package com.networknt.rpc.router;

import com.fasterxml.jackson.core.type.TypeReference;
import com.networknt.config.Config;
import com.networknt.exception.ExpiredTokenException;
import com.networknt.handler.LightHttpHandler;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.httpstring.HttpStringConstants;
import com.networknt.rpc.Handler;
import com.networknt.security.JwtVerifier;
import com.networknt.status.Status;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormData;
import io.undertow.util.HeaderMap;
import io.undertow.util.Headers;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/rpc/router/AbstractRpcHandler.class */
public abstract class AbstractRpcHandler implements LightHttpHandler {
    private static final Logger logger = LoggerFactory.getLogger(AbstractRpcHandler.class);
    private static final String SCHEMA = "schema.json";
    private static final String HYBRID_SECURITY_CONFIG = "hybrid-security";
    private static final String ENABLE_VERIFY_JWT = "enableVerifyJwt";
    private static final String ENABLE_VERIFY_SCOPE = "enableVerifyScope";
    private static final String SKIP_AUTH = "skipAuth";
    private static final String STATUS_INVALID_SCOPE_TOKEN = "ERR10003";
    private static final String STATUS_SCOPE_TOKEN_EXPIRED = "ERR10004";
    private static final String STATUS_AUTH_TOKEN_SCOPE_MISMATCH = "ERR10005";
    private static final String STATUS_SCOPE_TOKEN_SCOPE_MISMATCH = "ERR10006";
    private static final String STATUS_INVALID_AUTH_TOKEN = "ERR10000";
    private static final String STATUS_AUTH_TOKEN_EXPIRED = "ERR10001";
    private static final String STATUS_MISSING_AUTH_TOKEN = "ERR10002";
    private static Map<String, Object> config;
    private static JwtVerifier jwtVerifier;
    public static Map<String, Object> schema;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void completeExchange(ByteBuffer byteBuffer, HttpServerExchange httpServerExchange) {
        if (byteBuffer != null) {
            httpServerExchange.getResponseSender().send(byteBuffer);
        } else {
            httpServerExchange.setStatusCode(200);
            httpServerExchange.endExchange();
        }
    }

    public String getServiceId(Map<String, Object> map) {
        return (map.get("host") == null ? "" : map.get("host") + "/") + (map.get("service") == null ? "" : map.get("service") + "/") + (map.get("action") == null ? "" : map.get("action") + "/") + (map.get("version") == null ? "" : map.get("version"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getServiceId(FormData formData) {
        return (formData.contains("host") ? ((FormData.FormValue) formData.get("host").peek()).getValue() + "/" : "") + (formData.contains("service") ? ((FormData.FormValue) formData.get("service").peek()).getValue() + "/" : "") + (formData.contains("action") ? ((FormData.FormValue) formData.get("action").peek()).getValue() + "/" : "") + (formData.contains("version") ? ((FormData.FormValue) formData.get("version").peek()).getValue() : "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Status verifyJwt(String str, HttpServerExchange httpServerExchange) {
        Map map = (Map) schema.get(str);
        if (!isVerifyJwt(map.get(SKIP_AUTH))) {
            return null;
        }
        HeaderMap requestHeaders = httpServerExchange.getRequestHeaders();
        String first = requestHeaders.getFirst(Headers.AUTHORIZATION);
        JwtVerifier jwtVerifier2 = jwtVerifier;
        String jwtFromAuthorization = JwtVerifier.getJwtFromAuthorization(first);
        if (jwtFromAuthorization == null) {
            return new Status(STATUS_MISSING_AUTH_TOKEN, new Object[0]);
        }
        try {
            try {
                JwtClaims verifyJwt = jwtVerifier.verifyJwt(jwtFromAuthorization, false, true);
                HashMap hashMap = new HashMap();
                httpServerExchange.putAttachment(AttachmentConstants.AUDIT_INFO, hashMap);
                hashMap.put("endpoint", str);
                hashMap.put("client_id", verifyJwt.getStringClaimValue("client_id"));
                hashMap.put("user_id", verifyJwt.getStringClaimValue("user_id"));
                hashMap.put("roles", verifyJwt.getStringClaimValue("roles"));
                hashMap.put("subject_claims", verifyJwt);
                String first2 = requestHeaders.getFirst(HttpStringConstants.CALLER_ID);
                if (first2 != null) {
                    hashMap.put("caller_id", first2);
                }
                if (!((Boolean) config.get(ENABLE_VERIFY_SCOPE)).booleanValue()) {
                    return null;
                }
                String first3 = requestHeaders.getFirst(HttpStringConstants.SCOPE_TOKEN);
                JwtVerifier jwtVerifier3 = jwtVerifier;
                String jwtFromAuthorization2 = JwtVerifier.getJwtFromAuthorization(first3);
                List<String> list = null;
                if (jwtFromAuthorization2 != null) {
                    try {
                        JwtClaims verifyJwt2 = jwtVerifier.verifyJwt(jwtFromAuthorization2, false, true);
                        Object claimValue = verifyJwt2.getClaimValue("scope");
                        if (claimValue instanceof String) {
                            list = Arrays.asList(verifyJwt2.getStringClaimValue("scope").split(" "));
                        } else if (claimValue instanceof List) {
                            list = verifyJwt2.getStringListClaimValue("scope");
                        }
                        if (list == null || list.isEmpty()) {
                            Object claimValue2 = verifyJwt2.getClaimValue("scp");
                            if (claimValue2 instanceof String) {
                                list = Arrays.asList(verifyJwt2.getStringClaimValue("scp").split(" "));
                            } else if (claimValue2 instanceof List) {
                                list = verifyJwt2.getStringListClaimValue("scp");
                            }
                        }
                        hashMap.put("scope_client_id", verifyJwt2.getStringClaimValue("client_id"));
                        hashMap.put("access_claims", verifyJwt2);
                    } catch (InvalidJwtException | MalformedClaimException e) {
                        logger.error("InvalidJwtException", e);
                        return new Status(STATUS_INVALID_SCOPE_TOKEN, new Object[0]);
                    } catch (ExpiredTokenException e2) {
                        logger.error("ExpiredTokenException", e2);
                        return new Status(STATUS_SCOPE_TOKEN_EXPIRED, new Object[0]);
                    }
                }
                String str2 = (String) map.get("scope");
                List<String> asList = str2 == null ? null : Arrays.asList(str2.split("\\s+"));
                if (first3 != null) {
                    if (list == null || !matchedScopes(list, asList)) {
                        return new Status(STATUS_SCOPE_TOKEN_SCOPE_MISMATCH, new Object[]{list, asList});
                    }
                    return null;
                }
                List<String> list2 = null;
                try {
                    Object claimValue3 = verifyJwt.getClaimValue("scope");
                    if (claimValue3 instanceof String) {
                        list2 = Arrays.asList(verifyJwt.getStringClaimValue("scope").split(" "));
                    } else if (claimValue3 instanceof List) {
                        list2 = verifyJwt.getStringListClaimValue("scope");
                    }
                    if (list2 == null || list2.isEmpty()) {
                        Object claimValue4 = verifyJwt.getClaimValue("scp");
                        if (claimValue4 instanceof String) {
                            list2 = Arrays.asList(verifyJwt.getStringClaimValue("scp").split(" "));
                        } else if (claimValue4 instanceof List) {
                            list2 = verifyJwt.getStringListClaimValue("scp");
                        }
                    }
                    if (matchedScopes(list2, asList)) {
                        return null;
                    }
                    return new Status(STATUS_AUTH_TOKEN_SCOPE_MISMATCH, new Object[]{list2, asList});
                } catch (MalformedClaimException e3) {
                    logger.error("MalformedClaimException", e3);
                    return new Status(STATUS_INVALID_AUTH_TOKEN, new Object[0]);
                }
            } catch (InvalidJwtException | MalformedClaimException e4) {
                logger.error("InvalidJwtException:", e4);
                return new Status(STATUS_INVALID_AUTH_TOKEN, new Object[0]);
            }
        } catch (ExpiredTokenException e5) {
            logger.error("ExpiredTokenException", e5);
            return new Status(STATUS_AUTH_TOKEN_EXPIRED, new Object[0]);
        }
    }

    public boolean isVerifyJwt(Object obj) {
        Object obj2;
        return (obj == null || !Boolean.valueOf(obj.toString()).booleanValue()) && (obj2 = config.get(ENABLE_VERIFY_JWT)) != null && Boolean.valueOf(obj2.toString()).booleanValue();
    }

    private boolean matchedScopes(List<String> list, List<String> list2) {
        boolean z = false;
        if (list2 == null || list2.size() <= 0) {
            z = true;
        } else if (list != null && list.size() > 0) {
            Iterator<String> it = list2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (list.contains(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handler getHandlerOrPopulateExchange(String str, HttpServerExchange httpServerExchange) {
        Handler handler = RpcStartupHookProvider.serviceMap.get(str);
        if (handler != null) {
            return handler;
        }
        setExchangeStatus(httpServerExchange, "ERR11200", new Object[]{str});
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleFormDataRequest(Handler handler, FormData formData, HttpServerExchange httpServerExchange) {
        completeExchange(handler.handle(httpServerExchange, formData), httpServerExchange);
    }

    static {
        config = Config.getInstance().getJsonMapConfig(HYBRID_SECURITY_CONFIG);
        if (config == null) {
            config = Config.getInstance().getJsonMapConfig("security");
        }
        jwtVerifier = new JwtVerifier(config);
        schema = new HashMap();
        try {
            Enumeration<URL> resources = JsonHandler.class.getClassLoader().getResources(SCHEMA);
            while (resources.hasMoreElements()) {
                URL nextElement = resources.nextElement();
                if (logger.isDebugEnabled()) {
                    logger.debug("schema file = " + nextElement);
                }
                InputStream openStream = nextElement.openStream();
                try {
                    schema.putAll((Map) Config.getInstance().getMapper().readValue(openStream, new TypeReference<Map<String, Object>>() { // from class: com.networknt.rpc.router.AbstractRpcHandler.1
                    }));
                    if (openStream != null) {
                        openStream.close();
                    }
                } finally {
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("schema = " + Config.getInstance().getMapper().writeValueAsString(schema));
            }
        } catch (IOException e) {
            logger.error("Error loading schema.json files from service jars", e);
        }
    }
}
