package org.zowe.apiml.gateway.security.mapping;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.io.UnsupportedEncodingException;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.stereotype.Component;
import org.zowe.apiml.gateway.security.mapping.model.MapperResponse;
import org.zowe.apiml.gateway.security.mapping.model.OIDCRequest;
import org.zowe.apiml.gateway.security.service.TokenCreationService;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.OIDCAuthSource;
import org.zowe.apiml.message.core.MessageType;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;

@Component("oidcMapper")
@ConditionalOnExpression("'${apiml.security.oidc.enabled:false}' == 'true' && '${apiml.security.useInternalMapper:false}' == 'false'")
/* loaded from: input_file:org/zowe/apiml/gateway/security/mapping/OIDCExternalMapper.class */
public class OIDCExternalMapper extends ExternalMapper implements AuthenticationMapper {

    @Value("${apiml.security.oidc.registry:}")
    protected String registry;

    @InjectApimlLogger
    private final ApimlLogger apimlLog;
    protected boolean isConfigError;

    @PostConstruct
    private void postConstruct() {
        if (StringUtils.isEmpty(this.registry)) {
            this.isConfigError = true;
            this.apimlLog.log("org.zowe.apiml.security.common.OIDCConfigError", new Object[0]);
        }
    }

    public OIDCExternalMapper(@Value("${apiml.security.oidc.identityMapperUrl:}") String str, @Value("${apiml.security.oidc.identityMapperUser:}") String str2, CloseableHttpClient closeableHttpClient, TokenCreationService tokenCreationService, AuthConfigurationProperties authConfigurationProperties) {
        super(str, str2, closeableHttpClient, tokenCreationService, authConfigurationProperties);
        this.apimlLog = ApimlLogger.empty();
        this.isConfigError = false;
    }

    @Override // org.zowe.apiml.gateway.security.mapping.AuthenticationMapper
    public String mapToMainframeUserId(AuthSource authSource) {
        if (this.isConfigError) {
            this.apimlLog.log("org.zowe.apiml.security.common.OIDCConfigError", new Object[0]);
            return null;
        }
        if (!(authSource instanceof OIDCAuthSource)) {
            this.apimlLog.log(MessageType.DEBUG, "The used authentication source type is {} and not OIDC", new Object[]{authSource.getType()});
            return null;
        }
        String distributedId = ((OIDCAuthSource) authSource).getDistributedId();
        if (StringUtils.isEmpty(distributedId)) {
            this.apimlLog.log(MapperResponse.OIDC_FAILED_MESSAGE_KEY, new Object[]{"OIDC token is missing the distributed ID. Make sure your distributed identity provider is properly configured."});
            return null;
        }
        try {
            MapperResponse callExternalMapper = callExternalMapper(new StringEntity(objectMapper.writeValueAsString(new OIDCRequest(distributedId, this.registry))));
            if (callExternalMapper == null || !callExternalMapper.isOIDCResultValid()) {
                return null;
            }
            String trim = callExternalMapper.getUserId().trim();
            if (StringUtils.isNotEmpty(trim)) {
                return trim;
            }
            return null;
        } catch (JsonProcessingException e) {
            this.apimlLog.log("org.zowe.apiml.security.common.OIDCMappingError", new Object[]{"Unable to generate JSON payload for identity mapping request", e.getMessage()});
            return null;
        } catch (UnsupportedEncodingException e2) {
            this.apimlLog.log("org.zowe.apiml.security.common.OIDCMappingError", new Object[]{"Unable to encode payload for identity mapping request", e2.getMessage()});
            return null;
        }
    }
}
