package co.cask.cdap.security.server;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.io.Codec;
import co.cask.cdap.security.auth.AccessToken;
import co.cask.cdap.security.auth.AccessTokenIdentifier;
import co.cask.cdap.security.auth.TokenManager;
import co.cask.cdap.security.server.ExternalAuthenticationServer;
import com.google.common.base.Charsets;
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
/* loaded from: input_file:co/cask/cdap/security/server/GrantAccessToken.class */
public class GrantAccessToken {
    private static final Logger LOG = LoggerFactory.getLogger(GrantAccessToken.class);
    private final TokenManager tokenManager;
    private final Codec<AccessToken> tokenCodec;
    private final CConfiguration cConf;
    private final long tokenExpiration;
    private final long extendedTokenExpiration;

    /* loaded from: input_file:co/cask/cdap/security/server/GrantAccessToken$Paths.class */
    public static final class Paths {
        public static final String GET_TOKEN = "token";
        public static final String GET_EXTENDED_TOKEN = "extendedtoken";
    }

    @Inject
    public GrantAccessToken(TokenManager tokenManager, Codec<AccessToken> codec, CConfiguration cConfiguration) {
        this.tokenManager = tokenManager;
        this.tokenCodec = codec;
        this.cConf = cConfiguration;
        this.tokenExpiration = this.cConf.getLong("security.server.token.expiration.ms");
        this.extendedTokenExpiration = this.cConf.getLong("security.server.extended.token.expiration.ms");
    }

    public void init() {
        this.tokenManager.start();
    }

    public void destroy() {
        this.tokenManager.stop();
    }

    @GET
    @Produces({"application/json"})
    @Path(Paths.GET_TOKEN)
    public Response token(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws IOException, ServletException {
        grantToken(httpServletRequest, httpServletResponse, this.tokenExpiration);
        return Response.status(200).build();
    }

    @GET
    @Produces({"application/json"})
    @Path(Paths.GET_EXTENDED_TOKEN)
    public Response extendedToken(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws IOException, ServletException {
        grantToken(httpServletRequest, httpServletResponse, this.extendedTokenExpiration);
        return Response.status(200).build();
    }

    private void grantToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws IOException, ServletException {
        String name = httpServletRequest.getUserPrincipal().getName();
        List emptyList = Collections.emptyList();
        long currentTimeMillis = System.currentTimeMillis();
        AccessToken signIdentifier = this.tokenManager.signIdentifier(new AccessTokenIdentifier(name, emptyList, currentTimeMillis, currentTimeMillis + j));
        LOG.debug("Issued token for user {}", name);
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.addHeader("Cache-Control", "no-store");
        httpServletResponse.addHeader("Pragma", "no-cache");
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(ExternalAuthenticationServer.ResponseFields.ACCESS_TOKEN, new String(Base64.encodeBase64(this.tokenCodec.encode(signIdentifier)), Charsets.UTF_8));
        jsonObject.addProperty(ExternalAuthenticationServer.ResponseFields.TOKEN_TYPE, ExternalAuthenticationServer.ResponseFields.TOKEN_TYPE_BODY);
        jsonObject.addProperty(ExternalAuthenticationServer.ResponseFields.EXPIRES_IN, Long.valueOf(TimeUnit.SECONDS.convert(j, TimeUnit.MILLISECONDS)));
        httpServletResponse.getOutputStream().print(jsonObject.toString());
        httpServletResponse.setStatus(200);
    }
}
