package com.sap.cloud.sdk.cloudplatform.tenant;

import com.sap.cloud.sdk.cloudplatform.jwt.JwtDecoder;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.cloud.sdk.cloudplatform.servlet.RequestContextAccessor;
import com.sap.cloud.sdk.cloudplatform.tenant.exception.TenantNotFoundException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/tenant/ScpCfTenantFacade.class */
public class ScpCfTenantFacade implements TenantFacade {
    private static final Logger logger = CloudLoggerFactory.getLogger(ScpCfTenantFacade.class);
    private static final String AUTH_HEADER = "Authorization";
    private static final String VARIABLE_ALLOW_MOCKED_AUTH_HEADER = "ALLOW_MOCKED_AUTH_HEADER";
    private static final String JWT_TENANT_ID = "zid";

    public Tenant getCurrentTenant() throws TenantNotFoundException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) RequestContextAccessor.getCurrentRequest().orNull();
        if (httpServletRequest == null) {
            throw new TenantNotFoundException((String) null, "Failed to get current tenant: no " + HttpServletRequest.class.getSimpleName() + " available to get the tenant from.");
        }
        try {
            String header = httpServletRequest.getHeader(AUTH_HEADER);
            if (StringUtils.startsWith(header, "Bearer ") || !"true".equalsIgnoreCase(System.getenv(VARIABLE_ALLOW_MOCKED_AUTH_HEADER))) {
                return new ScpCfTenant(new JwtDecoder().decode(StringUtils.removeStart(header, "Bearer ")).getPayload().get(JWT_TENANT_ID).getAsString());
            }
            logger.error("Security is not configured correctly: no Json Web Token found in \"Authorization\" header. Falling back to mocked tenant with blank tenant identifier since environment variable \"ALLOW_MOCKED_AUTH_HEADER\" is set to \"true\". SECURITY WARNING: This must never be the case in productive environments!");
            return new ScpCfTenant("");
        } catch (Exception e) {
            throw new TenantNotFoundException((String) null, "Failed to get current tenant from JWT header.", e);
        }
    }
}
