package org.zowe.apiml.gateway.ribbon.http;

import com.netflix.zuul.context.RequestContext;
import java.util.Optional;
import lombok.Generated;
import org.apache.http.HttpRequest;
import org.springframework.security.core.AuthenticationException;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.gateway.ribbon.RequestContextUtils;
import org.zowe.apiml.gateway.security.service.ServiceAuthenticationServiceImpl;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand;
import org.zowe.apiml.gateway.security.service.schema.ServiceAuthenticationService;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.security.common.token.TokenNotValidException;

/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/ribbon/http/ServiceAuthenticationDecorator.class */
public class ServiceAuthenticationDecorator {
    private final ServiceAuthenticationService serviceAuthenticationService;
    private final AuthSourceService authSourceService;

    public void process(HttpRequest httpRequest) {
        if (RequestContext.getCurrentContext().get(ServiceAuthenticationServiceImpl.AUTHENTICATION_COMMAND_KEY) instanceof ServiceAuthenticationServiceImpl.UniversalAuthenticationCommand) {
            Authentication authentication = this.serviceAuthenticationService.getAuthentication(RequestContextUtils.getInstanceInfo().orElseThrow(() -> {
                return new RequestContextNotPreparedException("InstanceInfo of loadbalanced instance is not present in RequestContext");
            }));
            try {
                Optional<AuthSource> authSourceFromRequest = this.authSourceService.getAuthSourceFromRequest();
                AuthenticationCommand authenticationCommand = this.serviceAuthenticationService.getAuthenticationCommand(authentication, authSourceFromRequest.orElse(null));
                if (authenticationCommand == null) {
                    return;
                }
                if (!isSourceValidForCommand(authSourceFromRequest.orElse(null), authenticationCommand)) {
                    throw new RequestAbortException(new TokenNotValidException("JWT Token is not authenticated"));
                }
                authenticationCommand.applyToRequest(httpRequest);
            } catch (AuthenticationException e) {
                throw new RequestAbortException(e);
            }
        }
    }

    private boolean isSourceValidForCommand(AuthSource authSource, AuthenticationCommand authenticationCommand) {
        return !authenticationCommand.isRequiredValidSource() || (authSource != null && this.authSourceService.isValid(authSource));
    }

    @Generated
    public ServiceAuthenticationDecorator(ServiceAuthenticationService serviceAuthenticationService, AuthSourceService authSourceService) {
        this.serviceAuthenticationService = serviceAuthenticationService;
        this.authSourceService = authSourceService;
    }
}
