package org.apache.james.jmap;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.james.jmap.api.AccessTokenManager;
import org.apache.james.jmap.api.SimpleTokenFactory;
import org.apache.james.jmap.api.SimpleTokenManager;
import org.apache.james.jmap.api.access.AccessToken;
import org.apache.james.jmap.exceptions.BadRequestException;
import org.apache.james.jmap.exceptions.InternalErrorException;
import org.apache.james.jmap.json.MultipleObjectMapperBuilder;
import org.apache.james.jmap.model.AccessTokenRequest;
import org.apache.james.jmap.model.AccessTokenResponse;
import org.apache.james.jmap.model.ContinuationTokenRequest;
import org.apache.james.jmap.model.ContinuationTokenResponse;
import org.apache.james.jmap.model.EndPointsResponse;
import org.apache.james.metrics.api.MetricFactory;
import org.apache.james.metrics.api.TimeMetric;
import org.apache.james.user.api.UsersRepository;
import org.apache.james.user.api.UsersRepositoryException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/jmap/AuthenticationServlet.class */
public class AuthenticationServlet extends HttpServlet {
    public static final String JSON_CONTENT_TYPE = "application/json";
    public static final String JSON_CONTENT_TYPE_UTF8 = "application/json; charset=UTF-8";
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationServlet.class);
    private final ObjectMapper mapper = new MultipleObjectMapperBuilder().registerClass(ContinuationTokenRequest.UNIQUE_JSON_PATH, ContinuationTokenRequest.class).registerClass(AccessTokenRequest.UNIQUE_JSON_PATH, AccessTokenRequest.class).build();
    private final UsersRepository usersRepository;
    private final SimpleTokenManager simpleTokenManager;
    private final AccessTokenManager accessTokenManager;
    private final SimpleTokenFactory simpleTokenFactory;
    private final MetricFactory metricFactory;

    @Inject
    @VisibleForTesting
    AuthenticationServlet(UsersRepository usersRepository, SimpleTokenManager simpleTokenManager, SimpleTokenFactory simpleTokenFactory, AccessTokenManager accessTokenManager, MetricFactory metricFactory) {
        this.usersRepository = usersRepository;
        this.simpleTokenManager = simpleTokenManager;
        this.simpleTokenFactory = simpleTokenFactory;
        this.accessTokenManager = accessTokenManager;
        this.metricFactory = metricFactory;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        TimeMetric timer = this.metricFactory.timer("JMAP-authentication-post");
        try {
            try {
                try {
                    assertJsonContentType(httpServletRequest);
                    assertAcceptJsonOnly(httpServletRequest);
                    Object deserialize = deserialize(httpServletRequest);
                    if (deserialize instanceof ContinuationTokenRequest) {
                        handleContinuationTokenRequest((ContinuationTokenRequest) deserialize, httpServletResponse);
                    } else if (deserialize instanceof AccessTokenRequest) {
                        handleAccessTokenRequest((AccessTokenRequest) deserialize, httpServletResponse);
                    }
                    timer.stopAndPublish();
                } catch (BadRequestException e) {
                    LOG.warn("Invalid authentication request received.", e);
                    httpServletResponse.sendError(400);
                    timer.stopAndPublish();
                }
            } catch (InternalErrorException e2) {
                LOG.error("Internal error", e2);
                httpServletResponse.sendError(500);
                timer.stopAndPublish();
            }
        } catch (Throwable th) {
            timer.stopAndPublish();
            throw th;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        returnEndPointsResponse(httpServletResponse);
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.accessTokenManager.revoke(AccessToken.fromString(httpServletRequest.getHeader("Authorization")));
        httpServletResponse.setStatus(204);
    }

    private Object deserialize(HttpServletRequest httpServletRequest) throws BadRequestException {
        try {
            return this.mapper.readValue(httpServletRequest.getReader(), Object.class);
        } catch (IOException e) {
            throw new BadRequestException("Request can't be deserialized", e);
        }
    }

    private void assertJsonContentType(HttpServletRequest httpServletRequest) {
        if (!httpServletRequest.getContentType().equals("application/json; charset=UTF-8")) {
            throw new BadRequestException("Request ContentType header must be set to: application/json; charset=UTF-8");
        }
    }

    private void assertAcceptJsonOnly(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Accept");
        if (header == null || !header.contains("application/json")) {
            throw new BadRequestException("Request Accept header must be set to JSON content type");
        }
    }

    private void handleContinuationTokenRequest(ContinuationTokenRequest continuationTokenRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        try {
            this.mapper.writeValue(httpServletResponse.getOutputStream(), ContinuationTokenResponse.builder().continuationToken(this.simpleTokenFactory.generateContinuationToken(continuationTokenRequest.getUsername())).methods(ContinuationTokenResponse.AuthenticationMethod.PASSWORD).build());
        } catch (Exception e) {
            throw new InternalErrorException("Error while responding to continuation token", e);
        }
    }

    private void handleAccessTokenRequest(AccessTokenRequest accessTokenRequest, HttpServletResponse httpServletResponse) throws IOException {
        switch (this.simpleTokenManager.getValidity(accessTokenRequest.getToken())) {
            case EXPIRED:
                returnRestartAuthentication(httpServletResponse);
                return;
            case INVALID:
                LOG.warn("Use of an invalid ContinuationToken : {}", accessTokenRequest.getToken().serialize());
                returnUnauthorizedResponse(httpServletResponse);
                return;
            case OK:
                manageAuthenticationResponse(accessTokenRequest, httpServletResponse);
                return;
            default:
                return;
        }
    }

    private void manageAuthenticationResponse(AccessTokenRequest accessTokenRequest, HttpServletResponse httpServletResponse) throws IOException {
        String username = accessTokenRequest.getToken().getUsername();
        if (authenticate(accessTokenRequest, username)) {
            returnAccessTokenResponse(httpServletResponse, username);
        } else {
            LOG.info("Authentication failure for {}", username);
            returnUnauthorizedResponse(httpServletResponse);
        }
    }

    private boolean authenticate(AccessTokenRequest accessTokenRequest, String str) {
        boolean z = false;
        try {
            z = this.usersRepository.test(str, accessTokenRequest.getPassword());
        } catch (UsersRepositoryException e) {
            LOG.error("Error while trying to validate authentication for user '{}'", str, e);
        }
        return z;
    }

    private void returnAccessTokenResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        httpServletResponse.setStatus(201);
        this.mapper.writeValue(httpServletResponse.getOutputStream(), AccessTokenResponse.builder().accessToken(this.accessTokenManager.grantAccessToken(str)).api(JMAPUrls.JMAP).eventSource("/notImplemented").upload(JMAPUrls.UPLOAD).download(JMAPUrls.DOWNLOAD).build());
    }

    private void returnEndPointsResponse(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        httpServletResponse.setStatus(200);
        this.mapper.writeValue(httpServletResponse.getOutputStream(), EndPointsResponse.builder().api(JMAPUrls.JMAP).eventSource("/notImplemented").upload(JMAPUrls.UPLOAD).download(JMAPUrls.DOWNLOAD).build());
    }

    private void returnUnauthorizedResponse(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(401);
    }

    private void returnRestartAuthentication(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(403);
    }
}
