package com.networknt.openapi;

import com.networknt.apikey.ApiKeyHandler;
import com.networknt.basicauth.BasicAuthHandler;
import com.networknt.config.Config;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.utility.ModuleRegistry;
import com.networknt.utility.StringUtils;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/openapi/UnifiedSecurityHandler.class */
public class UnifiedSecurityHandler implements MiddlewareHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) UnifiedSecurityHandler.class);
    static final String BEARER_PREFIX = "BEARER";
    static final String BASIC_PREFIX = "BASIC";
    static final String API_KEY = "apikey";
    static final String JWT = "jwt";
    static final String SWT = "swt";
    static final String MISSING_AUTH_TOKEN = "ERR10002";
    static final String INVALID_AUTHORIZATION_HEADER = "ERR12003";
    static final String HANDLER_NOT_FOUND = "ERR11200";
    static final String MISSING_PATH_PREFIX_AUTH = "ERR10078";
    static UnifiedSecurityConfig config;
    private volatile HttpHandler next;

    public UnifiedSecurityHandler() {
        logger.info("UnifiedSecurityHandler starts");
        config = UnifiedSecurityConfig.load();
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("UnifiedSecurityHandler.handleRequest starts.");
        }
        String requestPath = httpServerExchange.getRequestPath();
        if (config.getAnonymousPrefixes() != null) {
            Stream<String> stream = config.getAnonymousPrefixes().stream();
            Objects.requireNonNull(requestPath);
            if (stream.anyMatch(requestPath::startsWith)) {
                if (logger.isTraceEnabled()) {
                    logger.trace("Skip request path base on anonymousPrefixes for " + requestPath);
                }
                Handler.next(httpServerExchange, this.next);
                return;
            }
        }
        if (config.getPathPrefixAuths() == null) {
            logger.error("Cannot find pathPrefixAuths definition for " + requestPath);
            setExchangeStatus(httpServerExchange, MISSING_PATH_PREFIX_AUTH, requestPath);
            httpServerExchange.endExchange();
            return;
        }
        boolean z = false;
        Iterator<UnifiedPathPrefixAuth> it = config.getPathPrefixAuths().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            UnifiedPathPrefixAuth next = it.next();
            if (logger.isTraceEnabled()) {
                logger.trace("Check with requestPath = " + requestPath + " prefix = " + next.getPathPrefix());
            }
            if (requestPath.startsWith(next.getPathPrefix())) {
                z = true;
                if (logger.isTraceEnabled()) {
                    logger.trace("Found with requestPath = " + requestPath + " prefix = " + next.getPathPrefix());
                }
                if (next.isBasic() || next.isJwt() || next.isSwt()) {
                    String first = httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION);
                    if (first == null) {
                        logger.error("Basic or JWT or SWT is enabled and authorization header is missing.");
                        if (next.isBasic()) {
                            if (logger.isTraceEnabled()) {
                                logger.trace("Basic is enabled and set WWW-Authenticate header to Basic realm=\"Default Realm\"");
                            }
                            httpServerExchange.getResponseHeaders().put(Headers.WWW_AUTHENTICATE, "Basic realm=\"Default Realm\"");
                        }
                        setExchangeStatus(httpServerExchange, MISSING_AUTH_TOKEN, new Object[0]);
                        if (logger.isDebugEnabled()) {
                            logger.debug("UnifiedSecurityHandler.handleRequest ends with an error.");
                        }
                        httpServerExchange.endExchange();
                    } else {
                        if (first.trim().length() <= 5) {
                            logger.error("Invalid/Unsupported authorization header {}", first);
                            setExchangeStatus(httpServerExchange, INVALID_AUTHORIZATION_HEADER, first);
                            httpServerExchange.endExchange();
                            return;
                        }
                        if (BASIC_PREFIX.equalsIgnoreCase(first.substring(0, 5))) {
                            BasicAuthHandler basicAuthHandler = (BasicAuthHandler) Handler.getHandlers().get(BASIC_PREFIX.toLowerCase());
                            if (basicAuthHandler == null) {
                                logger.error("Cannot find BasicAuthHandler with alias name basic.");
                                setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.basicauth.BasicAuthHandler@basic");
                                httpServerExchange.endExchange();
                                return;
                            } else if (!basicAuthHandler.handleBasicAuth(httpServerExchange, requestPath, first)) {
                                return;
                            }
                        } else {
                            if (!BEARER_PREFIX.equalsIgnoreCase(first.substring(0, 6))) {
                                String substring = first.length() > 10 ? first.substring(0, 10) : first;
                                logger.error("Invalid/Unsupported authorization header {}", substring);
                                setExchangeStatus(httpServerExchange, INVALID_AUTHORIZATION_HEADER, substring);
                                httpServerExchange.endExchange();
                                return;
                            }
                            Map<String, HttpHandler> handlers = Handler.getHandlers();
                            if (next.isJwt() && next.isSwt()) {
                                boolean isJwtToken = StringUtils.isJwtToken(first);
                                if (logger.isTraceEnabled()) {
                                    logger.trace("Both jwt and swt are true and check token is jwt = {}", Boolean.valueOf(isJwtToken));
                                }
                                if (isJwtToken) {
                                    JwtVerifyHandler jwtVerifyHandler = (JwtVerifyHandler) handlers.get("jwt");
                                    if (jwtVerifyHandler == null) {
                                        logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
                                        setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.openapi.JwtVerifyHandler@jwt");
                                        httpServerExchange.endExchange();
                                        return;
                                    } else if (!jwtVerifyHandler.handleJwt(httpServerExchange, next.getPathPrefix(), requestPath, next.getJwkServiceIds())) {
                                        return;
                                    }
                                } else {
                                    SwtVerifyHandler swtVerifyHandler = (SwtVerifyHandler) handlers.get("swt");
                                    if (swtVerifyHandler == null) {
                                        logger.error("Cannot find SwtVerifyHandler with alias name swt.");
                                        setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.openapi.SwtVerifyHandler@swt");
                                        httpServerExchange.endExchange();
                                        return;
                                    } else if (!swtVerifyHandler.handleSwt(httpServerExchange, requestPath, next.getSwtServiceIds())) {
                                        return;
                                    }
                                }
                            } else if (next.isJwt()) {
                                JwtVerifyHandler jwtVerifyHandler2 = (JwtVerifyHandler) handlers.get("jwt");
                                if (jwtVerifyHandler2 == null) {
                                    logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
                                    setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.openapi.JwtVerifyHandler@jwt");
                                    httpServerExchange.endExchange();
                                    return;
                                } else if (!jwtVerifyHandler2.handleJwt(httpServerExchange, next.getPathPrefix(), requestPath, next.getJwkServiceIds())) {
                                    return;
                                }
                            } else {
                                SwtVerifyHandler swtVerifyHandler2 = (SwtVerifyHandler) handlers.get("swt");
                                if (swtVerifyHandler2 == null) {
                                    logger.error("Cannot find SwtVerifyHandler with alias name swt.");
                                    setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.openapi.SwtVerifyHandler@swt");
                                    httpServerExchange.endExchange();
                                    return;
                                } else if (!swtVerifyHandler2.handleSwt(httpServerExchange, requestPath, next.getSwtServiceIds())) {
                                    return;
                                }
                            }
                        }
                    }
                } else if (next.isApikey()) {
                    ApiKeyHandler apiKeyHandler = (ApiKeyHandler) Handler.getHandlers().get("apikey");
                    if (apiKeyHandler == null) {
                        logger.error("Cannot find ApiKeyHandler with alias name apikey.");
                        setExchangeStatus(httpServerExchange, HANDLER_NOT_FOUND, "com.networknt.apikey.ApiKeyHandler@apikey");
                        httpServerExchange.endExchange();
                        return;
                    } else if (!apiKeyHandler.handleApiKey(httpServerExchange, requestPath)) {
                        return;
                    }
                }
            }
        }
        if (z) {
            if (logger.isDebugEnabled()) {
                logger.debug("UnifiedSecurityHandler.handleRequest ends.");
            }
            Handler.next(httpServerExchange, this.next);
        } else {
            logger.error("Cannot find prefix entry in pathPrefixAuths for " + requestPath);
            setExchangeStatus(httpServerExchange, MISSING_PATH_PREFIX_AUTH, requestPath);
            httpServerExchange.endExchange();
        }
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        return config.isEnabled();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule(UnifiedSecurityHandler.class.getName(), Config.getInstance().getJsonMapConfigNoCache(UnifiedSecurityConfig.CONFIG_NAME), null);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void reload() {
        config.reload();
        ModuleRegistry.registerModule(UnifiedSecurityHandler.class.getName(), Config.getInstance().getJsonMapConfigNoCache(UnifiedSecurityConfig.CONFIG_NAME), null);
    }
}
