package be.iminds.ilabt.jfed.bugreport.resource;

import be.iminds.ilabt.jfed.bugreport.JFedBugReportWebApiConfigurationIface;
import be.iminds.ilabt.jfed.bugreport.dao.OAuthAccessToken;
import be.iminds.ilabt.jfed.bugreport.dao.OAuthAccessTokenBuilder;
import be.iminds.ilabt.jfed.bugreport.dao.OAuthDao;
import be.iminds.ilabt.jfed.bugreport.jira.JiraClient;
import be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface;
import be.iminds.ilabt.jfed.fedmon.webapi.service.util.EmailSender;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.jfed.util.TextUtil;
import com.codahale.metrics.annotation.Timed;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
import javax.ws.rs.core.UriInfo;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthServiceProvider;
import net.oauth.client.OAuthClient;
import net.oauth.client.httpclient4.HttpClient4;
import net.oauth.signature.RSA_SHA1;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({MediaType.APPLICATION_JSON})
@Path("/oauth")
/* loaded from: input_file:be/iminds/ilabt/jfed/bugreport/resource/OAuthResource.class */
public class OAuthResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuthResource.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();
    protected static final String SERVLET_BASE_URL = "/plugins/servlet";
    private final String jiraBaseUrl;
    private final String consumerKey;
    private final String publicKey;
    private final String publicKeyPem;
    private final String publicKeyPem2;
    private final String publicKeyOpenSsh;
    private final RSAPrivateKey privateKey;
    private final String callback;
    private final JiraClientMethod jiraClientMethod;
    private final String jiraClientUsername;
    private final String jiraClientPassword;

    @Context
    UriInfo uriInfo;

    @NotNull
    private final JFedBugReportWebApiConfigurationIface bugReportConfiguration;

    @NotNull
    private final AbstractWebApiConfigurationIface webApiConfiguration;

    @NotNull
    private final EmailSender emailSender;

    @NotNull
    private final OAuthDao oAuthDao;
    private List<TokenSecretVerifierHolder> requestTokens = new ArrayList();
    private List<OAuthAccessToken> accessTokens = new ArrayList();
    private OAuthAccessor accessor;

    /* loaded from: input_file:be/iminds/ilabt/jfed/bugreport/resource/OAuthResource$JiraClientMethod.class */
    private enum JiraClientMethod {
        OAUTH,
        BASICAUTH,
        NONE;

        public static JiraClientMethod find(String str) throws IllegalArgumentException {
            return valueOf(str.toUpperCase().trim().replaceAll(" ", ""));
        }
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/bugreport/resource/OAuthResource$TokenSecretVerifierHolder.class */
    public static class TokenSecretVerifierHolder {
        public String token;
        public String verifier;
        public String secret;

        public String toString() {
            return "TokenSecretVerifierHolder{token='" + this.token + "', verifier='" + this.verifier + "', secret='" + this.secret + "'}";
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x006a. Please report as an issue. */
    public OAuthResource(@NotNull JFedBugReportWebApiConfigurationIface jFedBugReportWebApiConfigurationIface, @NotNull AbstractWebApiConfigurationIface abstractWebApiConfigurationIface, @NotNull EmailSender emailSender, @NotNull OAuthDao oAuthDao) {
        this.bugReportConfiguration = jFedBugReportWebApiConfigurationIface;
        this.webApiConfiguration = abstractWebApiConfigurationIface;
        this.emailSender = emailSender;
        this.oAuthDao = oAuthDao;
        this.jiraClientMethod = jFedBugReportWebApiConfigurationIface.getJiraClientMethod() == null ? JiraClientMethod.NONE : JiraClientMethod.find(jFedBugReportWebApiConfigurationIface.getJiraClientMethod());
        this.jiraClientUsername = jFedBugReportWebApiConfigurationIface.getJiraClientUsername();
        this.jiraClientPassword = jFedBugReportWebApiConfigurationIface.getJiraClientPassword();
        switch (this.jiraClientMethod) {
            case BASICAUTH:
                if (this.jiraClientPassword == null) {
                    throw new IllegalArgumentException("Configuration uses " + this.jiraClientMethod + " so requires jiraClientPassword");
                }
            case OAUTH:
                if (this.jiraClientUsername == null) {
                    throw new IllegalArgumentException("Configuration uses " + this.jiraClientMethod + " so requires jiraClientUsername");
                }
            case NONE:
                this.callback = jFedBugReportWebApiConfigurationIface.getOAuthConsumerCallbackUrl();
                LOG.info("OAUTH: Using oauth callback URL: \"" + this.callback + "\"");
                this.jiraBaseUrl = jFedBugReportWebApiConfigurationIface.getJiraBaseUrl() == null ? "https://ibcn-jira.intec.ugent.be" : jFedBugReportWebApiConfigurationIface.getJiraBaseUrl();
                LOG.info("OAUTH: jiraBaseUrl: \"" + this.jiraBaseUrl + "\"");
                this.consumerKey = jFedBugReportWebApiConfigurationIface.getOAuthConsumerKey() == null ? "jfed-bugreport-api" : jFedBugReportWebApiConfigurationIface.getOAuthConsumerKey();
                LOG.info("OAUTH: consumerKey: \"" + this.consumerKey + "\"");
                String privateOAuthConsumerPemKey = jFedBugReportWebApiConfigurationIface.getPrivateOAuthConsumerPemKey();
                if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
                    throw new IllegalStateException("Bug report configuration contains no privateOAuthConsumerPemKey");
                }
                if (privateOAuthConsumerPemKey.contains("-----BEGIN RSA PRIVATE KEY")) {
                    privateOAuthConsumerPemKey = findPemMessage(privateOAuthConsumerPemKey, "RSA PRIVATE KEY");
                    if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
                        throw new IllegalStateException("Bug report configuration contained no correct PEM RSA PRIVATE KEY message");
                    }
                }
                if (privateOAuthConsumerPemKey.contains("-----BEGIN PRIVATE KEY")) {
                    privateOAuthConsumerPemKey = findPemMessage(privateOAuthConsumerPemKey, "PRIVATE KEY");
                    if (privateOAuthConsumerPemKey == null || privateOAuthConsumerPemKey.trim().isEmpty()) {
                        throw new IllegalStateException("Bug report configuration contained no correct PEM PRIVATE KEY message");
                    }
                }
                if (privateOAuthConsumerPemKey.contains("\n")) {
                    privateOAuthConsumerPemKey.replaceAll("\\n", "").trim();
                    if (privateOAuthConsumerPemKey.isEmpty()) {
                        throw new IllegalStateException("Bug report configuration contained incorrect private key");
                    }
                }
                try {
                    this.privateKey = KeyUtil.pemToRsaPrivateKey(jFedBugReportWebApiConfigurationIface.getPrivateOAuthConsumerPemKey(), null);
                    if (this.privateKey == null) {
                        throw new IllegalStateException("Bug report configuration contained private key that could not be processed by jFed KeyUtil");
                    }
                    RSAPublicKey rsaPrivateKeyToRsaPublicKey = KeyUtil.rsaPrivateKeyToRsaPublicKey(this.privateKey);
                    if (rsaPrivateKeyToRsaPublicKey == null) {
                        throw new IllegalStateException("Bug report configuration contained private key that could not be used to find the public key");
                    }
                    this.publicKey = new String(KeyUtil.getPublicKeyCharsPKCS1Base64(rsaPrivateKeyToRsaPublicKey));
                    this.publicKeyPem = "-----BEGIN RSA PUBLIC KEY-----\n" + TextUtil.wrap(this.publicKey, 64) + "\n-----END RSA PUBLIC KEY-----\n";
                    this.publicKeyPem2 = "-----BEGIN PUBLIC KEY-----\n" + TextUtil.wrap("MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A" + this.publicKey, 64) + "\n-----END PUBLIC KEY-----\n";
                    this.publicKeyOpenSsh = KeyUtil.publicKeyToOpenSshAuthorizedKeysFormat(rsaPrivateKeyToRsaPublicKey);
                    return;
                } catch (KeyUtil.PEMDecodingException e) {
                    throw new IllegalStateException("Bug report configuration contained private key that could not be processed by jFed KeyUtil");
                }
            default:
                throw new IllegalArgumentException("jiraClientMethod " + this.jiraClientMethod + " is not supported");
        }
    }

    public static String findPemMessage(String str, String str2) {
        String substring;
        int indexOf;
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        String str3 = "-----BEGIN " + str2 + "-----";
        int indexOf2 = replaceAll.indexOf(str3);
        if (indexOf2 == -1 || (indexOf = (substring = replaceAll.substring(indexOf2 + str3.length())).indexOf("-----END " + str2 + "-----")) < 0) {
            return null;
        }
        return substring.substring(0, indexOf);
    }

    @GET
    @Path("servicePubKey")
    @Timed
    @Produces({"text/plain"})
    public String showPublicKey(@Context HttpServletRequest httpServletRequest) {
        return this.publicKey;
    }

    @GET
    @Path("servicePubKey/pem")
    @Timed
    @Produces({"text/plain"})
    public String showPublicKeyPem(@Context HttpServletRequest httpServletRequest) {
        return this.publicKeyPem;
    }

    @GET
    @Path("servicePubKey/pem2")
    @Timed
    @Produces({"text/plain"})
    public String showPublicKeyPem2(@Context HttpServletRequest httpServletRequest) {
        return this.publicKeyPem2;
    }

    @GET
    @Path("servicePubKey/openssh")
    @Timed
    @Produces({"text/plain"})
    public String showPublicKeyOpenSsh(@Context HttpServletRequest httpServletRequest) {
        return this.publicKeyOpenSsh;
    }

    @GET
    @Path("jira/authorize")
    @Timed
    @Produces({MediaType.TEXT_HTML})
    public Response jiraRedirectRequestToken(@Context HttpServletRequest httpServletRequest) {
        TokenSecretVerifierHolder requestToken = getRequestToken();
        LOG.info("OAUTH: Got request token: " + requestToken);
        this.requestTokens.add(requestToken);
        try {
            return Response.temporaryRedirect(UriBuilder.fromUri(getAuthorizeUrl()).queryParam(OAuth.OAUTH_TOKEN, requestToken.token).queryParam(OAuth.OAUTH_CALLBACK, this.callback).build(new Object[0])).build();
        } catch (IllegalArgumentException | UriBuilderException e) {
            throw new WebApplicationException("Failed to create URL to redirect to", e, Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @GET
    @Path("jira/callback")
    @Timed
    @Produces({MediaType.TEXT_HTML})
    public String jiraRequestTokenCallback(@Context HttpServletRequest httpServletRequest, @QueryParam("oauth_token") String str, @QueryParam("oauth_verifier") String str2) {
        LOG.info("OAUTH: jira called callback for request token " + str + "  with verifier " + str2);
        TokenSecretVerifierHolder tokenSecretVerifierHolder = null;
        Iterator<TokenSecretVerifierHolder> it = this.requestTokens.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenSecretVerifierHolder next = it.next();
            if (next.token.equals(str)) {
                tokenSecretVerifierHolder = next;
                break;
            }
        }
        if (tokenSecretVerifierHolder == null) {
            throw new WebApplicationException("No matching request token is known: " + str, Response.Status.BAD_REQUEST);
        }
        LOG.info("OAUTH: jira called callback with known request token");
        tokenSecretVerifierHolder.verifier = str2;
        String swapRequestTokenForAccessToken = swapRequestTokenForAccessToken(tokenSecretVerifierHolder.token, tokenSecretVerifierHolder.secret, tokenSecretVerifierHolder.verifier);
        LOG.info("OAUTH: got access token " + swapRequestTokenForAccessToken);
        LOG.info("OAUTH: will test access token by fetching loggedInUsername");
        String usernameFromAccessToken = getUsernameFromAccessToken(swapRequestTokenForAccessToken);
        LOG.info("OAUTH: got username \"" + usernameFromAccessToken + "\". Will store in DB.");
        OAuthAccessToken create = new OAuthAccessTokenBuilder().setUsername(usernameFromAccessToken).setServiceProviderBaseUrl(this.jiraBaseUrl).setAccessToken(swapRequestTokenForAccessToken).create();
        this.accessTokens.add(create);
        this.oAuthDao.insert(create);
        LOG.info("OAUTH: Will reply user.");
        return "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <title>Authorization Completed</title>\n  </head>\n  <body>\n    <p>OAuth Access Token for " + create.getServiceProviderBaseUrl() + " successfull stored for user " + create.getUsername() + "</p>\n  </body>\n</html>";
    }

    @Nonnull
    public String getUsernameFromAccessToken(@Nonnull String str) {
        OAuthAccessor accessor = getAccessor();
        OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
        accessor.accessToken = str;
        try {
            OAuthMessage invoke = oAuthClient.invoke(accessor, this.jiraBaseUrl + "/rest/auth/1/session", Collections.emptySet());
            LOG.debug("OAUTH: got reply to 'get logged in user' call ");
            Map map = (Map) MAPPER.readValue(invoke.getBodyAsStream(), Map.class);
            if (map.get("username") == null || !(map.get("username") instanceof String) || ((String) map.get("username")).isEmpty()) {
                LOG.debug("OAUTH: Did NOT find username: " + map);
                throw new RuntimeException("OAUTH: Could not find username of logged in user");
            }
            String str2 = (String) map.get("username");
            LOG.debug("OAUTH: Found username: \"" + str2 + "\"");
            return str2;
        } catch (IOException | URISyntaxException | OAuthException e) {
            LOG.error("OAUTH: Exception in 'get logged in user' call", e);
            throw new RuntimeException("OAUTH: Exception in 'get logged in user' call", e);
        }
    }

    public TokenSecretVerifierHolder getRequestToken() {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthMessage requestTokenResponse = new OAuthClient(new HttpClient4()).getRequestTokenResponse(accessor, "POST", (this.callback == null || "".equals(this.callback)) ? Collections.emptyList() : ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_CALLBACK, this.callback)));
            TokenSecretVerifierHolder tokenSecretVerifierHolder = new TokenSecretVerifierHolder();
            tokenSecretVerifierHolder.token = accessor.requestToken;
            tokenSecretVerifierHolder.secret = accessor.tokenSecret;
            tokenSecretVerifierHolder.verifier = requestTokenResponse.getParameter(OAuth.OAUTH_VERIFIER);
            return tokenSecretVerifierHolder;
        } catch (Exception e) {
            throw new RuntimeException("Failed to obtain request token", e);
        }
    }

    public String swapRequestTokenForAccessToken(String str, String str2, String str3) {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
            accessor.requestToken = str;
            accessor.tokenSecret = str2;
            return oAuthClient.getAccessToken(accessor, "POST", ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_VERIFIER, str3))).getToken();
        } catch (Exception e) {
            throw new RuntimeException("Failed to swap request token with access token", e);
        }
    }

    public String makeAuthenticatedRequest(String str, String str2) {
        try {
            OAuthAccessor accessor = getAccessor();
            OAuthClient oAuthClient = new OAuthClient(new HttpClient4());
            accessor.accessToken = str2;
            return oAuthClient.invoke(accessor, str, Collections.emptySet()).readBodyAsString();
        } catch (Exception e) {
            throw new RuntimeException("Failed to make an authenticated request.", e);
        }
    }

    @Nonnull
    private String getAccessToken(String str) {
        OAuthAccessToken oAuthAccessToken = this.oAuthDao.get(str, this.bugReportConfiguration.getJiraBaseUrl());
        if (oAuthAccessToken == null) {
            throw new IllegalStateException("No access token known for user \"" + str + "\"");
        }
        return oAuthAccessToken.getAccessToken();
    }

    @Nullable
    public JiraClient getJiraClient() {
        try {
            switch (this.jiraClientMethod) {
                case BASICAUTH:
                    return new JiraClient(this.bugReportConfiguration.getJiraBaseUrl(), this.jiraClientUsername, this.jiraClientPassword);
                case OAUTH:
                    OAuthAccessor accessor = getAccessor();
                    accessor.accessToken = getAccessToken(this.jiraClientUsername);
                    return new JiraClient(this.bugReportConfiguration.getJiraBaseUrl(), accessor);
                case NONE:
                    return null;
                default:
                    throw new IllegalArgumentException("jiraClientMethod " + this.jiraClientMethod + " is not supported");
            }
        } catch (Exception e) {
            LOG.error("Something went wrong creating the jira client. Falling back to null.", (Throwable) e);
            return null;
        }
    }

    private final OAuthAccessor getAccessor() {
        if (this.accessor == null) {
            OAuthConsumer oAuthConsumer = new OAuthConsumer(this.callback, this.consumerKey, null, new OAuthServiceProvider(getRequestTokenUrl(), getAuthorizeUrl(), getAccessTokenUrl()));
            oAuthConsumer.setProperty(RSA_SHA1.PRIVATE_KEY, this.privateKey);
            oAuthConsumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
            this.accessor = new OAuthAccessor(oAuthConsumer);
        }
        return this.accessor;
    }

    private String getAccessTokenUrl() {
        return this.jiraBaseUrl + SERVLET_BASE_URL + "/oauth/access-token";
    }

    private String getRequestTokenUrl() {
        return this.jiraBaseUrl + SERVLET_BASE_URL + "/oauth/request-token";
    }

    public String getAuthorizeUrlForToken(String str) {
        return getAuthorizeUrl() + "?oauth_token=" + str;
    }

    private String getAuthorizeUrl() {
        return this.jiraBaseUrl + SERVLET_BASE_URL + "/oauth/authorize";
    }
}
