package com.appiancorp.object.remote;

import com.appiancorp.integration.http.HttpParameterConstants;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.web.servlet.SelfRegisteringHttpServlet;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.ParseException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.http.HttpStatus;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpStatusCodeException;

/* loaded from: input_file:com/appiancorp/object/remote/RemoteFrameworksBFFTokenServlet.class */
public class RemoteFrameworksBFFTokenServlet extends SelfRegisteringHttpServlet {
    private static final long serialVersionUID = 1;
    public static final String PATH = "/rfx/bff-token";
    public static final String JWT_ATTRIBUTE_NAME = "RFX_BFF_TOKEN";
    private static final String[] DEFAULT_SCOPES = {"user"};
    private final transient U2SJwtFactory jwtFactory;
    private final transient RemoteRegistry remoteRegistry;
    private final transient RemoteFrameworksConfiguration remoteFrameworksConfiguration;
    private final ObjectMapper mapper;

    public RemoteFrameworksBFFTokenServlet(U2SJwtFactory u2SJwtFactory, RemoteRegistry remoteRegistry) {
        this(u2SJwtFactory, remoteRegistry, new ObjectMapper());
    }

    public RemoteFrameworksBFFTokenServlet(U2SJwtFactory u2SJwtFactory, RemoteRegistry remoteRegistry, ObjectMapper objectMapper) {
        this.jwtFactory = (U2SJwtFactory) Preconditions.checkNotNull(u2SJwtFactory);
        this.remoteRegistry = (RemoteRegistry) Preconditions.checkNotNull(remoteRegistry);
        this.remoteFrameworksConfiguration = (RemoteFrameworksConfiguration) ConfigurationFactory.getConfiguration(RemoteFrameworksConfiguration.class);
        this.mapper = objectMapper;
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            try {
                String handlePayload = handlePayload((RemoteFrameworksBFFRequestPayload) getPayload(httpServletRequest, RemoteFrameworksBFFRequestPayload.class), httpServletRequest, httpServletResponse);
                PrintWriter writer = httpServletResponse.getWriter();
                httpServletResponse.setContentType(HttpParameterConstants.APPLICATION_JSON_TYPE);
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.setStatus(200);
                writer.print(handlePayload);
                writer.flush();
            } catch (HttpStatusCodeException e) {
                httpServletResponse.sendError(e.getRawStatusCode(), e.getMessage());
            }
        } catch (IOException e2) {
            httpServletResponse.sendError(400, "Failed to read payload with exception: " + e2.getMessage());
        }
    }

    private String handlePayload(RemoteFrameworksBFFRequestPayload remoteFrameworksBFFRequestPayload, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws HttpStatusCodeException {
        RemoteService remoteService = this.remoteRegistry.getRemoteService(remoteFrameworksBFFRequestPayload.resource);
        if (remoteService == null) {
            throw new HttpClientErrorException(HttpStatus.NOT_FOUND, "Requested Remote Service was not found.");
        }
        String[] strArr = remoteFrameworksBFFRequestPayload.scopes == null ? DEFAULT_SCOPES : remoteFrameworksBFFRequestPayload.scopes;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED, "No session could be found.");
        }
        String savedJwt = getSavedJwt(session, remoteService);
        if (savedJwt == null) {
            savedJwt = createJwt(remoteService, strArr);
            saveJwt(session, savedJwt, remoteService);
        } else {
            try {
                JWTClaimsSet jWTClaimsSet = JWTParser.parse(savedJwt).getJWTClaimsSet();
                if (jWTClaimsSet.getExpirationTime().before(Date.from(Instant.now().plus(this.remoteFrameworksConfiguration.getJwtExpirationBuffer().intValue(), (TemporalUnit) ChronoUnit.SECONDS)))) {
                    savedJwt = createJwt(remoteService, strArr, getCsrf(jWTClaimsSet));
                    saveJwt(session, savedJwt, remoteService);
                }
            } catch (ParseException e) {
                throw new HttpClientErrorException(HttpStatus.BAD_REQUEST, "Failed to parse JWT.");
            }
        }
        try {
            return "{\"token\": \"" + savedJwt + "\", \"expiresAtMillis\" : " + String.valueOf(JWTParser.parse(savedJwt).getJWTClaimsSet().getExpirationTime().toInstant().toEpochMilli()) + "}";
        } catch (ParseException e2) {
            throw new HttpClientErrorException(HttpStatus.BAD_REQUEST, "Failed to parse JWT.");
        }
    }

    private void saveJwt(HttpSession httpSession, String str, RemoteService remoteService) {
        httpSession.setAttribute(getSessionAttributeName(remoteService), str);
    }

    private String getSavedJwt(HttpSession httpSession, RemoteService remoteService) {
        return (String) httpSession.getAttribute(getSessionAttributeName(remoteService));
    }

    static String getSessionAttributeName(RemoteService remoteService) {
        return "RFX_BFF_TOKEN:" + remoteService.getKey();
    }

    private String createJwt(RemoteService remoteService, String[] strArr) {
        return this.jwtFactory.createJwt(remoteService, strArr, this.remoteRegistry);
    }

    private String createJwt(RemoteService remoteService, String[] strArr, String str) {
        return this.jwtFactory.createJwt(remoteService, strArr, str, this.remoteRegistry);
    }

    private String getCsrf(JWTClaimsSet jWTClaimsSet) throws ParseException {
        return jWTClaimsSet.getStringClaim(RemoteJwtSupplierImpl.CSRF);
    }

    private <T> T getPayload(HttpServletRequest httpServletRequest, Class<T> cls) throws IOException {
        StringBuilder sb = new StringBuilder();
        BufferedReader reader = httpServletRequest.getReader();
        while (true) {
            String readLine = reader.readLine();
            if (readLine == null) {
                return (T) this.mapper.readValue(sb.toString(), cls);
            }
            sb.append(readLine);
        }
    }

    public String[] getPaths() {
        return new String[]{PATH};
    }

    public String getName() {
        return "remoteFrameworksBFFTokenServlet";
    }
}
