package no.nav.sbl.dialogarena.common.abac.pep.service;

import java.io.IOException;
import javax.inject.Inject;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Response;
import no.nav.sbl.dialogarena.common.abac.pep.NavAttributter;
import no.nav.sbl.dialogarena.common.abac.pep.Utils;
import no.nav.sbl.dialogarena.common.abac.pep.XacmlMapper;
import no.nav.sbl.dialogarena.common.abac.pep.context.AbacContext;
import no.nav.sbl.dialogarena.common.abac.pep.domain.request.XacmlRequest;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.XacmlResponse;
import no.nav.sbl.dialogarena.common.abac.pep.exception.AbacException;
import no.nav.sbl.rest.RestUtils;
import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:no/nav/sbl/dialogarena/common/abac/pep/service/AbacService.class */
public class AbacService {
    private static final String MEDIA_TYPE = "application/xacml+json";
    private static final Logger LOG = LoggerFactory.getLogger(AbacService.class);
    private final Client client;
    private final AbacServiceConfig abacServiceConfig;

    @Inject
    public AbacService(AbacServiceConfig abacServiceConfig) {
        this(createClient(abacServiceConfig), abacServiceConfig);
    }

    AbacService(Client client, AbacServiceConfig abacServiceConfig) {
        this.client = client;
        this.abacServiceConfig = abacServiceConfig;
    }

    public AbacServiceConfig getAbacServiceConfig() {
        return this.abacServiceConfig;
    }

    private static Client createClient(AbacServiceConfig abacServiceConfig) {
        Client createClient = RestUtils.createClient();
        createClient.register(HttpAuthenticationFeature.basic(abacServiceConfig.getUsername(), abacServiceConfig.getPassword()));
        return createClient;
    }

    @Cacheable(value = {AbacContext.ASK_FOR_PERMISSION}, keyGenerator = "abacKeyGenerator")
    public XacmlResponse askForPermission(XacmlRequest xacmlRequest) throws AbacException, IOException, NoSuchFieldException {
        String resourceAttribute = Utils.getResourceAttribute(xacmlRequest, NavAttributter.RESOURCE_FELLES_RESOURCE_TYPE);
        Response response = (Response) Utils.timed("abac-pdp", () -> {
            return request(xacmlRequest, this.client);
        }, timer -> {
            timer.addTagToReport("resource-attributeid", resourceAttribute);
        });
        int status = response.getStatus();
        String reasonPhrase = response.getStatusInfo().getReasonPhrase();
        String str = (String) response.readEntity(String.class);
        if (statusCodeIn500Series(status)) {
            LOG.warn("ABAC returned: " + status + " " + reasonPhrase);
            throw new AbacException("An error has occured calling ABAC: " + reasonPhrase);
        }
        if (!statusCodeIn400Series(status)) {
            return XacmlMapper.mapRawResponse(str);
        }
        LOG.error("ABAC returned: " + status + " " + reasonPhrase);
        throw new ClientErrorException("An error has occured calling ABAC: ", status);
    }

    private Response request(XacmlRequest xacmlRequest, Client client) {
        return client.target(this.abacServiceConfig.getEndpointUrl()).request().post(Entity.entity(XacmlMapper.mapRequestToEntity(xacmlRequest), MEDIA_TYPE));
    }

    private boolean statusCodeIn500Series(int i) {
        return i >= 500 && i < 600;
    }

    private boolean statusCodeIn400Series(int i) {
        return i >= 400 && i < 500;
    }
}
