package com.networknt.oauth.key.handler;

import com.networknt.body.BodyHandler;
import com.networknt.client.oauth.KeyRequest;
import com.networknt.client.oauth.OauthHelper;
import com.networknt.config.Config;
import com.networknt.exception.ApiException;
import com.networknt.exception.ClientException;
import com.networknt.handler.LightHttpHandler;
import com.networknt.oauth.cache.AuditInfoHandler;
import com.networknt.oauth.cache.CacheStartupHookProvider;
import com.networknt.oauth.cache.model.AuditInfo;
import com.networknt.oauth.cache.model.Client;
import com.networknt.oauth.cache.model.Oauth2Service;
import com.networknt.oauth.cache.model.Provider;
import com.networknt.security.SecurityConfig;
import com.networknt.status.Status;
import com.networknt.utility.HashUtil;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Locale;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/key/handler/Oauth2KeyKeyIdGetHandler.class */
public class Oauth2KeyKeyIdGetHandler extends AuditInfoHandler implements LightHttpHandler {
    static final String CONFIG_SECURITY = "security";
    static final String KEY_NOT_FOUND = "ERR12017";
    static final String MISSING_AUTHORIZATION_HEADER = "ERR12002";
    static final String CLIENT_NOT_FOUND = "ERR12014";
    static final String RUNTIME_EXCEPTION = "ERR10010";
    static final String UNAUTHORIZED_CLIENT = "ERR12007";
    static final String INVALID_KEY_ID = "ERR12030";
    private static final String COLON = ":";
    static final Logger logger = LoggerFactory.getLogger((Class<?>) Oauth2KeyKeyIdGetHandler.class);
    private static final String BASIC_PREFIX = Headers.BASIC + " ";
    private static final String LOWERCASE_BASIC_PREFIX = BASIC_PREFIX.toLowerCase(Locale.ENGLISH);
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();
    private static final String CONFIG = "oauth_key";
    private static final OauthKeyConfig oauth_config = (OauthKeyConfig) Config.getInstance().getJsonObjectConfig(CONFIG, OauthKeyConfig.class);

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        String first = httpServerExchange.getQueryParameters().get("keyId").getFirst();
        if (logger.isDebugEnabled()) {
            logger.debug("keyId = " + first);
        }
        SecurityConfig load = SecurityConfig.load("security");
        Map<String, Object> certificate = load.getCertificate();
        String providerId = load.getProviderId();
        if (getProviderId(first) == null || "00".equals(getProviderId(first)) || providerId.equals(getProviderId(first))) {
            if (getProviderId(first) == null || providerId.equals(getProviderId(first))) {
                HeaderValues headerValues = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
                if (headerValues == null) {
                    setExchangeStatus(httpServerExchange, MISSING_AUTHORIZATION_HEADER, new Object[0]);
                    processAudit(httpServerExchange);
                    return;
                }
                String first2 = headerValues.getFirst();
                if (first2 == null) {
                    setExchangeStatus(httpServerExchange, MISSING_AUTHORIZATION_HEADER, new Object[0]);
                    processAudit(httpServerExchange);
                    return;
                } else if (authenticate(first2) == null) {
                    setExchangeStatus(httpServerExchange, UNAUTHORIZED_CLIENT, new Object[0]);
                    processAudit(httpServerExchange);
                    return;
                }
            }
            String str = (String) certificate.get(getKeyId(first));
            if (str != null) {
                String stringFromFile = Config.getInstance().getStringFromFile(str);
                if (logger.isDebugEnabled()) {
                    logger.debug("certificate = " + stringFromFile);
                }
                if (stringFromFile != null) {
                    httpServerExchange.getResponseHeaders().add(Headers.CONTENT_TYPE, "application/text");
                    httpServerExchange.getResponseSender().send(stringFromFile);
                } else {
                    setExchangeStatus(httpServerExchange, KEY_NOT_FOUND, first);
                }
            } else {
                setExchangeStatus(httpServerExchange, INVALID_KEY_ID, first);
            }
        } else {
            String certificateFromProvider = getCertificateFromProvider(getProviderId(first), getKeyId(first));
            if (logger.isDebugEnabled()) {
                logger.debug("certificate from provider = " + certificateFromProvider);
            }
            if (certificateFromProvider != null) {
                httpServerExchange.getResponseHeaders().add(Headers.CONTENT_TYPE, "application/text");
                httpServerExchange.getResponseSender().send(certificateFromProvider);
            } else {
                setExchangeStatus(httpServerExchange, KEY_NOT_FOUND, first);
            }
        }
        processAudit(httpServerExchange);
    }

    private String authenticate(String str) throws ApiException {
        String str2 = null;
        if (str.toLowerCase(Locale.ENGLISH).startsWith(LOWERCASE_BASIC_PREFIX)) {
            try {
                ByteBuffer decode = FlexBase64.decode(str.substring(PREFIX_LENGTH));
                Charset charset = StandardCharsets.UTF_8;
                String str3 = new String(decode.array(), decode.arrayOffset(), decode.limit(), charset);
                logger.debug("Found basic auth header %s (decoded using charset %s) in %s", str3, charset, str);
                int indexOf = str3.indexOf(":");
                if (indexOf > -1) {
                    String substring = str3.substring(0, indexOf);
                    String substring2 = str3.substring(indexOf + 1);
                    Client client = (Client) CacheStartupHookProvider.hz.getMap("clients").get(substring);
                    if (client == null) {
                        throw new ApiException(new Status(CLIENT_NOT_FOUND, substring));
                    }
                    if (!HashUtil.validatePassword(substring2.toCharArray(), client.getClientSecret())) {
                        throw new ApiException(new Status(UNAUTHORIZED_CLIENT, new Object[0]));
                    }
                    str2 = substring;
                }
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                logger.error("Exception:", e);
                throw new ApiException(new Status(RUNTIME_EXCEPTION, new Object[0]));
            }
        }
        return str2;
    }

    private String getCertificateFromProvider(String str, String str2) throws ClientException {
        Provider provider = (Provider) CacheStartupHookProvider.hz.getMap("providers").get(str);
        String str3 = null;
        if (provider != null) {
            KeyRequest keyRequest = new KeyRequest(str2);
            keyRequest.setServerUrl(provider.getServerUrl());
            keyRequest.setUri(provider.getUri() + "/00" + str2);
            keyRequest.setEnableHttp2(true);
            str3 = OauthHelper.getKey(keyRequest);
        }
        return str3;
    }

    private String getProviderId(String str) {
        if (str.length() < 4) {
            return null;
        }
        return str.substring(0, 2);
    }

    private String getKeyId(String str) {
        return str.length() < 4 ? str : str.substring(2);
    }

    private void processAudit(HttpServerExchange httpServerExchange) throws Exception {
        if (oauth_config.isEnableAudit()) {
            AuditInfo auditInfo = new AuditInfo();
            auditInfo.setServiceId(Oauth2Service.KEY);
            auditInfo.setEndpoint(httpServerExchange.getHostName() + httpServerExchange.getRelativePath());
            auditInfo.setRequestHeader(httpServerExchange.getRequestHeaders().toString());
            auditInfo.setRequestBody(Config.getInstance().getMapper().writeValueAsString(httpServerExchange.getAttachment(BodyHandler.REQUEST_BODY)));
            auditInfo.setResponseCode(Integer.valueOf(httpServerExchange.getStatusCode()));
            auditInfo.setResponseHeader(httpServerExchange.getResponseHeaders().toString());
            auditInfo.setResponseBody(Config.getInstance().getMapper().writeValueAsString(httpServerExchange.getResponseCookies()));
            saveAudit(auditInfo);
        }
    }
}
