package com.sap.cloud.security.servlet;

import com.sap.cloud.security.config.Environments;
import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.config.Service;
import com.sap.cloud.security.token.ScopeConverter;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.XsuaaScopeConverter;
import com.sap.cloud.security.token.XsuaaToken;
import java.util.Objects;
import javax.annotation.Nullable;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/servlet/XsuaaTokenAuthenticator.class */
public class XsuaaTokenAuthenticator extends AbstractTokenAuthenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger(XsuaaTokenAuthenticator.class);
    private static final String IAS_XSUAA_ENABLED = "IAS_XSUAA_XCHANGE_ENABLED";
    private IasXsuaaExchangeBroker exchangeBroker;

    public XsuaaTokenAuthenticator() {
    }

    public XsuaaTokenAuthenticator(IasXsuaaExchangeBroker iasXsuaaExchangeBroker) {
        this.exchangeBroker = iasXsuaaExchangeBroker;
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public Token extractFromHeader(String str) {
        return new XsuaaToken(str).withScopeConverter(getScopeConverter());
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    protected OAuth2ServiceConfiguration getServiceConfiguration() {
        OAuth2ServiceConfiguration xsuaaConfiguration = this.serviceConfiguration != null ? this.serviceConfiguration : Environments.getCurrent().getXsuaaConfiguration();
        if (xsuaaConfiguration == null) {
            throw new IllegalStateException("There must be a service configuration.");
        }
        return xsuaaConfiguration;
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    @Nullable
    protected OAuth2ServiceConfiguration getOtherServiceConfiguration() {
        return Environments.getCurrent().getXsuaaConfigurationForTokenExchange();
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    protected TokenAuthenticationResult authenticated(Token token) {
        return TokenAuthenticatorResult.createAuthenticated(getScopeConverter().convert(((XsuaaToken) token).getScopes()), token);
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public TokenAuthenticationResult validateRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            return TokenAuthenticatorResult.createUnauthenticated("Could not process request " + servletRequest);
        }
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (!headerIsAvailable(header)) {
            return unauthenticated("Authorization header is missing.");
        }
        try {
            Token create = TokenFactory.create(header);
            if (isIasXsuaaXchangeEnabled() && create.getService() == Service.IAS) {
                create = new XsuaaToken((String) Objects.requireNonNull(this.exchangeBroker.doIasToXsuaaXchange(this.httpClient, create, this.serviceConfiguration), "IasXsuaaExchangeBroker is not provided"));
            }
            return tokenValidationResult(create);
        } catch (Exception e) {
            return unauthenticated("Unexpected error occurred: " + e.getMessage());
        }
    }

    private ScopeConverter getScopeConverter() {
        return new XsuaaScopeConverter(getServiceConfiguration().getProperty("xsappname"));
    }

    private boolean isIasXsuaaXchangeEnabled() {
        String str = System.getenv(IAS_XSUAA_ENABLED);
        LOGGER.debug("System environment variable {} is set to {}", IAS_XSUAA_ENABLED, str);
        return (str == null || str.equalsIgnoreCase("false")) ? false : true;
    }
}
