package com.e2eq.framework.rest.resources;

import com.e2eq.framework.model.persistent.morphia.ApplicationRegistrationRequestRepo;
import com.e2eq.framework.model.persistent.morphia.CredentialRepo;
import com.e2eq.framework.model.persistent.morphia.UserProfileRepo;
import com.e2eq.framework.model.persistent.security.ApplicationRegistration;
import com.e2eq.framework.model.persistent.security.UserProfile;
import com.e2eq.framework.model.security.auth.AuthProvider;
import com.e2eq.framework.model.security.auth.AuthProviderFactory;
import com.e2eq.framework.model.securityrules.SecurityCheckException;
import com.e2eq.framework.rest.models.AuthRequest;
import com.e2eq.framework.rest.models.AuthResponse;
import com.e2eq.framework.rest.models.RegistrationRequest;
import com.e2eq.framework.rest.models.RestError;
import com.e2eq.framework.rest.models.Role;
import com.e2eq.framework.rest.responses.RestSecurityError;
import com.e2eq.framework.util.TokenUtils;
import com.e2eq.framework.util.ValidateUtils;
import io.quarkus.logging.Log;
import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.jwt.auth.principal.JWTParser;
import jakarta.annotation.security.PermitAll;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.validation.Validator;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.StringWriter;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.StringTokenizer;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.openapi.annotations.OpenAPIDefinition;
import org.eclipse.microprofile.openapi.annotations.info.Info;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;

@OpenAPIDefinition(tags = {@Tag(name = "area", description = "Security")}, info = @Info(title = "Core Auth Security API", version = "0.0.1"))
@Tag(name = "security", description = "Operations related to security")
@RequestScoped
@Path("/security")
/* loaded from: input_file:com/e2eq/framework/rest/resources/SecurityResource.class */
public class SecurityResource {

    @Inject
    SecurityIdentity securityIdentity;

    @Inject
    AuthProviderFactory authProviderFactory;

    @Inject
    ApplicationRegistrationRequestRepo registrationRepo;

    @Inject
    CredentialRepo credentialRepo;

    @Inject
    UserProfileRepo userProfileRepo;

    @Inject
    JsonWebToken jwt;

    @Inject
    Validator validator;

    @Inject
    JWTParser parser;

    @ConfigProperty(name = "mp.jwt.verify.issuer")
    protected String issuer;

    @ConfigProperty(name = "com.b2bi.jwt.duration")
    protected long tokenDuration;

    @Produces({"application/json"})
    @POST
    @PermitAll
    @Path("register")
    @Consumes({"application/json"})
    public Response register(@Context UriInfo uriInfo, @NotNull RegistrationRequest registrationRequest) {
        Set validate = this.validator.validate(registrationRequest, new Class[0]);
        if (!validate.isEmpty()) {
            RestError build = RestError.builder().build();
            StringWriter stringWriter = new StringWriter();
            validate.forEach(constraintViolation -> {
                stringWriter.append((CharSequence) constraintViolation.getMessage());
                stringWriter.append("\n");
            });
            build.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
            build.setStatusMessage(stringWriter.toString());
            return Response.status(Response.Status.BAD_REQUEST).entity(build).build();
        }
        Optional<ApplicationRegistration> findByRefName = this.registrationRepo.findByRefName(registrationRequest.getEmail());
        if (findByRefName.isPresent()) {
            ApplicationRegistration applicationRegistration = findByRefName.get();
            return Response.status(Response.Status.BAD_REQUEST).entity(RestError.builder().statusMessage("a registration request with the email address: " + applicationRegistration.getUserId() + " is already in the system with the status:" + String.valueOf(applicationRegistration.getStatus()) + " contact help@b2bintegrator.com for assistance").status(Response.Status.BAD_REQUEST.getStatusCode()).build()).build();
        }
        ApplicationRegistration applicationRegistration2 = new ApplicationRegistration();
        applicationRegistration2.setRefName(registrationRequest.getEmail());
        applicationRegistration2.setUserId(registrationRequest.getEmail());
        if (!ValidateUtils.isValidEmailAddress(registrationRequest.getEmail())) {
            return Response.status(Response.Status.BAD_REQUEST).entity(RestError.builder().status(Response.Status.BAD_REQUEST.getStatusCode()).statusMessage("Email:" + registrationRequest.getEmail() + " is not a valid email address").build()).build();
        }
        applicationRegistration2.setUserEmail(registrationRequest.getEmail());
        String str = registrationRequest.getEmail().split("@")[1].split("\\.")[0];
        Optional<ApplicationRegistration> findByCompanyIdentifier = this.registrationRepo.findByCompanyIdentifier(str);
        if (findByCompanyIdentifier.isPresent()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(RestError.builder().status(Response.Status.BAD_REQUEST.getStatusCode()).statusMessage("Registration request for domain:" + str + " has already been made by:" + findByCompanyIdentifier.get().getUserEmail() + " and is the state:" + String.valueOf(findByCompanyIdentifier.get().getStatus())).build()).build();
        }
        applicationRegistration2.setCompanyName(registrationRequest.getCompanyName());
        applicationRegistration2.setCompanyIdentifier(str);
        applicationRegistration2.setTerms(registrationRequest.isAcceptedTerms());
        applicationRegistration2.setPassword(registrationRequest.getPassword());
        applicationRegistration2.setFname(registrationRequest.getFname());
        applicationRegistration2.setLname(registrationRequest.getLname());
        applicationRegistration2.setUserTelephone(registrationRequest.getTelephone());
        return Response.ok().entity(this.registrationRepo.save(applicationRegistration2)).status(Response.Status.CREATED).build();
    }

    @Produces({"application/json"})
    @PermitAll
    @Path("register")
    @GET
    public Response register(@QueryParam("refName") String str) {
        Response build;
        Optional<ApplicationRegistration> findByRefName = this.registrationRepo.findByRefName(str);
        if (findByRefName.isPresent()) {
            build = Response.ok(findByRefName.get()).build();
        } else {
            build = Response.status(Response.Status.NOT_FOUND).entity(RestError.builder().status(Response.Status.NOT_FOUND.getStatusCode()).statusMessage("RefName:" + str + " was not found").build()).build();
        }
        return build;
    }

    @Produces({"application/json"})
    @Path("me")
    @GET
    @Authenticated
    @Consumes({"application/json"})
    public Response me(@Context SecurityContext securityContext) {
        if (Log.isInfoEnabled()) {
            Log.info("me: - UserId:" + securityContext.getUserPrincipal().getName());
        }
        try {
            Optional<UserProfile> byUserId = this.userProfileRepo.getByUserId(securityContext.getUserPrincipal().getName());
            if (byUserId.isPresent()) {
                this.userProfileRepo.fillUIActions((UserProfileRepo) byUserId.get());
            }
            if (byUserId.isPresent()) {
                return Response.ok(byUserId.get()).build();
            }
            return Response.status(Response.Status.NOT_FOUND).entity(RestError.builder().statusMessage("Could not find userId:" + securityContext.getUserPrincipal().getName() + " please register").status(Response.Status.NOT_FOUND.getStatusCode()).debugMessage("User could not be found, indicating that the user has not registered in the past").build()).build();
        } catch (SecurityCheckException e) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(((RestSecurityError.RestSecurityErrorBuilder) ((RestSecurityError.RestSecurityErrorBuilder) RestSecurityError.builder().statusMessage("The user id is not authorized to read the user profile required for login, due to a permission configuration error")).status(Response.Status.UNAUTHORIZED.getStatusCode())).securityResponse(e.getResponse()).mo33build()).build();
        }
    }

    @Produces({"application/json"})
    @POST
    @PermitAll
    @Path("/login")
    @Consumes({"application/json"})
    public Response login(@Context HttpHeaders httpHeaders, AuthRequest authRequest, @QueryParam("realm") String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        String str2 = (String) httpHeaders.getRequestHeaders().getFirst("X-FORWARDED_FOR");
        if (str2 == null) {
            str2 = (String) httpHeaders.getRequestHeaders().getFirst("Host");
        }
        String str3 = (String) httpHeaders.getRequestHeaders().getFirst("User-Agent");
        if (Log.isInfoEnabled()) {
            Log.info("Authentication Attempt:" + authRequest.getUserId() + " Address:" + (str2 != null ? str2 : "unknown") + " UserAgent:" + (str3 != null ? str3 : "unknown"));
        }
        StringTokenizer stringTokenizer = new StringTokenizer(authRequest.getUserId(), "@");
        stringTokenizer.nextToken();
        String replace = stringTokenizer.nextToken().replace(".", "-");
        if (str != null) {
            Log.infof("Overriding calculated realm:%s  to  query parameter :%s ", replace, str);
            replace = str;
        }
        Log.infof("Logging in userid: %s realm: %s", authRequest.getUserId(), replace);
        AuthProvider authProvider = this.authProviderFactory.getAuthProvider();
        try {
            AuthProvider.LoginResponse login = replace == null ? authProvider.login(authRequest.getUserId(), authRequest.getPassword()) : authProvider.login(replace, authRequest.getUserId(), authRequest.getPassword());
            if (login.authenticated()) {
                Log.info("Login successful for userId:" + authRequest.getUserId());
                return Response.ok(new AuthResponse(login.positiveResponse().accessToken(), login.positiveResponse().refreshToken(), login.positiveResponse().expirationTime())).build();
            }
            Log.warn("Login failed for userId:" + authRequest.getUserId());
            return Response.status(Response.Status.UNAUTHORIZED).entity(RestError.builder().statusMessage(login.negativeResponse().errorMessage()).status(Response.Status.UNAUTHORIZED.getStatusCode()).build()).build();
        } catch (SecurityException e) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(RestError.builder().statusMessage(e.getMessage()).status(Response.Status.UNAUTHORIZED.getStatusCode()).build()).build();
        }
    }

    protected AuthResponse generateAuthResponse(@NotNull(message = "userId for generating auth response can not be null") String str, @NotNull(message = "the roles array can not be null for generating an auth response") String[] strArr, long j, long j2, @NotNull(message = "the issuer can not be null for for generating an auth response") String str2) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        long expiresAt = TokenUtils.expiresAt(j);
        return new AuthResponse(TokenUtils.generateUserToken(str, new HashSet(Arrays.asList(strArr)), expiresAt, str2), TokenUtils.generateRefreshToken(str, j + j2, str2), expiresAt);
    }

    @Produces({"application/json"})
    @POST
    @Path("/refresh")
    @Authenticated
    @Consumes({"application/json"})
    public Response refresh(AuthResponse authResponse) throws Exception {
        if (Log.isEnabled(Logger.Level.WARN)) {
            Log.warn(">> REFRESH TOKEN:" + authResponse.getRefresh_token());
        }
        JsonWebToken parse = this.parser.parse(authResponse.getRefresh_token());
        if (parse.getClaim("scope").equals(TokenUtils.REFRESH_SCOPE)) {
            return Response.ok(generateAuthResponse(parse.getSubject(), (String[]) parse.getGroups().toArray(new String[parse.getGroups().size()]), this.tokenDuration, this.tokenDuration + 3200, this.issuer)).build();
        }
        RestError build = RestError.builder().build();
        build.setStatusMessage("Token is not valid, it has an invalid scope:" + String.valueOf(parse.getClaim("scope")));
        build.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
        return Response.status(Response.Status.UNAUTHORIZED).entity(build).build();
    }

    @Produces({"application/json"})
    @POST
    @PermitAll
    @Path("/logout")
    @Consumes({"application/json"})
    public Response logout() {
        if (Log.isInfoEnabled()) {
            Log.info("-Logout-");
        }
        com.e2eq.framework.model.securityrules.SecurityContext.clear();
        return Response.ok().build();
    }

    @PermitAll
    @GET
    @Path("healthCheck")
    public Response healthCheck() {
        if (Log.isInfoEnabled()) {
            Log.info("-HealthCheck-");
        }
        return Response.ok("OK").build();
    }

    /* JADX WARN: Type inference failed for: r0v83, types: [java.time.ZonedDateTime] */
    @Produces({"application/json"})
    @GET
    @Path("/authenticated/test")
    @Authenticated
    @Consumes({"application/json"})
    public Response test(@Context SecurityContext securityContext) {
        if (Log.isInfoEnabled()) {
            Log.info("====== TEST CALLED ====");
        }
        if (securityContext.getUserPrincipal() == null) {
            RestError build = RestError.builder().build();
            build.setStatusMessage("The security Principal is null");
            build.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return Response.status(Response.Status.UNAUTHORIZED).entity(build).build();
        }
        Log.info("Security Context:");
        Log.info("   Principal Name:" + securityContext.getUserPrincipal().getName());
        Log.info("   IsSecure:" + securityContext.isSecure());
        Log.info("   Authentication Scheme:" + securityContext.getAuthenticationScheme());
        Log.info("   Is User Role:" + securityContext.isUserInRole(Role.user.toString()));
        Log.info("   Is Admin Role:" + securityContext.isUserInRole(Role.admin.toString()));
        Log.info("--- Security Identity ---");
        Log.info("  Is Anonymous:" + this.securityIdentity.isAnonymous());
        Iterator it = this.securityIdentity.getRoles().iterator();
        while (it.hasNext()) {
            Log.info("  Role:" + ((String) it.next()));
        }
        Log.info("  Is Authenticated:" + String.valueOf(this.securityIdentity.getRoles()));
        Log.info("  Principal:" + this.securityIdentity.getPrincipal().getName());
        Date date = new Date();
        if (this.jwt != null) {
            Log.info("JWT:");
            Log.info("  Issuer:" + this.jwt.getIssuer());
            Log.info("  Subject:" + this.jwt.getSubject());
            Log.info("  Audience:" + String.valueOf(this.jwt.getAudience()));
            Log.info("  Issued At:" + this.jwt.getIssuedAtTime());
            Log.info("  Expires At:" + this.jwt.getExpirationTime());
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochSecond(this.jwt.getExpirationTime()), ZoneId.systemDefault());
            Log.info("Token will expire at: " + String.valueOf(ofInstant));
            date = Date.from(ofInstant.atZone(ZoneId.systemDefault()).toInstant());
        }
        return Response.ok("Principle:" + securityContext.getUserPrincipal().getName() + " is authenticated/nToken will expire at: " + String.valueOf(date)).build();
    }
}
