package org.opencastproject.external.endpoint;

import com.entwinemedia.fn.data.Opt;
import com.entwinemedia.fn.data.json.Field;
import com.entwinemedia.fn.data.json.JValue;
import com.entwinemedia.fn.data.json.Jsons;
import com.entwinemedia.fn.fns.Strings;
import java.text.ParseException;
import java.util.Date;
import java.util.Dictionary;
import javax.ws.rs.FormParam;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opencastproject.external.common.ApiMediaType;
import org.opencastproject.external.common.ApiResponses;
import org.opencastproject.security.urlsigning.exception.UrlSigningException;
import org.opencastproject.security.urlsigning.service.UrlSigningService;
import org.opencastproject.util.DateTimeSupport;
import org.opencastproject.util.Log;
import org.opencastproject.util.OsgiUtil;
import org.opencastproject.util.RestUtil;
import org.opencastproject.util.doc.rest.RestParameter;
import org.opencastproject.util.doc.rest.RestQuery;
import org.opencastproject.util.doc.rest.RestResponse;
import org.opencastproject.util.doc.rest.RestService;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({ApiMediaType.JSON, ApiMediaType.VERSION_1_0_0, ApiMediaType.VERSION_1_1_0, ApiMediaType.VERSION_1_2_0, ApiMediaType.VERSION_1_3_0, ApiMediaType.VERSION_1_4_0, ApiMediaType.VERSION_1_5_0})
@Path("/")
@RestService(name = "externalapisecurity", title = "External API Security Service", notes = {}, abstractText = "Provides security operations related to the external API")
/* loaded from: input_file:org/opencastproject/external/endpoint/SecurityEndpoint.class */
public class SecurityEndpoint implements ManagedService {
    protected static final String URL_SIGNING_EXPIRES_DURATION_SECONDS_KEY = "url.signing.expires.seconds";
    protected static final long DEFAULT_URL_SIGNING_EXPIRE_DURATION = 7200;
    private static final Logger log = LoggerFactory.getLogger(SecurityEndpoint.class);
    private long expireSeconds = DEFAULT_URL_SIGNING_EXPIRE_DURATION;
    private UrlSigningService urlSigningService;

    void setUrlSigningService(UrlSigningService urlSigningService) {
        this.urlSigningService = urlSigningService;
    }

    void activate() {
        log.info("Activating External API - Security Endpoint");
    }

    public void updated(Dictionary<String, ?> dictionary) throws ConfigurationException {
        if (dictionary == null) {
            log.info("No configuration available, using defaults");
            return;
        }
        Opt map = OsgiUtil.getOptCfg(dictionary, URL_SIGNING_EXPIRES_DURATION_SECONDS_KEY).toOpt().map(Strings.toLongF);
        if (map.isSome()) {
            this.expireSeconds = ((Long) map.get()).longValue();
            log.info("The property {} has been configured to expire signed URLs in {}.", URL_SIGNING_EXPIRES_DURATION_SECONDS_KEY, Log.getHumanReadableTimeString(this.expireSeconds));
        } else {
            this.expireSeconds = DEFAULT_URL_SIGNING_EXPIRE_DURATION;
            log.info("The property {} has not been configured, so the default is being used to expire signed URLs in {}.", URL_SIGNING_EXPIRES_DURATION_SECONDS_KEY, Log.getHumanReadableTimeString(this.expireSeconds));
        }
    }

    @POST
    @Path("sign")
    @RestQuery(name = "signurl", description = "Returns a signed URL that can be played back for the indicated period of time, while access is optionally restricted to the specified IP address.", returnDescription = "", restParameters = {@RestParameter(name = "url", isRequired = true, description = "The linke to encode.", type = RestParameter.Type.STRING), @RestParameter(name = "valid-until", description = "Until when is the signed url valid", isRequired = false, type = RestParameter.Type.STRING), @RestParameter(name = "valid-source", description = "The IP address from which the url can be accessed", isRequired = false, type = RestParameter.Type.STRING)}, responses = {@RestResponse(description = "The signed URL is returned.", responseCode = 200), @RestResponse(description = "The caller is not authorized to have the link signed.", responseCode = 401)})
    public Response signUrl(@HeaderParam("Accept") String str, @FormParam("url") String str2, @FormParam("valid-until") String str3, @FormParam("valid-source") String str4) {
        DateTime dateTime;
        if (StringUtils.isBlank(str2)) {
            return RestUtil.R.badRequest("Query parameter 'url' is mandatory");
        }
        if (StringUtils.isNotBlank(str3)) {
            try {
                dateTime = new DateTime(DateTimeSupport.fromUTC(str3));
            } catch (IllegalStateException | ParseException e) {
                return RestUtil.R.badRequest("Query parameter 'valid-until' is not a valid ISO-8601 date string");
            }
        } else {
            dateTime = new DateTime(new Date().getTime() + (this.expireSeconds * 1000));
        }
        if (!this.urlSigningService.accepts(str2)) {
            return ApiResponses.Json.ok(str, (JValue) Jsons.obj(new Field[]{Jsons.f("error", "Given URL cannot be signed")}));
        }
        try {
            return ApiResponses.Json.ok(str, (JValue) Jsons.obj(new Field[]{Jsons.f("url", this.urlSigningService.sign(str2, dateTime, (DateTime) null, str4)), Jsons.f("valid-until", DateTimeSupport.toUTC(dateTime.getMillis()))}));
        } catch (UrlSigningException e2) {
            log.warn("Error while trying to sign url '{}':", str2, e2);
            return ApiResponses.Json.ok(str, (JValue) Jsons.obj(new Field[]{Jsons.f("error", "Error while signing url")}));
        }
    }
}
