package org.zowe.apiml.gateway.ribbon.http;

import com.netflix.zuul.context.RequestContext;
import lombok.Generated;
import org.apache.http.HttpRequest;
import org.springframework.security.core.AuthenticationException;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.gateway.ribbon.RequestContextUtils;
import org.zowe.apiml.gateway.security.service.AuthenticationService;
import org.zowe.apiml.gateway.security.service.ServiceAuthenticationServiceImpl;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand;
import org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService;
import org.zowe.apiml.security.common.token.TokenNotValidException;

/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/ribbon/http/ServiceAuthenticationDecorator.class */
public class ServiceAuthenticationDecorator {
    private final ServiceAuthenticationService serviceAuthenticationService;
    private final AuthenticationService authenticationService;
    private static final String INVALID_JWT_MESSAGE = "Invalid JWT token";

    public void process(HttpRequest httpRequest) {
        RequestContext currentContext = RequestContext.getCurrentContext();
        if (currentContext.get(ServiceAuthenticationServiceImpl.AUTHENTICATION_COMMAND_KEY) instanceof ServiceAuthenticationServiceImpl.UniversalAuthenticationCommand) {
            Authentication authentication = this.serviceAuthenticationService.getAuthentication(RequestContextUtils.getInstanceInfo().orElseThrow(() -> {
                return new RequestContextNotPreparedException("InstanceInfo of loadbalanced instance is not present in RequestContext");
            }));
            try {
                String orElse = this.authenticationService.getJwtTokenFromRequest(currentContext.getRequest()).orElse(null);
                AuthenticationCommand authenticationCommand = this.serviceAuthenticationService.getAuthenticationCommand(authentication, orElse);
                if (authenticationCommand == null) {
                    return;
                }
                if (authenticationCommand.isRequiredValidJwt() && (orElse == null || !this.authenticationService.validateJwtToken(orElse).isAuthenticated())) {
                    throw new RequestAbortException(new TokenNotValidException("JWT Token is not authenticated"));
                }
                authenticationCommand.applyToRequest(httpRequest);
            } catch (AuthenticationException e) {
                throw new RequestAbortException(e);
            }
        }
    }

    @Generated
    public ServiceAuthenticationDecorator(ServiceAuthenticationService serviceAuthenticationService, AuthenticationService authenticationService) {
        this.serviceAuthenticationService = serviceAuthenticationService;
        this.authenticationService = authenticationService;
    }
}
