package org.zowe.apiml.gateway.security.service.schema;

import com.netflix.appinfo.InstanceInfo;
import com.netflix.zuul.context.RequestContext;
import java.util.Arrays;
import java.util.Date;
import javax.annotation.PostConstruct;
import lombok.Generated;
import org.apache.commons.lang3.time.DateUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.auth.AuthenticationScheme;
import org.zowe.apiml.gateway.security.service.JwtUtils;
import org.zowe.apiml.gateway.security.service.PassTicketException;
import org.zowe.apiml.gateway.security.service.saf.SafIdtException;
import org.zowe.apiml.gateway.security.service.saf.SafIdtProvider;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.passticket.IRRPassTicketGenerationException;
import org.zowe.apiml.passticket.PassTicketService;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
import org.zowe.apiml.security.common.token.TokenExpireException;
import org.zowe.apiml.security.common.token.TokenNotValidException;
import org.zowe.apiml.util.CookieUtil;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/SafIdtScheme.class */
public class SafIdtScheme implements AbstractAuthenticationScheme {
    private final AuthConfigurationProperties authConfigurationProperties;
    private final AuthSourceService authSourceService;
    private final PassTicketService passTicketService;
    private final SafIdtProvider safIdtProvider;

    @Value("${apiml.security.saf.defaultIdtExpiration:10}")
    int defaultIdtExpiration;
    private String cookieName;

    /* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/SafIdtScheme$SafIdtCommand.class */
    public class SafIdtCommand extends AuthenticationCommand {
        private static final long serialVersionUID = 8213192949049438897L;
        private final String safIdentityToken;
        private final String cookieName;
        private final Long expireAt;
        private static final String COOKIE_HEADER = "cookie";
        private static final String SAF_TOKEN_HEADER = "X-SAF-Token";

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void apply(InstanceInfo instanceInfo) {
            RequestContext currentContext = RequestContext.getCurrentContext();
            currentContext.addZuulRequestHeader(SAF_TOKEN_HEADER, this.safIdentityToken);
            currentContext.addZuulRequestHeader("cookie", CookieUtil.removeCookie(currentContext.getZuulRequestHeaders().get("cookie"), this.cookieName));
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand, org.zowe.apiml.cache.EntryExpiration
        public boolean isExpired() {
            return this.expireAt != null && System.currentTimeMillis() > this.expireAt.longValue();
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public boolean isRequiredValidSource() {
            return true;
        }

        @Generated
        public SafIdtCommand(String str, String str2, Long l) {
            this.safIdentityToken = str;
            this.cookieName = str2;
            this.expireAt = l;
        }
    }

    @PostConstruct
    public void initCookieName() {
        this.cookieName = this.authConfigurationProperties.getCookieProperties().getCookieName();
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.AbstractAuthenticationScheme
    public AuthenticationScheme getScheme() {
        return AuthenticationScheme.SAF_IDT;
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.AbstractAuthenticationScheme
    public AuthenticationCommand createCommand(Authentication authentication, AuthSource authSource) {
        AuthSource.Parsed parse = this.authSourceService.parse(authSource);
        if (parse == null) {
            return AuthenticationCommand.EMPTY;
        }
        String userId = parse.getUserId();
        String applid = authentication.getApplid();
        if (applid == null) {
            throw new PassTicketException("Applid is required. Check the configuration of service");
        }
        try {
            char[] charArray = this.passTicketService.generate(userId, applid).toCharArray();
            try {
                String generate = this.safIdtProvider.generate(userId, charArray, applid);
                Arrays.fill(charArray, (char) 0);
                try {
                    Date expiration = JwtUtils.getJwtClaims(generate).getExpiration();
                    if (expiration == null) {
                        expiration = DateUtils.addMinutes(new Date(), this.defaultIdtExpiration);
                    }
                    return new SafIdtCommand(generate, this.cookieName, Long.valueOf(expiration.getTime()));
                } catch (TokenExpireException | TokenNotValidException e) {
                    throw new SafIdtException("Unable to parse Identity Token", e);
                }
            } catch (Throwable th) {
                Arrays.fill(charArray, (char) 0);
                throw th;
            }
        } catch (IRRPassTicketGenerationException e2) {
            throw new PassTicketException(String.format("Could not generate PassTicket for user ID '%s' and APPLID '%s'", userId, applid), e2);
        }
    }

    @Generated
    public SafIdtScheme(AuthConfigurationProperties authConfigurationProperties, AuthSourceService authSourceService, PassTicketService passTicketService, SafIdtProvider safIdtProvider) {
        this.authConfigurationProperties = authConfigurationProperties;
        this.authSourceService = authSourceService;
        this.passTicketService = passTicketService;
        this.safIdtProvider = safIdtProvider;
    }
}
