package org.zowe.apiml.cloudgatewayservice.attls;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.catalina.connector.RequestFacade;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.codec.ServerCodecConfigurer;
import org.springframework.http.server.reactive.AbstractServerHttpRequest;
import org.springframework.http.server.reactive.HttpHandler;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.http.server.reactive.SslInfo;
import org.springframework.stereotype.Component;
import org.springframework.web.server.adapter.DefaultServerWebExchange;
import org.springframework.web.server.i18n.LocaleContextResolver;
import org.springframework.web.server.session.DefaultWebSessionManager;
import org.springframework.web.server.session.WebSessionManager;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.commons.attls.AttlsContext;
import org.zowe.commons.attls.ContextIsNotInitializedException;
import org.zowe.commons.attls.InboundAttls;
import org.zowe.commons.attls.IoctlCallException;
import org.zowe.commons.attls.StatConn;
import org.zowe.commons.attls.UnknownEnumValueException;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

@ConditionalOnProperty(name = {"server.attls.enabled"}, havingValue = "true")
@Component
/* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/attls/AttlsHttpHandler.class */
public class AttlsHttpHandler implements BeanPostProcessor {
    private static final ObjectMapper objectMapper = new ObjectMapper();
    private final MessageService messageService;
    private final LocaleContextResolver localeContextResolver;
    private final WebSessionManager sessionManager = new DefaultWebSessionManager();
    private final ServerCodecConfigurer serverCodecConfigurer = ServerCodecConfigurer.create();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/attls/AttlsHttpHandler$AttlsSslInfo.class */
    public static final class AttlsSslInfo implements SslInfo {
        private final String sessionId;
        private final X509Certificate[] peerCertificates;

        @Generated
        /* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/attls/AttlsHttpHandler$AttlsSslInfo$AttlsSslInfoBuilder.class */
        public static class AttlsSslInfoBuilder {

            @Generated
            private String sessionId;

            @Generated
            private X509Certificate[] peerCertificates;

            @Generated
            AttlsSslInfoBuilder() {
            }

            @Generated
            public AttlsSslInfoBuilder sessionId(String str) {
                this.sessionId = str;
                return this;
            }

            @Generated
            public AttlsSslInfoBuilder peerCertificates(X509Certificate[] x509CertificateArr) {
                this.peerCertificates = x509CertificateArr;
                return this;
            }

            @Generated
            public AttlsSslInfo build() {
                return new AttlsSslInfo(this.sessionId, this.peerCertificates);
            }

            @Generated
            public String toString() {
                return "AttlsHttpHandler.AttlsSslInfo.AttlsSslInfoBuilder(sessionId=" + this.sessionId + ", peerCertificates=" + Arrays.deepToString(this.peerCertificates) + ")";
            }
        }

        @Generated
        AttlsSslInfo(String str, X509Certificate[] x509CertificateArr) {
            this.sessionId = str;
            this.peerCertificates = x509CertificateArr;
        }

        @Generated
        public static AttlsSslInfoBuilder builder() {
            return new AttlsSslInfoBuilder();
        }

        @Generated
        public String getSessionId() {
            return this.sessionId;
        }

        @Generated
        public X509Certificate[] getPeerCertificates() {
            return this.peerCertificates;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AttlsSslInfo)) {
                return false;
            }
            AttlsSslInfo attlsSslInfo = (AttlsSslInfo) obj;
            String sessionId = getSessionId();
            String sessionId2 = attlsSslInfo.getSessionId();
            if (sessionId == null) {
                if (sessionId2 != null) {
                    return false;
                }
            } else if (!sessionId.equals(sessionId2)) {
                return false;
            }
            return Arrays.deepEquals(getPeerCertificates(), attlsSslInfo.getPeerCertificates());
        }

        @Generated
        public int hashCode() {
            String sessionId = getSessionId();
            return (((1 * 59) + (sessionId == null ? 43 : sessionId.hashCode())) * 59) + Arrays.deepHashCode(getPeerCertificates());
        }

        @Generated
        public String toString() {
            return "AttlsHttpHandler.AttlsSslInfo(sessionId=" + getSessionId() + ", peerCertificates=" + Arrays.deepToString(getPeerCertificates()) + ")";
        }
    }

    private Mono<Void> writeError(ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse, String str) {
        DefaultServerWebExchange defaultServerWebExchange = new DefaultServerWebExchange(serverHttpRequest, serverHttpResponse, this.sessionManager, this.serverCodecConfigurer, this.localeContextResolver);
        serverHttpResponse.setRawStatusCode(500);
        serverHttpResponse.getHeaders().add("Content-Type", "application/json");
        return defaultServerWebExchange.getResponse().writeWith(Flux.just(defaultServerWebExchange.getResponse().bufferFactory().wrap(str.getBytes(StandardCharsets.UTF_8))));
    }

    private String getMessage(String str) {
        try {
            return objectMapper.writeValueAsString(this.messageService.createMessage(str, new Object[0]).mapToView());
        } catch (JsonProcessingException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    Mono<Void> internalError(ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
        return writeError(serverHttpRequest, serverHttpResponse, getMessage("org.zowe.apiml.gateway.internalServerError"));
    }

    Mono<Void> unsecureError(ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
        return writeError(serverHttpRequest, serverHttpResponse, getMessage("org.zowe.apiml.gateway.security.attls.notSecure"));
    }

    ServerHttpRequest updateCertificate(ServerHttpRequest serverHttpRequest, HttpServletRequest httpServletRequest, byte[] bArr) throws CertificateException {
        if (ArrayUtils.isEmpty(bArr)) {
            return serverHttpRequest;
        }
        X509Certificate[] x509CertificateArr = {(X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + new String(Base64.getEncoder().encode(bArr), StandardCharsets.UTF_8) + "\n-----END CERTIFICATE-----").getBytes(StandardCharsets.UTF_8)))};
        httpServletRequest.setAttribute("javax.servlet.request.X509Certificate", x509CertificateArr);
        return serverHttpRequest.mutate().sslInfo(AttlsSslInfo.builder().peerCertificates(x509CertificateArr).build()).build();
    }

    public Object postProcessAfterInitialization(Object obj, String str) throws BeansException {
        if (!(obj instanceof HttpHandler)) {
            return obj;
        }
        HttpHandler httpHandler = (HttpHandler) obj;
        return (serverHttpRequest, serverHttpResponse) -> {
            try {
                AttlsContext attlsContext = InboundAttls.get();
                if (attlsContext.getStatConn() != StatConn.SECURE) {
                    return unsecureError(serverHttpRequest, serverHttpResponse);
                }
                RequestFacade requestFacade = (RequestFacade) ((AbstractServerHttpRequest) serverHttpRequest).getNativeRequest();
                requestFacade.setAttribute("attls", attlsContext);
                return httpHandler.handle(updateCertificate(serverHttpRequest, requestFacade, attlsContext.getCertificate()), serverHttpResponse);
            } catch (IoctlCallException | UnknownEnumValueException | ContextIsNotInitializedException | CertificateException e) {
                return internalError(serverHttpRequest, serverHttpResponse);
            }
        };
    }

    @Generated
    public AttlsHttpHandler(MessageService messageService, LocaleContextResolver localeContextResolver) {
        this.messageService = messageService;
        this.localeContextResolver = localeContextResolver;
    }
}
