package org.zowe.apiml.gateway.security.service;

import com.netflix.appinfo.InstanceInfo;
import com.netflix.discovery.EurekaClient;
import com.netflix.discovery.shared.Application;
import com.netflix.loadbalancer.reactive.ExecutionListener;
import com.netflix.zuul.context.RequestContext;
import java.util.Iterator;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang.StringUtils;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Service;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.eurekaservice.client.util.EurekaMetadataParser;
import org.zowe.apiml.gateway.cache.RetryIfExpired;
import org.zowe.apiml.gateway.config.CacheConfig;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationSchemeFactory;
import org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSchemeException;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.util.CacheUtils;

@Service
/* loaded from: input_file:org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImpl.class */
public class ServiceAuthenticationServiceImpl implements ServiceAuthenticationService {
    public static final String AUTHENTICATION_COMMAND_KEY = "zoweAuthenticationCommand";
    private static final String CACHE_BY_SERVICE_ID = "serviceAuthenticationByServiceId";
    private static final String CACHE_BY_AUTHENTICATION = "serviceAuthenticationByAuthentication";
    private final LoadBalancerAuthenticationCommand loadBalancerCommand = new LoadBalancerAuthenticationCommand();
    private final LoadBalancerAuthentication loadBalancerAuthentication = new LoadBalancerAuthentication();
    private final EurekaClient discoveryClient;
    private final EurekaMetadataParser eurekaMetadataParser;
    private final AuthenticationSchemeFactory authenticationSchemeFactory;
    private final AuthSourceService authSourceService;
    private final CacheManager cacheManager;
    private final CacheUtils cacheUtils;

    /* loaded from: input_file:org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImpl$LoadBalancerAuthentication.class */
    static class LoadBalancerAuthentication extends Authentication {
        LoadBalancerAuthentication() {
        }
    }

    /* loaded from: input_file:org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImpl$LoadBalancerAuthenticationCommand.class */
    public class LoadBalancerAuthenticationCommand extends AuthenticationCommand {
        private static final long serialVersionUID = 3363375706967769113L;
        private final UniversalAuthenticationCommand universal;

        protected LoadBalancerAuthenticationCommand() {
            this.universal = new UniversalAuthenticationCommand();
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void apply(InstanceInfo instanceInfo) {
            RequestContext.getCurrentContext().put(ServiceAuthenticationServiceImpl.AUTHENTICATION_COMMAND_KEY, this.universal);
        }
    }

    /* loaded from: input_file:org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImpl$UniversalAuthenticationCommand.class */
    public class UniversalAuthenticationCommand extends AuthenticationCommand {
        private static final long serialVersionUID = -2980076158001292742L;
        private static final String INVALID_JWT_MESSAGE = "Invalid JWT token";

        protected UniversalAuthenticationCommand() {
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void apply(InstanceInfo instanceInfo) {
            boolean z;
            if (instanceInfo == null) {
                throw new NullPointerException("Argument instanceInfo is required");
            }
            Authentication authentication = ServiceAuthenticationServiceImpl.this.getAuthentication(instanceInfo);
            AuthenticationCommand authenticationCommand = null;
            boolean z2 = false;
            try {
                Optional<AuthSource> authSourceFromRequest = ServiceAuthenticationServiceImpl.this.authSourceService.getAuthSourceFromRequest();
                authenticationCommand = ServiceAuthenticationServiceImpl.this.getAuthenticationCommand(authentication, authSourceFromRequest.orElse(null));
                if (authenticationCommand.isRequiredValidSource()) {
                    if (authSourceFromRequest.isPresent()) {
                        if (ServiceAuthenticationServiceImpl.this.authSourceService.isValid(authSourceFromRequest.get())) {
                            z = false;
                            z2 = z;
                        }
                    }
                    z = true;
                    z2 = z;
                }
            } catch (AuthenticationException | AuthSchemeException e) {
                z2 = true;
            }
            if (z2) {
                throw new ExecutionListener.AbortExecutionException(INVALID_JWT_MESSAGE, new BadCredentialsException(INVALID_JWT_MESSAGE));
            }
            authenticationCommand.apply(null);
        }
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService
    public Authentication getAuthentication(InstanceInfo instanceInfo) {
        return this.eurekaMetadataParser.parseAuthentication(instanceInfo.getMetadata());
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService
    public Authentication getAuthentication(String str) {
        Application application = this.discoveryClient.getApplication(str);
        if (application == null) {
            return null;
        }
        Authentication authentication = null;
        Iterator it = application.getInstances().iterator();
        while (it.hasNext()) {
            Authentication authentication2 = getAuthentication((InstanceInfo) it.next());
            if (authentication == null) {
                authentication = authentication2;
            } else if (!authentication.equals(authentication2)) {
                return this.loadBalancerAuthentication;
            }
        }
        return authentication;
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService
    @CacheEvict(value = {CACHE_BY_AUTHENTICATION}, condition = "#result != null && #result.isExpired()")
    @Cacheable({CACHE_BY_AUTHENTICATION})
    public AuthenticationCommand getAuthenticationCommand(Authentication authentication, AuthSource authSource) {
        return this.authenticationSchemeFactory.getSchema(authentication.getScheme()).createCommand(authentication, authSource);
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService
    @RetryIfExpired
    @CacheEvict(value = {CACHE_BY_SERVICE_ID}, condition = "#result != null && #result.isExpired()", keyGenerator = CacheConfig.COMPOSITE_KEY_GENERATOR)
    @Cacheable(value = {CACHE_BY_SERVICE_ID}, keyGenerator = CacheConfig.COMPOSITE_KEY_GENERATOR)
    public AuthenticationCommand getAuthenticationCommand(String str, Authentication authentication, AuthSource authSource) {
        return authentication instanceof LoadBalancerAuthentication ? this.loadBalancerCommand : (authentication == null || authentication.isEmpty()) ? AuthenticationCommand.EMPTY : getAuthenticationCommand(authentication, authSource);
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService
    public Optional<AuthSource> getAuthSourceByAuthentication(Authentication authentication) {
        return (authentication == null || authentication.isEmpty() || (authentication instanceof LoadBalancerAuthentication)) ? Optional.empty() : this.authenticationSchemeFactory.getSchema(authentication.getScheme()).getAuthSource();
    }

    @Override // org.zowe.apiml.gateway.security.service.ServiceCacheEvict
    @CacheEvict(value = {CACHE_BY_SERVICE_ID}, allEntries = true)
    public void evictCacheAllService() {
    }

    @Override // org.zowe.apiml.gateway.security.service.ServiceCacheEvict
    public void evictCacheService(String str) {
        this.cacheUtils.evictSubset(this.cacheManager, CACHE_BY_SERVICE_ID, compositeKey -> {
            return StringUtils.equalsIgnoreCase((String) compositeKey.get(0), str);
        });
    }

    @Generated
    public ServiceAuthenticationServiceImpl(EurekaClient eurekaClient, EurekaMetadataParser eurekaMetadataParser, AuthenticationSchemeFactory authenticationSchemeFactory, AuthSourceService authSourceService, CacheManager cacheManager, CacheUtils cacheUtils) {
        this.discoveryClient = eurekaClient;
        this.eurekaMetadataParser = eurekaMetadataParser;
        this.authenticationSchemeFactory = authenticationSchemeFactory;
        this.authSourceService = authSourceService;
        this.cacheManager = cacheManager;
        this.cacheUtils = cacheUtils;
    }
}
