package com.sap.cloud.security.xsuaa.extractor;

import com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration;
import com.sap.cloud.security.xsuaa.client.ClientCredentials;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenService;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.Cache;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/extractor/TokenBrokerResolver.class */
public class TokenBrokerResolver implements BearerTokenResolver {
    private static final Logger logger = LoggerFactory.getLogger(TokenBrokerResolver.class);
    private static final String BASIC_CREDENTIAL = "basic";
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String OAUTH_TOKEN_PATH = "/oauth/token";
    private static final String BEARER_TYPE = "bearer";
    private XsuaaServiceConfiguration configuration;
    private Cache tokenCache;
    private TokenBroker tokenBroker;
    private AuthenticationInformationExtractor authenticationConfig;

    @Deprecated
    public TokenBrokerResolver(XsuaaServiceConfiguration xsuaaServiceConfiguration, Cache cache, TokenBroker tokenBroker, AuthenticationInformationExtractor authenticationInformationExtractor) {
        this.configuration = xsuaaServiceConfiguration;
        this.tokenCache = cache;
        this.tokenBroker = tokenBroker;
        this.authenticationConfig = authenticationInformationExtractor;
    }

    public TokenBrokerResolver(XsuaaServiceConfiguration xsuaaServiceConfiguration, Cache cache, OAuth2TokenService oAuth2TokenService, AuthenticationInformationExtractor authenticationInformationExtractor) {
        this.configuration = xsuaaServiceConfiguration;
        this.tokenCache = cache;
        this.tokenBroker = new UaaTokenBroker(oAuth2TokenService);
        this.authenticationConfig = authenticationInformationExtractor;
    }

    public TokenBrokerResolver(XsuaaServiceConfiguration xsuaaServiceConfiguration, Cache cache, AuthenticationMethod... authenticationMethodArr) {
        this(xsuaaServiceConfiguration, cache, new UaaTokenBroker(), new DefaultAuthenticationInformationExtractor(authenticationMethodArr));
    }

    public String resolve(HttpServletRequest httpServletRequest) {
        try {
            return extractToken(httpServletRequest);
        } catch (TokenBrokerException e) {
            logger.warn("Error obtaining token:" + e.getMessage(), e);
            return null;
        }
    }

    private String extractToken(HttpServletRequest httpServletRequest) throws TokenBrokerException {
        List<AuthenticationMethod> authenticationMethods = this.authenticationConfig.getAuthenticationMethods(httpServletRequest);
        checkTypes(authenticationMethods);
        String oAuthTokenUrl = getOAuthTokenUrl(httpServletRequest);
        Iterator<AuthenticationMethod> it = authenticationMethods.iterator();
        while (it.hasNext()) {
            String brokerToken = getBrokerToken(it.next(), httpServletRequest.getHeaders(AUTHORIZATION_HEADER), oAuthTokenUrl);
            if (!StringUtils.isEmpty(brokerToken)) {
                return brokerToken;
            }
        }
        return null;
    }

    private void checkTypes(List<AuthenticationMethod> list) {
        if (list.contains(AuthenticationMethod.BASIC) && list.contains(AuthenticationMethod.CLIENT_CREDENTIALS)) {
            throw new IllegalArgumentException("Use either CLIENT_CREDENTIALS or BASIC");
        }
    }

    private String getOAuthTokenUrl(HttpServletRequest httpServletRequest) {
        String uaaUrl = this.configuration.getUaaUrl();
        String uaaDomain = this.configuration.getUaaDomain();
        Optional<String> subdomain = this.authenticationConfig.getSubdomain(httpServletRequest);
        return subdomain.isPresent() ? TokenUrlUtils.getMultiTenancyUrl(OAUTH_TOKEN_PATH, uaaUrl, uaaDomain, subdomain.get()) : TokenUrlUtils.getOauthTokenUrl(OAUTH_TOKEN_PATH, uaaUrl, uaaDomain);
    }

    private String getBrokerToken(AuthenticationMethod authenticationMethod, Enumeration<String> enumeration, String str) throws TokenBrokerException {
        ClientCredentials clientCredentials = new ClientCredentials(this.configuration.getClientId(), this.configuration.getClientSecret());
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            switch (authenticationMethod) {
                case OAUTH2:
                    return extractAuthorizationHeader(BEARER_TYPE, nextElement);
                case BASIC:
                    ClientCredentials credentialsFromBasicAuthorizationHeader = getCredentialsFromBasicAuthorizationHeader(extractAuthorizationHeader(BASIC_CREDENTIAL, nextElement));
                    if (credentialsFromBasicAuthorizationHeader == null) {
                        break;
                    } else {
                        String createSecureHash = createSecureHash(str, clientCredentials.toString(), credentialsFromBasicAuthorizationHeader.toString());
                        String str2 = (String) this.tokenCache.get(createSecureHash, String.class);
                        if (str2 != null) {
                            logger.info("return (basic) access token for {} from cache", createSecureHash);
                            return str2;
                        }
                        String accessTokenFromPasswordCredentials = this.tokenBroker.getAccessTokenFromPasswordCredentials(str, clientCredentials.getId(), clientCredentials.getSecret(), credentialsFromBasicAuthorizationHeader.getId(), credentialsFromBasicAuthorizationHeader.getSecret());
                        this.tokenCache.put(createSecureHash, accessTokenFromPasswordCredentials);
                        return accessTokenFromPasswordCredentials;
                    }
                case CLIENT_CREDENTIALS:
                    ClientCredentials credentialsFromBasicAuthorizationHeader2 = getCredentialsFromBasicAuthorizationHeader(extractAuthorizationHeader(BASIC_CREDENTIAL, nextElement));
                    if (credentialsFromBasicAuthorizationHeader2 == null) {
                        break;
                    } else {
                        String createSecureHash2 = createSecureHash(str, credentialsFromBasicAuthorizationHeader2.toString());
                        String str3 = (String) this.tokenCache.get(createSecureHash2, String.class);
                        if (str3 != null) {
                            logger.info("return (client-credentials) access token for {} from cache", createSecureHash2);
                            return str3;
                        }
                        String accessTokenFromClientCredentials = this.tokenBroker.getAccessTokenFromClientCredentials(str, credentialsFromBasicAuthorizationHeader2.getId(), credentialsFromBasicAuthorizationHeader2.getSecret());
                        this.tokenCache.put(createSecureHash2, accessTokenFromClientCredentials);
                        return accessTokenFromClientCredentials;
                    }
                default:
                    return null;
            }
        }
        return null;
    }

    @Nullable
    private ClientCredentials getCredentialsFromBasicAuthorizationHeader(@Nullable String str) {
        if (str == null) {
            return null;
        }
        String str2 = new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
        if (!str2.contains(":")) {
            return null;
        }
        String[] split = str2.split(":", 2);
        if (split.length == 2) {
            return new ClientCredentials(split[0], split[1]);
        }
        return null;
    }

    private String createSecureHash(String... strArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            for (String str : strArr) {
                messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            }
            return Base64.getEncoder().encodeToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No such Algorithm", e);
        }
    }

    private String extractAuthorizationHeader(String str, String str2) {
        if (!str2.toLowerCase().startsWith(str.toLowerCase())) {
            return null;
        }
        String trim = str2.substring(str.length()).trim();
        int indexOf = trim.indexOf(44);
        if (indexOf > 0) {
            trim = trim.substring(0, indexOf);
        }
        return trim;
    }

    public AuthenticationInformationExtractor getAuthenticationConfig() {
        return this.authenticationConfig;
    }

    public void setAuthenticationConfig(AuthenticationInformationExtractor authenticationInformationExtractor) {
        this.authenticationConfig = authenticationInformationExtractor;
    }
}
