package com.networknt.router.middleware;

import com.networknt.client.ClientConfig;
import com.networknt.client.oauth.Jwt;
import com.networknt.client.oauth.OauthHelper;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.httpstring.HttpStringConstants;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/router/middleware/TokenHandler.class */
public class TokenHandler implements MiddlewareHandler {
    private static final String HANDLER_DEPENDENCY_ERROR = "ERR10074";
    private static TokenConfig config;
    protected volatile HttpHandler next;
    static Logger logger = LoggerFactory.getLogger((Class<?>) TokenHandler.class);
    public static final Map<String, Jwt> cache = new ConcurrentHashMap();

    public TokenHandler() {
        if (logger.isInfoEnabled()) {
            logger.info("TokenHandler is loaded.");
        }
        config = TokenConfig.load();
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("TokenHandler.handleRequest starts.");
        }
        String requestPath = httpServerExchange.getRequestPath();
        if (config.getAppliedPathPrefixes() != null && config.getAppliedPathPrefixes().stream().anyMatch(str -> {
            return requestPath.startsWith(str);
        })) {
            HeaderValues headerValues = httpServerExchange.getRequestHeaders().get(HttpStringConstants.SERVICE_ID);
            String str2 = null;
            if (headerValues != null) {
                str2 = headerValues.getFirst();
            }
            if (str2 == null) {
                logger.error("The serviceId cannot be resolved. Do you have PathPrefixServiceHandler or ServiceDictHandler before this handler?");
                setExchangeStatus(httpServerExchange, HANDLER_DEPENDENCY_ERROR, "TokenHandler", "PathPrefixServiceHandler");
                if (logger.isDebugEnabled()) {
                    logger.debug("TokenHandler.handleRequest ends with an error.");
                    return;
                }
                return;
            }
            Result<Jwt> jwtToken = getJwtToken(str2);
            if (jwtToken.isFailure()) {
                logger.error("Cannot populate or renew jwt for client credential grant type: " + jwtToken.getError().toString());
                setExchangeStatus(httpServerExchange, jwtToken.getError());
                if (logger.isDebugEnabled()) {
                    logger.debug("TokenHandler.handleRequest ends with an error.");
                    return;
                }
                return;
            }
            Jwt result = jwtToken.getResult();
            String first = httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION);
            if (first == null) {
                if (logger.isTraceEnabled()) {
                    logger.trace("Adding jwt token to Authorization header with Bearer " + result.getJwt().substring(0, 20));
                }
                httpServerExchange.getRequestHeaders().put(Headers.AUTHORIZATION, "Bearer " + result.getJwt());
            } else {
                if (logger.isTraceEnabled()) {
                    logger.trace("Authorization header is used with " + (first.length() > 10 ? first.substring(0, 10) : first));
                    logger.trace("Adding jwt token to X-Scope-Token header with Bearer " + result.getJwt().substring(0, 20));
                }
                httpServerExchange.getRequestHeaders().put(HttpStringConstants.SCOPE_TOKEN, "Bearer " + result.getJwt());
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("TokenHandler.handleRequest ends.");
        }
        Handler.next(httpServerExchange, this.next);
    }

    public static Result<Jwt> getJwtToken(String str) {
        Result<Jwt> populateCCToken;
        ClientConfig clientConfig = ClientConfig.get();
        Map<String, Object> tokenConfig = clientConfig.getTokenConfig();
        Map<String, Object> map = (Map) tokenConfig.get("client_credentials");
        Jwt jwt = cache.get(str);
        if (jwt == null || jwt.getExpire() - Long.valueOf(((Integer) tokenConfig.get("tokenRenewBeforeExpired")).intValue()).longValue() < System.currentTimeMillis()) {
            Jwt jwt2 = new Jwt(new Jwt.Key(str));
            if (clientConfig.isMultipleAuthServers()) {
                Map map2 = (Map) map.get("serviceIdAuthServers");
                if (map2 == null) {
                    throw new RuntimeException("serviceIdAuthServers property is missing in the token client credentials configuration");
                }
                Map<String, Object> map3 = (Map) map2.get(str);
                if (map3.get("proxyHost") == null) {
                    map3.put("proxyHost", tokenConfig.get("proxyHost"));
                }
                if (map3.get("proxyPort") == null) {
                    map3.put("proxyPort", tokenConfig.get("proxyPort"));
                }
                if (map3.get("tokenRenewBeforeExpired") == null) {
                    map3.put("tokenRenewBeforeExpired", tokenConfig.get("tokenRenewBeforeExpired"));
                }
                if (map3.get("expiredRefreshRetryDelay") == null) {
                    map3.put("expiredRefreshRetryDelay", tokenConfig.get("expiredRefreshRetryDelay"));
                }
                if (map3.get("earlyRefreshRetryDelay") == null) {
                    map3.put("earlyRefreshRetryDelay", tokenConfig.get("earlyRefreshRetryDelay"));
                }
                jwt2.setCcConfig(map3);
            } else {
                map.put("proxyHost", tokenConfig.get("proxyHost"));
                map.put("proxyPort", tokenConfig.get("proxyPort"));
                map.put("tokenRenewBeforeExpired", tokenConfig.get("tokenRenewBeforeExpired"));
                map.put("expiredRefreshRetryDelay", tokenConfig.get("expiredRefreshRetryDelay"));
                map.put("earlyRefreshRetryDelay", tokenConfig.get("earlyRefreshRetryDelay"));
                jwt2.setCcConfig(map);
            }
            populateCCToken = OauthHelper.populateCCToken(jwt2);
            if (populateCCToken.isSuccess()) {
                cache.put(str, jwt2);
            }
        } else {
            populateCCToken = Success.of(jwt);
        }
        return populateCCToken;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        return config.isEnabled();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule(TokenHandler.class.getName(), config.getMappedConfig(), null);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void reload() {
        config.reload();
        ModuleRegistry.registerModule(TokenHandler.class.getName(), config.getMappedConfig(), null);
        if (logger.isInfoEnabled()) {
            logger.info("TokenHandler is reloaded.");
        }
    }
}
