package org.sonatype.nexus.wonderland.rest;

import com.google.common.base.Preconditions;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.jetbrains.annotations.NonNls;
import org.sonatype.nexus.util.Tokens;
import org.sonatype.nexus.wonderland.AuthTicketService;
import org.sonatype.nexus.wonderland.model.AuthTicketXO;
import org.sonatype.nexus.wonderland.model.AuthTokenXO;
import org.sonatype.security.SecuritySystem;
import org.sonatype.sisu.goodies.common.ComponentSupport;
import org.sonatype.sisu.siesta.common.Resource;
import org.sonatype.sisu.siesta.common.error.WebApplicationMessageException;

@Singleton
@Path(AuthenticateResource.RESOURCE_URI)
@Named
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-wonderland-plugin-2.14.16-01/nexus-wonderland-plugin-2.14.16-01.jar:org/sonatype/nexus/wonderland/rest/AuthenticateResource.class */
public class AuthenticateResource extends ComponentSupport implements Resource {

    @NonNls
    public static final String RESOURCE_URI = "/wonderland/authenticate";
    private final SecuritySystem security;
    private final AuthTicketService authTickets;

    public AuthenticateResource() {
        throw new Error();
    }

    @Inject
    public AuthenticateResource(SecuritySystem securitySystem, AuthTicketService authTicketService) {
        this.security = (SecuritySystem) Preconditions.checkNotNull(securitySystem);
        this.authTickets = (AuthTicketService) Preconditions.checkNotNull(authTicketService);
    }

    @POST
    @Produces({"application/xml", MediaType.APPLICATION_JSON})
    @Consumes({"application/xml", MediaType.APPLICATION_JSON})
    public AuthTicketXO post(AuthTokenXO authTokenXO) {
        Preconditions.checkNotNull(authTokenXO);
        String decodeBase64String = Tokens.decodeBase64String(authTokenXO.getU());
        String decodeBase64String2 = Tokens.decodeBase64String(authTokenXO.getP());
        Object principal = this.security.getSubject().getPrincipal();
        String obj = principal == null ? "" : principal.toString();
        if (this.log.isDebugEnabled()) {
            this.log.debug("payload username: {}, payload password: {}, principal: {}", decodeBase64String, Tokens.mask(decodeBase64String2), obj);
        }
        if (!obj.equals(decodeBase64String)) {
            this.log.warn("auth token request denied - authenticated user {} does not match payload user {}", obj, decodeBase64String);
            throw new WebApplicationMessageException(Response.Status.BAD_REQUEST, "Username mismatch");
        }
        try {
            this.security.getSecurityManager().authenticate(new UsernamePasswordToken(decodeBase64String, decodeBase64String2));
            return new AuthTicketXO().withT(this.authTickets.createTicket());
        } catch (AuthenticationException e) {
            this.log.trace("Authentication failed", (Throwable) e);
            throw new WebApplicationMessageException(Response.Status.FORBIDDEN, "Authentication failed");
        }
    }
}
