package org.artifactory.ui.rest.resource.admin.security.apikey;

import java.nio.charset.Charset;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.artifactory.api.security.AuthorizationService;
import org.artifactory.rest.common.BlockOnConversion;
import org.artifactory.rest.common.model.userprofile.UserProfileModel;
import org.artifactory.rest.common.resource.BaseResource;
import org.artifactory.security.UserInfo;
import org.artifactory.ui.rest.service.admin.security.SecurityServiceFactory;
import org.artifactory.ui.rest.service.admin.security.user.userprofile.UserProfileHelperService;
import org.jfrog.common.JsonUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.stereotype.Component;

@Path("userApiKey{id:(/[^/]+?)?}")
@RolesAllowed({"admin", "user"})
@Scope("prototype")
@Component
/* loaded from: input_file:org/artifactory/ui/rest/resource/admin/security/apikey/UserApiKeyResource.class */
public class UserApiKeyResource extends BaseResource {
    private static final String BASIC_AUTH = "Basic";
    private static final String BAD_CREDENTIALS_ERROR = "Bad credentials";
    protected SecurityServiceFactory securityFactory;
    protected UserProfileHelperService userProfileHelperService;
    protected AuthorizationService authorizationService;

    @Context
    private HttpServletRequest request;

    @Autowired
    public UserApiKeyResource(SecurityServiceFactory securityServiceFactory, UserProfileHelperService userProfileHelperService, AuthorizationService authorizationService) {
        this.securityFactory = securityServiceFactory;
        this.userProfileHelperService = userProfileHelperService;
        this.authorizationService = authorizationService;
    }

    @Produces({"application/json"})
    @HEAD
    public Response isExist() {
        Object entity = runService(this.securityFactory.getApiKey()).getEntity();
        if (entity != null && !StringUtils.isBlank(((UserProfileModel) JsonUtils.getInstance().readValue(entity.toString(), UserProfileModel.class)).getApiKey())) {
            return Response.ok().build();
        }
        return Response.status(404).build();
    }

    @GET
    @Produces({"application/json"})
    public Response getApiKey() {
        return runServiceWrapper(() -> {
            return runService(this.securityFactory.getApiKey());
        });
    }

    @Produces({"application/json"})
    @BlockOnConversion
    @DELETE
    public Response revokeApiKey() {
        return runService(this.securityFactory.revokeApiKey());
    }

    @Produces({"application/json"})
    @PUT
    @BlockOnConversion
    public Response regenerateApiKey() {
        return runServiceWrapper(() -> {
            return runService(this.securityFactory.regenerateApiKey());
        });
    }

    @POST
    @Produces({"application/json"})
    @BlockOnConversion
    public Response createApiKey() {
        return runServiceWrapper(() -> {
            return runService(this.securityFactory.createApiKey());
        });
    }

    String isAllowApiKeyAccess() {
        String str;
        UserInfo loadUserInfo = this.userProfileHelperService.loadUserInfo();
        str = "";
        if (!this.authorizationService.requireProfileUnlock()) {
            return str;
        }
        str = loadUserInfo.isAnonymous() ? "Unable to unlock settings for anonymous user" : "";
        String userPasswordFromHeader = getUserPasswordFromHeader();
        if (StringUtils.isBlank(userPasswordFromHeader)) {
            str = BAD_CREDENTIALS_ERROR;
        }
        if (!this.userProfileHelperService.authenticate(loadUserInfo, userPasswordFromHeader)) {
            str = BAD_CREDENTIALS_ERROR;
        }
        return str;
    }

    @Nullable
    String getUserPasswordFromHeader() {
        String header = this.request.getHeader("Authorization");
        if (header == null || !header.startsWith(BASIC_AUTH)) {
            return null;
        }
        String[] split = StringUtils.split(new String(Base64.decode(header.substring(BASIC_AUTH.length()).trim().getBytes()), Charset.forName("UTF-8")), ":", 2);
        if (split.length != 2) {
            return null;
        }
        return split[1];
    }

    private Response runServiceWrapper(Supplier<Response> supplier) {
        String isAllowApiKeyAccess = isAllowApiKeyAccess();
        return StringUtils.isBlank(isAllowApiKeyAccess) ? supplier.get() : this.artifactoryResponse.responseCode(401).error(isAllowApiKeyAccess).buildResponse();
    }
}
