package org.zowe.apiml.cloudgatewayservice.filters;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Iterator;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.server.ServerWebExchange;
import org.zowe.apiml.cloudgatewayservice.service.InstanceInfoService;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.ticket.TicketRequest;
import org.zowe.apiml.ticket.TicketResponse;
import reactor.core.publisher.Mono;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/cloudgatewayservice/filters/PassticketFilterFactory.class */
public class PassticketFilterFactory extends AbstractGatewayFilterFactory<Config> {
    private final WebClient webClient;
    private final InstanceInfoService instanceInfoService;
    private final MessageService messageService;
    private final String ticketUrl = "%s://%s:%s/%s/api/v1/auth/ticket";
    private final ObjectWriter writer;
    public static final String AUTH_FAIL_HEADER = "X-Zowe-Auth-Failure";

    /* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/cloudgatewayservice/filters/PassticketFilterFactory$Config.class */
    public static class Config {
        private String applicationName;

        public String getApplicationName() {
            return this.applicationName;
        }

        public void setApplicationName(String str) {
            this.applicationName = str;
        }
    }

    public PassticketFilterFactory(WebClient webClient, InstanceInfoService instanceInfoService, MessageService messageService) {
        super(Config.class);
        this.ticketUrl = "%s://%s:%s/%s/api/v1/auth/ticket";
        this.writer = new ObjectMapper().writer();
        this.webClient = webClient;
        this.instanceInfoService = instanceInfoService;
        this.messageService = messageService;
    }

    @Override // org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory
    public GatewayFilter apply(Config config) {
        try {
            String writeValueAsString = this.writer.writeValueAsString(new TicketRequest(config.getApplicationName()));
            return (serverWebExchange, gatewayFilterChain) -> {
                return this.instanceInfoService.getServiceInstance("gateway").flatMap(list -> {
                    Iterator it = list.iterator();
                    if (!it.hasNext()) {
                        return gatewayFilterChain.filter(serverWebExchange.mutate().request(updateHeadersForError(serverWebExchange, "All gateway service instances failed to respond.")).build());
                    }
                    ServiceInstance serviceInstance = (ServiceInstance) it.next();
                    return ((WebClient.RequestBodySpec) this.webClient.post().uri(String.format("%s://%s:%s/%s/api/v1/auth/ticket", serviceInstance.getScheme(), serviceInstance.getHost(), Integer.valueOf(serviceInstance.getPort()), serviceInstance.getServiceId().toLowerCase()), new Object[0])).headers(httpHeaders -> {
                        httpHeaders.addAll(serverWebExchange.getRequest().getHeaders());
                    }).bodyValue(writeValueAsString).retrieve().onStatus((v0) -> {
                        return v0.is4xxClientError();
                    }, clientResponse -> {
                        return Mono.empty();
                    }).bodyToMono(TicketResponse.class).flatMap(ticketResponse -> {
                        if (ticketResponse.getTicket() == null) {
                            return gatewayFilterChain.filter(serverWebExchange.mutate().request(updateHeadersForError(serverWebExchange, "Invalid or missing authentication.")).build());
                        }
                        return gatewayFilterChain.filter(serverWebExchange.mutate().request(addRequestHeader(serverWebExchange, "Authorization", "Basic " + Base64.getEncoder().encodeToString((ticketResponse.getUserId() + ":" + ticketResponse.getTicket()).getBytes(StandardCharsets.UTF_8)))).build());
                    });
                });
            };
        } catch (JsonProcessingException e) {
            return (serverWebExchange2, gatewayFilterChain2) -> {
                return gatewayFilterChain2.filter(serverWebExchange2.mutate().request(updateHeadersForError(serverWebExchange2, e.getMessage())).build());
            };
        }
    }

    private ServerHttpRequest updateHeadersForError(ServerWebExchange serverWebExchange, String str) {
        ServerHttpRequest addRequestHeader = addRequestHeader(serverWebExchange, AUTH_FAIL_HEADER, this.messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", str).mapToLogMessage());
        serverWebExchange.getResponse().getHeaders().add(AUTH_FAIL_HEADER, this.messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", str).mapToLogMessage());
        return addRequestHeader;
    }

    private ServerHttpRequest addRequestHeader(ServerWebExchange serverWebExchange, String str, String str2) {
        return serverWebExchange.getRequest().mutate().headers(httpHeaders -> {
            httpHeaders.add(str, str2);
            httpHeaders.remove("Cookie");
        }).build();
    }
}
