package io.datarouter.web.dispatcher;

import io.datarouter.scanner.Scanner;
import io.datarouter.util.tuple.Pair;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.encoder.DefaultEncoder;
import io.datarouter.web.handler.encoder.HandlerEncoder;
import io.datarouter.web.handler.types.DefaultDecoder;
import io.datarouter.web.handler.types.HandlerDecoder;
import io.datarouter.web.security.CsrfValidator;
import io.datarouter.web.security.SecurityValidationResult;
import io.datarouter.web.security.SecurityValidator;
import io.datarouter.web.security.SignatureValidator;
import io.datarouter.web.user.session.DatarouterSessionManager;
import io.datarouter.web.user.session.service.Role;
import io.datarouter.web.user.session.service.RoleEnum;
import io.datarouter.web.util.http.RequestTool;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/web/dispatcher/DispatchRule.class */
public class DispatchRule {
    private static final Logger logger = LoggerFactory.getLogger(DispatchRule.class);
    private final BaseRouteSet routeSet;
    private final String regex;
    private final Pattern pattern;
    private final List<SecurityValidator> securityValidators;
    private Class<? extends BaseHandler> handlerClass;
    private ApiKeyPredicate apiKeyPredicate;
    private CsrfValidator csrfValidator;
    private SignatureValidator signatureValidator;
    private boolean requireHttps;
    private Set<Role> allowedRoles;
    private boolean allowAnonymous;
    private Class<? extends HandlerEncoder> defaultHandlerEncoder;
    private Class<? extends HandlerDecoder> defaultHandlerDecoder;
    private String persistentString;
    private boolean transmitsPii;
    private boolean isSystem;

    public DispatchRule() {
        this(null, "");
    }

    public DispatchRule(BaseRouteSet baseRouteSet, String str) {
        this.defaultHandlerEncoder = DefaultEncoder.class;
        this.defaultHandlerDecoder = DefaultDecoder.class;
        this.routeSet = baseRouteSet;
        this.regex = str;
        this.pattern = Pattern.compile(str);
        this.allowedRoles = new HashSet();
        this.securityValidators = new ArrayList();
    }

    public DispatchRule withHandler(Class<? extends BaseHandler> cls) {
        this.handlerClass = cls;
        return this;
    }

    public DispatchRule addSecurityValidator(SecurityValidator securityValidator) {
        this.securityValidators.add(securityValidator);
        return this;
    }

    public DispatchRule withApiKey(ApiKeyPredicate apiKeyPredicate) {
        this.apiKeyPredicate = apiKeyPredicate;
        return this;
    }

    public DispatchRule withCsrfToken(CsrfValidator csrfValidator) {
        this.csrfValidator = csrfValidator;
        return this;
    }

    public DispatchRule withSignature(SignatureValidator signatureValidator) {
        this.signatureValidator = signatureValidator;
        return this;
    }

    public DispatchRule requireHttps() {
        this.requireHttps = true;
        return this;
    }

    public DispatchRule allowRoles(RoleEnum<?>... roleEnumArr) {
        return allowRoles(Arrays.asList(roleEnumArr));
    }

    public DispatchRule allowRoles(Collection<RoleEnum<?>> collection) {
        Scanner map = Scanner.of(collection).map((v0) -> {
            return v0.getRole();
        });
        Set<Role> set = this.allowedRoles;
        set.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
        return this;
    }

    public DispatchRule allowAnonymous() {
        this.allowAnonymous = true;
        return this;
    }

    public DispatchRule withDefaultHandlerEncoder(Class<? extends HandlerEncoder> cls) {
        this.defaultHandlerEncoder = cls;
        return this;
    }

    public DispatchRule withDefaultHandlerDecoder(Class<? extends HandlerDecoder> cls) {
        this.defaultHandlerDecoder = cls;
        return this;
    }

    public DispatchRule withPersistentString(String str) {
        this.persistentString = str;
        return this;
    }

    public DispatchRule transmitsPii() {
        this.transmitsPii = true;
        return this;
    }

    public DispatchRule withIsSystemDispatchRule(boolean z) {
        this.isSystem = z;
        return this;
    }

    public BaseRouteSet getRouteSet() {
        return this.routeSet;
    }

    public Pattern getPattern() {
        return this.pattern;
    }

    public String getRegex() {
        return this.regex;
    }

    public Class<? extends BaseHandler> getHandlerClass() {
        return this.handlerClass;
    }

    public ApiKeyPredicate getApiKeyPredicate() {
        return this.apiKeyPredicate;
    }

    public boolean hasApiKey() {
        return this.apiKeyPredicate != null;
    }

    public boolean hasCsrfToken() {
        return this.csrfValidator != null;
    }

    public boolean hasSignature() {
        return this.signatureValidator != null;
    }

    public boolean hasHttps() {
        return this.requireHttps;
    }

    public boolean getAllowAnonymous() {
        return this.allowAnonymous;
    }

    public Set<Role> getAllowedRoles() {
        return this.allowedRoles;
    }

    public Class<? extends HandlerEncoder> getDefaultHandlerEncoder() {
        return this.defaultHandlerEncoder;
    }

    public Class<? extends HandlerDecoder> getDefaultHandlerDecoder() {
        return this.defaultHandlerDecoder;
    }

    public Optional<String> getPersistentString() {
        return Optional.ofNullable(this.persistentString);
    }

    public boolean doesTransmitPii() {
        return this.transmitsPii;
    }

    public boolean isSystemDispatchRule() {
        return this.isSystem;
    }

    private SecurityValidationResult checkApiKey(HttpServletRequest httpServletRequest) {
        Pair<Boolean, String> pair = this.apiKeyPredicate == null ? new Pair<>(true, "") : this.apiKeyPredicate.check(this, httpServletRequest);
        String str = "API key check failed, " + ((String) pair.getRight());
        if (!((Boolean) pair.getLeft()).booleanValue()) {
            logFailure(str, httpServletRequest);
        }
        return new SecurityValidationResult(httpServletRequest, ((Boolean) pair.getLeft()).booleanValue(), str);
    }

    private SecurityValidationResult checkCsrfToken(HttpServletRequest httpServletRequest) {
        boolean z = this.csrfValidator == null || this.csrfValidator.check(httpServletRequest);
        if (!z) {
            try {
                Long requestTimeMs = this.csrfValidator.getRequestTimeMs(httpServletRequest);
                Long l = null;
                if (requestTimeMs != null) {
                    l = Long.valueOf(System.currentTimeMillis() - requestTimeMs.longValue());
                }
                logFailure("CSRF token check failed, request time:" + requestTimeMs + " is " + l + "ms > current time", httpServletRequest);
            } catch (Exception e) {
                logFailure("CSRF token time could not be extracted", httpServletRequest);
            }
        }
        return new SecurityValidationResult(httpServletRequest, z, "CSRF token check failed");
    }

    private SecurityValidationResult checkSignature(HttpServletRequest httpServletRequest) {
        SecurityValidationResult success = SecurityValidationResult.success(httpServletRequest);
        if (this.signatureValidator != null) {
            success = this.signatureValidator.validate(httpServletRequest);
        }
        if (!success.isSuccess()) {
            success.setFailureMessage((String) Optional.ofNullable(success).map((v0) -> {
                return v0.getFailureMessage();
            }).orElse("Signature validation failed"));
            logFailure(success.getFailureMessage(), httpServletRequest);
        }
        return success;
    }

    private SecurityValidationResult checkHttps(HttpServletRequest httpServletRequest) {
        boolean z = !this.requireHttps || (this.requireHttps && httpServletRequest.isSecure());
        if (!z) {
            logFailure("HTTPS check failed", httpServletRequest);
        }
        return new SecurityValidationResult(httpServletRequest, z, "HTTPS check failed");
    }

    private void logFailure(String str, HttpServletRequest httpServletRequest) {
        logger.warn(String.valueOf(str) + ". IP={} URI={} userAgent={}", new Object[]{RequestTool.getIpAddress(httpServletRequest), httpServletRequest.getRequestURI(), RequestTool.getUserAgent(httpServletRequest)});
    }

    public SecurityValidationResult applySecurityValidation(HttpServletRequest httpServletRequest) {
        SecurityValidationResult combinedWith = SecurityValidationResult.of(this::checkApiKey, httpServletRequest).combinedWith(this::checkCsrfToken).combinedWith(this::checkSignature).combinedWith(this::checkHttps);
        for (SecurityValidator securityValidator : this.securityValidators) {
            securityValidator.getClass();
            combinedWith = combinedWith.combinedWith(securityValidator::check);
        }
        return combinedWith;
    }

    public boolean checkRoles(HttpServletRequest httpServletRequest) {
        if (getAllowAnonymous()) {
            return true;
        }
        return ((Boolean) DatarouterSessionManager.getFromRequest(httpServletRequest).map((v0) -> {
            return v0.getRoles();
        }).map(collection -> {
            Stream stream = collection.stream();
            Set<Role> allowedRoles = getAllowedRoles();
            allowedRoles.getClass();
            return Boolean.valueOf(stream.anyMatch((v1) -> {
                return r1.contains(v1);
            }));
        }).orElse(false)).booleanValue();
    }

    public String toString() {
        return String.valueOf(this.regex) + ":" + this.pattern.toString() + ":" + this.handlerClass.getCanonicalName();
    }
}
