package org.georchestra.security;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import lombok.NonNull;
import org.georchestra.commons.configuration.GeorchestraConfiguration;
import org.georchestra.commons.security.SecurityHeaders;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.PropertyResolver;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/security/JSONRequestHeaderProvider.class */
abstract class JSONRequestHeaderProvider extends HeaderProvider {
    private final String configProperty;
    private final String headerName;
    private static final String GLOBAL_KEY = "global";
    private PropertyResolver env;

    @Autowired
    private GeorchestraConfiguration georchestraConfiguration;
    private Cache<String, String> cache;
    private static final long DEFAULT_CACHE_TTL = 2000;
    private Map<String, Boolean> enabledServices = Collections.singletonMap(GLOBAL_KEY, Boolean.FALSE);
    private ObjectMapper encoder = new ObjectMapper();

    public JSONRequestHeaderProvider(String str, String str2) {
        this.configProperty = str;
        this.headerName = str2;
        this.encoder.configure(SerializationFeature.INDENT_OUTPUT, Boolean.FALSE.booleanValue());
        this.encoder.configure(SerializationFeature.WRITE_SINGLE_ELEM_ARRAYS_UNWRAPPED, Boolean.FALSE.booleanValue());
        this.encoder.setSerializationInclusion(JsonInclude.Include.NON_NULL);
    }

    @PostConstruct
    public void init() throws IOException {
        if (this.georchestraConfiguration != null && this.georchestraConfiguration.activated()) {
            init(this.georchestraConfiguration.loadCustomPropertiesFile("headers-mapping"));
        }
    }

    @Autowired
    public void setPropertyResolver(PropertyResolver propertyResolver) {
        this.env = propertyResolver;
    }

    private Cache<String, String> createCache() {
        long j = 2000;
        if (this.env != null) {
            String property = this.env.getProperty("security-proxy.ldap.cache.ttl");
            j = property == null ? 2000L : Long.valueOf(property).longValue();
            if (j < 0) {
                j = 0;
            }
        }
        logger.info(String.format("Setting up LDAP headers cache ttl %,d ms", Long.valueOf(j)));
        return CacheBuilder.newBuilder().expireAfterWrite(j, TimeUnit.MILLISECONDS).build();
    }

    @VisibleForTesting
    final void init(Properties properties) {
        this.enabledServices = loadConfig(Maps.fromProperties(properties));
        this.cache = createCache();
    }

    private Map<String, Boolean> loadConfig(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        map.forEach((str, str2) -> {
            String configToServiceName = configToServiceName(str);
            if (configToServiceName != null) {
                hashMap.put(configToServiceName, Boolean.valueOf(str2));
                logger.info(this.headerName + " with full JSON user payload enabled for service " + configToServiceName);
            }
        });
        hashMap.computeIfAbsent(GLOBAL_KEY, str3 -> {
            return false;
        });
        return hashMap;
    }

    private String configToServiceName(String str) {
        String str2 = null;
        if (str.contains(this.configProperty)) {
            str2 = this.configProperty.equals(str) ? GLOBAL_KEY : str.substring(0, str.indexOf(46));
        }
        return str2;
    }

    @Override // org.georchestra.security.HeaderProvider
    public Map<String, String> getCustomRequestHeaders(HttpServletRequest httpServletRequest, String str) {
        if (isPreAuthorized(httpServletRequest) || isAnnonymous() || !isEnabledForService(str)) {
            return Collections.emptyMap();
        }
        return Collections.singletonMap(this.headerName, resolveValue(getCurrentUserName()));
    }

    private String resolveValue(String str) {
        try {
            return this.cache.get(str, () -> {
                return buildHeaderValue(str);
            });
        } catch (ExecutionException e) {
            throw new IllegalStateException(e.getCause());
        }
    }

    private boolean isEnabledForService(String str) {
        boolean booleanValue = this.enabledServices.get(GLOBAL_KEY).booleanValue();
        return str == null ? booleanValue : this.enabledServices.getOrDefault(str, Boolean.valueOf(booleanValue)).booleanValue();
    }

    private String buildHeaderValue(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("userName is marked non-null but is null");
        }
        return encodeBase64(encodeJson(getPayloadObject(str)));
    }

    protected abstract Object getPayloadObject(String str);

    private String encodeJson(Object obj) {
        try {
            return this.encoder.writer().writeValueAsString(obj);
        } catch (JsonProcessingException e) {
            throw new RuntimeException(e);
        }
    }

    private String encodeBase64(String str) {
        return SecurityHeaders.encodeBase64(str);
    }

    @NonNull
    private String getCurrentUserName() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new IllegalStateException("Request is not authenticated");
        }
        return authentication.getName();
    }

    private boolean isAnnonymous() {
        return SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken;
    }
}
