package pl.edu.icm.unity.oauth.rp.local;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import eu.unicore.security.HTTPAuthNTokens;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialRetrieval;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialRetrievalFactory;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.LocalAuthenticationResult;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;
import pl.edu.icm.unity.rest.authn.CXFAuthentication;
import pl.edu.icm.unity.rest.authn.ext.HttpBasicParser;
import pl.edu.icm.unity.rest.authn.ext.HttpBasicRetrievalBase;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/oauth/rp/local/RESTBearerTokenAndPasswordRetrieval.class */
public class RESTBearerTokenAndPasswordRetrieval extends AbstractCredentialRetrieval<AccessTokenAndPasswordExchange> implements CXFAuthentication {
    public static final String NAME = "rest-oauth-bearer-password";
    public static final String DESC = "RESTBearerTokenAndPasswordRetrieval.desc";
    private static final Logger log = Log.getLogger("unity.server.rest", RESTBearerTokenAndPasswordRetrieval.class);

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/oauth/rp/local/RESTBearerTokenAndPasswordRetrieval$Factory.class */
    public static class Factory extends AbstractCredentialRetrievalFactory<RESTBearerTokenAndPasswordRetrieval> {
        @Autowired
        public Factory(ObjectFactory<RESTBearerTokenAndPasswordRetrieval> objectFactory) {
            super(RESTBearerTokenAndPasswordRetrieval.NAME, RESTBearerTokenAndPasswordRetrieval.DESC, "jaxrs2", objectFactory, AccessTokenAndPasswordExchange.ID);
        }
    }

    public RESTBearerTokenAndPasswordRetrieval() {
        super("jaxrs2");
    }

    public String getSerializedConfiguration() {
        return OAuthTokenEndpoint.PATH;
    }

    public void setSerializedConfiguration(String str) {
    }

    public Interceptor<? extends Message> getInterceptor() {
        return null;
    }

    public AuthenticationResult getAuthenticationResult(Properties properties) {
        Map<String, String> httpCredentials = getHttpCredentials();
        BearerAccessToken tokenCredential = getTokenCredential(httpCredentials.get("Bearer"));
        if (tokenCredential == null) {
            log.debug("No HTTP Bearer access token header was found");
            return LocalAuthenticationResult.failed(new AuthenticationResult.ResolvableError("BearerRetrievalBase.tokenNotFound", new Object[0]));
        }
        log.trace("HTTP Bearer access token header found");
        try {
            HTTPAuthNTokens hTTPCredentials = HttpBasicParser.getHTTPCredentials(httpCredentials.get("Basic"), log, HttpBasicRetrievalBase.isUrlEncoded(properties));
            if (hTTPCredentials == null) {
                log.debug("No HTTP BASIC auth header was found");
                return LocalAuthenticationResult.failed(new AuthenticationResult.ResolvableError("RESTBearerTokenAndPasswordRetrieval.basicAuthNotFound", new Object[0]));
            }
            log.trace("HTTP BASIC auth header found");
            try {
                return ((AccessTokenAndPasswordExchange) this.credentialExchange).checkTokenAndPassword(tokenCredential, hTTPCredentials.getUserName(), hTTPCredentials.getPasswd());
            } catch (AuthenticationException e) {
                return LocalAuthenticationResult.failed(e);
            }
        } catch (Exception e2) {
            log.debug("Invalid HTTP BASIC auth header was found");
            return LocalAuthenticationResult.failed(new AuthenticationResult.ResolvableError("RESTBearerTokenAndPasswordRetrieval.invalidBasicAuth", new Object[0]));
        }
    }

    Map<String, String> getHttpCredentials() {
        HttpServletRequest httpServletRequest;
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null || (httpServletRequest = (HttpServletRequest) currentMessage.get("HTTP.REQUEST")) == null) {
            return null;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (String str : header.split(",")) {
            hashMap.put(str.split(" ")[0], str);
        }
        return hashMap;
    }

    public BearerAccessToken getTokenCredential(String str) {
        try {
            return BearerAccessToken.parse(str);
        } catch (ParseException e) {
            log.debug("Received HTTP authorization header, but it is not a valid Bearer access token: " + e);
            return null;
        }
    }
}
