package org.zowe.apiml.gateway.controllers;

import com.netflix.hystrix.contrib.javanica.annotation.HystrixCommand;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import java.io.IOException;
import java.io.StringWriter;
import java.security.PublicKey;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.minidev.json.JSONObject;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.zowe.apiml.gateway.security.service.AuthenticationService;
import org.zowe.apiml.gateway.security.service.JwtSecurity;
import org.zowe.apiml.gateway.security.service.zosmf.ZosmfService;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.security.common.token.AccessTokenProvider;
import org.zowe.apiml.security.common.token.TokenNotValidException;

@RequestMapping({AuthController.CONTROLLER_PATH})
@RestController
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/controllers/AuthController.class */
public class AuthController {
    private final AuthenticationService authenticationService;
    private final JwtSecurity jwtSecurity;
    private final ZosmfService zosmfService;
    private final MessageService messageService;
    private final AccessTokenProvider tokenProvider;
    public static final String CONTROLLER_PATH = "/gateway/auth";
    public static final String INVALIDATE_PATH = "/invalidate/**";
    public static final String DISTRIBUTE_PATH = "/distribute/**";
    public static final String PUBLIC_KEYS_PATH = "/keys/public";
    public static final String ACCESS_TOKEN_REVOKE = "/access-token/revoke";
    public static final String ACCESS_TOKEN_VALIDATE = "/access-token/validate";
    public static final String ALL_PUBLIC_KEYS_PATH = "/keys/public/all";
    public static final String CURRENT_PUBLIC_KEYS_PATH = "/keys/public/current";

    @DeleteMapping(path = {INVALIDATE_PATH})
    @HystrixCommand
    public void invalidateJwtToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        try {
            httpServletResponse.setStatus(this.authenticationService.invalidateJwtToken(requestURI.substring(requestURI.indexOf("/auth/invalidate/") + "/auth/invalidate/".length()), false).booleanValue() ? 200 : 503);
        } catch (TokenNotValidException e) {
            httpServletResponse.setStatus(400);
        }
    }

    @DeleteMapping(path = {ACCESS_TOKEN_REVOKE})
    @HystrixCommand
    @ResponseBody
    public ResponseEntity<String> revokeAccessToken(@RequestBody Map<String, String> map) throws Exception {
        if (this.tokenProvider.isInvalidated(map.get("token"))) {
            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
        }
        this.tokenProvider.invalidateToken(map.get("token"));
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping(path = {ACCESS_TOKEN_VALIDATE})
    @HystrixCommand
    @ResponseBody
    public ResponseEntity<String> validateAccessToken(@RequestBody Map<String, String> map) throws Exception {
        return !this.tokenProvider.isInvalidated(map.get("token")) ? new ResponseEntity<>(HttpStatus.OK) : new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
    }

    @HystrixCommand
    @GetMapping(path = {DISTRIBUTE_PATH})
    public void distributeInvalidate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.setStatus(this.authenticationService.distributeInvalidate(requestURI.substring(requestURI.indexOf("/auth/distribute/") + "/auth/distribute/".length())) ? 200 : 204);
    }

    @HystrixCommand
    @GetMapping(path = {ALL_PUBLIC_KEYS_PATH})
    @ResponseBody
    public JSONObject getAllPublicKeys() {
        LinkedList linkedList = new LinkedList(this.zosmfService.getPublicKeys().getKeys());
        Optional<JWK> jwkPublicKey = this.jwtSecurity.getJwkPublicKey();
        linkedList.getClass();
        jwkPublicKey.ifPresent((v1) -> {
            r1.add(v1);
        });
        return new JWKSet(linkedList).toJSONObject(true);
    }

    @HystrixCommand
    @GetMapping(path = {CURRENT_PUBLIC_KEYS_PATH})
    @ResponseBody
    public JSONObject getCurrentPublicKeys() {
        LinkedList linkedList = new LinkedList(this.zosmfService.getPublicKeys().getKeys());
        if (linkedList.isEmpty()) {
            Optional<JWK> jwkPublicKey = this.jwtSecurity.getJwkPublicKey();
            linkedList.getClass();
            jwkPublicKey.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return new JWKSet(linkedList).toJSONObject(true);
    }

    @HystrixCommand
    @GetMapping(path = {PUBLIC_KEYS_PATH})
    @ResponseBody
    public ResponseEntity<?> getPublicKeyUsedForSigning() {
        JwtSecurity.JwtProducer actualJwtProducer = this.jwtSecurity.actualJwtProducer();
        JWKSet jWKSet = new JWKSet();
        switch (actualJwtProducer) {
            case ZOSMF:
                jWKSet = this.zosmfService.getPublicKeys();
                break;
            case APIML:
                jWKSet = this.jwtSecurity.getPublicKeyInSet();
                break;
            case UNKNOWN:
                return new ResponseEntity<>(this.messageService.createMessage("org.zowe.apiml.gateway.keys.unknownState", new Object[0]).mapToApiMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
        }
        List<JWK> keys = jWKSet.getKeys();
        if (keys.size() != 1) {
            return new ResponseEntity<>(this.messageService.createMessage("org.zowe.apiml.gateway.keys.wrongAmount", Integer.valueOf(keys.size())).mapToApiMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
        }
        try {
            return new ResponseEntity<>(getPublicKeyAsPem(keys.get(0).toRSAKey().toPublicKey()), HttpStatus.OK);
        } catch (JOSEException | IOException e) {
            return new ResponseEntity<>(this.messageService.createMessage("org.zowe.apiml.gateway.unknown", new Object[0]).mapToApiMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private String getPublicKeyAsPem(PublicKey publicKey) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(new PemObject(PEMParser.TYPE_PUBLIC_KEY, publicKey.getEncoded()));
        pemWriter.flush();
        pemWriter.close();
        return stringWriter.toString();
    }

    @Generated
    public AuthController(AuthenticationService authenticationService, JwtSecurity jwtSecurity, ZosmfService zosmfService, MessageService messageService, AccessTokenProvider accessTokenProvider) {
        this.authenticationService = authenticationService;
        this.jwtSecurity = jwtSecurity;
        this.zosmfService = zosmfService;
        this.messageService = messageService;
        this.tokenProvider = accessTokenProvider;
    }
}
