package org.apache.knox.gateway.service.idbroker;

import java.util.Enumeration;
import java.util.Locale;
import java.util.Properties;
import javax.annotation.PostConstruct;
import javax.inject.Singleton;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.CryptoService;

@Singleton
@Path(IdentityBrokerResource.RESOURCE_PATH)
/* loaded from: input_file:org/apache/knox/gateway/service/idbroker/IdentityBrokerResource.class */
public class IdentityBrokerResource {
    private static final String CREDENTIALS_API_PATH = "credentials";
    private static final String USER_CREDENTIALS_API_PATH = "credentials/user";
    private static final String GROUP_CREDENTIALS_API_PATH = "credentials/group";
    private static final String EXPLICIT_GROUP_CREDENTIALS_API_PATH = "credentials/group/{id}";
    private static final String ROLE_CREDENTIALS_API_PATH = "credentials/role";
    private static final String EXPLICIT_ROLE_CREDENTIALS_API_PATH = "credentials/role/{id}";
    private static IdBrokerServiceMessages log = (IdBrokerServiceMessages) MessagesFactory.get(IdBrokerServiceMessages.class);
    private static final String VERSION_TAG = "api/v1";
    static final String RESOURCE_PATH = "/cab/api/v1";
    public static final String CREDENTIAL_CACHE_ALIAS = "credentialCacheAlias";
    private static final String ROLE_TYPE_USER = "USER_ROLE";
    private static final String ROLE_TYPE_GROUP = "GROUP_ROLE";
    private static final String ROLE_TYPE_EXPLICIT = "EXPLICIT_ROLE";
    private CloudClientConfigurationProvider configProvider = new CloudClientConfigurationProviderManager();
    private KnoxCloudCredentialsClient credentialsClient = new KnoxCloudCredentialsClientManager();

    @Context
    HttpServletRequest request;

    @Context
    ServletContext context;

    @PostConstruct
    public void init() {
        Properties properties = getProperties();
        String str = (String) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.cluster");
        properties.setProperty("topology.name", str);
        AliasService aliasService = getAliasService();
        try {
            aliasService.getPasswordFromAliasForCluster(str, CREDENTIAL_CACHE_ALIAS, true);
        } catch (AliasServiceException e) {
            e.printStackTrace();
        }
        this.configProvider.init((GatewayConfig) this.request.getServletContext().getAttribute("org.apache.knox.gateway.config"), properties);
        this.credentialsClient.init(properties);
        this.credentialsClient.setConfigProvider(this.configProvider);
        this.credentialsClient.setAliasService(aliasService);
        this.credentialsClient.setCryptoService(getCryptoService());
    }

    private AliasService getAliasService() {
        return (AliasService) ((GatewayServices) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services")).getService(ServiceType.ALIAS_SERVICE);
    }

    private CryptoService getCryptoService() {
        return (CryptoService) ((GatewayServices) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services")).getService(ServiceType.CRYPTO_SERVICE);
    }

    private Properties getProperties() {
        Properties properties = new Properties();
        Enumeration initParameterNames = this.context.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            properties.setProperty(str, this.context.getInitParameter(str));
        }
        return properties;
    }

    @GET
    @Produces({"application/json"})
    @Path(CREDENTIALS_API_PATH)
    public Response getCredentials() {
        return getCredentialsResponse();
    }

    @GET
    @Produces({"application/json"})
    @Path(USER_CREDENTIALS_API_PATH)
    public Response getCredentialsForUserRole() {
        return getCredentialsResponse(ROLE_TYPE_USER, null);
    }

    @GET
    @Produces({"application/json"})
    @Path(GROUP_CREDENTIALS_API_PATH)
    public Response getCredentialsForGroupRole() {
        return getCredentialsForGroupRole(null);
    }

    @GET
    @Produces({"application/json"})
    @Path(EXPLICIT_GROUP_CREDENTIALS_API_PATH)
    public Response getCredentialsForGroupRole(@PathParam("id") String str) {
        return getCredentialsResponse(ROLE_TYPE_GROUP, str);
    }

    @GET
    @Produces({"application/json"})
    @Path(EXPLICIT_ROLE_CREDENTIALS_API_PATH)
    public Response getCredentialsForRole(@PathParam("id") String str) {
        return getCredentialsResponse(ROLE_TYPE_EXPLICIT, str);
    }

    private Response getCredentialsResponse() {
        return getCredentialsResponse("");
    }

    private Response getCredentialsResponse(String str) {
        return getCredentialsResponse(str, null);
    }

    private Response getCredentialsResponse(String str, String str2) {
        Response response;
        try {
            response = Response.ok().entity(getRoleCredentialsResponse(str, str2)).build();
        } catch (Exception e) {
            log.exception(e);
            response = Response.serverError().entity(String.format(Locale.getDefault(), "{ \"error\": \"Could not acquire credentials due to : %s\" }", e)).build();
        } catch (WebApplicationException e2) {
            log.exception(e2);
            response = e2.getResponse();
        }
        return response;
    }

    private String getRoleCredentialsResponse(String str, String str2) {
        try {
            return this.credentialsClient.getCredentialsForRole(str, str2).toString();
        } catch (Exception e) {
            WebApplicationException cause = e.getCause();
            if (cause instanceof WebApplicationException) {
                throw cause;
            }
            log.cabError(cause != null ? cause.getMessage() : e.getMessage());
            throw e;
        }
    }
}
