package io.cellery.security.cell.sts.server.core.service;

import io.cellery.security.cell.sts.server.authorization.AuthorizationFailedException;
import io.cellery.security.cell.sts.server.core.CellStsUtils;
import io.cellery.security.cell.sts.server.core.Constants;
import io.cellery.security.cell.sts.server.core.context.store.UserContextStore;
import io.cellery.security.cell.sts.server.core.exception.CellSTSRequestValidationFailedException;
import io.cellery.security.cell.sts.server.core.model.CellStsRequest;
import io.cellery.security.cell.sts.server.core.model.CellStsResponse;
import io.cellery.security.cell.sts.server.core.model.config.CellStsConfiguration;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/cellery/security/cell/sts/server/core/service/CelleryGWSTSService.class */
public class CelleryGWSTSService extends CelleryCellStsService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CelleryGWSTSService.class);

    public CelleryGWSTSService(UserContextStore userContextStore, UserContextStore userContextStore2) throws CelleryCellSTSException {
        super(userContextStore, userContextStore2);
    }

    @Override // io.cellery.security.cell.sts.server.core.service.CelleryCellStsService
    public void handleInboundRequest(CellStsRequest cellStsRequest, CellStsResponse cellStsResponse) throws CelleryCellSTSException {
        String requestId = cellStsRequest.getRequestId();
        if (log.isDebugEnabled()) {
            log.debug("Request reached gateway sidecar.");
        }
        try {
            if (REQUEST_VALIDATOR.isAuthenticationRequired(cellStsRequest)) {
                log.debug("Authentication is required for the request ID: {} ", requestId);
                log.debug("Caller cell : {}", cellStsRequest.getSource().getCellInstanceName());
                String userContextJwt = getUserContextJwt(cellStsRequest);
                log.debug("Incoming JWT : " + userContextJwt);
                handleRequestToMicroGW(cellStsRequest, requestId, userContextJwt);
                try {
                    AUTHORIZATION_SERVICE.authorize(cellStsRequest, userContextJwt);
                    attachToken(cellStsRequest, cellStsResponse);
                    log.info("Gateway request processing ended successfully for request: {}", requestId);
                } catch (AuthorizationFailedException e) {
                    throw new CelleryCellSTSException("Authorization failure", e);
                }
            }
        } catch (CellSTSRequestValidationFailedException e2) {
            throw new CelleryCellSTSException("Error while evaluating authentication requirement", e2);
        }
    }

    @Override // io.cellery.security.cell.sts.server.core.service.CelleryCellStsService
    protected void attachToken(CellStsRequest cellStsRequest, CellStsResponse cellStsResponse) throws CelleryCellSTSException {
        String exchangeToInternalToken = exchangeToInternalToken(cellStsRequest);
        if (StringUtils.isEmpty(exchangeToInternalToken)) {
            throw new CelleryCellSTSException("No JWT token received from the STS endpoint: " + CellStsConfiguration.getInstance().getStsEndpoint());
        }
        log.debug("Attaching jwt to gateway request : {}", exchangeToInternalToken);
        if (cellStsRequest.getRequestHeaders().get(Constants.CELLERY_AUTH_SUBJECT_HEADER) != null) {
            log.info("Found user in outgoing request");
        }
        cellStsResponse.addResponseHeader("authorization", "Bearer " + exchangeToInternalToken);
    }

    protected String exchangeToInternalToken(CellStsRequest cellStsRequest) throws CelleryCellSTSException {
        String requestId = cellStsRequest.getRequestId();
        log.debug("Request with ID: to micro gateway from {}", requestId, cellStsRequest.getSource());
        if (StringUtils.isNotEmpty(this.localContextStore.get(requestId))) {
            log.debug("Found an already existing local token issued for same request on a different occurance");
            return this.localContextStore.get(requestId);
        }
        String str = this.userContextStore.get(requestId);
        if (StringUtils.isEmpty(str)) {
            return getTokenFromLocalSTS(CellStsUtils.getMyCellName());
        }
        this.userContextStore.remove(requestId);
        return getTokenFromLocalSTS(str, CellStsUtils.getMyCellName());
    }
}
