package com.appiancorp.apikey.runtime;

import com.appiancorp.apikey.config.ApiKeyService;
import com.appiancorp.apikey.exceptions.ApiKeyAuthenticationException;
import com.appiancorp.apikey.exceptions.ApiKeyException;
import com.appiancorp.apikey.logging.ApiKeyAuditLogEvent;
import com.appiancorp.apikey.logging.ApiKeyAuditLogger;
import com.appiancorp.apikey.persistence.ApiKey;
import com.appiancorp.security.auth.AuthenticationDetails;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.user.service.UserService;
import com.appiancorp.services.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.hash.HashCode;
import com.google.common.hash.Hashing;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/appiancorp/apikey/runtime/ServiceAccountAuthenticator.class */
public class ServiceAccountAuthenticator implements ApiKeyAuthenticator<UserProfile> {
    public static final int MAXIMUM_KEYS_TO_CACHE = 5;
    public static final int CACHE_EXPIRATION_SECONDS = 3;
    private final ApiKeyService apiKeyService;
    private final UserProfileService userProfileService;
    private final UserService userService;
    private final Cache<HashCode, ApiKeyValidationResponse> apiUserDataCache = CacheBuilder.newBuilder().maximumSize(5).expireAfterWrite(3, TimeUnit.SECONDS).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/appiancorp/apikey/runtime/ServiceAccountAuthenticator$ApiKeyValidationResponse.class */
    public static final class ApiKeyValidationResponse {
        private final UserProfile userProfile;
        private final ApiKey apiKey;
        private final String serviceAcctUsername;

        private ApiKeyValidationResponse(UserProfile userProfile, ApiKey apiKey, String str) {
            this.userProfile = userProfile;
            this.apiKey = apiKey;
            this.serviceAcctUsername = str;
        }

        public UserProfile getUserProfile() {
            return this.userProfile;
        }

        public ApiKey getApiKey() {
            return this.apiKey;
        }

        public String getServiceAcctUsername() {
            return this.serviceAcctUsername;
        }
    }

    public ServiceAccountAuthenticator(ApiKeyService apiKeyService, UserProfileService userProfileService, UserService userService) {
        this.userProfileService = userProfileService;
        this.userService = userService;
        this.apiKeyService = apiKeyService;
    }

    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public UserProfile m18authenticate(ApiKeyAuthToken apiKeyAuthToken) throws Exception {
        return (UserProfile) SpringSecurityContextHelper.runAsAdminWithException(() -> {
            return getUserProfile(apiKeyAuthToken);
        });
    }

    private UserProfile getUserProfile(ApiKeyAuthToken apiKeyAuthToken) throws AuthenticationException {
        try {
            ApiKeyValidationResponse apiKeyValidationResponse = (ApiKeyValidationResponse) this.apiUserDataCache.get(Hashing.sha256().hashString(apiKeyAuthToken.getApiKey(), StandardCharsets.UTF_8), () -> {
                return validateApiTokenAndGetUserProfile(apiKeyAuthToken);
            });
            log(apiKeyValidationResponse.getServiceAcctUsername(), apiKeyValidationResponse.getApiKey(), apiKeyAuthToken);
            return apiKeyValidationResponse.getUserProfile();
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            if ((cause instanceof ApiKeyException) || (cause instanceof InvalidUserException)) {
                throw new ApiKeyAuthenticationException("Token validation failed", cause);
            }
            if (cause instanceof RuntimeException) {
                throw ((RuntimeException) cause);
            }
            throw new RuntimeException(cause);
        }
    }

    private ApiKeyValidationResponse validateApiTokenAndGetUserProfile(ApiKeyAuthToken apiKeyAuthToken) throws ApiKeyException {
        ApiKey validateToken = this.apiKeyService.validateToken(apiKeyAuthToken.getApiKey());
        String usernameFromId = this.userService.getUsernameFromId(validateToken.getServiceAccountId());
        return new ApiKeyValidationResponse(this.userProfileService.getUser(usernameFromId), validateToken, usernameFromId);
    }

    private void log(String str, ApiKey apiKey, ApiKeyAuthToken apiKeyAuthToken) {
        AuthenticationDetails authenticationDetails = (AuthenticationDetails) apiKeyAuthToken.getDetails();
        ApiKeyAuditLogger.log(ApiKeyAuditLogEvent.USED, apiKey.getUuid(), apiKey.getAlias(), str, null, authenticationDetails.getRequestUrl(), authenticationDetails.getClientIpAddress());
    }
}
