package com.networknt.rule.snow;

import com.networknt.client.ClientConfig;
import com.networknt.client.Http2Client;
import com.networknt.client.oauth.TokenResponse;
import com.networknt.config.Config;
import com.networknt.config.JsonMapper;
import com.networknt.proxy.PathPrefixAuth;
import com.networknt.rule.IAction;
import com.networknt.rule.RuleActionValue;
import com.networknt.utility.ModuleRegistry;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/rule/snow/SnowTokenRequestTransformAction.class */
public class SnowTokenRequestTransformAction implements IAction {
    private static final Logger logger = LoggerFactory.getLogger(SnowTokenRequestTransformAction.class);
    private static final SnowConfig config = SnowConfig.load();
    private static HttpClient client;

    public SnowTokenRequestTransformAction() {
        if (logger.isInfoEnabled()) {
            logger.info("SnowTokenRequestTransformAction is constructed");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(SnowConfig.PASSWORD);
        arrayList.add(SnowConfig.CLIENT_SECRET);
        ModuleRegistry.registerPlugin(SnowTokenRequestTransformAction.class.getPackage().getImplementationTitle(), SnowTokenRequestTransformAction.class.getPackage().getImplementationVersion(), SnowConfig.CONFIG_NAME, SnowTokenRequestTransformAction.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(SnowConfig.CONFIG_NAME), arrayList);
    }

    public void performAction(Map<String, Object> map, Map<String, Object> map2, Collection<RuleActionValue> collection) {
        map2.put("result", true);
        String str = (String) map.get("requestPath");
        if (logger.isTraceEnabled()) {
            logger.trace("requestPath = " + str);
        }
        for (PathPrefixAuth pathPrefixAuth : config.getPathPrefixAuths()) {
            if (str.startsWith(pathPrefixAuth.getPathPrefix())) {
                if (logger.isTraceEnabled()) {
                    logger.trace("found with requestPath = " + str + " prefix = " + pathPrefixAuth.getPathPrefix());
                }
                if (System.currentTimeMillis() >= pathPrefixAuth.getExpiration()) {
                    if (logger.isTraceEnabled()) {
                        Logger logger2 = logger;
                        Object[] objArr = new Object[3];
                        objArr[0] = pathPrefixAuth.getAccessToken() != null ? pathPrefixAuth.getAccessToken().substring(0, 20) : null;
                        objArr[1] = Long.valueOf(System.currentTimeMillis());
                        objArr[2] = Long.valueOf(pathPrefixAuth.getExpiration());
                        logger2.trace("Cached token {} is expired with current time {} and expired time {}", objArr);
                    }
                    TokenResponse accessToken = getAccessToken(pathPrefixAuth.getTokenUrl(), pathPrefixAuth.getUsername(), pathPrefixAuth.getPassword(), pathPrefixAuth.getClientId(), pathPrefixAuth.getClientSecret(), pathPrefixAuth.getGrantType());
                    if (accessToken == null) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("tokenResponse is null");
                            return;
                        }
                        return;
                    } else {
                        pathPrefixAuth.setExpiration((System.currentTimeMillis() + (accessToken.getExpiresIn() * 1000)) - 60000);
                        pathPrefixAuth.setAccessToken(accessToken.getAccessToken());
                        if (logger.isTraceEnabled()) {
                            logger.trace("Got a new token {} and cached it with expiration time {}", pathPrefixAuth.getAccessToken() != null ? pathPrefixAuth.getAccessToken().substring(0, 20) : null, Long.valueOf(pathPrefixAuth.getExpiration()));
                        }
                    }
                }
                if (pathPrefixAuth.getAccessToken() != null) {
                    HashMap hashMap = new HashMap();
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("Authorization", "Bearer " + pathPrefixAuth.getAccessToken());
                    hashMap.put("update", hashMap2);
                    map2.put("requestHeaders", hashMap);
                    return;
                }
            }
        }
    }

    private TokenResponse getAccessToken(String str, String str2, String str3, String str4, String str5, String str6) {
        if (client == null) {
            try {
                HttpClient.Builder sslContext = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofMillis(ClientConfig.get().getTimeout())).sslContext(Http2Client.createSSLContext());
                if (config.getProxyHost() != null) {
                    sslContext.proxy(ProxySelector.of(new InetSocketAddress(config.getProxyHost(), config.getProxyPort() == 0 ? 443 : config.getProxyPort())));
                }
                if (config.isEnableHttp2()) {
                    sslContext.version(HttpClient.Version.HTTP_2);
                }
                Map map = (Map) ClientConfig.get().getMappedConfig().get("tls");
                if (map != null && !Boolean.TRUE.equals(map.get("verifyHostname"))) {
                    System.getProperties().setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
                }
                client = sslContext.build();
            } catch (IOException e) {
                logger.error("Cannot create HttpClient:", e);
                return null;
            }
        }
        try {
            if (str == null) {
                logger.error("tokenUrl is null");
                return null;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(SnowConfig.USERNAME, str2);
            hashMap.put(SnowConfig.PASSWORD, str3);
            hashMap.put(SnowConfig.CLIENT_ID, str4);
            hashMap.put(SnowConfig.CLIENT_SECRET, str5);
            hashMap.put(SnowConfig.GRANT_TYPE, str6);
            String str7 = (String) hashMap.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&"));
            if (logger.isTraceEnabled()) {
                logger.trace("request body = " + str7);
            }
            HttpResponse send = client.send(HttpRequest.newBuilder().uri(URI.create(str)).headers(new String[]{"Content-Type", "application/x-www-form-urlencoded"}).POST(HttpRequest.BodyPublishers.ofString(str7)).build(), HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() != 200) {
                logger.error("Error in getting the token with status code " + send.statusCode() + " and body " + send.body().toString());
                return null;
            }
            Map string2Map = JsonMapper.string2Map(send.body().toString());
            if (string2Map == null) {
                logger.error("response body cannot be parsed as a JSON " + send.body());
                return null;
            }
            TokenResponse tokenResponse = new TokenResponse();
            tokenResponse.setAccessToken((String) string2Map.get("access_token"));
            tokenResponse.setExpiresIn(((Integer) string2Map.get("expires_in")).intValue());
            return tokenResponse;
        } catch (Exception e2) {
            logger.error("Exception:", e2);
            return null;
        }
    }
}
