package org.jboss.resteasy.keystone.server;

import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import org.infinispan.Cache;
import org.jboss.resteasy.keystone.model.Access;
import org.jboss.resteasy.keystone.model.Authentication;
import org.jboss.resteasy.keystone.model.Project;
import org.jboss.resteasy.keystone.model.Role;
import org.jboss.resteasy.keystone.model.Roles;
import org.jboss.resteasy.keystone.model.StoredUser;
import org.jboss.resteasy.keystone.model.UrlToken;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.security.smime.SignedOutput;
import org.jboss.resteasy.util.Base64;

@Path("/tokens")
/* loaded from: input_file:org/jboss/resteasy/keystone/server/TokenService.class */
public class TokenService {
    private Cache cache;
    private long expiration;
    private TimeUnit expirationUnit;
    private PrivateKey privateKey;
    private X509Certificate certificate;
    private ProjectsService projects;
    private UsersService users;
    private static Logger log = Logger.getLogger(TokenService.class);

    public TokenService(Cache cache, long j, TimeUnit timeUnit, ProjectsService projectsService, UsersService usersService) {
        this.cache = cache;
        this.expiration = j;
        this.expirationUnit = timeUnit;
        this.projects = projectsService;
        this.users = usersService;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    @Path("signed")
    @Consumes({"application/json"})
    @Produces({"text/plain"})
    @POST
    public SignedOutput createSigned(Authentication authentication) throws Exception {
        if (this.privateKey == null || this.certificate == null) {
            log.warn("privateKey or certificate not set for this operation");
            throw new WebApplicationException(500);
        }
        SignedOutput signedOutput = new SignedOutput(create(authentication), "application/json");
        signedOutput.setPrivateKey(this.privateKey);
        signedOutput.setCertificate(this.certificate);
        return signedOutput;
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Access create(Authentication authentication) throws Exception {
        Project project;
        String projectId = authentication.getProjectId();
        if (projectId != null) {
            project = this.projects.getProject(projectId);
            if (project == null) {
                throw new WebApplicationException(401);
            }
        } else {
            if (authentication.getProjectName() == null) {
                throw new WebApplicationException(401);
            }
            List<Project> list = this.projects.getProjects(authentication.getProjectName()).getList();
            if (list.size() != 1) {
                throw new WebApplicationException(401);
            }
            project = list.get(0);
            projectId = project.getId();
        }
        String user_id = authentication.getPasswordCredentials().getUser_id();
        if (user_id == null) {
            String username = authentication.getPasswordCredentials().getUsername();
            if (username == null) {
                throw new WebApplicationException(401);
            }
            user_id = this.projects.getUserIdByName(projectId, username);
        }
        if (user_id == null) {
            throw new WebApplicationException(401);
        }
        StoredUser storedUser = this.users.getStoredUser(user_id);
        if (storedUser == null) {
            throw new WebApplicationException(401);
        }
        if (!Base64.encodeBytes(MessageDigest.getInstance("MD5").digest(authentication.getPasswordCredentials().getPassword().getBytes("UTF-8"))).equals(storedUser.getCredentials().get("password-hash"))) {
            throw new WebApplicationException(401);
        }
        Roles userRoles = this.projects.getUserRoles(projectId, user_id);
        if (userRoles == null || userRoles.getRoles().size() < 1) {
            throw new WebApplicationException(403);
        }
        String uuid = UUID.randomUUID().toString();
        long millis = this.expirationUnit.toMillis(this.expiration);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date(System.currentTimeMillis() + millis));
        Access access = new Access(new Access.Token(uuid, calendar, project), null, new Access.User(storedUser.getId(), storedUser.getName(), storedUser.getUsername(), userRoles.getRoles()), null);
        this.cache.put("/tokens/" + uuid, access, this.expiration, this.expirationUnit);
        return access;
    }

    @Path("url")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public UrlToken createTiny(Authentication authentication) throws Exception {
        String projectId = authentication.getProjectId();
        if (projectId == null) {
            if (authentication.getProjectName() == null) {
                throw new WebApplicationException(401);
            }
            List<Project> list = this.projects.getProjects(authentication.getProjectName()).getList();
            if (list.size() != 1) {
                throw new WebApplicationException(401);
            }
            projectId = list.get(0).getId();
        } else if (this.projects.getProject(projectId) == null) {
            throw new WebApplicationException(401);
        }
        String user_id = authentication.getPasswordCredentials().getUser_id();
        if (user_id == null) {
            String username = authentication.getPasswordCredentials().getUsername();
            if (username == null) {
                throw new WebApplicationException(401);
            }
            user_id = this.projects.getUserIdByName(projectId, username);
        }
        if (user_id == null) {
            throw new WebApplicationException(401);
        }
        StoredUser storedUser = this.users.getStoredUser(user_id);
        if (storedUser == null) {
            throw new WebApplicationException(401);
        }
        if (!Base64.encodeBytes(MessageDigest.getInstance("MD5").digest(authentication.getPasswordCredentials().getPassword().getBytes("UTF-8"))).equals(storedUser.getCredentials().get("password-hash"))) {
            throw new WebApplicationException(401);
        }
        Roles userRoles = this.projects.getUserRoles(projectId, user_id);
        if (userRoles == null || userRoles.getRoles().size() < 1) {
            throw new WebApplicationException(403);
        }
        UUID.randomUUID().toString();
        long millis = this.expirationUnit.toMillis(this.expiration);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date(System.currentTimeMillis() + millis));
        UrlToken urlToken = new UrlToken();
        urlToken.setUserId(storedUser.getId());
        urlToken.setExpires(calendar);
        urlToken.setProjectId(projectId);
        Iterator<Role> it = userRoles.iterator();
        while (it.hasNext()) {
            urlToken.getRoles().add(it.next().getName());
        }
        return urlToken;
    }

    @GET
    @Path("{token}")
    @Produces({"application/json"})
    @RolesAllowed({"token-verifier", "admin"})
    public Access get(@PathParam("token") String str) throws NotFoundException {
        Access access = (Access) this.cache.get("/tokens/" + str);
        if (access == null) {
            throw new NotFoundException();
        }
        if (access.getToken().getExpires().getTimeInMillis() >= System.currentTimeMillis()) {
            return access;
        }
        this.cache.remove("/tokens/" + str);
        throw new NotFoundException();
    }
}
