package org.zowe.apiml.gateway.security.login.x509;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import lombok.Generated;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.stereotype.Component;
import org.zowe.apiml.gateway.security.login.x509.model.CertMapperResponse;
import org.zowe.apiml.gateway.security.service.TokenCreationService;

@Component
@ConditionalOnExpression("!T(org.springframework.util.StringUtils).isEmpty('${apiml.security.x509.externalMapperUrl}')")
/* loaded from: input_file:org/zowe/apiml/gateway/security/login/x509/X509ExternalMapper.class */
public class X509ExternalMapper extends X509AbstractMapper {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(X509ExternalMapper.class);
    private final CloseableHttpClient httpClientProxy;
    private final TokenCreationService tokenCreationService;

    @Value("${apiml.security.x509.externalMapperUrl}")
    private String externalMapperUrl;

    @Value("${apiml.security.x509.externalMapperUser}")
    private String externalMapperUser;

    @Override // org.zowe.apiml.gateway.security.login.x509.X509AuthenticationMapper
    public String mapCertificateToMainframeUserId(X509Certificate x509Certificate) {
        if (!isClientAuthCertificate(x509Certificate)) {
            return null;
        }
        try {
            String createJwtTokenWithoutCredentials = this.tokenCreationService.createJwtTokenWithoutCredentials(this.externalMapperUser);
            HttpPost httpPost = new HttpPost(new URI(this.externalMapperUrl));
            httpPost.setEntity(new ByteArrayEntity(x509Certificate.getEncoded()));
            httpPost.setHeader(new BasicHeader("Cookie", "apimlAuthenticationToken=" + createJwtTokenWithoutCredentials));
            log.debug("Executing request against external mapper API: {}", httpPost.toString());
            String entityUtils = EntityUtils.toString(this.httpClientProxy.execute(httpPost).getEntity(), StandardCharsets.UTF_8);
            log.debug("External mapper API returned: {}", entityUtils);
            if (entityUtils == null || entityUtils.isEmpty()) {
                return null;
            }
            return ((CertMapperResponse) new ObjectMapper().readValue(entityUtils, CertMapperResponse.class)).getUserId().trim();
        } catch (IOException e) {
            log.error("Not able to send certificate to mapper", e);
            return null;
        } catch (URISyntaxException e2) {
            log.error("Wrong service URI provided", e2);
            return null;
        } catch (CertificateEncodingException e3) {
            log.error("Can`t get encoded data from certificate", e3);
            return null;
        }
    }

    @Generated
    public X509ExternalMapper(CloseableHttpClient closeableHttpClient, TokenCreationService tokenCreationService) {
        this.httpClientProxy = closeableHttpClient;
        this.tokenCreationService = tokenCreationService;
    }
}
