package org.eclipse.lyo.server.oauth.webapp.services;

import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.oauth.OAuthProblemException;
import org.apache.wink.json4j.JSONArray;
import org.apache.wink.json4j.JSONException;
import org.apache.wink.json4j.JSONObject;
import org.eclipse.lyo.server.oauth.core.OAuthConfiguration;
import org.eclipse.lyo.server.oauth.core.consumer.ConsumerStore;
import org.eclipse.lyo.server.oauth.core.consumer.ConsumerStoreException;
import org.eclipse.lyo.server.oauth.core.consumer.LyoOAuthConsumer;

@Path("/oauth/consumers")
/* loaded from: input_file:WEB-INF/classes/org/eclipse/lyo/server/oauth/webapp/services/ConsumersService.class */
public class ConsumersService {

    @Context
    protected HttpServletRequest httpRequest;

    @Context
    protected HttpServletResponse httpResponse;

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    public Response getAllConsumers() throws JSONException {
        try {
            if (!OAuthConfiguration.getInstance().getApplication().isAdminSession(this.httpRequest)) {
                return Response.status(Response.Status.FORBIDDEN).type(MediaType.TEXT_PLAIN).entity("You must be an administrator.").build();
            }
            Collection<LyoOAuthConsumer> allConsumers = OAuthConfiguration.getInstance().getConsumerStore().getAllConsumers();
            JSONArray jSONArray = new JSONArray();
            JSONArray jSONArray2 = new JSONArray();
            for (LyoOAuthConsumer lyoOAuthConsumer : allConsumers) {
                if (lyoOAuthConsumer.isProvisional()) {
                    jSONArray.add(asJson(lyoOAuthConsumer));
                } else {
                    jSONArray2.add(asJson(lyoOAuthConsumer));
                }
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("provisional", (Collection) jSONArray);
            jSONObject.put("approved", (Collection) jSONArray2);
            return Response.ok(jSONObject.write()).type(MediaType.APPLICATION_JSON).header("Cache-Control", HTTPConstants.NO_CACHE).build();
        } catch (OAuthProblemException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        } catch (ConsumerStoreException e2) {
            return handleConsumerStoreException(e2);
        }
    }

    @POST
    @Path("/{key}")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response updateConsumer(@PathParam("key") String str, @FormParam("name") String str2, @FormParam("trusted") String str3, @FormParam("provisional") String str4) {
        CSRFPrevent.check(this.httpRequest);
        try {
            if (!OAuthConfiguration.getInstance().getApplication().isAdminSession(this.httpRequest)) {
                return Response.status(Response.Status.FORBIDDEN).type(MediaType.TEXT_PLAIN).entity("You must be an administrator.").build();
            }
            ConsumerStore consumerStore = OAuthConfiguration.getInstance().getConsumerStore();
            LyoOAuthConsumer consumer = consumerStore.getConsumer(str);
            if (consumer == null) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            if (str2 != null) {
                consumer.setName(str2);
            }
            if (str3 != null) {
                consumer.setTrusted("true".equals(str3));
            }
            if (str4 != null) {
                consumer.setProvisional("true".equals(str4));
            }
            consumerStore.updateConsumer(consumer);
            return Response.noContent().build();
        } catch (OAuthProblemException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        } catch (ConsumerStoreException e2) {
            return handleConsumerStoreException(e2);
        }
    }

    @Path("/{key}")
    @DELETE
    public Response removeConsumer(@PathParam("key") String str) {
        CSRFPrevent.check(this.httpRequest);
        try {
            if (!OAuthConfiguration.getInstance().getApplication().isAdminSession(this.httpRequest)) {
                return Response.status(Response.Status.FORBIDDEN).type(MediaType.TEXT_PLAIN).entity("You must be an administrator.").build();
            }
            OAuthConfiguration.getInstance().getConsumerStore().removeConsumer(str);
            return Response.noContent().build();
        } catch (OAuthProblemException e) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).build();
        } catch (ConsumerStoreException e2) {
            return handleConsumerStoreException(e2);
        }
    }

    protected Response handleConsumerStoreException(ConsumerStoreException consumerStoreException) {
        consumerStoreException.printStackTrace();
        return Response.status(Response.Status.CONFLICT).type(MediaType.TEXT_PLAIN).entity(consumerStoreException.getMessage()).build();
    }

    protected JSONObject asJson(LyoOAuthConsumer lyoOAuthConsumer) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("name", (Object) lyoOAuthConsumer.getName());
        jSONObject.put("key", (Object) lyoOAuthConsumer.consumerKey);
        jSONObject.put("provisional", lyoOAuthConsumer.isProvisional());
        jSONObject.put("trusted", lyoOAuthConsumer.isTrusted());
        return jSONObject;
    }
}
