package org.zowe.apiml.gateway.filters.pre;

import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.netflix.zuul.util.ZuulRuntimeException;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.gateway.security.service.ServiceAuthenticationServiceImpl;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSchemeException;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.message.core.MessageType;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
import org.zowe.apiml.security.common.token.TokenExpireException;
import org.zowe.apiml.security.common.token.TokenNotValidException;

/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/filters/pre/ServiceAuthenticationFilter.class */
public class ServiceAuthenticationFilter extends PreZuulFilter {
    public static final String AUTH_FAIL_HEADER = "X-Zowe-Auth-Failure";

    @InjectApimlLogger
    private final ApimlLogger logger = ApimlLogger.empty();

    @Autowired
    private ServiceAuthenticationServiceImpl serviceAuthenticationService;

    @Autowired
    private AuthSourceService authSourceService;

    @Autowired
    private MessageService messageService;

    @Override // com.netflix.zuul.ZuulFilter
    public int filterOrder() {
        return 11;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public boolean shouldFilter() {
        return true;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public Object run() {
        Optional<AuthSource> authSourceByAuthentication;
        RequestContext currentContext = RequestContext.getCurrentContext();
        boolean z = false;
        AuthenticationCommand authenticationCommand = null;
        String str = (String) currentContext.get("serviceId");
        try {
            Authentication authentication = this.serviceAuthenticationService.getAuthentication(str);
            authSourceByAuthentication = this.serviceAuthenticationService.getAuthSourceByAuthentication(authentication);
            authenticationCommand = this.serviceAuthenticationService.getAuthenticationCommand(str, authentication, authSourceByAuthentication.orElse(null));
        } catch (TokenExpireException e) {
            authenticationCommand = null;
        } catch (AuthenticationException e2) {
            z = true;
        } catch (AuthSchemeException e3) {
            sendErrorMessage(e3.getParams() != null ? this.messageService.createMessage(e3.getMessage(), e3.getParams()).mapToLogMessage() : this.messageService.createMessage(e3.getMessage(), new Object[0]).mapToLogMessage(), currentContext);
            return null;
        } catch (TokenNotValidException e4) {
            sendErrorMessage(this.messageService.createMessage("org.zowe.apiml.gateway.security.invalidToken", new Object[0]).mapToLogMessage(), currentContext);
            return null;
        } catch (Exception e5) {
            throw new ZuulRuntimeException(new ZuulException(e5, HttpStatus.INTERNAL_SERVER_ERROR.value(), e5.getLocalizedMessage()));
        }
        if (authSourceByAuthentication.isPresent() && !isSourceValidForCommand(authSourceByAuthentication.get(), authenticationCommand)) {
            throw new AuthSchemeException("org.zowe.apiml.gateway.security.invalidAuthentication");
        }
        if (z) {
            currentContext.setSendZuulResponse(false);
            currentContext.setResponseStatusCode(401);
            return null;
        }
        if (authenticationCommand == null) {
            return null;
        }
        try {
            authenticationCommand.apply(null);
            return null;
        } catch (Exception e6) {
            throw new ZuulRuntimeException(new ZuulException(e6, HttpStatus.INTERNAL_SERVER_ERROR.value(), e6.getLocalizedMessage()));
        }
    }

    private void sendErrorMessage(String str, RequestContext requestContext) {
        this.logger.log(MessageType.DEBUG, str, new Object[0]);
        requestContext.addZuulRequestHeader(AUTH_FAIL_HEADER, str);
        requestContext.addZuulResponseHeader(AUTH_FAIL_HEADER, str);
        requestContext.setResponseStatusCode(200);
    }

    private boolean isSourceValidForCommand(AuthSource authSource, AuthenticationCommand authenticationCommand) {
        return !authenticationCommand.isRequiredValidSource() || this.authSourceService.isValid(authSource);
    }
}
