package org.zowe.apiml.gateway.security.service.schema;

import com.netflix.appinfo.InstanceInfo;
import com.netflix.zuul.context.RequestContext;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.message.BasicHeader;
import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;
import org.springframework.stereotype.Component;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.auth.AuthenticationScheme;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSchemeException;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.message.core.MessageType;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.passticket.IRRPassTicketGenerationException;
import org.zowe.apiml.passticket.PassTicketService;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
import org.zowe.apiml.security.common.config.AuthConfigurationProperties;
import org.zowe.apiml.security.common.token.TokenExpireException;
import org.zowe.apiml.security.common.token.TokenNotValidException;
import org.zowe.apiml.util.CookieUtil;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/HttpBasicPassTicketScheme.class */
public class HttpBasicPassTicketScheme implements IAuthenticationScheme {

    @InjectApimlLogger
    private final ApimlLogger logger = ApimlLogger.empty();
    private final PassTicketService passTicketService;
    private final AuthSourceService authSourceService;
    private final AuthConfigurationProperties authConfigurationProperties;
    private final String cookieName;

    /* loaded from: input_file:BOOT-INF/classes/org/zowe/apiml/gateway/security/service/schema/HttpBasicPassTicketScheme$PassTicketCommand.class */
    public static final class PassTicketCommand extends AuthenticationCommand {
        private static final long serialVersionUID = 3941300386857998443L;
        private static final String COOKIE_HEADER = "cookie";
        private final String authorizationValue;
        private final String cookieName;
        private final Long expireAt;

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void apply(InstanceInfo instanceInfo) {
            if (this.authorizationValue != null) {
                RequestContext currentContext = RequestContext.getCurrentContext();
                currentContext.addZuulRequestHeader("Authorization", this.authorizationValue);
                JwtCommand.removeCookie(currentContext, this.cookieName);
            }
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public void applyToRequest(HttpRequest httpRequest) {
            if (this.authorizationValue != null) {
                httpRequest.setHeader(new BasicHeader("Authorization", this.authorizationValue));
                Header firstHeader = httpRequest.getFirstHeader("cookie");
                if (firstHeader != null) {
                    httpRequest.setHeader("cookie", CookieUtil.removeCookie(firstHeader.getValue(), this.cookieName));
                }
            }
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand, org.zowe.apiml.cache.EntryExpiration
        public boolean isExpired() {
            return this.expireAt != null && System.currentTimeMillis() > this.expireAt.longValue();
        }

        @Override // org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand
        public boolean isRequiredValidSource() {
            return true;
        }

        @Generated
        public PassTicketCommand(String str, String str2, Long l) {
            this.authorizationValue = str;
            this.cookieName = str2;
            this.expireAt = l;
        }

        @Generated
        public String getAuthorizationValue() {
            return this.authorizationValue;
        }

        @Generated
        public String getCookieName() {
            return this.cookieName;
        }

        @Generated
        public Long getExpireAt() {
            return this.expireAt;
        }

        @Generated
        public String toString() {
            return "HttpBasicPassTicketScheme.PassTicketCommand(authorizationValue=" + getAuthorizationValue() + ", cookieName=" + getCookieName() + ", expireAt=" + getExpireAt() + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof PassTicketCommand)) {
                return false;
            }
            PassTicketCommand passTicketCommand = (PassTicketCommand) obj;
            if (!passTicketCommand.canEqual(this)) {
                return false;
            }
            Long expireAt = getExpireAt();
            Long expireAt2 = passTicketCommand.getExpireAt();
            if (expireAt == null) {
                if (expireAt2 != null) {
                    return false;
                }
            } else if (!expireAt.equals(expireAt2)) {
                return false;
            }
            String authorizationValue = getAuthorizationValue();
            String authorizationValue2 = passTicketCommand.getAuthorizationValue();
            if (authorizationValue == null) {
                if (authorizationValue2 != null) {
                    return false;
                }
            } else if (!authorizationValue.equals(authorizationValue2)) {
                return false;
            }
            String cookieName = getCookieName();
            String cookieName2 = passTicketCommand.getCookieName();
            return cookieName == null ? cookieName2 == null : cookieName.equals(cookieName2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof PassTicketCommand;
        }

        @Generated
        public int hashCode() {
            Long expireAt = getExpireAt();
            int hashCode = (1 * 59) + (expireAt == null ? 43 : expireAt.hashCode());
            String authorizationValue = getAuthorizationValue();
            int hashCode2 = (hashCode * 59) + (authorizationValue == null ? 43 : authorizationValue.hashCode());
            String cookieName = getCookieName();
            return (hashCode2 * 59) + (cookieName == null ? 43 : cookieName.hashCode());
        }
    }

    public HttpBasicPassTicketScheme(PassTicketService passTicketService, AuthSourceService authSourceService, AuthConfigurationProperties authConfigurationProperties) {
        this.passTicketService = passTicketService;
        this.authSourceService = authSourceService;
        this.authConfigurationProperties = authConfigurationProperties;
        this.cookieName = authConfigurationProperties.getCookieProperties().getCookieName();
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.IAuthenticationScheme
    public AuthenticationScheme getScheme() {
        return AuthenticationScheme.HTTP_BASIC_PASSTICKET;
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.IAuthenticationScheme
    public AuthenticationCommand createCommand(Authentication authentication, AuthSource authSource) {
        long currentTimeMillis = System.currentTimeMillis();
        if (authSource == null || authSource.getRawSource() == null) {
            throw new AuthSchemeException("org.zowe.apiml.gateway.security.schema.missingAuthentication");
        }
        try {
            AuthSource.Parsed parse = this.authSourceService.parse(authSource);
            if (parse == null) {
                throw new IllegalStateException("Error occurred while parsing authentication source");
            }
            if (parse.getUserId() == null) {
                this.logger.log(MessageType.DEBUG, "It was not possible to map provided certificate to the mainframe identity.", new Object[0]);
                throw new AuthSchemeException("org.zowe.apiml.gateway.security.schema.x509.mappingFailed");
            }
            String applid = authentication.getApplid();
            String userId = parse.getUserId();
            try {
                String str = ServerHttpBasicAuthenticationConverter.BASIC + Base64.getEncoder().encodeToString((userId + ":" + this.passTicketService.generate(userId, applid)).getBytes(StandardCharsets.UTF_8));
                long intValue = currentTimeMillis + (this.authConfigurationProperties.getPassTicket().getTimeout().intValue() * 1000);
                return new PassTicketCommand(str, this.cookieName, Long.valueOf(Math.min(intValue, parse.getExpiration() != null ? parse.getExpiration().getTime() : intValue)));
            } catch (IRRPassTicketGenerationException e) {
                String format = String.format("Could not generate PassTicket for user ID %s and APPLID %s", userId, applid);
                this.logger.log(MessageType.DEBUG, format, new Object[0]);
                throw new AuthSchemeException("org.zowe.apiml.security.ticket.generateFailed", format);
            }
        } catch (TokenExpireException e2) {
            this.logger.log(MessageType.DEBUG, e2.getLocalizedMessage(), new Object[0]);
            throw new AuthSchemeException("org.zowe.apiml.gateway.security.expiredToken");
        } catch (TokenNotValidException e3) {
            this.logger.log(MessageType.DEBUG, e3.getLocalizedMessage(), new Object[0]);
            throw new AuthSchemeException("org.zowe.apiml.gateway.security.invalidToken");
        }
    }

    @Override // org.zowe.apiml.gateway.security.service.schema.IAuthenticationScheme
    public Optional<AuthSource> getAuthSource() {
        return this.authSourceService.getAuthSourceFromRequest();
    }
}
