package org.zowe.apiml.security.common.auth.saf;

import java.util.Collections;
import lombok.Generated;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.zowe.apiml.security.common.token.TokenAuthentication;

/* loaded from: input_file:BOOT-INF/lib/apiml-security-common-1.25.0.jar:org/zowe/apiml/security/common/auth/saf/SafResourceAccessEndpoint.class */
public class SafResourceAccessEndpoint implements SafResourceAccessVerifying {
    private static final String URL_VARIABLE_SUFFIX = "/{entity}/{level}";

    @Value("${apiml.security.authorization.endpoint.url:http://localhost:8542/saf-auth}")
    private String endpointUrl;
    private final RestTemplate restTemplate;

    /* loaded from: input_file:BOOT-INF/lib/apiml-security-common-1.25.0.jar:org/zowe/apiml/security/common/auth/saf/SafResourceAccessEndpoint$Response.class */
    public static class Response {
        private boolean authorized;
        private boolean error;
        private String message;

        @Generated
        public boolean isAuthorized() {
            return this.authorized;
        }

        @Generated
        public boolean isError() {
            return this.error;
        }

        @Generated
        public String getMessage() {
            return this.message;
        }

        @Generated
        public void setAuthorized(boolean z) {
            this.authorized = z;
        }

        @Generated
        public void setError(boolean z) {
            this.error = z;
        }

        @Generated
        public void setMessage(String str) {
            this.message = str;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Response)) {
                return false;
            }
            Response response = (Response) obj;
            if (!response.canEqual(this) || isAuthorized() != response.isAuthorized() || isError() != response.isError()) {
                return false;
            }
            String message = getMessage();
            String message2 = response.getMessage();
            return message == null ? message2 == null : message.equals(message2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof Response;
        }

        @Generated
        public int hashCode() {
            int i = (((1 * 59) + (isAuthorized() ? 79 : 97)) * 59) + (isError() ? 79 : 97);
            String message = getMessage();
            return (i * 59) + (message == null ? 43 : message.hashCode());
        }

        @Generated
        public String toString() {
            return "SafResourceAccessEndpoint.Response(authorized=" + isAuthorized() + ", error=" + isError() + ", message=" + getMessage() + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }

        @Generated
        public Response(boolean z, boolean z2, String str) {
            this.authorized = z;
            this.error = z2;
            this.message = str;
        }

        @Generated
        public Response() {
        }
    }

    private <T> HttpEntity<T> createHttpEntity(Authentication authentication) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        if (authentication instanceof TokenAuthentication) {
            httpHeaders.set("Cookie", "apimlAuthenticationToken=" + ((TokenAuthentication) authentication).getCredentials());
        }
        return new HttpEntity<>((MultiValueMap<String, String>) httpHeaders);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.zowe.apiml.security.common.auth.saf.SafResourceAccessVerifying
    public boolean hasSafResourceAccess(Authentication authentication, String str, String str2, String str3) {
        if (!StringUtils.equalsIgnoreCase("ZOWE", str)) {
            throw new UnsupportedResourceClassException(str, "The SAF provider `endpoint` supports only resource class 'ZOWE', but current one is '" + str + "'");
        }
        try {
            Response response = (Response) this.restTemplate.exchange(this.endpointUrl + URL_VARIABLE_SUFFIX, HttpMethod.GET, createHttpEntity(authentication), Response.class, str2, str3).getBody();
            if (response == null || !response.isError()) {
                return (response == null || response.isError() || !response.isAuthorized()) ? false : true;
            }
            throw new EndpointImproprietyConfigureException("Endpoint " + this.endpointUrl + " is not properly configured: " + response.getMessage(), this.endpointUrl);
        } catch (EndpointImproprietyConfigureException e) {
            throw e;
        } catch (Exception e2) {
            throw new EndpointImproprietyConfigureException("Endpoint " + this.endpointUrl + " is not properly configured.", this.endpointUrl, e2);
        }
    }

    @Generated
    public SafResourceAccessEndpoint(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }
}
