package com.networknt.openapi;

import com.networknt.config.Config;
import com.networknt.config.JsonMapper;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.http.HttpMethod;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.rule.RuleEngine;
import com.networknt.rule.RuleLoaderStartupHook;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HeaderMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/openapi/AccessControlHandler.class */
public class AccessControlHandler implements MiddlewareHandler {
    static final Logger logger = LoggerFactory.getLogger(AccessControlHandler.class);
    static AccessControlConfig config;
    static final String ACCESS_CONTROL_ERROR = "ERR10067";
    static final String ACCESS_CONTROL_MISSING = "ERR10069";
    static final String STARTUP_HOOK_NOT_LOADED = "ERR11019";
    static final String REQUEST_ACCESS = "request-access";
    static final String RESPONSE_FILTER = "response-filter";
    static final String RULE_ID = "ruleId";
    private volatile HttpHandler next;
    private final RuleEngine engine;

    public AccessControlHandler() {
        config = AccessControlConfig.load();
        this.engine = new RuleEngine(RuleLoaderStartupHook.rules, (Map) null);
        if (logger.isInfoEnabled()) {
            logger.info("AccessControlHandler is loaded.");
        }
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("AccessControlHandler.handleRequest starts.");
        }
        String requestPath = httpServerExchange.getRequestPath();
        if (config.getSkipPathPrefixes() != null && config.getSkipPathPrefixes().stream().anyMatch(str -> {
            return requestPath.startsWith(str);
        })) {
            if (logger.isTraceEnabled()) {
                logger.trace("Skip request path base on skipPathPrefixes for " + requestPath);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("AccessControlHandler.handleRequest ends with path skipped.");
            }
            Handler.next(httpServerExchange, this.next);
            return;
        }
        Map<String, Object> map = (Map) httpServerExchange.getAttachment(AttachmentConstants.AUDIT_INFO);
        HashMap hashMap = new HashMap();
        String str2 = (String) map.get("endpoint");
        populateRuleEnginePayload(httpServerExchange, map, hashMap);
        if (RuleLoaderStartupHook.endpointRules == null) {
            logger.error("RuleLoaderStartupHook endpointRules is null");
            setExchangeStatus(httpServerExchange, STARTUP_HOOK_NOT_LOADED, new Object[]{"RuleLoaderStartupHook"});
            if (logger.isDebugEnabled()) {
                logger.debug("AccessControlHandler.handleRequest ends with an error.");
                return;
            }
            return;
        }
        Map<String, List<Map<String, Object>>> map2 = (Map) RuleLoaderStartupHook.endpointRules.get(str2);
        if (map2 != null) {
            executeRules(httpServerExchange, hashMap, map2);
            return;
        }
        if (!config.defaultDeny) {
            if (logger.isDebugEnabled()) {
                logger.debug("AccessControlHandler.handleRequest ends.");
            }
            next(httpServerExchange);
        } else {
            logger.error("Access control rule is missing and default deny is true for endpoint " + str2);
            if (logger.isDebugEnabled()) {
                logger.debug("AccessControlHandler.handleRequest ends with an error.");
            }
            setExchangeStatus(httpServerExchange, ACCESS_CONTROL_MISSING, new Object[]{str2});
        }
    }

    protected void populateRuleEnginePayload(HttpServerExchange httpServerExchange, Map<String, Object> map, Map<String, Object> map2) {
        HeaderMap requestHeaders = httpServerExchange.getRequestHeaders();
        HttpMethod resolve = HttpMethod.resolve(httpServerExchange.getRequestMethod().toString());
        Map queryParameters = httpServerExchange.getQueryParameters();
        Map pathParameters = httpServerExchange.getPathParameters();
        map2.put("auditInfo", map);
        map2.put("headers", requestHeaders);
        map2.put("queryParameters", queryParameters);
        map2.put("pathParameters", pathParameters);
        map2.put("method", resolve.toString());
        addBodyData(httpServerExchange, resolve, map2);
    }

    protected void executeRules(HttpServerExchange httpServerExchange, Map<String, Object> map, Map<String, List<Map<String, Object>>> map2) throws Exception {
        boolean z = true;
        Map map3 = null;
        String str = null;
        Iterator<Map<String, Object>> it = map2.get(REQUEST_ACCESS).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map<String, Object> next = it.next();
            str = (String) next.get(RULE_ID);
            map.putAll(next);
            map3 = this.engine.executeRule(str, map);
            if (!((Boolean) map3.get("result")).booleanValue()) {
                z = false;
                break;
            }
        }
        if (z) {
            next(httpServerExchange);
        } else {
            logger.error(JsonMapper.toJson(map3));
            setExchangeStatus(httpServerExchange, ACCESS_CONTROL_ERROR, new Object[]{str});
        }
    }

    protected void addBodyData(HttpServerExchange httpServerExchange, HttpMethod httpMethod, Map<String, Object> map) {
        if (httpMethod == HttpMethod.POST || httpMethod == HttpMethod.PUT || httpMethod == HttpMethod.PATCH) {
            Map map2 = (Map) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY);
            if (map2 != null) {
                map.put("requestBody", map2);
            } else if (logger.isTraceEnabled()) {
                logger.trace("Could not get body from body handler");
            }
        }
    }

    protected void next(HttpServerExchange httpServerExchange) throws Exception {
        Handler.next(httpServerExchange, this.next);
    }

    public HttpHandler getNext() {
        return this.next;
    }

    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    public boolean isEnabled() {
        return config.isEnabled();
    }

    public void register() {
        ModuleRegistry.registerModule(AccessControlConfig.CONFIG_NAME, AccessControlHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(AccessControlConfig.CONFIG_NAME), (List) null);
    }

    public void reload() {
        config.reload();
        ModuleRegistry.registerModule(AccessControlConfig.CONFIG_NAME, AccessControlHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(AccessControlConfig.CONFIG_NAME), (List) null);
        if (logger.isInfoEnabled()) {
            logger.info("AccessControlHandler is reloaded.");
        }
    }
}
