package be.iminds.ilabt.jfed.bugreport.resource;

import be.iminds.ilabt.jfed.bugreport.JFedBugReportWebApiConfigurationIface;
import be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface;
import be.iminds.ilabt.jfed.fedmon.webapi.service.util.EmailSender;
import be.iminds.ilabt.jfed.util.KeyUtil;
import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
import javax.ws.rs.core.UriInfo;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthServiceProvider;
import net.oauth.client.OAuthClient;
import net.oauth.client.httpclient4.HttpClient4;
import net.oauth.signature.RSA_SHA1;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({MediaType.APPLICATION_JSON})
@Path("/oauth")
/* loaded from: input_file:be/iminds/ilabt/jfed/bugreport/resource/OAuthResource.class */
public class OAuthResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuthResource.class);
    protected static final String JIRA_BASE_URL = "https://ibcn-jira.intec.ugent.be";
    protected static final String SERVLET_BASE_URL = "/plugins/servlet";
    private final String publicKey;
    private final String privateKey;
    private final String callback;

    @Context
    UriInfo uriInfo;
    private final JFedBugReportWebApiConfigurationIface bugReportConfiguration;
    private final AbstractWebApiConfigurationIface webApiConfiguration;
    private final EmailSender emailSender;
    private OAuthAccessor accessor;
    private final String consumerKey = "jfed-bugreport-api";
    private List<TokenSecretVerifierHolder> requestTokens = new ArrayList();
    private List<String> accessTokens = new ArrayList();

    /* loaded from: input_file:be/iminds/ilabt/jfed/bugreport/resource/OAuthResource$TokenSecretVerifierHolder.class */
    public static class TokenSecretVerifierHolder {
        public String token;
        public String verifier;
        public String secret;

        public String toString() {
            return "TokenSecretVerifierHolder{token='" + this.token + "', verifier='" + this.verifier + "', secret='" + this.secret + "'}";
        }
    }

    public OAuthResource(@NotNull JFedBugReportWebApiConfigurationIface jFedBugReportWebApiConfigurationIface, @NotNull AbstractWebApiConfigurationIface abstractWebApiConfigurationIface, @NotNull EmailSender emailSender) {
        String str;
        this.bugReportConfiguration = jFedBugReportWebApiConfigurationIface;
        this.webApiConfiguration = abstractWebApiConfigurationIface;
        this.emailSender = emailSender;
        try {
            str = this.uriInfo.getRequestUriBuilder().path("jira/callback").build(new Object[0]).toASCIIString();
        } catch (Exception e) {
            LOG.error("OAUTH: Failed to use uriInfo to get callback", (Throwable) e);
            str = "https://flsmonitor-api.fed4fire.eu:8443/jira/callback";
        }
        this.callback = str;
        LOG.info("OAUTH: Using oauth callback URL: \"" + this.callback + "\"");
        String privateOAuthConsumerPemKey = jFedBugReportWebApiConfigurationIface.getPrivateOAuthConsumerPemKey();
        if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
            throw new IllegalStateException("Bug report configuration contains no privateOAuthConsumerPemKey");
        }
        if (privateOAuthConsumerPemKey.contains("-----BEGIN RSA PRIVATE KEY")) {
            privateOAuthConsumerPemKey = findPemMessage(privateOAuthConsumerPemKey, "RSA PRIVATE KEY");
            if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
                throw new IllegalStateException("Bug report configuration contained no correct PEM RSA PRIVATE KEY message");
            }
        }
        if (privateOAuthConsumerPemKey.contains("-----BEGIN PRIVATE KEY")) {
            privateOAuthConsumerPemKey = findPemMessage(privateOAuthConsumerPemKey, "PRIVATE KEY");
            if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
                throw new IllegalStateException("Bug report configuration contained no correct PEM PRIVATE KEY message");
            }
        }
        if (privateOAuthConsumerPemKey.contains("\n")) {
            privateOAuthConsumerPemKey.replaceAll("\\n", "").trim();
            if (privateOAuthConsumerPemKey.isEmpty()) {
                throw new IllegalStateException("Bug report configuration contained incorrect private key");
            }
        }
        this.privateKey = privateOAuthConsumerPemKey;
        try {
            RSAPrivateKey pemToRsaPrivateKey = KeyUtil.pemToRsaPrivateKey(jFedBugReportWebApiConfigurationIface.getPrivateOAuthConsumerPemKey(), null);
            if (pemToRsaPrivateKey == null) {
                throw new IllegalStateException("Bug report configuration contained private key that could not be processed by jFed KeyUtil");
            }
            RSAPublicKey rsaPrivateKeyToRsaPublicKey = KeyUtil.rsaPrivateKeyToRsaPublicKey(pemToRsaPrivateKey);
            if (rsaPrivateKeyToRsaPublicKey == null) {
                throw new IllegalStateException("Bug report configuration contained private key that could not be used to find the public key");
            }
            this.publicKey = new String(KeyUtil.getPublicKeyCharsPKCS1Base64(rsaPrivateKeyToRsaPublicKey));
        } catch (KeyUtil.PEMDecodingException e2) {
            throw new IllegalStateException("Bug report configuration contained private key that could not be processed by jFed KeyUtil");
        }
    }

    public static String findPemMessage(String str, String str2) {
        String substring;
        int indexOf;
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        String str3 = "-----BEGIN " + str2 + "-----";
        int indexOf2 = replaceAll.indexOf(str3);
        if (indexOf2 == -1 || (indexOf = (substring = replaceAll.substring(indexOf2 + str3.length())).indexOf("-----END " + str2 + "-----")) < 0) {
            return null;
        }
        return substring.substring(0, indexOf);
    }

    @GET
    @Path("servicePubKey")
    @Timed
    @Produces({MediaType.TEXT_HTML})
    public String showPublicKey(@Context HttpServletRequest httpServletRequest) {
        return this.publicKey;
    }

    @GET
    @Path("jira/authorize")
    @Timed
    @Produces({MediaType.TEXT_HTML})
    public Response jiraRedirectRequestToken(@Context HttpServletRequest httpServletRequest) {
        TokenSecretVerifierHolder requestToken = getRequestToken();
        LOG.debug("OAUTH: Got request token: " + requestToken);
        this.requestTokens.add(requestToken);
        try {
            return Response.temporaryRedirect(UriBuilder.fromUri(getAuthorizeUrl()).queryParam(OAuth.OAUTH_TOKEN, requestToken.token).queryParam(OAuth.OAUTH_CALLBACK, this.callback).build(new Object[0])).build();
        } catch (IllegalArgumentException | UriBuilderException e) {
            throw new WebApplicationException("Failed to create URL to redirect to", e, Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @GET
    @Path("jira/callback")
    @Timed
    @Produces({MediaType.TEXT_HTML})
    public String jiraRequestTokenCallback(@Context HttpServletRequest httpServletRequest, @QueryParam("oauth_token") String str) {
        LOG.debug("OAUTH: jira called callback for request token " + str);
        TokenSecretVerifierHolder tokenSecretVerifierHolder = null;
        Iterator<TokenSecretVerifierHolder> it = this.requestTokens.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenSecretVerifierHolder next = it.next();
            if (next.token.equals(str)) {
                tokenSecretVerifierHolder = next;
                break;
            }
        }
        if (tokenSecretVerifierHolder == null) {
            throw new WebApplicationException("No matching request token is known: " + str, Response.Status.BAD_REQUEST);
        }
        LOG.debug("OAUTH: jira called callback with known request token");
        String swapRequestTokenForAccessToken = swapRequestTokenForAccessToken(tokenSecretVerifierHolder.token, tokenSecretVerifierHolder.secret, tokenSecretVerifierHolder.verifier);
        LOG.debug("OAUTH: got access token " + swapRequestTokenForAccessToken);
        this.accessTokens.add(swapRequestTokenForAccessToken);
        LOG.debug("OAUTH: will test access token");
        testAccess(swapRequestTokenForAccessToken);
        LOG.debug("OAUTH: will reply user");
        return "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <title>Authorization Completed</title>\n  </head>\n  <body>\n    <p>OAuth Authorization successfull for user todo</p>\n  </body>\n</html>";
    }

    public void testAccess(String str) {
        URI.create("https://ibcn-jira.intec.ugent.be/");
        OAuthAccessor accessor = getAccessor();
        OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
        accessor.accessToken = str;
        try {
            LOG.debug("OAUTH: got reply to issue call " + oAuthClient.invoke(accessor, "https://ibcn-jira.intec.ugent.be/jira/rest/api/2/issue/FEDIBBTDEV-2728", Collections.emptySet()).readBodyAsString());
        } catch (IOException | URISyntaxException | OAuthException e) {
            LOG.error("Exception while calling rest API", e);
        }
    }

    public TokenSecretVerifierHolder getRequestToken() {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthMessage requestTokenResponse = new OAuthClient(new HttpClient4()).getRequestTokenResponse(accessor, "POST", (this.callback == null || "".equals(this.callback)) ? Collections.emptyList() : ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_CALLBACK, this.callback)));
            TokenSecretVerifierHolder tokenSecretVerifierHolder = new TokenSecretVerifierHolder();
            tokenSecretVerifierHolder.token = accessor.requestToken;
            tokenSecretVerifierHolder.secret = accessor.tokenSecret;
            tokenSecretVerifierHolder.verifier = requestTokenResponse.getParameter(OAuth.OAUTH_VERIFIER);
            return tokenSecretVerifierHolder;
        } catch (Exception e) {
            throw new RuntimeException("Failed to obtain request token", e);
        }
    }

    public String swapRequestTokenForAccessToken(String str, String str2, String str3) {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
            accessor.requestToken = str;
            accessor.tokenSecret = str2;
            return oAuthClient.getAccessToken(accessor, "POST", ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_VERIFIER, str3))).getToken();
        } catch (Exception e) {
            throw new RuntimeException("Failed to swap request token with access token", e);
        }
    }

    public String makeAuthenticatedRequest(String str, String str2) {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
            accessor.accessToken = str2;
            return oAuthClient.invoke(accessor, str, Collections.emptySet()).readBodyAsString();
        } catch (Exception e) {
            throw new RuntimeException("Failed to make an authenticated request.", e);
        }
    }

    private final OAuthAccessor getAccessor() {
        if (this.accessor == null) {
            OAuthConsumer oAuthConsumer = new OAuthConsumer(this.callback, "jfed-bugreport-api", null, new OAuthServiceProvider(getRequestTokenUrl(), getAuthorizeUrl(), getAccessTokenUrl()));
            oAuthConsumer.setProperty(RSA_SHA1.PRIVATE_KEY, this.privateKey);
            oAuthConsumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
            this.accessor = new OAuthAccessor(oAuthConsumer);
        }
        return this.accessor;
    }

    private String getAccessTokenUrl() {
        return "https://ibcn-jira.intec.ugent.be/plugins/servlet/oauth/access-token";
    }

    private String getRequestTokenUrl() {
        return "https://ibcn-jira.intec.ugent.be/plugins/servlet/oauth/request-token";
    }

    public String getAuthorizeUrlForToken(String str) {
        return getAuthorizeUrl() + "?oauth_token=" + str;
    }

    private String getAuthorizeUrl() {
        return "https://ibcn-jira.intec.ugent.be/plugins/servlet/oauth/authorize";
    }
}
