package org.zowe.apiml.cloudgatewayservice.filters;

import java.net.HttpCookie;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import org.springframework.web.server.ServerWebExchange;
import org.zowe.apiml.cloudgatewayservice.filters.AbstractAuthSchemeFactory.AbstractConfig;
import org.zowe.apiml.cloudgatewayservice.service.InstanceInfoService;
import org.zowe.apiml.message.core.MessageService;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/filters/AbstractAuthSchemeFactory.class */
public abstract class AbstractAuthSchemeFactory<T extends AbstractConfig, R, D> extends AbstractGatewayFilterFactory<T> {
    private static final String HEADER_SERVICE_ID = "X-Service-Id";
    private static final Predicate<HttpCookie> CREDENTIALS_COOKIE_INPUT = httpCookie -> {
        return StringUtils.equalsIgnoreCase(httpCookie.getName(), "personalAccessToken") || StringUtils.equalsIgnoreCase(httpCookie.getName(), "apimlAuthenticationToken") || StringUtils.startsWithIgnoreCase(httpCookie.getName(), "apimlAuthenticationToken.");
    };
    private static final Predicate<HttpCookie> CREDENTIALS_COOKIE = httpCookie -> {
        return CREDENTIALS_COOKIE_INPUT.test(httpCookie) || StringUtils.equalsIgnoreCase(httpCookie.getName(), "jwtToken") || StringUtils.equalsIgnoreCase(httpCookie.getName(), "LtpaToken2");
    };
    private static final Predicate<String> CREDENTIALS_HEADER_INPUT = str -> {
        return StringUtils.equalsIgnoreCase(str, "Authorization") || StringUtils.equalsIgnoreCase(str, "PRIVATE-TOKEN");
    };
    private static final Predicate<String> CREDENTIALS_HEADER = str -> {
        return CREDENTIALS_HEADER_INPUT.test(str) || StringUtils.equalsIgnoreCase(str, "X-SAF-Token") || StringUtils.equalsIgnoreCase(str, X509FilterFactory.PUBLIC_KEY) || StringUtils.equalsIgnoreCase(str, X509FilterFactory.DISTINGUISHED_NAME) || StringUtils.equalsIgnoreCase(str, X509FilterFactory.COMMON_NAME) || StringUtils.equalsIgnoreCase(str, ClientCertFilterFactory.CLIENT_CERT_HEADER) || StringUtils.equalsIgnoreCase(str, "Cookie");
    };
    private static final RobinRoundIterator<ServiceInstance> robinRound = new RobinRoundIterator<>();
    protected final WebClient webClient;
    protected final InstanceInfoService instanceInfoService;
    protected final MessageService messageService;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/filters/AbstractAuthSchemeFactory$AbstractConfig.class */
    public static abstract class AbstractConfig {
        private String serviceId;

        @Generated
        public AbstractConfig() {
        }

        @Generated
        public String getServiceId() {
            return this.serviceId;
        }

        @Generated
        public void setServiceId(String str) {
            this.serviceId = str;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AbstractConfig)) {
                return false;
            }
            AbstractConfig abstractConfig = (AbstractConfig) obj;
            if (!abstractConfig.canEqual(this)) {
                return false;
            }
            String serviceId = getServiceId();
            String serviceId2 = abstractConfig.getServiceId();
            return serviceId == null ? serviceId2 == null : serviceId.equals(serviceId2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof AbstractConfig;
        }

        @Generated
        public int hashCode() {
            String serviceId = getServiceId();
            return (1 * 59) + (serviceId == null ? 43 : serviceId.hashCode());
        }

        @Generated
        public String toString() {
            return "AbstractAuthSchemeFactory.AbstractConfig(serviceId=" + getServiceId() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthSchemeFactory(Class<T> cls, WebClient webClient, InstanceInfoService instanceInfoService, MessageService messageService) {
        super(cls);
        this.webClient = webClient;
        this.instanceInfoService = instanceInfoService;
        this.messageService = messageService;
    }

    protected abstract Class<R> getResponseClass();

    protected abstract R getResponseFor401();

    private Mono<List<ServiceInstance>> getZaasInstances() {
        return this.instanceInfoService.getServiceInstance("gateway");
    }

    private Mono<R> requestWithHa(Iterator<ServiceInstance> it, Function<ServiceInstance, WebClient.RequestHeadersSpec<?>> function) {
        return function.apply(it.next()).retrieve().onStatus((v0) -> {
            return v0.is5xxServerError();
        }, clientResponse -> {
            return Mono.empty();
        }).bodyToMono(getResponseClass()).onErrorResume(th -> {
            return th instanceof WebClientResponseException.Unauthorized ? Mono.just(getResponseFor401()) : Mono.error(th);
        }).switchIfEmpty(it.hasNext() ? requestWithHa(it, function) : Mono.empty());
    }

    protected Mono<Void> invoke(List<ServiceInstance> list, Function<ServiceInstance, WebClient.RequestHeadersSpec<?>> function, Function<? super R, ? extends Mono<Void>> function2) {
        Iterator<ServiceInstance> iterator = robinRound.getIterator(list);
        if (iterator.hasNext()) {
            return requestWithHa(iterator, function).flatMap(function2);
        }
        throw new IllegalArgumentException("No ZAAS is available");
    }

    protected abstract WebClient.RequestHeadersSpec<?> createRequest(ServiceInstance serviceInstance, D d);

    protected abstract Mono<Void> processResponse(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain, R r);

    protected WebClient.RequestHeadersSpec<?> createRequest(AbstractConfig abstractConfig, ServerHttpRequest.Builder builder, ServiceInstance serviceInstance, D d) {
        WebClient.RequestHeadersSpec<?> createRequest = createRequest(serviceInstance, d);
        builder.headers(httpHeaders -> {
            List list = (List) readCookies(httpHeaders).collect(Collectors.toList());
            httpHeaders.entrySet().stream().filter(entry -> {
                return CREDENTIALS_HEADER_INPUT.test(entry.getKey());
            }).forEach(entry2 -> {
                createRequest.header((String) entry2.getKey(), (String[]) ((List) entry2.getValue()).toArray(new String[0]));
            });
            list.stream().filter(CREDENTIALS_COOKIE_INPUT).forEach(httpCookie -> {
                createRequest.cookie(httpCookie.getName(), httpCookie.getValue());
            });
            createRequest.header(HEADER_SERVICE_ID, new String[]{abstractConfig.serviceId});
            List list2 = (List) Stream.concat(httpHeaders.entrySet().stream().filter(entry3 -> {
                return !CREDENTIALS_HEADER.test(entry3.getKey());
            }).flatMap(entry4 -> {
                return ((List) entry4.getValue()).stream().map(str -> {
                    return new AbstractMap.SimpleEntry(entry4.getKey(), str);
                });
            }), list.stream().filter(httpCookie2 -> {
                return !CREDENTIALS_COOKIE.test(httpCookie2);
            }).map(httpCookie3 -> {
                return new AbstractMap.SimpleEntry("Cookie", httpCookie3.toString());
            })).collect(Collectors.toList());
            httpHeaders.clear();
            list2.forEach(entry5 -> {
                httpHeaders.add((String) entry5.getKey(), (String) entry5.getValue());
            });
        });
        return createRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GatewayFilter createGatewayFilter(AbstractConfig abstractConfig, D d) {
        return (serverWebExchange, gatewayFilterChain) -> {
            return getZaasInstances().flatMap(list -> {
                ServerHttpRequest.Builder mutate = serverWebExchange.getRequest().mutate();
                return invoke(list, serviceInstance -> {
                    return createRequest(abstractConfig, mutate, serviceInstance, d);
                }, obj -> {
                    return processResponse(serverWebExchange.mutate().request(mutate.build()).build(), gatewayFilterChain, obj);
                });
            });
        };
    }

    protected ServerHttpRequest addRequestHeader(ServerWebExchange serverWebExchange, String str, String str2) {
        return serverWebExchange.getRequest().mutate().headers(httpHeaders -> {
            httpHeaders.add(str, str2);
        }).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerHttpRequest setRequestHeader(ServerWebExchange serverWebExchange, String str, String str2) {
        return serverWebExchange.getRequest().mutate().header(str, new String[]{str2}).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerHttpRequest updateHeadersForError(ServerWebExchange serverWebExchange, String str) {
        ServerHttpRequest addRequestHeader = addRequestHeader(serverWebExchange, "X-Zowe-Auth-Failure", this.messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", new Object[]{str}).mapToLogMessage());
        serverWebExchange.getResponse().getHeaders().add("X-Zowe-Auth-Failure", this.messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", new Object[]{str}).mapToLogMessage());
        return addRequestHeader;
    }

    protected Stream<HttpCookie> readCookies(HttpHeaders httpHeaders) {
        return ((List) Optional.ofNullable(httpHeaders.get("Cookie")).orElse(Collections.emptyList())).stream().map(str -> {
            return StringUtils.split(str, ";");
        }).flatMap((v0) -> {
            return Arrays.stream(v0);
        }).map(StringUtils::trim).map(HttpCookie::parse).flatMap((v0) -> {
            return v0.stream();
        });
    }
}
