package org.cloudfoundry.multiapps.controller.web.util;

import com.sap.cloudfoundry.client.facade.CloudCredentials;
import com.sap.cloudfoundry.client.facade.oauth2.OAuth2AccessTokenWithAdditionalInfo;
import com.sap.cloudfoundry.client.facade.oauth2.OAuthClient;
import com.sap.cloudfoundry.client.facade.util.RestUtil;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Optional;
import org.cloudfoundry.multiapps.controller.core.security.token.parsers.TokenParserChain;
import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
import org.cloudfoundry.multiapps.controller.persistence.model.AccessToken;
import org.cloudfoundry.multiapps.controller.persistence.services.AccessTokenService;
import org.cloudfoundry.multiapps.controller.web.Constants;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;

/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/util/BasicTokenGenerator.class */
public class BasicTokenGenerator extends TokenGenerator {
    private final RestUtil restUtil;
    private final ApplicationConfiguration applicationConfiguration;
    private final TokenReuser tokenReuser;
    private final TokenParserChain tokenParserChain;

    public BasicTokenGenerator(AccessTokenService accessTokenService, ApplicationConfiguration applicationConfiguration, TokenReuser tokenReuser, TokenParserChain tokenParserChain) {
        super(accessTokenService);
        this.restUtil = createRestUtil();
        this.applicationConfiguration = applicationConfiguration;
        this.tokenReuser = tokenReuser;
        this.tokenParserChain = tokenParserChain;
    }

    @Override // org.cloudfoundry.multiapps.controller.web.util.TokenGenerator
    public OAuth2AccessTokenWithAdditionalInfo generate(String str) {
        if (!this.applicationConfiguration.isBasicAuthEnabled().booleanValue()) {
            throw new InsufficientAuthenticationException(Messages.BASIC_AUTHENTICATION_IS_NOT_ENABLED_USE_OAUTH_2);
        }
        OAuthClient createOAuthClientByControllerUrl = this.restUtil.createOAuthClientByControllerUrl(this.applicationConfiguration.getControllerUrl(), this.applicationConfiguration.shouldSkipSslValidation().booleanValue());
        String[] usernameWithPassword = getUsernameWithPassword(str);
        Optional<AccessToken> tokenWithExpirationAfter = this.tokenReuser.getTokenWithExpirationAfter(usernameWithPassword[0], Constants.BASIC_TOKEN_RETENTION_TIME_IN_SECONDS);
        if (tokenWithExpirationAfter.isPresent()) {
            return this.tokenParserChain.parse(new String(tokenWithExpirationAfter.get().getValue(), StandardCharsets.UTF_8));
        }
        createOAuthClientByControllerUrl.init(new CloudCredentials(usernameWithPassword[0], usernameWithPassword[1]));
        OAuth2AccessTokenWithAdditionalInfo token = createOAuthClientByControllerUrl.getToken();
        storeAccessToken(buildAccessToken(token));
        return token;
    }

    String[] getUsernameWithPassword(String str) {
        String decodeToken = decodeToken(str);
        int indexOf = decodeToken.indexOf(":");
        if (indexOf == -1) {
            throw new InternalAuthenticationServiceException(Messages.INVALID_AUTHENTICATION_PROVIDED);
        }
        return new String[]{decodeToken.substring(0, indexOf), decodeToken.substring(indexOf + 1)};
    }

    private String decodeToken(String str) {
        try {
            return new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8);
        } catch (IllegalArgumentException e) {
            throw new InternalAuthenticationServiceException(e.getMessage(), e);
        }
    }

    protected RestUtil createRestUtil() {
        return new RestUtil();
    }
}
