authorization details.")).build();
        }
        if (!split[0].equalsIgnoreCase("Basic")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new TokenErrorResponse("Only 'Basic' authentication is supported.")).build();
        }
        String[] split2 = new String(Base64.getDecoder().decode(split[1])).split(SchemeUtil.DEFAULT_KEY_VALUE_SEPARATOR);
        String str = split2[0];
        String str2 = split2[1];
        if (str != null && !str.isEmpty()) {
            return Response.ok(new TokenCreateResponse(create(this.usernamePasswordConverter.getOfflineToken(str, str2)))).build();
        }
        return Response.status(Response.Status.BAD_REQUEST).entity(new TokenErrorResponse("Username is not provided.")).build();
    }

    private Token create(String str) {
        Token token = new Token(null, str, this.sessionContext.getCallerPrincipal().getName());
        String property = System.getProperty("secretstore.parametersToPersist");
        if (null != property && !property.isEmpty()) {
            for (String str2 : property.split(",")) {
                String trim = str2.trim();
                String header = this.request.getHeader(trim);
                if (null == header || header.isEmpty()) {
                    header = this.request.getParameter(trim);
                }
                if (null != header && !header.isEmpty()) {
                    token.addAttribute(trim, header);
                }
            }
        }
        return this.tokenService.create(token);
    }

    @Path("{tokenId}")
    @PUT
    public Response update(@PathParam("tokenId") String str, TokenUpdateRequest tokenUpdateRequest) {
        Token byIdForTrustedConsumers = this.tokenService.getByIdForTrustedConsumers(UUID.fromString(str));
        if (!byIdForTrustedConsumers.getPrincipal().equals(this.sessionContext.getCallerPrincipal().getName())) {
            return Response.status(Response.Status.NOT_FOUND).entity(new TokenErrorResponse("Token not found for principal.")).build();
        }
        boolean z = false;
        if (null != tokenUpdateRequest.getAttributes()) {
            byIdForTrustedConsumers.setAttributes(tokenUpdateRequest.getAttributes());
            z = true;
        }
        if (null != tokenUpdateRequest.getExpiresAt() && !tokenUpdateRequest.getExpiresAt().isEmpty()) {
            byIdForTrustedConsumers.setExpiresAt(this.zonedDateTimeAdapter.convertToEntityAttribute(tokenUpdateRequest.getExpiresAt()));
            z = true;
        }
        if (z) {
            byIdForTrustedConsumers = this.tokenService.update(byIdForTrustedConsumers);
        }
        return Response.ok(byIdForTrustedConsumers).build();
    }
}
