package org.zowe.apiml.gateway.filters.pre;

import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.netflix.zuul.util.ZuulRuntimeException;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.zowe.apiml.auth.Authentication;
import org.zowe.apiml.gateway.ribbon.loadbalancer.LoadBalancerConstants;
import org.zowe.apiml.gateway.security.service.ServiceAuthenticationServiceImpl;
import org.zowe.apiml.gateway.security.service.schema.AuthenticationCommand;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSchemeException;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSource;
import org.zowe.apiml.gateway.security.service.schema.source.AuthSourceService;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.security.common.token.TokenExpireException;

/* loaded from: input_file:org/zowe/apiml/gateway/filters/pre/ServiceAuthenticationFilter.class */
public class ServiceAuthenticationFilter extends PreZuulFilter {
    public static final String AUTH_FAIL_HEADER = "X-Zowe-Auth-Failure";

    @Autowired
    private ServiceAuthenticationServiceImpl serviceAuthenticationService;

    @Autowired
    private AuthSourceService authSourceService;

    @Autowired
    private MessageService messageService;

    public int filterOrder() {
        return 11;
    }

    public boolean shouldFilter() {
        return true;
    }

    public Object run() {
        Optional<AuthSource> authSourceByAuthentication;
        RequestContext currentContext = RequestContext.getCurrentContext();
        boolean z = false;
        AuthenticationCommand authenticationCommand = null;
        String str = (String) currentContext.get(LoadBalancerConstants.SERVICEID_KEY);
        try {
            Authentication authentication = this.serviceAuthenticationService.getAuthentication(str);
            authSourceByAuthentication = this.serviceAuthenticationService.getAuthSourceByAuthentication(authentication);
            authenticationCommand = this.serviceAuthenticationService.getAuthenticationCommand(str, authentication, authSourceByAuthentication.orElse(null));
        } catch (TokenExpireException e) {
            authenticationCommand = null;
        } catch (AuthSchemeException e2) {
            String mapToLogMessage = e2.getParams() != null ? this.messageService.createMessage(e2.getMessage(), e2.getParams()).mapToLogMessage() : this.messageService.createMessage(e2.getMessage(), new Object[0]).mapToLogMessage();
            currentContext.addZuulRequestHeader(AUTH_FAIL_HEADER, mapToLogMessage);
            currentContext.addZuulResponseHeader(AUTH_FAIL_HEADER, mapToLogMessage);
            currentContext.setResponseStatusCode(200);
            return null;
        } catch (Exception e3) {
            throw new ZuulRuntimeException(new ZuulException(e3, HttpStatus.INTERNAL_SERVER_ERROR.value(), e3.getLocalizedMessage()));
        } catch (AuthenticationException e4) {
            z = true;
        }
        if (authSourceByAuthentication.isPresent() && !isSourceValidForCommand(authSourceByAuthentication.get(), authenticationCommand)) {
            throw new AuthSchemeException("org.zowe.apiml.gateway.security.invalidAuthentication");
        }
        if (z) {
            currentContext.setSendZuulResponse(false);
            currentContext.setResponseStatusCode(401);
            return null;
        }
        if (authenticationCommand == null) {
            return null;
        }
        try {
            authenticationCommand.apply(null);
            return null;
        } catch (Exception e5) {
            throw new ZuulRuntimeException(new ZuulException(e5, HttpStatus.INTERNAL_SERVER_ERROR.value(), e5.getLocalizedMessage()));
        }
    }

    private boolean isSourceValidForCommand(AuthSource authSource, AuthenticationCommand authenticationCommand) {
        return !authenticationCommand.isRequiredValidSource() || this.authSourceService.isValid(authSource);
    }
}
