package com.networknt.security;

import com.networknt.config.Config;
import com.networknt.exception.ExpiredTokenException;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.status.Status;
import com.networknt.swagger.ApiNormalisedPath;
import com.networknt.swagger.NormalisedPath;
import com.networknt.swagger.SwaggerHandler;
import com.networknt.swagger.SwaggerHelper;
import com.networknt.swagger.SwaggerOperation;
import com.networknt.utility.Constants;
import com.networknt.utility.ModuleRegistry;
import io.swagger.models.HttpMethod;
import io.swagger.models.Operation;
import io.swagger.models.Path;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HeaderMap;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/security/JwtVerifyHandler.class */
public class JwtVerifyHandler implements MiddlewareHandler {
    static final String ENABLE_VERIFY_SCOPE = "enableVerifyScope";
    static final String STATUS_INVALID_AUTH_TOKEN = "ERR10000";
    static final String STATUS_AUTH_TOKEN_EXPIRED = "ERR10001";
    static final String STATUS_MISSING_AUTH_TOKEN = "ERR10002";
    static final String STATUS_INVALID_SCOPE_TOKEN = "ERR10003";
    static final String STATUS_SCOPE_TOKEN_EXPIRED = "ERR10004";
    static final String STATUS_AUTH_TOKEN_SCOPE_MISMATCH = "ERR10005";
    static final String STATUS_SCOPE_TOKEN_SCOPE_MISMATCH = "ERR10006";
    static final String STATUS_INVALID_REQUEST_PATH = "ERR10007";
    static final String STATUS_METHOD_NOT_ALLOWED = "ERR10008";
    private volatile HttpHandler next;
    static final Logger logger = LoggerFactory.getLogger((Class<?>) JwtVerifyHandler.class);
    static final Map<String, Object> config = Config.getInstance().getJsonMapConfig(JwtHelper.SECURITY_CONFIG);

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        Operation operation;
        HeaderMap requestHeaders = httpServerExchange.getRequestHeaders();
        String jwtFromAuthorization = JwtHelper.getJwtFromAuthorization(requestHeaders.getFirst(Headers.AUTHORIZATION));
        if (jwtFromAuthorization == null) {
            Status status = new Status(STATUS_MISSING_AUTH_TOKEN, new Object[0]);
            httpServerExchange.setStatusCode(status.getStatusCode());
            httpServerExchange.getResponseSender().send(status.toString());
            return;
        }
        try {
            JwtClaims verifyJwt = JwtHelper.verifyJwt(jwtFromAuthorization);
            requestHeaders.add(new HttpString(Constants.CLIENT_ID), verifyJwt.getStringClaimValue(Constants.CLIENT_ID));
            requestHeaders.add(new HttpString(Constants.USER_ID), verifyJwt.getStringClaimValue(Constants.USER_ID));
            requestHeaders.add(new HttpString("scope"), verifyJwt.getStringListClaimValue("scope").toString());
            if (config != null && ((Boolean) config.get(ENABLE_VERIFY_SCOPE)).booleanValue() && SwaggerHelper.swagger != null) {
                SwaggerOperation swaggerOperation = (SwaggerOperation) httpServerExchange.getAttachment(SwaggerHandler.SWAGGER_OPERATION);
                if (swaggerOperation == null) {
                    Optional<NormalisedPath> findMatchingApiPath = SwaggerHelper.findMatchingApiPath(new ApiNormalisedPath(httpServerExchange.getRequestURI()));
                    if (!findMatchingApiPath.isPresent()) {
                        Status status2 = new Status(STATUS_INVALID_REQUEST_PATH, new Object[0]);
                        httpServerExchange.setStatusCode(status2.getStatusCode());
                        httpServerExchange.getResponseSender().send(status2.toString());
                        return;
                    }
                    NormalisedPath normalisedPath = findMatchingApiPath.get();
                    Path path = SwaggerHelper.swagger.getPath(normalisedPath.original());
                    HttpMethod valueOf = HttpMethod.valueOf(httpServerExchange.getRequestMethod().toString());
                    operation = path.getOperationMap().get(valueOf);
                    if (operation == null) {
                        Status status3 = new Status(STATUS_METHOD_NOT_ALLOWED, new Object[0]);
                        httpServerExchange.setStatusCode(status3.getStatusCode());
                        httpServerExchange.getResponseSender().send(status3.toString());
                        return;
                    } else {
                        SwaggerOperation swaggerOperation2 = new SwaggerOperation(normalisedPath, path, valueOf, operation);
                        swaggerOperation2.setEndpoint(normalisedPath.normalised() + "@" + valueOf);
                        swaggerOperation2.setClientId(verifyJwt.getStringClaimValue(Constants.CLIENT_ID));
                        httpServerExchange.putAttachment(SwaggerHandler.SWAGGER_OPERATION, swaggerOperation2);
                    }
                } else {
                    operation = swaggerOperation.getOperation();
                    swaggerOperation.setClientId(verifyJwt.getStringClaimValue(Constants.CLIENT_ID));
                }
                String first = requestHeaders.getFirst(Constants.SCOPE_TOKEN);
                String jwtFromAuthorization2 = JwtHelper.getJwtFromAuthorization(first);
                List<String> list = null;
                if (jwtFromAuthorization2 != null) {
                    try {
                        JwtClaims verifyJwt2 = JwtHelper.verifyJwt(jwtFromAuthorization2);
                        list = verifyJwt2.getStringListClaimValue("scope");
                        requestHeaders.add(new HttpString(Constants.SCOPE_CLIENT_ID), verifyJwt2.getStringClaimValue(Constants.CLIENT_ID));
                    } catch (ExpiredTokenException e) {
                        Status status4 = new Status(STATUS_SCOPE_TOKEN_EXPIRED, new Object[0]);
                        httpServerExchange.setStatusCode(status4.getStatusCode());
                        httpServerExchange.getResponseSender().send(status4.toString());
                        return;
                    } catch (MalformedClaimException | InvalidJwtException e2) {
                        logger.error("InvalidJwtException", e2);
                        Status status5 = new Status(STATUS_INVALID_SCOPE_TOKEN, new Object[0]);
                        httpServerExchange.setStatusCode(status5.getStatusCode());
                        httpServerExchange.getResponseSender().send(status5.toString());
                        return;
                    }
                }
                List<String> list2 = null;
                List<Map<String, List<String>>> security = operation.getSecurity();
                if (security != null) {
                    Iterator<Map<String, List<String>>> it = security.iterator();
                    while (it.hasNext()) {
                        list2 = it.next().get(SwaggerHelper.oauth2Name);
                        if (list2 != null) {
                            break;
                        }
                    }
                }
                if (first == null) {
                    try {
                        List<String> stringListClaimValue = verifyJwt.getStringListClaimValue("scope");
                        if (!matchedScopes(stringListClaimValue, list2)) {
                            if (logger.isWarnEnabled()) {
                                logger.warn("Authorization jwt token scope " + stringListClaimValue + " is not matched with " + list2);
                            }
                            Status status6 = new Status(STATUS_AUTH_TOKEN_SCOPE_MISMATCH, stringListClaimValue, list2);
                            httpServerExchange.setStatusCode(status6.getStatusCode());
                            httpServerExchange.getResponseSender().send(status6.toString());
                            return;
                        }
                    } catch (MalformedClaimException e3) {
                        logger.error("MalformedClaimException", (Throwable) e3);
                        Status status7 = new Status(STATUS_INVALID_AUTH_TOKEN, new Object[0]);
                        httpServerExchange.setStatusCode(status7.getStatusCode());
                        httpServerExchange.getResponseSender().send(status7.toString());
                        return;
                    }
                } else if (list == null || !matchedScopes(list, list2)) {
                    if (logger.isWarnEnabled()) {
                        logger.warn("Scopes " + list + " and specificatio token " + list2 + " are not matched in scope token");
                    }
                    Status status8 = new Status(STATUS_SCOPE_TOKEN_SCOPE_MISMATCH, list, list2);
                    httpServerExchange.setStatusCode(status8.getStatusCode());
                    httpServerExchange.getResponseSender().send(status8.toString());
                    return;
                }
            }
            this.next.handleRequest(httpServerExchange);
        } catch (ExpiredTokenException e4) {
            Status status9 = new Status(STATUS_AUTH_TOKEN_EXPIRED, new Object[0]);
            httpServerExchange.setStatusCode(status9.getStatusCode());
            httpServerExchange.getResponseSender().send(status9.toString());
        } catch (InvalidJwtException e5) {
            logger.error("Exception: ", (Throwable) e5);
            Status status10 = new Status(STATUS_INVALID_AUTH_TOKEN, new Object[0]);
            httpServerExchange.setStatusCode(status10.getStatusCode());
            httpServerExchange.getResponseSender().send(status10.toString());
        }
    }

    protected boolean matchedScopes(List<String> list, List<String> list2) {
        boolean z = false;
        if (list2 == null || list2.size() <= 0) {
            z = true;
        } else if (list != null && list.size() > 0) {
            Iterator<String> it = list2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (list.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        Object obj = config.get(JwtHelper.ENABLE_VERIFY_JWT);
        return obj != null && ((Boolean) obj).booleanValue();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule(JwtVerifyHandler.class.getName(), config, null);
    }
}
