package com.sap.cloud.security.servlet;

import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.token.SecurityContext;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.validation.ValidationListener;
import com.sap.cloud.security.token.validation.ValidationResult;
import com.sap.cloud.security.token.validation.Validator;
import com.sap.cloud.security.token.validation.validators.JwtValidatorBuilder;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.impl.client.CloseableHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/servlet/AbstractTokenAuthenticator.class */
public abstract class AbstractTokenAuthenticator implements TokenAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(AbstractTokenAuthenticator.class);
    private final List<ValidationListener> validationListeners = new ArrayList();
    private Validator<Token> tokenValidator;
    protected CloseableHttpClient httpClient;
    protected OAuth2ServiceConfiguration serviceConfiguration;

    public TokenAuthenticationResult validateRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            return TokenAuthenticatorResult.createUnauthenticated("Could not process request " + servletRequest);
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (!headerIsAvailable(header)) {
            return unauthenticated(httpServletResponse, "Authorization header is missing.");
        }
        try {
            Token extractFromHeader = extractFromHeader(header);
            ValidationResult validate = getOrCreateTokenValidator().validate(extractFromHeader);
            if (!validate.isValid()) {
                return unauthenticated(httpServletResponse, "Error during token validation: " + validate.getErrorDescription());
            }
            SecurityContext.setToken(extractFromHeader);
            return authenticated(extractFromHeader);
        } catch (Exception e) {
            return unauthenticated(httpServletResponse, "Unexpected error occurred: " + e.getMessage());
        }
    }

    public AbstractTokenAuthenticator withHttpClient(CloseableHttpClient closeableHttpClient) {
        this.httpClient = closeableHttpClient;
        return this;
    }

    public AbstractTokenAuthenticator withServiceConfiguration(OAuth2ServiceConfiguration oAuth2ServiceConfiguration) {
        this.serviceConfiguration = oAuth2ServiceConfiguration;
        return this;
    }

    public AbstractTokenAuthenticator withValidationListener(ValidationListener validationListener) {
        this.validationListeners.add(validationListener);
        return this;
    }

    protected abstract OAuth2ServiceConfiguration getServiceConfiguration();

    protected abstract Token extractFromHeader(String str);

    private Validator<Token> getOrCreateTokenValidator() {
        if (this.tokenValidator == null) {
            JwtValidatorBuilder withHttpClient = JwtValidatorBuilder.getInstance(getServiceConfiguration()).withHttpClient(this.httpClient);
            List<ValidationListener> list = this.validationListeners;
            withHttpClient.getClass();
            list.forEach(withHttpClient::withValidatorListener);
            this.tokenValidator = withHttpClient.build();
        }
        return this.tokenValidator;
    }

    private TokenAuthenticationResult unauthenticated(HttpServletResponse httpServletResponse, String str) {
        logger.warn("Request could not be authenticated: {}.", str);
        try {
            httpServletResponse.sendError(401, str);
        } catch (IOException e) {
            logger.error("Could not send unauthenticated response!", e);
        }
        return TokenAuthenticatorResult.createUnauthenticated(str);
    }

    protected TokenAuthenticationResult authenticated(Token token) {
        return TokenAuthenticatorResult.createAuthenticated(Collections.emptyList(), token);
    }

    private boolean headerIsAvailable(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }
}
