package com.adobe.cq.dam.assethandler.internal.auth.impl;

import com.adobe.cq.dam.assethandler.internal.auth.DeliveryAuth;
import com.adobe.cq.dam.assethandler.internal.helper.Constants;
import com.adobe.granite.auth.oauth.AccessTokenProvider;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.license.ProductInfo;
import com.adobe.granite.license.ProductInfoProvider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {DeliveryAuth.class}, property = {"label = Delivery Auth Service Wrapper", "description = Delivery IMS OAuth Service Wrapper"})
/* loaded from: input_file:com/adobe/cq/dam/assethandler/internal/auth/impl/DeliveryAuthImpl.class */
public class DeliveryAuthImpl implements DeliveryAuth {
    public static final String ACCESS_TOKEN_PROVIDER_FACTORY_PID = "com.adobe.granite.auth.oauth.accesstoken.provider";
    public static final String ACCESS_TOKEN_PROVIDER_NAME = "name";
    public static final String ACCESS_TOKEN_PROVIDER_TITLE = "auth.token.provider.title";
    public static final String ACCESS_TOKEN_CLIENT_ID = "auth.token.provider.client.id";
    public static final String ACCESS_TOKEN_CLAIMS = "auth.token.provider.default.claims";
    public static final String NUI_ACCESS_TOKEN_PROVIDER_NAME = "Asset Compute";
    public static final String IMS_CONFIG_LOOKUP_FILTER = "(&(service.factoryPid=com.adobe.granite.auth.oauth.accesstoken.provider)(name=Asset Compute*))";
    private static final String HEADER_KEY_IMS_ORG_ID = "x-ims-org-id";
    private static final String HEADER_KEY_GW_IMS_ORG_ID = "x-gw-ims-org-id";
    private static final String HEADER_KEY_API_KEY = "x-api-key";
    private static final String HEADER_KEY_AUTHORIZATION = "Authorization";
    private static final String HEADER_USER_AGENT = "User-Agent";
    private Map<Map<String, String>, AccessTokenProvider> availableTokenProviders = new ConcurrentHashMap();
    private String userAgent;

    @Reference
    private ResourceResolverFactory resourceResolverFactory;

    @Reference
    private ConfigurationAdmin configurationAdmin;

    @Reference
    private ProductInfoProvider productInfoProvider;

    @Reference(service = AccessTokenProvider.class, policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.MULTIPLE, target = IMS_CONFIG_LOOKUP_FILTER, bind = "bindAccessTokenProvider", unbind = "unbindAccessTokenProvider")
    private volatile List<?> tokenProviders;
    private volatile ServiceReference<?> ref;
    private static final Logger LOG = LoggerFactory.getLogger(DeliveryAuthImpl.class);
    public static final Pattern ISS_JWT_CLAIM_REGEXP_PATTERN = Pattern.compile("\"\\s*iss\\s*\"\\s*:\\s*\"(?<iss>[^\"]+)\"");
    public static final Map<String, Object> SERVICE_AUTH_INFO = Collections.singletonMap("sling.service.subservice", Constants.ASSET_DELIVERY_AUTH_SERVICE_USER);

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.ref = componentContext.getServiceReference();
        this.userAgent = getUserAgent();
    }

    @Override // com.adobe.cq.dam.assethandler.internal.auth.DeliveryAuth
    public String getAccessToken() throws LoginException, CryptoException, IOException {
        ResourceResolver serviceResourceResolver = this.resourceResolverFactory.getServiceResourceResolver(SERVICE_AUTH_INFO);
        LOG.debug("There are '{}' availableTokenProviders", Integer.valueOf(this.availableTokenProviders.size()));
        AccessTokenProvider accessTokenProvider = null;
        for (Map.Entry<Map<String, String>, AccessTokenProvider> entry : this.availableTokenProviders.entrySet()) {
            if (entry.getKey().get(ACCESS_TOKEN_PROVIDER_NAME).equals(NUI_ACCESS_TOKEN_PROVIDER_NAME)) {
                accessTokenProvider = entry.getValue();
                if (accessTokenProvider != null) {
                    break;
                }
                LOG.warn("Found access token provider name is '{}', but the value is null", NUI_ACCESS_TOKEN_PROVIDER_NAME);
            }
        }
        if (accessTokenProvider != null) {
            return accessTokenProvider.getAccessToken(serviceResourceResolver, serviceResourceResolver.getUserID(), (Map) null);
        }
        LOG.warn("Cant' retrieve any AccessToken as no AccessTokenProvider named '{}' was found", NUI_ACCESS_TOKEN_PROVIDER_NAME);
        return null;
    }

    @Override // com.adobe.cq.dam.assethandler.internal.auth.DeliveryAuth
    public String getOrganizationId() {
        String str = null;
        if (getImsConfiguration() != null) {
            Vector vector = (Vector) getImsConfiguration().get(ACCESS_TOKEN_CLAIMS);
            if (vector != null && !vector.isEmpty()) {
                Iterator it = vector.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Matcher matcher = ISS_JWT_CLAIM_REGEXP_PATTERN.matcher((String) it.next());
                    if (matcher.find()) {
                        str = matcher.group("iss");
                        break;
                    }
                }
            } else {
                LOG.warn("Cant'retrieve the Access Token claims");
            }
        }
        return str;
    }

    @Override // com.adobe.cq.dam.assethandler.internal.auth.DeliveryAuth
    public List<Header> getHeaders() throws LoginException, CryptoException, IOException {
        String accessToken = getAccessToken();
        String organizationId = getOrganizationId();
        String str = null;
        if (getImsConfiguration() != null) {
            str = (String) getImsConfiguration().get(ACCESS_TOKEN_CLIENT_ID);
        }
        if (StringUtils.isEmpty(accessToken) || StringUtils.isEmpty(organizationId) || StringUtils.isEmpty(str)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicHeader(HEADER_KEY_AUTHORIZATION, "Bearer " + accessToken));
        arrayList.add(new BasicHeader(HEADER_KEY_API_KEY, str));
        arrayList.add(new BasicHeader(HEADER_KEY_IMS_ORG_ID, getOrganizationId()));
        arrayList.add(new BasicHeader(HEADER_KEY_GW_IMS_ORG_ID, getOrganizationId()));
        if (StringUtils.isNotEmpty(this.userAgent)) {
            arrayList.add(new BasicHeader(HEADER_USER_AGENT, this.userAgent));
        }
        return arrayList;
    }

    @Override // com.adobe.cq.dam.assethandler.internal.auth.DeliveryAuth
    public Dictionary<String, Object> getImsConfiguration() {
        try {
            Configuration[] listConfigurations = this.configurationAdmin.listConfigurations(IMS_CONFIG_LOOKUP_FILTER);
            if (listConfigurations == null || listConfigurations.length == 0) {
                LOG.debug("Cant' retrieve any AccessTokenProvider configuration using the filter {}", IMS_CONFIG_LOOKUP_FILTER);
                return null;
            }
            if (listConfigurations.length > 1) {
                LOG.warn("Should have found only one IMS configuration associated with the filter {}, found {} ", IMS_CONFIG_LOOKUP_FILTER, Integer.valueOf(listConfigurations.length));
            }
            return listConfigurations[0].getProcessedProperties(this.ref);
        } catch (Exception e) {
            LOG.warn("Cant'retrieve any AccessTokenProvider configuration due to exception.", e);
            return null;
        }
    }

    private String getUserAgent() {
        System.getenv();
        ProductInfo productInfo = this.productInfoProvider.getProductInfo();
        String name = productInfo.getName();
        String version = productInfo.getVersion().toString();
        ArrayList arrayList = new ArrayList();
        arrayList.add(getEnv("MY_POD_NAMESPACE", "-"));
        arrayList.add(StringUtils.removeEnd(getEnv("ETHOS_SERVICE_NAME", "-"), "-aem"));
        arrayList.add(getEnv("MY_POD_NAME", "-"));
        return String.format("%s/%s (%s)", name, version, StringUtils.join(arrayList, "; "));
    }

    private static String getEnv(String str, String str2) {
        String str3 = System.getenv(str);
        return str3 != null ? str3 : str2;
    }

    protected void bindAccessTokenProvider(AccessTokenProvider accessTokenProvider, Map<?, ?> map) {
        String propertiesUtil = PropertiesUtil.toString(map.get(ACCESS_TOKEN_PROVIDER_NAME), "");
        String propertiesUtil2 = PropertiesUtil.toString(map.get(ACCESS_TOKEN_PROVIDER_TITLE), "");
        if (StringUtils.isNotBlank(propertiesUtil) && StringUtils.isNotBlank(propertiesUtil2)) {
            HashMap hashMap = new HashMap();
            hashMap.put(ACCESS_TOKEN_PROVIDER_NAME, propertiesUtil);
            hashMap.put("title", propertiesUtil2);
            if (accessTokenProvider == null) {
                LOG.warn("AccessTokenProvider (name: {}, title: {}) is found, but provider itself is null", propertiesUtil, propertiesUtil2);
            } else {
                this.availableTokenProviders.put(hashMap, accessTokenProvider);
                LOG.info("AccessTokenProvider (name: {}, title: {}) added in the available AccessTokenProvider list", propertiesUtil, propertiesUtil2);
            }
        }
    }

    protected void unbindAccessTokenProvider(AccessTokenProvider accessTokenProvider, Map<?, ?> map) {
        String propertiesUtil = PropertiesUtil.toString(map.get(ACCESS_TOKEN_PROVIDER_NAME), "");
        String propertiesUtil2 = PropertiesUtil.toString(map.get(ACCESS_TOKEN_PROVIDER_TITLE), "");
        if (StringUtils.isNotBlank(propertiesUtil) && StringUtils.isNotBlank(propertiesUtil2)) {
            HashMap hashMap = new HashMap();
            hashMap.put(ACCESS_TOKEN_PROVIDER_NAME, propertiesUtil);
            hashMap.put("title", propertiesUtil2);
            this.availableTokenProviders.remove(hashMap);
            LOG.info("AccessTokenProvider (name: {}, title: {}) removed from the available AccessTokenProvider list", propertiesUtil, propertiesUtil2);
        }
    }
}
