package org.gcube.smartgears.handlers.application.request;

import java.util.Base64;
import javax.xml.bind.annotation.XmlRootElement;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
import org.gcube.smartgears.handlers.application.ResponseEvent;
import org.gcube.smartgears.utils.GcubeJwt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@XmlRootElement(name = Constants.request_context_retriever)
/* loaded from: input_file:org/gcube/smartgears/handlers/application/request/RequestContextRetriever.class */
public class RequestContextRetriever extends RequestHandler {
    private static Logger log = LoggerFactory.getLogger(RequestContextRetriever.class);
    private static final String BEARER_AUTH_PREFIX = "Bearer";
    private static final String BASIC_AUTH_PREFIX = "Basic";

    @Override // org.gcube.smartgears.handlers.application.RequestHandler
    public String getName() {
        return Constants.request_context_retriever;
    }

    @Override // org.gcube.smartgears.handlers.application.RequestHandler
    public void handleRequest(RequestEvent requestEvent) {
        String header = requestEvent.request().getParameter(Constants.token_header) == null ? requestEvent.request().getHeader(Constants.token_header) : requestEvent.request().getParameter(Constants.token_header);
        String header2 = requestEvent.request().getParameter(Constants.scope_header) == null ? requestEvent.request().getHeader(Constants.scope_header) : requestEvent.request().getParameter(Constants.scope_header);
        String header3 = requestEvent.request().getHeader(Constants.authorization_header);
        log.trace("authorization header is {}", header3);
        log.trace("token header is {}", header);
        log.trace("scope header is {}", header2);
        String str = null;
        String str2 = null;
        if (header3 != null && !header3.isEmpty()) {
            if (header3.startsWith(BEARER_AUTH_PREFIX)) {
                str2 = header3.substring(BEARER_AUTH_PREFIX.length()).trim();
            } else if (header == null && header3.startsWith(BASIC_AUTH_PREFIX)) {
                String[] split = new String(Base64.getDecoder().decode(header3.substring(BASIC_AUTH_PREFIX.length()).trim().getBytes())).split(":");
                header = split[1];
                str = split[0];
            }
        }
        if (str2 != null) {
            retreiveAndSetInfoUmaToken(str2, header, requestEvent);
        } else if (header != null) {
            retreiveAndSetInfoGcubeToken(header, str, requestEvent);
        } else if (header2 != null) {
            ScopeProvider.instance.set(header2);
        }
    }

    @Override // org.gcube.smartgears.handlers.application.RequestHandler
    public void handleResponse(ResponseEvent responseEvent) {
        SecurityTokenProvider.instance.reset();
        AuthorizationProvider.instance.reset();
        AccessTokenProvider.instance.reset();
        ScopeProvider.instance.reset();
        log.debug("resetting all the Thread local for this call.");
    }

    private void retreiveAndSetInfoGcubeToken(String str, String str2, RequestEvent requestEvent) {
        log.trace("retrieving context using token {} ", str);
        AuthorizationEntry authorizationEntry = null;
        try {
            authorizationEntry = org.gcube.common.authorization.client.Constants.authorizationService().get(str);
        } catch (Exception e) {
            log.error("error contacting authorization service", e);
            RequestError.internal_server_error.fire("error contacting authorization service");
        } catch (ObjectNotFound e2) {
            log.warn("rejecting call to {}, invalid token {}", requestEvent.context().name(), str);
            RequestError.invalid_request_error.fire(requestEvent.context().name() + " invalid token : " + str);
        }
        if (str2 != null && !authorizationEntry.getClientInfo().getId().equals(str2)) {
            throw new Exception("user and token owner are not the same");
        }
        AuthorizationProvider.instance.set(new Caller(authorizationEntry.getClientInfo(), authorizationEntry.getQualifier()));
        SecurityTokenProvider.instance.set(str);
        ScopeProvider.instance.set(authorizationEntry.getContext());
        log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), authorizationEntry.getContext());
    }

    private void retreiveAndSetInfoUmaToken(String str, String str2, RequestEvent requestEvent) {
        log.debug("using UMA token for authorization");
        log.trace("retrieving context using uma token {} ", str);
        AccessTokenProvider.instance.set(str);
        SecurityTokenProvider.instance.set(str2);
        parseAccessTokenAndSet(str);
        log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), ScopeProvider.instance.get());
    }

    private void parseAccessTokenAndSet(String str) {
        GcubeJwt gcubeJwt = null;
        try {
            gcubeJwt = (GcubeJwt) new ObjectMapper().readValue(new String(Base64.getDecoder().decode(str.split("\\.")[1].getBytes())), GcubeJwt.class);
        } catch (Exception e) {
            log.error("error decoding uma token", e);
            RequestError.internal_server_error.fire("error parsing access token");
        }
        ScopeBean scopeBean = null;
        try {
            scopeBean = new ScopeBean(gcubeJwt.getContext());
        } catch (Exception e2) {
            log.error("error decoding uma token", e2);
            RequestError.internal_server_error.fire("invalid context in access token");
        }
        AuthorizationProvider.instance.set(new Caller(new UserInfo(gcubeJwt.getUsername(), gcubeJwt.getRoles(), gcubeJwt.getEmail(), gcubeJwt.getFirstName(), gcubeJwt.getLastName()), "token"));
        ScopeProvider.instance.set(scopeBean.toString());
    }
}
