package org.nuxeo.ecm.tokenauth.servlet;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.ui.web.auth.service.AuthenticationPluginDescriptor;
import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
import org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator;
import org.nuxeo.ecm.tokenauth.TokenAuthenticationException;
import org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/tokenauth/servlet/TokenAuthenticationServlet.class */
public class TokenAuthenticationServlet extends HttpServlet {
    private static final long serialVersionUID = 7792388601558509103L;
    private static final Log log = LogFactory.getLog(TokenAuthenticationServlet.class);
    public static final String TOKEN_AUTH_PLUGIN_NAME = "TOKEN_AUTH";
    public static final String APPLICATION_NAME_PARAM = "applicationName";
    public static final String DEVICE_ID_PARAM = "deviceId";
    public static final String DEVICE_DESCRIPTION_PARAM = "deviceDescription";
    public static final String PERMISSION_PARAM = "permission";
    public static final String REVOKE_PARAM = "revoke";

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String format;
        int i;
        AuthenticationPluginDescriptor descriptor;
        NuxeoPrincipal userPrincipal = httpServletRequest.getUserPrincipal();
        if ((userPrincipal instanceof NuxeoPrincipal) && userPrincipal.isAnonymous() && ((descriptor = ((PluggableAuthenticationService) Framework.getRuntime().getComponent("org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService")).getDescriptor(TOKEN_AUTH_PLUGIN_NAME)) == null || !Boolean.parseBoolean((String) descriptor.getParameters().get(TokenAuthenticator.ALLOW_ANONYMOUS_KEY)))) {
            log.debug("Anonymous user is not allowed to acquire an authentication token.");
            httpServletResponse.sendError(401);
            return;
        }
        String parameter = httpServletRequest.getParameter(APPLICATION_NAME_PARAM);
        String parameter2 = httpServletRequest.getParameter(DEVICE_ID_PARAM);
        String parameter3 = httpServletRequest.getParameter(DEVICE_DESCRIPTION_PARAM);
        String parameter4 = httpServletRequest.getParameter(PERMISSION_PARAM);
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter(REVOKE_PARAM));
        if (!parseBoolean && (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2) || StringUtils.isEmpty(parameter4))) {
            log.error("The following request parameters are mandatory to acquire an authentication token: applicationName, deviceId, permission.");
            httpServletResponse.sendError(400);
            return;
        }
        if (parseBoolean && (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2))) {
            log.error("The following request parameters are mandatory to revoke an authentication token: applicationName, deviceId.");
            httpServletResponse.sendError(400);
            return;
        }
        if (userPrincipal == null) {
            httpServletResponse.sendError(401);
            return;
        }
        String name = userPrincipal.getName();
        TokenAuthenticationService tokenAuthenticationService = (TokenAuthenticationService) Framework.getService(TokenAuthenticationService.class);
        try {
            if (parseBoolean) {
                String token = tokenAuthenticationService.getToken(name, parameter, parameter2);
                if (token == null) {
                    format = String.format("No token found for userName %s, applicationName %s and deviceId %s; nothing to do.", name, parameter, parameter2);
                    i = 400;
                } else {
                    tokenAuthenticationService.revokeToken(token);
                    format = String.format("Token revoked for userName %s, applicationName %s and deviceId %s.", name, parameter, parameter2);
                    i = 202;
                }
            } else {
                format = tokenAuthenticationService.acquireToken(name, parameter, parameter2, parameter3, parameter4);
                i = 201;
            }
            sendTextResponse(httpServletResponse, format, i);
        } catch (TokenAuthenticationException e) {
            httpServletResponse.sendError(404);
        }
    }

    protected void sendTextResponse(HttpServletResponse httpServletResponse, String str, int i) throws IOException {
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentLength(str.getBytes().length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.write(str.getBytes(StandardCharsets.UTF_8));
        outputStream.close();
    }
}
