package net.unit8.bouncr.proxy;

import enkan.exception.MisconfigurationException;
import enkan.middleware.session.KeyValueStore;
import enkan.util.BeanBuilder;
import io.undertow.client.ClientCallback;
import io.undertow.client.ClientConnection;
import io.undertow.client.UndertowClient;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.ServerConnection;
import io.undertow.server.handlers.Cookie;
import io.undertow.server.handlers.proxy.ProxyCallback;
import io.undertow.server.handlers.proxy.ProxyClient;
import io.undertow.server.handlers.proxy.ProxyConnection;
import io.undertow.util.AttachmentKey;
import io.undertow.util.HttpString;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import net.unit8.bouncr.component.BouncrConfiguration;
import net.unit8.bouncr.component.RealmCache;
import net.unit8.bouncr.entity.Application;
import net.unit8.bouncr.entity.Realm;
import net.unit8.bouncr.sign.JsonWebToken;
import net.unit8.bouncr.sign.JwtHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xnio.IoUtils;
import org.xnio.OptionMap;

/* loaded from: input_file:net/unit8/bouncr/proxy/MultiAppProxyClient.class */
public class MultiAppProxyClient implements ProxyClient {
    private static final Logger LOG = LoggerFactory.getLogger(MultiAppProxyClient.class);
    private static final ProxyClient.ProxyTarget PROXY_TARGET = new ProxyClient.ProxyTarget() { // from class: net.unit8.bouncr.proxy.MultiAppProxyClient.1
    };
    private final KeyValueStore store;
    private final RealmCache realmCache;
    private final BouncrConfiguration config;
    private final JsonWebToken jwt;
    private final AttachmentKey<ClientConnection> clientAttachmentKey = AttachmentKey.create(ClientConnection.class);
    private final UndertowClient client = UndertowClient.getInstance();
    private final JwtHeader jwtHeader = (JwtHeader) BeanBuilder.builder(new JwtHeader()).set((v0, v1) -> {
        v0.setAlg(v1);
    }, "none").build();

    /* loaded from: input_file:net/unit8/bouncr/proxy/MultiAppProxyClient$ConnectNotifier.class */
    private final class ConnectNotifier implements ClientCallback<ClientConnection> {
        private final ProxyCallback<ProxyConnection> callback;
        private final HttpServerExchange exchange;

        private ConnectNotifier(ProxyCallback<ProxyConnection> proxyCallback, HttpServerExchange httpServerExchange) {
            this.callback = proxyCallback;
            this.exchange = httpServerExchange;
        }

        public void completed(ClientConnection clientConnection) {
            ServerConnection connection = this.exchange.getConnection();
            connection.putAttachment(MultiAppProxyClient.this.clientAttachmentKey, clientConnection);
            connection.addCloseListener(serverConnection -> {
                IoUtils.safeClose(clientConnection);
            });
            clientConnection.getCloseSetter().set(channel -> {
                connection.removeAttachment(MultiAppProxyClient.this.clientAttachmentKey);
            });
            this.exchange.setRelativePath("/");
            Application application = MultiAppProxyClient.this.realmCache.getApplication(MultiAppProxyClient.this.realmCache.matches(this.exchange.getRequestPath()));
            String requestURI = this.exchange.getRequestURI();
            if (requestURI.startsWith(application.getVirtualPath())) {
                String calculatePathTo = MultiAppProxyClient.this.calculatePathTo(requestURI, application);
                this.exchange.setRequestPath(calculatePathTo);
                this.exchange.setRequestURI(calculatePathTo);
            }
            this.callback.completed(this.exchange, new ProxyConnection(clientConnection, "/"));
        }

        public void failed(IOException iOException) {
            this.callback.failed(this.exchange);
        }
    }

    public MultiAppProxyClient(BouncrConfiguration bouncrConfiguration, KeyValueStore keyValueStore, RealmCache realmCache, JsonWebToken jsonWebToken) {
        this.config = bouncrConfiguration;
        this.store = keyValueStore;
        this.realmCache = realmCache;
        this.jwt = jsonWebToken;
    }

    public ProxyClient.ProxyTarget findTarget(HttpServerExchange httpServerExchange) {
        return PROXY_TARGET;
    }

    private String calculatePathTo(String str, Application application) {
        String path = application.getUriToPass().getPath();
        if (path != null && path.endsWith("/")) {
            path = path.substring(0, path.length() - 1);
        }
        return path + str.substring(application.getVirtualPath().length());
    }

    public void getConnection(ProxyClient.ProxyTarget proxyTarget, HttpServerExchange httpServerExchange, ProxyCallback<ProxyConnection> proxyCallback, long j, TimeUnit timeUnit) {
        Realm matches = this.realmCache.matches(httpServerExchange.getRequestPath());
        if (matches == null) {
            httpServerExchange.setStatusCode(404);
            httpServerExchange.endExchange();
            return;
        }
        parseToken(httpServerExchange).ifPresent(str -> {
            authenticate(str).ifPresent(hashMap -> {
                List list = (List) ((Map) hashMap.remove("permissionsByRealm")).get(matches.getId().toString());
                HashMap hashMap = new HashMap(hashMap);
                hashMap.put("permissions", Optional.ofNullable(list).orElse(Collections.emptyList()));
                httpServerExchange.getRequestHeaders().put(HttpString.tryFromString(this.config.getBackendHeaderName()), this.jwt.sign(hashMap, this.jwtHeader, (byte[]) null));
            });
        });
        Application application = this.realmCache.getApplication(matches);
        ClientConnection clientConnection = (ClientConnection) httpServerExchange.getConnection().getAttachment(this.clientAttachmentKey);
        if (clientConnection != null) {
            if (clientConnection.isOpen()) {
                String requestURI = httpServerExchange.getRequestURI();
                if (requestURI.startsWith(application.getVirtualPath())) {
                    String calculatePathTo = calculatePathTo(requestURI, application);
                    httpServerExchange.setRequestPath(calculatePathTo);
                    httpServerExchange.setRequestURI(calculatePathTo);
                }
                proxyCallback.completed(httpServerExchange, new ProxyConnection(clientConnection, "/"));
                return;
            }
            httpServerExchange.getConnection().removeAttachment(this.clientAttachmentKey);
        }
        try {
            URI uriToPass = application.getUriToPass();
            LOG.debug("PASS: {}", uriToPass);
            this.client.connect(new ConnectNotifier(proxyCallback, httpServerExchange), new URI(uriToPass.getScheme(), null, uriToPass.getHost(), uriToPass.getPort(), null, null, null), httpServerExchange.getIoThread(), httpServerExchange.getConnection().getByteBufferPool(), OptionMap.EMPTY);
        } catch (URISyntaxException e) {
            throw new MisconfigurationException("bouncr.proxy.WRONG_URI", new Object[]{application.getUriToPass(), e});
        }
    }

    private Optional<String> parseToken(HttpServerExchange httpServerExchange) {
        if (!httpServerExchange.getRequestHeaders().contains("Authorization")) {
            return httpServerExchange.getRequestCookies().containsKey(this.config.getTokenName()) ? Optional.of(((Cookie) httpServerExchange.getRequestCookies().get(this.config.getTokenName())).getValue()) : Optional.empty();
        }
        String[] split = httpServerExchange.getRequestHeaders().getFirst("Authorization").split("\\s+");
        return split[0].equalsIgnoreCase("Bearer") ? Optional.of(split[1]) : Optional.empty();
    }

    private Optional<HashMap<String, Object>> authenticate(String str) {
        return Optional.ofNullable((HashMap) this.store.read(str));
    }
}
