package org.zowe.apiml.gateway.security.service;

import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.stereotype.Service;
import org.zowe.apiml.gateway.security.login.Providers;
import org.zowe.apiml.gateway.security.login.zosmf.ZosmfAuthenticationProvider;
import org.zowe.apiml.gateway.security.service.saf.SafIdtProvider;
import org.zowe.apiml.gateway.security.service.zosmf.ZosmfService;
import org.zowe.apiml.passticket.IRRPassTicketGenerationException;
import org.zowe.apiml.passticket.PassTicketService;
import org.zowe.apiml.security.common.error.AuthenticationTokenException;

@Service
/* loaded from: input_file:org/zowe/apiml/gateway/security/service/TokenCreationService.class */
public class TokenCreationService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenCreationService.class);
    private final Providers providers;
    private final Optional<ZosmfAuthenticationProvider> zosmfAuthenticationProvider;
    private final ZosmfService zosmfService;
    private final PassTicketService passTicketService;
    private final AuthenticationService authenticationService;
    private final SafIdtProvider safIdtProvider;

    @Value("${apiml.security.zosmf.applid:IZUDFLT}")
    protected String zosmfApplId;

    public String createJwtTokenWithoutCredentials(String str) {
        if (isZosmfAvailable()) {
            log.debug("ZOSMF is available and used. Attempt to authenticate with PassTicket");
            return this.zosmfAuthenticationProvider.orElseThrow(() -> {
                return new IllegalStateException("The z/OSMF is not configured. The config value `apiml.security.auth.provider` should be set to `zosmf`.");
            }).authenticate(new UsernamePasswordAuthenticationToken(str, generatePassTicket(str))).getCredentials();
        }
        log.debug("ZOSMF is not available or used. Generating APIML's JWT Token.");
        String createJwtToken = this.authenticationService.createJwtToken(str, "security-domain", null);
        log.debug("Generated JWT Token: {}", createJwtToken);
        return this.authenticationService.createTokenAuthentication(str, createJwtToken).getCredentials();
    }

    public Map<ZosmfService.TokenType, String> createZosmfTokensWithoutCredentials(String str) {
        if (!isZosmfAvailable()) {
            return Collections.emptyMap();
        }
        log.debug("ZOSMF is available and used. Attempt to authenticate with PassTicket");
        return this.zosmfService.authenticate(new UsernamePasswordAuthenticationToken(str, generatePassTicket(str))).getTokens();
    }

    public String createSafIdTokenWithoutCredentials(String str, String str2) throws IRRPassTicketGenerationException {
        char[] charArray = "".toCharArray();
        try {
            charArray = this.passTicketService.generate(str, str2).toCharArray();
            String generate = this.safIdtProvider.generate(str, charArray, str2);
            Arrays.fill(charArray, (char) 0);
            return generate;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    private boolean isZosmfAvailable() {
        try {
            if (this.providers.isZosfmUsed()) {
                if (this.providers.isZosmfAvailable()) {
                    return true;
                }
            }
            return false;
        } catch (AuthenticationServiceException e) {
            return false;
        }
    }

    private String generatePassTicket(String str) {
        try {
            log.debug("Generating PassTicket for user: {} and ZOSMF applid: {}", str, this.zosmfApplId);
            String generate = this.passTicketService.generate(str, this.zosmfApplId);
            log.debug("Generated PassTicket: {}", generate);
            return generate;
        } catch (IRRPassTicketGenerationException e) {
            throw new AuthenticationTokenException("Generation of PassTicket failed", e);
        }
    }

    @Generated
    public TokenCreationService(Providers providers, Optional<ZosmfAuthenticationProvider> optional, ZosmfService zosmfService, PassTicketService passTicketService, AuthenticationService authenticationService, SafIdtProvider safIdtProvider) {
        this.providers = providers;
        this.zosmfAuthenticationProvider = optional;
        this.zosmfService = zosmfService;
        this.passTicketService = passTicketService;
        this.authenticationService = authenticationService;
        this.safIdtProvider = safIdtProvider;
    }
}
