package com.sap.cloud.security.servlet;

import com.sap.cloud.security.client.HttpClientFactory;
import com.sap.cloud.security.config.Environments;
import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.token.ScopeConverter;
import com.sap.cloud.security.token.SecurityContext;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.XsuaaScopeConverter;
import com.sap.cloud.security.token.XsuaaToken;
import com.sap.cloud.security.x509.X509Certificate;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import javax.annotation.Nullable;
import org.apache.http.impl.client.CloseableHttpClient;

/* loaded from: input_file:com/sap/cloud/security/servlet/XsuaaTokenAuthenticator.class */
public class XsuaaTokenAuthenticator extends AbstractTokenAuthenticator {
    public XsuaaTokenAuthenticator() {
        this.serviceConfiguration = Environments.getCurrent().getXsuaaConfiguration();
        this.httpClient = HttpClientFactory.create(this.serviceConfiguration != null ? this.serviceConfiguration.getClientIdentity() : null);
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public AbstractTokenAuthenticator withServiceConfiguration(OAuth2ServiceConfiguration oAuth2ServiceConfiguration) {
        super.withServiceConfiguration(oAuth2ServiceConfiguration);
        return this;
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public AbstractTokenAuthenticator withHttpClient(CloseableHttpClient closeableHttpClient) {
        super.withHttpClient(closeableHttpClient);
        return this;
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public Token extractFromHeader(String str) {
        return new XsuaaToken(str).withScopeConverter(getScopeConverter());
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    protected OAuth2ServiceConfiguration getServiceConfiguration() {
        OAuth2ServiceConfiguration xsuaaConfiguration = this.serviceConfiguration != null ? this.serviceConfiguration : Environments.getCurrent().getXsuaaConfiguration();
        if (xsuaaConfiguration == null) {
            throw new IllegalStateException("There must be a service configuration.");
        }
        return xsuaaConfiguration;
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    @Nullable
    protected OAuth2ServiceConfiguration getOtherServiceConfiguration() {
        return Environments.getCurrent().getXsuaaConfigurationForTokenExchange();
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    protected TokenAuthenticationResult authenticated(Token token) {
        return TokenAuthenticatorResult.createAuthenticated(getScopeConverter().convert(((XsuaaToken) token).getScopes()), token);
    }

    @Override // com.sap.cloud.security.servlet.AbstractTokenAuthenticator
    public TokenAuthenticationResult validateRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (servletResponse instanceof HttpServletResponse) {
                String header = httpServletRequest.getHeader("Authorization");
                if (!headerIsAvailable(header)) {
                    return TokenAuthenticatorResult.createUnauthenticated("Authorization header is missing.");
                }
                try {
                    SecurityContext.setClientCertificate(X509Certificate.newCertificate(getClientCertificate(httpServletRequest)));
                    return tokenValidationResult(Token.create(header));
                } catch (Exception e) {
                    return TokenAuthenticatorResult.createUnauthenticated("Unexpected error occurred: " + e.getMessage());
                }
            }
        }
        return TokenAuthenticatorResult.createUnauthenticated("Could not process request " + servletRequest);
    }

    private ScopeConverter getScopeConverter() {
        return new XsuaaScopeConverter(getServiceConfiguration().getProperty("xsappname"));
    }
}
