package com.dotcms.rest.api.v1.authentication;

import com.dotcms.auth.providers.jwt.JsonWebTokenUtils;
import com.dotcms.cms.login.LoginServiceAPI;
import com.dotcms.repackage.com.google.common.annotations.VisibleForTesting;
import com.dotcms.repackage.javax.ws.rs.POST;
import com.dotcms.repackage.javax.ws.rs.Path;
import com.dotcms.repackage.javax.ws.rs.Produces;
import com.dotcms.repackage.javax.ws.rs.core.Context;
import com.dotcms.repackage.javax.ws.rs.core.Response;
import com.dotcms.repackage.org.glassfish.jersey.server.JSONP;
import com.dotcms.rest.ErrorEntity;
import com.dotcms.rest.ResponseEntityView;
import com.dotcms.rest.annotation.NoCache;
import com.dotcms.rest.api.v1.authentication.url.UrlStrategy;
import com.dotcms.rest.exception.mapper.ExceptionMapperUtil;
import com.dotcms.util.CollectionsUtils;
import com.dotcms.util.HttpRequestDataUtil;
import com.dotcms.util.SecurityLoggerServiceAPI;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.portlets.cmsmaintenance.ajax.LogConsoleAjaxAction;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.SecurityLogger;
import com.liferay.portal.NoSuchUserException;
import com.liferay.portal.PortalException;
import com.liferay.portal.RequiredLayoutException;
import com.liferay.portal.SystemException;
import com.liferay.portal.UserActiveException;
import com.liferay.portal.UserEmailAddressException;
import com.liferay.portal.UserPasswordException;
import com.liferay.portal.auth.AuthException;
import com.liferay.portal.ejb.UserLocalManager;
import com.liferay.portal.ejb.UserLocalManagerFactory;
import com.liferay.portal.language.LanguageException;
import com.liferay.portal.language.LanguageUtil;
import com.liferay.portal.language.LanguageWrapper;
import com.liferay.portal.model.User;
import com.liferay.portal.util.WebKeys;
import com.liferay.util.LocaleUtil;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Path("/v1/authentication")
/* loaded from: input_file:com/dotcms/rest/api/v1/authentication/CreateJsonWebTokenResource.class */
public class CreateJsonWebTokenResource implements Serializable {
    private static final int JSON_WEB_TOKEN_MAX_ALLOWED_EXPIRATION_DAYS_DEFAULT_VALUE = 30;
    private final UserLocalManager userLocalManager;
    private final LoginServiceAPI loginService;
    private final ResponseUtil responseUtil;
    private final JsonWebTokenUtils jsonWebTokenUtils;
    private final SecurityLoggerServiceAPI securityLoggerServiceAPI;

    public CreateJsonWebTokenResource() {
        this(APILocator.getLoginServiceAPI(), UserLocalManagerFactory.getManager(), ResponseUtil.INSTANCE, JsonWebTokenUtils.getInstance(), APILocator.getSecurityLogger());
    }

    @VisibleForTesting
    protected CreateJsonWebTokenResource(LoginServiceAPI loginServiceAPI, UserLocalManager userLocalManager, ResponseUtil responseUtil, JsonWebTokenUtils jsonWebTokenUtils, SecurityLoggerServiceAPI securityLoggerServiceAPI) {
        this.loginService = loginServiceAPI;
        this.userLocalManager = userLocalManager;
        this.responseUtil = responseUtil;
        this.jsonWebTokenUtils = jsonWebTokenUtils;
        this.securityLoggerServiceAPI = securityLoggerServiceAPI;
    }

    @Produces({LogConsoleAjaxAction.CONTENT_JSON, "application/javascript"})
    @POST
    @NoCache
    @Path("/api-token")
    @JSONP
    public final Response getApiToken(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, CreateTokenForm createTokenForm) {
        String user = createTokenForm.getUser();
        Response response = null;
        Locale locale = LocaleUtil.getLocale(httpServletRequest);
        try {
            if (this.loginService.doActionLogin(user, createTokenForm.getPassword(), false, httpServletRequest, httpServletResponse)) {
                User userById = this.userLocalManager.getUserById((String) httpServletRequest.getSession().getAttribute(WebKeys.USER_ID));
                int expirationDays = createTokenForm.getExpirationDays() > 0 ? getExpirationDays(createTokenForm.getExpirationDays()) : Config.getIntProperty(LoginServiceAPI.JSON_WEB_TOKEN_DAYS_MAX_AGE, 14);
                this.securityLoggerServiceAPI.logInfo(getClass(), "A Json Web Token " + user.toLowerCase() + " has been created from IP: " + HttpRequestDataUtil.getRemoteAddress(httpServletRequest));
                response = Response.ok(new ResponseEntityView(CollectionsUtils.map(UrlStrategy.TOKEN, createJsonWebToken(userById, expirationDays)), (Map<String, String>) Collections.EMPTY_MAP)).build();
            } else {
                response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.UNAUTHORIZED, locale, user, "authentication-failed");
            }
        } catch (NoSuchUserException | UserEmailAddressException | UserPasswordException e) {
            response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.UNAUTHORIZED, locale, user, "authentication-failed");
        } catch (RequiredLayoutException e2) {
            response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.INTERNAL_SERVER_ERROR, locale, user, "user-without-portlet");
        } catch (UserActiveException e3) {
            try {
                response = Response.status(Response.Status.UNAUTHORIZED).entity(new ResponseEntityView((List<ErrorEntity>) Arrays.asList(new ErrorEntity("your-account-is-not-active", LanguageUtil.format(locale, "your-account-is-not-active", (Object[]) new LanguageWrapper[]{new LanguageWrapper("<b><i>", user, "</i></b>")}, false))))).build();
            } catch (LanguageException e4) {
            }
        } catch (AuthException e5) {
            response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.UNAUTHORIZED, locale, user, "authentication-failed");
        } catch (Exception e6) {
            SecurityLogger.logInfo(getClass(), "An invalid attempt to login as " + user.toLowerCase() + " has been made from IP: " + httpServletRequest.getRemoteAddr());
            response = ExceptionMapperUtil.createResponse(e6, Response.Status.INTERNAL_SERVER_ERROR);
        }
        return response;
    }

    protected int getExpirationDays(int i) {
        int intProperty = Config.getIntProperty(LoginServiceAPI.JSON_WEB_TOKEN_MAX_ALLOWED_EXPIRATION_DAYS, 30);
        int jsonWebTokenMaxAllowedExpirationDay = (intProperty <= 0 || i <= intProperty) ? i : getJsonWebTokenMaxAllowedExpirationDay(intProperty, i);
        Logger.debug(this, "Json Web Token Expiration days value: " + i + " days");
        return jsonWebTokenMaxAllowedExpirationDay;
    }

    private int getJsonWebTokenMaxAllowedExpirationDay(int i, int i2) {
        Logger.debug(this, "Json Web Token Expiration days pass by the user is: " + i2 + " days, it exceeds the max allowed expiration day set in the configuration: " + i + ", so the expiration days for this particular token will be overriden to :" + i);
        return i;
    }

    protected String createJsonWebToken(User user, int i) throws PortalException, SystemException {
        return this.jsonWebTokenUtils.createToken(user, i);
    }
}
