package com.networknt.aws.lambda.handler.middleware.security;

import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent;
import com.networknt.aws.lambda.LightLambdaExchange;
import com.networknt.aws.lambda.handler.Handler;
import com.networknt.aws.lambda.handler.LambdaHandler;
import com.networknt.aws.lambda.handler.MiddlewareHandler;
import com.networknt.config.Config;
import com.networknt.security.UnifiedPathPrefixAuth;
import com.networknt.security.UnifiedSecurityConfig;
import com.networknt.status.Status;
import com.networknt.utility.MapUtil;
import com.networknt.utility.ModuleRegistry;
import com.networknt.utility.StringUtils;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/aws/lambda/handler/middleware/security/UnifiedSecurityMiddleware.class */
public class UnifiedSecurityMiddleware implements MiddlewareHandler {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) UnifiedSecurityMiddleware.class);
    static final String BEARER_PREFIX = "BEARER";
    static final String BASIC_PREFIX = "BASIC";
    static final String API_KEY = "apikey";
    static final String JWT = "jwt";
    static final String SWT = "swt";
    static final String MISSING_AUTH_TOKEN = "ERR10002";
    static final String INVALID_AUTHORIZATION_HEADER = "ERR12003";
    static final String HANDLER_NOT_FOUND = "ERR11200";
    static final String MISSING_PATH_PREFIX_AUTH = "ERR10078";
    private static UnifiedSecurityConfig CONFIG;

    public UnifiedSecurityMiddleware() {
        CONFIG = UnifiedSecurityConfig.load();
        if (LOG.isInfoEnabled()) {
            LOG.info("UnifiedSecurityMiddleware is constructed");
        }
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public Status execute(LightLambdaExchange lightLambdaExchange) {
        UnifiedPathPrefixAuth next;
        if (LOG.isDebugEnabled()) {
            LOG.debug("UnifiedSecurityMiddleware.execute starts.");
        }
        String path = lightLambdaExchange.getRequest().getPath();
        if (CONFIG.getAnonymousPrefixes() != null) {
            Stream<String> stream = CONFIG.getAnonymousPrefixes().stream();
            Objects.requireNonNull(path);
            if (stream.anyMatch(path::startsWith)) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Skip request path base on anonymousPrefixes for " + path);
                }
                return successMiddlewareStatus();
            }
        }
        if (CONFIG.getPathPrefixAuths() == null) {
            LOG.error("Cannot find pathPrefixAuths definition for {}", path);
            return new Status(MISSING_PATH_PREFIX_AUTH, path);
        }
        boolean z = false;
        Iterator<UnifiedPathPrefixAuth> it = CONFIG.getPathPrefixAuths().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            next = it.next();
            if (LOG.isTraceEnabled()) {
                LOG.trace("Check with requestPath = {} prefix = {}", path, next.getPrefix());
            }
            if (path.startsWith(next.getPrefix())) {
                z = true;
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Found with requestPath = " + path + " prefix = " + next.getPrefix());
                }
                if (next.isBasic() || next.isJwt() || next.isSwt()) {
                    break;
                }
                if (next.isApikey()) {
                    ApiKeyMiddleware apiKeyMiddleware = (ApiKeyMiddleware) Handler.getHandlers().get("apikey");
                    if (apiKeyMiddleware == null) {
                        LOG.error("Cannot find ApiKeyMiddleware with alias name apikey.");
                        return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.ApiKeyMiddleware@apikey");
                    }
                    if (apiKeyMiddleware.isEnabled()) {
                        return apiKeyMiddleware.handleApiKey(lightLambdaExchange, path);
                    }
                }
            }
        }
        Optional valueIgnoreCase = MapUtil.getValueIgnoreCase(lightLambdaExchange.getRequest().getHeaders(), "Authorization");
        if (valueIgnoreCase.isEmpty()) {
            LOG.error("Basic or JWT or SWT is enabled and authorization header is missing.");
            if (!next.isBasic()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("UnifiedSecurityMiddleware.execute ends with an error.");
                }
                return new Status(MISSING_AUTH_TOKEN, new Object[0]);
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Basic is enabled and set WWW-Authenticate header to Basic realm=\"Default Realm\"");
            }
            Status status = new Status(MISSING_AUTH_TOKEN, new Object[0]);
            APIGatewayProxyResponseEvent aPIGatewayProxyResponseEvent = new APIGatewayProxyResponseEvent();
            HashMap hashMap = new HashMap();
            hashMap.put("WWW-Authenticate", "Basic realm=\"Default Realm\"");
            aPIGatewayProxyResponseEvent.setHeaders(hashMap);
            aPIGatewayProxyResponseEvent.setStatusCode(Integer.valueOf(status.getStatusCode()));
            aPIGatewayProxyResponseEvent.setBody(status.toString());
            lightLambdaExchange.setInitialResponse(aPIGatewayProxyResponseEvent);
            if (LOG.isDebugEnabled()) {
                LOG.debug("UnifiedSecurityMiddleware.execute ends with an error.");
            }
            return status;
        }
        String str = (String) valueIgnoreCase.get();
        if (str.trim().length() <= 5) {
            LOG.error("Invalid/Unsupported authorization header {}", str);
            return new Status(INVALID_AUTHORIZATION_HEADER, str);
        }
        if (BASIC_PREFIX.equalsIgnoreCase(str.substring(0, 5))) {
            BasicAuthMiddleware basicAuthMiddleware = (BasicAuthMiddleware) Handler.getHandlers().get(BASIC_PREFIX.toLowerCase());
            if (basicAuthMiddleware == null) {
                LOG.error("Cannot find BasicAuthMiddleware with alias name basic.");
                return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.BasicAuthMiddleware@basic");
            }
            if (basicAuthMiddleware.isEnabled()) {
                return basicAuthMiddleware.handleBasicAuth(lightLambdaExchange, path, str);
            }
        } else {
            if (!BEARER_PREFIX.equalsIgnoreCase(str.substring(0, 6))) {
                String substring = str.length() > 10 ? str.substring(0, 10) : str;
                LOG.error("Invalid/Unsupported authorization header {}", substring);
                return new Status(INVALID_AUTHORIZATION_HEADER, substring);
            }
            Map<String, LambdaHandler> handlers = Handler.getHandlers();
            if (next.isJwt() && next.isSwt()) {
                boolean isJwtToken = StringUtils.isJwtToken(str);
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Both jwt and swt are true and check token is jwt = {}", Boolean.valueOf(isJwtToken));
                }
                if (isJwtToken) {
                    JwtVerifyMiddleware jwtVerifyMiddleware = (JwtVerifyMiddleware) handlers.get("jwt");
                    if (jwtVerifyMiddleware == null) {
                        LOG.error("Cannot find JwtVerifyMiddleware with alias name jwt.");
                        return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.JwtVerifyMiddleware@jwt");
                    }
                    if (jwtVerifyMiddleware.isEnabled()) {
                        return jwtVerifyMiddleware.handleJwt(lightLambdaExchange, next.getPrefix(), path, next.getJwkServiceIds());
                    }
                } else {
                    SwtVerifyMiddleware swtVerifyMiddleware = (SwtVerifyMiddleware) handlers.get("swt");
                    if (swtVerifyMiddleware == null) {
                        LOG.error("Cannot find SwtVerifyMiddleware with alias name swt.");
                        return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.SwtVerifyMiddleware@swt");
                    }
                    if (swtVerifyMiddleware.isEnabled()) {
                        return swtVerifyMiddleware.handleSwt(lightLambdaExchange, path, next.getSwtServiceIds());
                    }
                }
            } else if (next.isJwt()) {
                JwtVerifyMiddleware jwtVerifyMiddleware2 = (JwtVerifyMiddleware) handlers.get("jwt");
                if (jwtVerifyMiddleware2 == null) {
                    LOG.error("Cannot find JwtVerifyMiddleware with alias name jwt.");
                    return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.JwtVerifyMiddleware@jwt");
                }
                if (jwtVerifyMiddleware2.isEnabled()) {
                    return jwtVerifyMiddleware2.handleJwt(lightLambdaExchange, next.getPrefix(), path, next.getJwkServiceIds());
                }
            } else {
                SwtVerifyMiddleware swtVerifyMiddleware2 = (SwtVerifyMiddleware) handlers.get("swt");
                if (swtVerifyMiddleware2 == null) {
                    LOG.error("Cannot find SwtVerifyMiddleware with alias name swt.");
                    return new Status(HANDLER_NOT_FOUND, "com.networknt.aws.lambda.handler.middleware.security.SwtVerifyMiddleware@swt");
                }
                if (swtVerifyMiddleware2.isEnabled()) {
                    return swtVerifyMiddleware2.handleSwt(lightLambdaExchange, path, next.getSwtServiceIds());
                }
            }
        }
        if (!z) {
            LOG.error("Cannot find prefix entry in pathPrefixAuths for {}", path);
            return new Status(MISSING_PATH_PREFIX_AUTH, path);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("UnifiedSecurityMiddleware.execute ends.");
        }
        return successMiddlewareStatus();
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public void getCachedConfigurations() {
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isEnabled() {
        return CONFIG.isEnabled();
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void register() {
        ModuleRegistry.registerModule(UnifiedSecurityConfig.CONFIG_NAME, UnifiedSecurityMiddleware.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(UnifiedSecurityConfig.CONFIG_NAME), null);
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void reload() {
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isContinueOnFailure() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isAudited() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isAsynchronous() {
        return false;
    }
}
