package org.zowe.apiml.cloudgatewayservice.filters;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Service;
import org.springframework.web.server.ServerWebExchange;
import org.zowe.apiml.constants.ApimlConstants;
import org.zowe.apiml.message.core.MessageService;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/cloudgatewayservice/filters/X509FilterFactory.class */
public class X509FilterFactory extends AbstractGatewayFilterFactory<Config> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509FilterFactory.class);
    public static final String PUBLIC_KEY = "X-Certificate-Public";
    public static final String DISTINGUISHED_NAME = "X-Certificate-DistinguishedName";
    public static final String COMMON_NAME = "X-Certificate-CommonName";
    private final MessageService messageService;

    /* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/cloudgatewayservice/filters/X509FilterFactory$Config.class */
    public static class Config {
        private String headers;

        public String getHeaders() {
            return this.headers;
        }

        public void setHeaders(String str) {
            this.headers = str;
        }
    }

    public X509FilterFactory(MessageService messageService) {
        super(Config.class);
        this.messageService = messageService;
    }

    @Override // org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory
    public GatewayFilter apply(Config config) {
        return (serverWebExchange, gatewayFilterChain) -> {
            X509Certificate[] peerCertificates;
            return (serverWebExchange.getRequest().getSslInfo() == null || (peerCertificates = serverWebExchange.getRequest().getSslInfo().getPeerCertificates()) == null || peerCertificates.length <= 0) ? gatewayFilterChain.filter(serverWebExchange.mutate().request(updateHeadersForError(serverWebExchange)).build()) : gatewayFilterChain.filter(serverWebExchange.mutate().request(serverWebExchange.getRequest().mutate().headers(httpHeaders -> {
                try {
                    setHeader(httpHeaders, config.getHeaders().split(","), peerCertificates[0]);
                } catch (CertificateEncodingException | InvalidNameException e) {
                    httpHeaders.add(ApimlConstants.AUTH_FAIL_HEADER, "Invalid client certificate in request. Error message: " + e.getMessage());
                }
            }).build()).build());
        };
    }

    private ServerHttpRequest updateHeadersForError(ServerWebExchange serverWebExchange) {
        String mapToLogMessage = this.messageService.createMessage("org.zowe.apiml.gateway.security.schema.missingX509Authentication", new Object[0]).mapToLogMessage();
        ServerHttpRequest build = serverWebExchange.getRequest().mutate().header(ApimlConstants.AUTH_FAIL_HEADER, mapToLogMessage).build();
        serverWebExchange.getResponse().getHeaders().add(ApimlConstants.AUTH_FAIL_HEADER, mapToLogMessage);
        return build;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0028. Please report as an issue. */
    private void setHeader(HttpHeaders httpHeaders, String[] strArr, X509Certificate x509Certificate) throws CertificateEncodingException, InvalidNameException {
        for (String str : strArr) {
            String trim = str.trim();
            boolean z = -1;
            switch (trim.hashCode()) {
                case -752036255:
                    if (trim.equals(COMMON_NAME)) {
                        z = false;
                        break;
                    }
                    break;
                case 6461636:
                    if (trim.equals(DISTINGUISHED_NAME)) {
                        z = 2;
                        break;
                    }
                    break;
                case 887798580:
                    if (trim.equals(PUBLIC_KEY)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    httpHeaders.add(COMMON_NAME, getCommonName(new LdapName(x509Certificate.getSubjectDN().getName())));
                    break;
                case true:
                    httpHeaders.add(PUBLIC_KEY, Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
                    break;
                case true:
                    httpHeaders.add(DISTINGUISHED_NAME, x509Certificate.getSubjectDN().getName());
                    break;
                default:
                    log.debug("Unsupported header specified in service metadata, please review apiml.service.authentication.headers, possible values are: X-Certificate-Public, X-Certificate-DistinguishedName, X-Certificate-CommonName\nprovided value: " + str);
                    break;
            }
        }
    }

    public static String getCommonName(LdapName ldapName) {
        for (Rdn rdn : ldapName.getRdns()) {
            if ("cn".equalsIgnoreCase(rdn.getType())) {
                return String.valueOf(rdn.getValue());
            }
        }
        return null;
    }
}
