package org.gcube.portal.oauth;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.xml.bind.DatatypeConverter;
import net.spy.memcached.MemcachedClient;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.library.ClientType;
import org.gcube.portal.oauth.cache.MemCachedBean;
import org.gcube.portal.oauth.output.AccessTokenBeanResponse;
import org.gcube.portal.oauth.output.AccessTokenErrorResponse;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Path("/v2")
/* loaded from: input_file:WEB-INF/classes/org/gcube/portal/oauth/OauthService.class */
public class OauthService {
    public static final String OAUTH_TOKEN_GET_METHOD_NAME_REQUEST = "access-token";
    private static final String GRANT_TYPE_VALUE = "authorization_code";
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final Logger logger = LoggerFactory.getLogger(OauthService.class);
    private MemcachedClient entries;

    public OauthService() {
        logger.info("Singleton gcube-oauth service built.");
        this.entries = DistributedCacheClient.getInstance().getMemcachedClient();
    }

    protected void finalize() {
        this.entries.shutdown();
    }

    private boolean checkIsapplicationTokenType(ClientType clientType) {
        return clientType.equals(ClientType.EXTERNALSERVICE);
    }

    @GET
    @Produces({MediaType.TEXT_PLAIN})
    @Path("check")
    public Response checkService() {
        return Response.status(Response.Status.OK).entity("Ready!").build();
    }

    @Path(OAUTH_TOKEN_GET_METHOD_NAME_REQUEST)
    @Consumes({MediaType.APPLICATION_FORM_URLENCODED})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response tokenRequest(@FormParam("client_id") String str, @FormParam("client_secret") String str2, @FormParam("redirect_uri") String str3, @FormParam("code") String str4, @FormParam("grant_type") String str5, @Context HttpServletRequest httpServletRequest) {
        Response.Status status = Response.Status.BAD_REQUEST;
        logger.info("Request to exchange code for token");
        try {
            CredentialsBean credentialsBean = new CredentialsBean(str, str2);
            if (str == null) {
                credentialsBean = getCredentialFromBasicAuthorization(httpServletRequest);
            } else if (httpServletRequest.getHeader("Authorization") != null) {
                throw new Exception("the client MUST NOT use more than one authentication method");
            }
            logger.info("Params are client_id = " + credentialsBean.getClientId() + ", client_secret = " + credentialsBean.getClientSecret() + "*******************, redirect_uri = " + str3 + ", code = " + str4 + "*******************, grant_type = " + str5);
            MemCachedBean checkRequest = checkRequest(credentialsBean, str3, str4, str5, httpServletRequest);
            if (!checkRequest.isSuccess()) {
                String errorMessage = checkRequest.getErrorMessage();
                logger.error("The request fails because of " + errorMessage);
                return Response.status(status).entity(new AccessTokenErrorResponse(errorMessage, null)).build();
            }
            logger.info("The request is ok");
            return Response.status(Response.Status.OK).entity(new AccessTokenBeanResponse(checkRequest.getToken(), checkRequest.getScope())).build();
        } catch (Exception e) {
            logger.error("Failed to perform this operation", e);
            return Response.status(Response.Status.BAD_REQUEST).entity(new AccessTokenErrorResponse("invalid_request", null)).build();
        }
    }

    private CredentialsBean getCredentialFromBasicAuthorization(HttpServletRequest httpServletRequest) {
        String[] split = new String(DatatypeConverter.parseBase64Binary(httpServletRequest.getHeader("Authorization").substring("Basic".length()).trim())).split(":");
        String str = null;
        String str2 = null;
        try {
            str = URLDecoder.decode(split[0], StandardCharsets.UTF_8.toString());
            str2 = URLDecoder.decode(split[1], StandardCharsets.UTF_8.toString());
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return new CredentialsBean(str, str2);
    }

    private MemCachedBean checkRequest(CredentialsBean credentialsBean, String str, String str2, String str3, HttpServletRequest httpServletRequest) {
        try {
            if (credentialsBean.getClientId() == null || credentialsBean.getClientSecret() == null || str == null || str2 == null || str3 == null) {
                return new MemCachedBean("invalid_request");
            }
            if (credentialsBean.getClientId().isEmpty() || credentialsBean.getClientSecret().isEmpty() || str.isEmpty() || str2.isEmpty() || str3.isEmpty()) {
                return new MemCachedBean("invalid_request");
            }
            if (!checkIsapplicationTokenType(Constants.authorizationService().get(credentialsBean.getClientSecret()).getClientInfo().getType())) {
                return new MemCachedBean("invalid_client");
            }
            if (this.entries.get(str2) == null) {
                return new MemCachedBean("invalid_grant");
            }
            logger.debug("Got tempCode and looking into memcached for correspondance, " + str2);
            JSONObject jSONObject = (JSONObject) new JSONParser().parse((String) this.entries.get(str2));
            String str4 = (String) jSONObject.get("redirect_uri");
            String str5 = (String) jSONObject.get("client_id");
            logger.debug("Found tempCode into memcached, cachedClientId=" + str5);
            if (!str4.equals(str) || !str5.equals(credentialsBean.getClientId())) {
                return new MemCachedBean("invalid_grant");
            }
            if (!str3.equals(GRANT_TYPE_VALUE)) {
                return new MemCachedBean("unsupported_grant_type");
            }
            String str6 = (String) jSONObject.get("token");
            String str7 = (String) jSONObject.get("context");
            logger.debug("Returning cachedToken=" + str6 + " and cachedContext=" + str7);
            return new MemCachedBean(str6, str7);
        } catch (Exception e) {
            logger.error("Failed to check the correctness of the request", e);
            return new MemCachedBean("invalid_request");
        }
    }
}
