package com.networknt.openapi;

import com.networknt.config.Config;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.handler.config.HandlerConfig;
import com.networknt.oas.model.Operation;
import com.networknt.oas.model.Path;
import com.networknt.oas.model.SecurityParameter;
import com.networknt.oas.model.SecurityRequirement;
import com.networknt.security.AbstractJwtVerifyHandler;
import com.networknt.security.JwtVerifier;
import com.networknt.security.SecurityConfig;
import com.networknt.utility.Constants;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/openapi/JwtVerifyHandler.class */
public class JwtVerifyHandler extends AbstractJwtVerifyHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) JwtVerifyHandler.class);
    static final String STATUS_INVALID_REQUEST_PATH = "ERR10007";
    static final String STATUS_METHOD_NOT_ALLOWED = "ERR10008";
    String basePath;

    public JwtVerifyHandler() {
        config = SecurityConfig.load();
        jwtVerifier = new JwtVerifier(config);
        HandlerConfig load = HandlerConfig.load();
        this.basePath = load == null ? "/" : load.getBasePath();
    }

    @Override // com.networknt.security.AbstractJwtVerifyHandler
    public List<String> getSpecScopes(HttpServerExchange httpServerExchange, Map<String, Object> map) throws Exception {
        Operation operation = getOperation(httpServerExchange, (OpenApiOperation) map.get(Constants.OPENAPI_OPERATION_STRING), map);
        if (operation == null) {
            if (!config.isSkipVerifyScopeWithoutSpec()) {
                return null;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("SwtVerifyHandler.handleRequest ends without verifying scope due to spec.");
            }
            Handler.next(httpServerExchange, this.next);
            return null;
        }
        List<String> list = null;
        List<SecurityRequirement> securityRequirements = operation.getSecurityRequirements();
        if (securityRequirements != null) {
            for (SecurityRequirement securityRequirement : securityRequirements) {
                SecurityParameter securityParameter = null;
                Iterator<String> it = OpenApiHandler.getHelper(httpServerExchange.getRequestPath()).oauth2Names.iterator();
                while (it.hasNext()) {
                    securityParameter = securityRequirement.getRequirement(it.next());
                    if (securityParameter != null) {
                        break;
                    }
                }
                if (securityParameter != null) {
                    list = securityParameter.getParameters();
                }
                if (list != null) {
                    break;
                }
            }
        }
        return list;
    }

    protected Operation getOperation(HttpServerExchange httpServerExchange, OpenApiOperation openApiOperation, Map<String, Object> map) {
        Operation operation;
        if (openApiOperation == null) {
            ApiNormalisedPath apiNormalisedPath = new ApiNormalisedPath(httpServerExchange.getRequestURI(), this.basePath);
            OpenApiHelper helper = OpenApiHandler.getHelper(httpServerExchange.getRequestPath());
            Optional<NormalisedPath> empty = helper == null ? Optional.empty() : helper.findMatchingApiPath(apiNormalisedPath);
            if (empty.isEmpty()) {
                if (config.isSkipVerifyScopeWithoutSpec()) {
                    return null;
                }
                setExchangeStatus(httpServerExchange, STATUS_INVALID_REQUEST_PATH, new Object[0]);
                return null;
            }
            NormalisedPath normalisedPath = empty.get();
            Path path = OpenApiHandler.getHelper(httpServerExchange.getRequestPath()).openApi3.getPath(normalisedPath.original());
            String lowerCase = httpServerExchange.getRequestMethod().toString().toLowerCase();
            operation = path.getOperation(lowerCase);
            if (operation == null) {
                setExchangeStatus(httpServerExchange, STATUS_METHOD_NOT_ALLOWED, lowerCase, normalisedPath.normalised());
                httpServerExchange.endExchange();
                return null;
            }
            map.put(Constants.OPENAPI_OPERATION_STRING, new OpenApiOperation(normalisedPath, path, lowerCase, operation));
            map.put("endpoint", normalisedPath.normalised() + "@" + lowerCase);
        } else {
            operation = openApiOperation.getOperation();
        }
        return operation;
    }

    @Override // com.networknt.security.AbstractJwtVerifyHandler, com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.security.AbstractJwtVerifyHandler, com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        return config.isEnableVerifyJwt();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule("security", JwtVerifyHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache("security"), null);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void reload() {
        config.reload();
        jwtVerifier = new JwtVerifier(config);
        ModuleRegistry.registerModule("security", JwtVerifyHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache("security"), null);
    }

    @Override // com.networknt.security.AbstractJwtVerifyHandler, com.networknt.security.IJwtVerifyHandler
    public JwtVerifier getJwtVerifier() {
        return jwtVerifier;
    }
}
