package org.zowe.apiml.gateway.security.service.zosmf;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.netflix.discovery.DiscoveryClient;
import com.netflix.discovery.shared.Application;
import java.net.ConnectException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import javax.net.ssl.SSLHandshakeException;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestClientResponseException;
import org.springframework.web.client.RestTemplate;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
import org.zowe.apiml.security.SecurityUtils;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
import org.zowe.apiml.security.common.error.ServiceNotAccessibleException;
import org.zowe.apiml.security.common.login.LoginRequest;
import org.zowe.apiml.util.EurekaUtils;

/* loaded from: input_file:org/zowe/apiml/gateway/security/service/zosmf/AbstractZosmfService.class */
public abstract class AbstractZosmfService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AbstractZosmfService.class);
    protected static final String ZOSMF_INFO_END_POINT = "/zosmf/info";
    protected static final String ZOSMF_AUTHENTICATE_END_POINT = "/zosmf/services/authenticate";
    protected static final String ZOSMF_CSRF_HEADER = "X-CSRF-ZOSMF-HEADER";
    protected static final String ZOSMF_DOMAIN = "zosmf_saf_realm";

    @InjectApimlLogger
    protected ApimlLogger apimlLog = ApimlLogger.empty();
    protected final AuthConfigurationProperties authConfigurationProperties;
    protected final DiscoveryClient discovery;
    protected final RestTemplate restTemplateWithoutKeystore;
    protected final ObjectMapper securityObjectMapper;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractZosmfService(AuthConfigurationProperties authConfigurationProperties, DiscoveryClient discoveryClient, @Qualifier("restTemplateWithoutKeystore") RestTemplate restTemplate, ObjectMapper objectMapper) {
        this.authConfigurationProperties = authConfigurationProperties;
        this.discovery = discoveryClient;
        this.restTemplateWithoutKeystore = restTemplate;
        this.securityObjectMapper = objectMapper;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getZosmfServiceId() {
        return this.authConfigurationProperties.validatedZosmfServiceId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAuthenticationValue(Authentication authentication) {
        String obj = authentication.getPrincipal().toString();
        char[] cArr = null;
        byte[] bArr = null;
        boolean z = false;
        try {
            if (authentication.getCredentials() instanceof LoginRequest) {
                cArr = ((LoginRequest) authentication.getCredentials()).getPassword();
            } else {
                cArr = SecurityUtils.readPassword(authentication.getCredentials());
                z = !(authentication.getCredentials() instanceof char[]);
            }
            byte[] bytes = obj.getBytes(StandardCharsets.UTF_8);
            bArr = new byte[bytes.length + 1 + cArr.length];
            int i = 0;
            for (byte b : bytes) {
                int i2 = i;
                i++;
                bArr[i2] = b;
            }
            int i3 = i;
            int i4 = i + 1;
            bArr[i3] = 58;
            for (char c : cArr) {
                int i5 = i4;
                i4++;
                bArr[i5] = (byte) c;
            }
            String str = "Basic " + Base64.getEncoder().encodeToString(bArr);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            if (z) {
                Arrays.fill(cArr, (char) 0);
            }
            return str;
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            if (z) {
                Arrays.fill(cArr, (char) 0);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getURI(String str) {
        Supplier supplier = () -> {
            log.debug("z/OSMF instance not found or incorrectly configured.");
            return new ServiceNotAccessibleException("z/OSMF instance not found or incorrectly configured.");
        };
        return (String) ((Application) Optional.ofNullable(this.discovery.getApplication(str)).orElseThrow(supplier)).getInstances().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().map(EurekaUtils::getUrl).orElseThrow(supplier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RuntimeException handleExceptionOnCall(String str, RuntimeException runtimeException) {
        if (runtimeException instanceof ResourceAccessException) {
            if (runtimeException.getCause() instanceof SSLHandshakeException) {
                log.error("SSL Misconfiguration, z/OSMF is not accessible. Please verify the following: \n - CN (Common Name) and z/OSMF hostname have to match.\n - Certificate is expired\n - TLS version match\nFurther details and a stack trace will follow", runtimeException);
            }
            this.apimlLog.log("org.zowe.apiml.security.serviceUnavailable", new Object[]{str, runtimeException.getMessage()});
            return new ServiceNotAccessibleException("Could not get an access to z/OSMF service.");
        }
        if (runtimeException instanceof HttpClientErrorException.Unauthorized) {
            log.warn("Request to z/OSMF requires authentication", runtimeException.getMessage());
            return new BadCredentialsException("Invalid Credentials");
        }
        if (runtimeException instanceof RestClientResponseException) {
            RestClientResponseException restClientResponseException = (RestClientResponseException) runtimeException;
            if (log.isTraceEnabled()) {
                log.trace("z/OSMF request {} failed with status code {}, server response: {}", new Object[]{str, Integer.valueOf(restClientResponseException.getRawStatusCode()), restClientResponseException.getResponseBodyAsString()});
            } else {
                log.debug("z/OSMF request {} failed with status code {}", str, Integer.valueOf(restClientResponseException.getRawStatusCode()));
            }
        }
        if (runtimeException.getCause() instanceof ConnectException) {
            log.warn("Could not connecto to z/OSMF. Please verify z/OSMF instance is up and running {}", runtimeException.getMessage());
            return new ServiceNotAccessibleException("Could not connect to z/OSMF service.");
        }
        if (!(runtimeException instanceof RestClientException)) {
            return runtimeException;
        }
        log.debug("z/OSMF isn't accessible. {}", runtimeException.getMessage());
        this.apimlLog.log("org.zowe.apiml.security.generic", new Object[]{runtimeException.getMessage(), str});
        return new AuthenticationServiceException("A failure occurred when authenticating.", runtimeException);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String readTokenFromCookie(List<String> list, String str) {
        if (list == null) {
            return null;
        }
        return (String) list.stream().filter(str2 -> {
            return str2.startsWith(str + "=");
        }).findFirst().map(str3 -> {
            int length = str.length() + 1;
            int indexOf = str3.indexOf(59);
            return indexOf > 0 ? str3.substring(length, indexOf) : str3.substring(length);
        }).orElse(null);
    }
}
