package com.networknt.openapi;

import com.fasterxml.jackson.core.type.TypeReference;
import com.networknt.config.Config;
import com.networknt.config.ConfigException;
import com.networknt.config.schema.ArrayField;
import com.networknt.config.schema.BooleanField;
import com.networknt.config.schema.ConfigSchema;
import com.networknt.config.schema.OutputFormat;
import com.networknt.config.schema.StringField;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ConfigSchema(configName = AccessControlConfig.CONFIG_NAME, configKey = AccessControlConfig.CONFIG_NAME, configDescription = "AccessControlHandler will be the last middleware handler before the proxy on the sidecar or the last\none before the business handler to handle the fine-grained authorization in the business domain.", outputFormats = {OutputFormat.JSON_SCHEMA, OutputFormat.YAML})
/* loaded from: input_file:com/networknt/openapi/AccessControlConfig.class */
class AccessControlConfig {
    private static final Logger logger = LoggerFactory.getLogger(AccessControlConfig.class);
    public static final String CONFIG_NAME = "access-control";
    private static final String ENABLED = "enabled";
    private static final String ACCESS_RULE_LOGIC = "accessRuleLogic";
    private static final String DEFAULT_DENY = "defaultDeny";
    private static final String SKIP_PATH_PREFIXES = "skipPathPrefixes";
    private Map<String, Object> mappedConfig;
    private final Config config;

    @BooleanField(configFieldName = ENABLED, externalizedKeyName = ENABLED, externalized = true, defaultValue = true, description = "Enable Access Control Handler")
    boolean enabled;

    @StringField(configFieldName = ACCESS_RULE_LOGIC, externalizedKeyName = ACCESS_RULE_LOGIC, externalized = true, defaultValue = "any", description = "If there are multiple rules, the logic to combine them can be any or all. The default is any, and it\nmeans that any rule is satisfied, the access is granted. If all is set, all rules must be satisfied.")
    String accessRuleLogic;

    @BooleanField(configFieldName = DEFAULT_DENY, externalizedKeyName = DEFAULT_DENY, externalized = true, defaultValue = true, description = "If there is no access rule defined for the endpoint, default access is denied. Users can overwrite\nthis default action by setting this config value to false. If true, the handle will force users to\ndefine the rules for each endpoint when the access control handler is enabled.")
    boolean defaultDeny;

    @ArrayField(configFieldName = SKIP_PATH_PREFIXES, externalizedKeyName = SKIP_PATH_PREFIXES, externalized = true, description = "Define a list of path prefixes to skip the access-control to ease the configuration for the handler.yml\nso that users can define some endpoint without fine-grained access-control security even through it uses\nthe default chain. This is useful if some endpoints want to skip the fine-grained access control in the\napplication. The format is a list of strings separated with commas or a JSON list in values.yml definition\nfrom config server, or you can use yaml format in externalized access-control.yml file.", items = String.class)
    private List<String> skipPathPrefixes;

    private AccessControlConfig() {
        this(CONFIG_NAME);
    }

    private AccessControlConfig(String str) {
        this.config = Config.getInstance();
        this.mappedConfig = this.config.getJsonMapConfigNoCache(str);
        setConfigData();
        setConfigList();
    }

    public static AccessControlConfig load() {
        return new AccessControlConfig(CONFIG_NAME);
    }

    public static AccessControlConfig load(String str) {
        return new AccessControlConfig(str);
    }

    public void reload() {
        this.mappedConfig = this.config.getJsonMapConfigNoCache(CONFIG_NAME);
        setConfigData();
        setConfigList();
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public String getAccessRuleLogic() {
        return this.accessRuleLogic;
    }

    public void setAccessRuleLogic(String str) {
        this.accessRuleLogic = str;
    }

    public boolean isDefaultDeny() {
        return this.defaultDeny;
    }

    public void setDefaultDeny(boolean z) {
        this.defaultDeny = z;
    }

    public List<String> getSkipPathPrefixes() {
        return this.skipPathPrefixes;
    }

    public void setSkipPathPrefixes(List<String> list) {
        this.skipPathPrefixes = list;
    }

    public Map<String, Object> getMappedConfig() {
        return this.mappedConfig;
    }

    Config getConfig() {
        return this.config;
    }

    private void setConfigData() {
        if (getMappedConfig() != null) {
            Object obj = getMappedConfig().get(ENABLED);
            if (obj != null) {
                this.enabled = Config.loadBooleanValue(ENABLED, obj).booleanValue();
            }
            Object obj2 = getMappedConfig().get(DEFAULT_DENY);
            if (obj2 != null) {
                this.defaultDeny = Config.loadBooleanValue(DEFAULT_DENY, obj2).booleanValue();
            }
            Object obj3 = getMappedConfig().get(ACCESS_RULE_LOGIC);
            if (obj3 != null) {
                this.accessRuleLogic = (String) obj3;
            }
        }
    }

    private void setConfigList() {
        if (this.mappedConfig == null || this.mappedConfig.get(SKIP_PATH_PREFIXES) == null) {
            return;
        }
        Object obj = this.mappedConfig.get(SKIP_PATH_PREFIXES);
        this.skipPathPrefixes = new ArrayList();
        if (!(obj instanceof String)) {
            if (!(obj instanceof List)) {
                throw new ConfigException("skipPathPrefixes must be a string or a list of strings.");
            }
            ((List) obj).forEach(obj2 -> {
                this.skipPathPrefixes.add((String) obj2);
            });
            return;
        }
        String trim = ((String) obj).trim();
        if (logger.isTraceEnabled()) {
            logger.trace("s = {}", trim);
        }
        if (!trim.startsWith("[")) {
            this.skipPathPrefixes = Arrays.asList(trim.split("\\s*,\\s*"));
        } else {
            try {
                this.skipPathPrefixes = (List) Config.getInstance().getMapper().readValue(trim, new TypeReference<List<String>>() { // from class: com.networknt.openapi.AccessControlConfig.1
                });
            } catch (Exception e) {
                throw new ConfigException("could not parse the skipPathPrefixes json with a list of strings.");
            }
        }
    }
}
