package be.personify.iam.scim.rest;

import be.personify.iam.scim.authentication.AuthenticationUtils;
import be.personify.iam.scim.util.Constants;
import be.personify.iam.scim.util.TokenUtils;
import be.personify.util.StringUtils;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.Base64Utils;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:be/personify/iam/scim/rest/TokenController.class */
public class TokenController extends Controller {
    private static final Logger logger = LogManager.getLogger(TokenController.class);

    @Autowired
    private AuthenticationUtils authenticationUtils;

    @Autowired
    private TokenUtils tokenUtils;

    @Value("${scim.authentication.propertyfile.method.bearer.lifeTimeInSeconds:60}")
    private long lifeTimeInSeconds;

    @RequestMapping(path = {"/scim/v2/token"}, method = {RequestMethod.POST}, consumes = {"application/x-www-form-urlencoded"})
    public ResponseEntity<?> tokenInfo(@RequestBody(required = false) MultiValueMap<String, Object> multiValueMap, HttpServletRequest httpServletRequest) {
        long currentTimeMillis = System.currentTimeMillis();
        logger.debug("entity {}", multiValueMap);
        if (multiValueMap == null || !multiValueMap.containsKey("grant_type")) {
            logger.info("grant_type NOT found in body, please add an entry with key 'grant_type' and value 'client_credentials'");
            return showError(HttpStatus.FORBIDDEN.value(), "grant_type is not found in body");
        }
        logger.debug("grant_type found");
        if (!((List) multiValueMap.get("grant_type")).get(0).equals("client_credentials")) {
            return showError(HttpStatus.FORBIDDEN.value(), "grant type is not of type client_credentials");
        }
        String extractCredentials = extractCredentials(multiValueMap, httpServletRequest.getHeader("Authorization"));
        if (StringUtils.isEmpty(extractCredentials) || !extractCredentials.contains(":")) {
            String str = "client_id/client_secret [" + extractCredentials + "] not found or incorrect, make sure it is part of the payload or present in the Authorization header";
            logger.info(str);
            return showError(HttpStatus.FORBIDDEN.value(), str);
        }
        String[] split = extractCredentials.split(":");
        if (!this.authenticationUtils.getBearerAuthConsumers().containsKey(split[0])) {
            logger.info("invalid client_id/client_secret");
            return showError(HttpStatus.FORBIDDEN.value(), "invalid client_id/client_secret");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("access_token", this.tokenUtils.construct(split[0], this.lifeTimeInSeconds));
        hashMap.put("token_type", Constants.BEARER);
        hashMap.put("expires_in", Long.valueOf(this.lifeTimeInSeconds));
        logger.info("acquired token in [{}]ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return new ResponseEntity<>(hashMap, HttpStatus.OK);
    }

    private String extractCredentials(MultiValueMap<String, Object> multiValueMap, String str) {
        String str2 = null;
        if (multiValueMap.containsKey(Constants.CLIENT_ID) && multiValueMap.containsKey(Constants.CLIENT_SECRET)) {
            str2 = ((List) multiValueMap.get(Constants.CLIENT_ID)).get(0).toString() + ":" + ((List) multiValueMap.get(Constants.CLIENT_SECRET)).get(0).toString();
        } else {
            String[] split = str.split(" ");
            if (split.length == 2 && split[0].equalsIgnoreCase(Constants.BASIC)) {
                str2 = new String(Base64Utils.decode(split[1].getBytes()));
            }
        }
        return str2;
    }
}
