package org.artifactory.rest.common.service.admin.userprofile;

import org.apache.commons.lang.StringUtils;
import org.artifactory.api.security.AuthorizationService;
import org.artifactory.rest.common.service.ArtifactoryRestRequest;
import org.artifactory.rest.common.service.RestResponse;
import org.artifactory.rest.common.service.RestService;
import org.artifactory.security.props.auth.ApiKeyManager;
import org.artifactory.security.props.auth.DockerTokenManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Component
/* loaded from: input_file:org/artifactory/rest/common/service/admin/userprofile/RevokeApiKeyService.class */
public class RevokeApiKeyService implements RestService {
    private static final Logger log = LoggerFactory.getLogger(RevokeApiKeyService.class);

    @Autowired
    AuthorizationService authorizationService;

    @Autowired
    ApiKeyManager apiKeyManager;

    @Autowired
    DockerTokenManager dockerTokenManager;

    @Override // org.artifactory.rest.common.service.RestService
    public void execute(ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse) {
        if (this.authorizationService.isAnonymous()) {
            return;
        }
        String pathParamByKey = artifactoryRestRequest.getPathParamByKey("id");
        boolean equals = artifactoryRestRequest.getQueryParamByKey("deleteAll").equals("1");
        String currentUsername = this.authorizationService.currentUsername();
        if (StringUtils.isEmpty(pathParamByKey) && !equals) {
            if (this.authorizationService.isApiKeyAuthentication()) {
                setError(restResponse);
                return;
            }
            pathParamByKey = currentUsername;
        }
        boolean isAdmin = this.authorizationService.isAdmin();
        if ((!StringUtils.isEmpty(pathParamByKey) && isAdmin) || (pathParamByKey.equals(currentUsername) && !equals)) {
            revokeApiKey(restResponse, pathParamByKey);
        } else if (StringUtils.isEmpty(pathParamByKey) && isAdmin && equals) {
            revokeAllApiKeys(restResponse);
        } else {
            restResponse.responseCode(403);
        }
    }

    private void setError(RestResponse restResponse) {
        restResponse.responseCode(403);
        restResponse.error("The use of apiKey as authentication is forbidden for this api call");
    }

    private void revokeAllApiKeys(RestResponse restResponse) {
        if (!this.apiKeyManager.revokeAllTokens()) {
            log.error("Error revoking all api keys");
            restResponse.error("Error revoking all api keys");
            return;
        }
        this.dockerTokenManager.revokeAllTokens();
        restResponse.info("All api keys have been successfully revoked");
        if (log.isDebugEnabled()) {
            log.debug("All api keys have been successfully revoked by: '{}'", this.authorizationService.currentUsername());
        }
    }

    private void revokeApiKey(RestResponse restResponse, String str) {
        if (!this.apiKeyManager.revokeToken(str)) {
            log.error("Error revoking api key for user '{}'", str);
            restResponse.error("Error revoking api key for user: " + str);
            return;
        }
        this.dockerTokenManager.revokeToken(str);
        restResponse.info("Api key for user: '" + str + "' has been successfully revoked");
        if (log.isDebugEnabled()) {
            log.debug("Api key for user: '{}' has been successfully revoked by user : '{}'", str, this.authorizationService.currentUsername());
        }
    }
}
