package org.ligoj.bootstrap.resource.system.api;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.EntityNotFoundException;
import javax.transaction.Transactional;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.RandomStringUtils;
import org.ligoj.bootstrap.core.resource.OnNullReturn404;
import org.ligoj.bootstrap.core.security.SecurityHelper;
import org.ligoj.bootstrap.dao.system.SystemApiTokenRepository;
import org.ligoj.bootstrap.model.system.SystemApiToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Path("/api/token")
@Service
@Produces({"application/json"})
@Transactional
/* loaded from: input_file:org/ligoj/bootstrap/resource/system/api/ApiTokenResource.class */
public class ApiTokenResource {
    private static final Logger log = LoggerFactory.getLogger(ApiTokenResource.class);

    @Autowired
    protected SystemApiTokenRepository repository;

    @Autowired
    private SecurityHelper securityHelper;

    @Value("${api.token.iterations:31}")
    private int tokenIterations;

    @Value("${api.token.digest:SHA-512}")
    private String tokenDigest;

    @Value("${api.token.length:128}")
    private int tokenLength;

    @Value("${api.token.crypt:DESede}")
    private String tokenCrypt;

    @Value("${{api.token.secret:K%ë£/L@_§z3-Àçñ?}")
    private String tokenSecret;

    public boolean check(String str, String str2) {
        try {
            return this.repository.findByUserAndHash(str, hash(str2)) != null;
        } catch (GeneralSecurityException e) {
            log.error("Unable to validate a token for user : " + str, e);
            return false;
        }
    }

    @GET
    public List<String> getTokenNames() {
        return this.repository.findAllByUser(this.securityHelper.getLogin());
    }

    @GET
    @OnNullReturn404
    @Path("{name:\\w+}")
    public String getToken(@PathParam("name") String str) throws GeneralSecurityException {
        SystemApiToken findByUserAndName = this.repository.findByUserAndName(this.securityHelper.getLogin(), str);
        return decrypt(findByUserAndName.getToken(), newSecretKey(findByUserAndName.getUser(), findByUserAndName.getName()));
    }

    private String decrypt(String str, byte[] bArr) throws GeneralSecurityException {
        byte[] decodeBase64 = Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8));
        SecretKeySpec secretKeySpec = new SecretKeySpec(Arrays.copyOf(MessageDigest.getInstance(this.tokenDigest).digest(bArr), 24), this.tokenCrypt);
        Cipher cipher = Cipher.getInstance(this.tokenCrypt);
        cipher.init(2, secretKeySpec);
        return new String(cipher.doFinal(decodeBase64), StandardCharsets.UTF_8);
    }

    private String encrypt(String str, byte[] bArr) throws GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance(this.tokenDigest);
        messageDigest.reset();
        SecretKeySpec secretKeySpec = new SecretKeySpec(Arrays.copyOf(messageDigest.digest(bArr), 24), this.tokenCrypt);
        Cipher cipher = Cipher.getInstance(this.tokenCrypt);
        cipher.init(1, secretKeySpec);
        return new String(Base64.encodeBase64(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
    }

    private String hash(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(this.tokenDigest);
        messageDigest.reset();
        return Base64.encodeBase64String(messageDigest.digest(str.getBytes(StandardCharsets.UTF_8)));
    }

    protected byte[] simpleHash(int i, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.reset();
        byte[] digest = messageDigest.digest(str.getBytes(StandardCharsets.UTF_8));
        for (int i2 = 0; i2 < i; i2++) {
            messageDigest.reset();
            digest = messageDigest.digest(digest);
        }
        return digest;
    }

    private byte[] newSecretKey(String str, String str2) throws NoSuchAlgorithmException {
        return simpleHash(this.tokenIterations, str + this.tokenSecret + str2);
    }

    @POST
    @Path("{name:[\\w\\-\\.]+}")
    @Consumes({"application/json"})
    public String create(@PathParam("name") String str) throws GeneralSecurityException {
        SystemApiToken systemApiToken = new SystemApiToken();
        systemApiToken.setName(str);
        systemApiToken.setUser(this.securityHelper.getLogin());
        String newToken = newToken(systemApiToken);
        this.repository.saveAndFlush(systemApiToken);
        return newToken;
    }

    private String newToken(SystemApiToken systemApiToken) throws GeneralSecurityException {
        String newToken = newToken();
        systemApiToken.setHash(hash(newToken));
        systemApiToken.setToken(encrypt(newToken, newSecretKey(systemApiToken.getUser(), systemApiToken.getName())));
        return newToken;
    }

    private String newToken() {
        return RandomStringUtils.randomAlphanumeric(this.tokenLength);
    }

    @Path("{name:[\\w\\-\\.]+}")
    @PUT
    @Consumes({"application/json"})
    public String update(@PathParam("name") String str) throws GeneralSecurityException {
        SystemApiToken findByUserAndName = this.repository.findByUserAndName(this.securityHelper.getLogin(), str);
        if (findByUserAndName == null) {
            throw new EntityNotFoundException();
        }
        String newToken = newToken(findByUserAndName);
        this.repository.saveAndFlush(findByUserAndName);
        return newToken;
    }

    @Path("{name}")
    @DELETE
    public void remove(@PathParam("name") String str) {
        this.repository.deleteByUserAndName(this.securityHelper.getLogin(), str);
    }

    public void setTokenDigest(String str) {
        this.tokenDigest = str;
    }
}
