package com.networknt.router;

import com.networknt.basicauth.BasicAuthConfig;
import com.networknt.client.oauth.Jwt;
import com.networknt.config.JsonMapper;
import com.networknt.handler.LightHttpHandler;
import com.networknt.http.client.oauth.SAMLBearerRequest;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.monad.Result;
import com.networknt.router.middleware.TokenHandler;
import com.networknt.utility.HashUtil;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.StuckThreadDetectionHandler;
import io.undertow.util.Headers;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/router/OAuthServerHandler.class */
public class OAuthServerHandler implements LightHttpHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) OAuthServerHandler.class);
    private static final String UNSUPPORTED_GRANT_TYPE = "ERR12001";
    private static final String INVALID_BASIC_CREDENTIALS = "ERR12004";
    private static final String CONTENT_TYPE_MISSING = "ERR10076";
    private static final String INVALID_CONTENT_TYPE = "ERR10077";
    private static final String MISSING_AUTHORIZATION_HEADER = "ERR12002";
    private static final String INVALID_AUTHORIZATION_HEADER = "ERR12003";
    OAuthServerConfig config = OAuthServerConfig.load();

    public OAuthServerHandler() {
        if (logger.isInfoEnabled()) {
            logger.info("OAuthServerHandler is loaded.");
        }
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        String substring;
        httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
        String first = httpServerExchange.getRequestHeaders().getFirst(Headers.CONTENT_TYPE);
        if (first == null) {
            logger.error("content type is missing and it is required.");
            setExchangeStatus(httpServerExchange, CONTENT_TYPE_MISSING, new Object[0]);
            return;
        }
        if (!first.startsWith("application/json") && !first.startsWith("multipart/form-data") && !first.startsWith("application/x-www-form-urlencoded")) {
            logger.error("invalid content type " + first);
            setExchangeStatus(httpServerExchange, INVALID_CONTENT_TYPE, first);
            return;
        }
        Map map = (Map) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY);
        String str = (String) map.get("client_id");
        String str2 = (String) map.get("client_secret");
        String str3 = (String) map.get(SAMLBearerRequest.GRANT_TYPE_KEY);
        if (!"client_credentials".equals(str3)) {
            logger.error("not supported grant type " + str3);
            setExchangeStatus(httpServerExchange, UNSUPPORTED_GRANT_TYPE, str3);
            return;
        }
        if (str == null || str2 == null) {
            String first2 = httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION);
            if (first2 == null) {
                logger.error("Missing authorization header.");
                setExchangeStatus(httpServerExchange, MISSING_AUTHORIZATION_HEADER, new Object[0]);
                return;
            } else if (!"BASIC".equalsIgnoreCase(first2.substring(0, 5))) {
                logger.error("Invalid authorization header " + first2.substring(0, 10));
                setExchangeStatus(httpServerExchange, INVALID_AUTHORIZATION_HEADER, first2.substring(0, 10));
                return;
            } else {
                substring = first2.substring(6);
                if (substring.indexOf(58) == -1) {
                    substring = new String(Base64.decodeBase64(substring), StandardCharsets.UTF_8);
                }
            }
        } else {
            substring = str + ":" + str2;
        }
        if (this.config.getClientCredentials() != null) {
            Stream<String> stream = this.config.getClientCredentials().stream();
            String str4 = substring;
            Objects.requireNonNull(str4);
            if (stream.anyMatch((v1) -> {
                return r1.equals(v1);
            })) {
                HashMap hashMap = new HashMap();
                if (this.config.isPassThrough()) {
                    Result<Jwt> jwtToken = TokenHandler.getJwtToken(this.config.getTokenServiceId());
                    if (jwtToken.isFailure()) {
                        logger.error("Cannot populate or renew jwt for client credential grant type: " + jwtToken.getError().toString());
                        setExchangeStatus(httpServerExchange, jwtToken.getError());
                        return;
                    } else {
                        Jwt result = jwtToken.getResult();
                        hashMap.put("access_token", result.getJwt());
                        hashMap.put("token_type", BasicAuthConfig.BEARER);
                        hashMap.put("expires_in", Long.valueOf((result.getExpire() - System.currentTimeMillis()) / 1000));
                    }
                } else {
                    hashMap.put("access_token", HashUtil.generateUUID());
                    hashMap.put("token_type", BasicAuthConfig.BEARER);
                    hashMap.put("expires_in", Integer.valueOf(StuckThreadDetectionHandler.DEFAULT_THRESHOLD));
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("matched credential, sending response.");
                }
                httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
                httpServerExchange.getResponseSender().send(JsonMapper.toJson(hashMap));
                return;
            }
        }
        logger.error("invalid credentials");
        setExchangeStatus(httpServerExchange, INVALID_BASIC_CREDENTIALS, substring);
    }
}
