package io.gravitee.rest.api.portal.rest.resource.auth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.gravitee.apim.core.installation.query_service.InstallationAccessQueryService;
import io.gravitee.rest.api.idp.api.authentication.UserDetails;
import io.gravitee.rest.api.model.UserEntity;
import io.gravitee.rest.api.security.utils.AuthoritiesProvider;
import io.gravitee.rest.api.service.common.ExecutionContext;
import io.gravitee.rest.api.service.common.GraviteeContext;
import io.gravitee.rest.api.service.exceptions.UserNotFoundException;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.Set;
import javax.inject.Singleton;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;

@Singleton
/* loaded from: input_file:io/gravitee/rest/api/portal/rest/resource/auth/ConsoleAuthenticationResource.class */
public class ConsoleAuthenticationResource extends AbstractAuthenticationResource {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ConsoleAuthenticationResource.class);

    @Autowired
    private InstallationAccessQueryService installationAccessQueryService;

    @Autowired
    private AuthoritiesProvider authoritiesProvider;

    @GET
    public Response redirectTo(@QueryParam("token") String str, @Context HttpServletResponse httpServletResponse) {
        try {
            try {
                DecodedJWT verify = JWT.require(Algorithm.HMAC256(this.environment.getProperty("jwt.secret"))).build().verify(str);
                String asString = verify.getClaim("org").asString();
                String currentEnvironment = GraviteeContext.getCurrentEnvironment() != null ? GraviteeContext.getCurrentEnvironment() : GraviteeContext.getDefaultEnvironment();
                ExecutionContext executionContext = new ExecutionContext(asString, currentEnvironment);
                GraviteeContext.fromExecutionContext(executionContext);
                UserEntity findById = this.userService.findById(executionContext, verify.getSubject());
                Set retrieveAuthorities = this.authoritiesProvider.retrieveAuthorities(findById.getId(), asString, currentEnvironment);
                UserDetails userDetails = new UserDetails(findById.getId(), "", retrieveAuthorities);
                userDetails.setOrganizationId(findById.getOrganizationId());
                userDetails.setEmail(findById.getEmail());
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userDetails, (Object) null, retrieveAuthorities));
                super.connectUser(verify.getSubject(), httpServletResponse);
                Response build = Response.temporaryRedirect(new URI(this.installationAccessQueryService.getPortalUrl(currentEnvironment))).build();
                GraviteeContext.cleanContext();
                return build;
            } catch (UserNotFoundException e) {
                log.error("Authentication failed", e);
                Response build2 = Response.status(Response.Status.FORBIDDEN).build();
                GraviteeContext.cleanContext();
                return build2;
            } catch (Exception e2) {
                log.error("Error occurred when trying to log user using external authentication provider.", e2);
                Response build3 = Response.serverError().build();
                GraviteeContext.cleanContext();
                return build3;
            }
        } catch (Throwable th) {
            GraviteeContext.cleanContext();
            throw th;
        }
    }
}
