package com.networknt.basicauth;

import com.networknt.config.Config;
import com.networknt.config.ConfigException;
import com.networknt.config.JsonMapper;
import com.networknt.config.schema.BooleanField;
import com.networknt.config.schema.ConfigSchema;
import com.networknt.config.schema.MapField;
import com.networknt.config.schema.OutputFormat;
import com.networknt.security.UnifiedSecurityConfig;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.codehaus.plexus.util.SelectorUtils;

@ConfigSchema(configKey = UnifiedSecurityConfig.BASIC, configName = BasicAuthConfig.CONFIG_NAME, configDescription = "Basic Authentication Security Configuration for light-4j", outputFormats = {OutputFormat.JSON_SCHEMA, OutputFormat.YAML})
/* loaded from: input_file:com/networknt/basicauth/BasicAuthConfig.class */
public class BasicAuthConfig {
    public static final String CONFIG_NAME = "basic-auth";
    private static final String ENABLED = "enabled";
    private static final String ENABLE_AD = "enableAD";
    private static final String ALLOW_ANONYMOUS = "allowAnonymous";
    private static final String ALLOW_BEARER_TOKEN = "allowBearerToken";
    private static final String USERS = "users";
    private static final String USERNAME = "username";
    private static final String PASSWORD = "password";
    private static final String PATHS = "paths";
    public static final String ANONYMOUS = "anonymous";
    public static final String BEARER = "bearer";

    @BooleanField(configFieldName = "enabled", externalizedKeyName = "enabled", externalized = true, defaultValue = false, description = "Enable Basic Authentication Handler, default is true.")
    boolean enabled;

    @BooleanField(configFieldName = ENABLE_AD, externalizedKeyName = ENABLE_AD, externalized = true, defaultValue = true, description = "Enable Ldap Authentication, default is true.")
    boolean enableAD;

    @BooleanField(configFieldName = ALLOW_ANONYMOUS, externalizedKeyName = ALLOW_ANONYMOUS, externalized = true, description = "Do we allow the anonymous to pass the authentication and limit it with some paths\nto access? Default is false, and it should only be true in client-proxy.")
    boolean allowAnonymous;

    @BooleanField(configFieldName = ALLOW_BEARER_TOKEN, externalizedKeyName = ALLOW_BEARER_TOKEN, externalized = true, description = "Allow the Bearer OAuth 2.0 token authorization to pass to the next handler with paths\nauthorization defined under username bearer. This feature is used in proxy-client\nthat support multiple clients with different authorizations.\n")
    boolean allowBearerToken;

    @MapField(configFieldName = "users", externalizedKeyName = "users", externalized = true, description = "usernames and passwords in a list, the password can be encrypted like user2 in test.\nAs we are supporting multiple users, so leave the passwords in this file with users.\nFor each user, you can specify a list of optional paths that this user is allowed to\naccess. A special user anonymous can be used to set the paths for client without an\nauthorization header. The paths are optional and used for proxy only to authorize.\n", valueType = UserAuth.class)
    Map<String, UserAuth> users;
    private final Config config;
    private Map<String, Object> mappedConfig;

    public BasicAuthConfig() {
        this.config = Config.getInstance();
        this.mappedConfig = this.config.getJsonMapConfigNoCache(CONFIG_NAME);
        setConfigData();
        setConfigUser();
    }

    public BasicAuthConfig(String str) {
        this.config = Config.getInstance();
        this.mappedConfig = this.config.getJsonMapConfigNoCache(str);
        setConfigData();
        setConfigUser();
    }

    public static BasicAuthConfig load() {
        return new BasicAuthConfig();
    }

    public static BasicAuthConfig load(String str) {
        return new BasicAuthConfig(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reload() {
        this.mappedConfig = this.config.getJsonMapConfigNoCache(CONFIG_NAME);
        setConfigData();
        setConfigUser();
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public boolean isEnableAD() {
        return this.enabled;
    }

    public void setEnableAD(boolean z) {
        this.enableAD = z;
    }

    public boolean isAllowAnonymous() {
        return this.allowAnonymous;
    }

    public void setAllowAnonymous(boolean z) {
        this.allowAnonymous = z;
    }

    public boolean isAllowBearerToken() {
        return this.allowBearerToken;
    }

    public void setAllowBearerToken(boolean z) {
        this.allowBearerToken = z;
    }

    public Map<String, UserAuth> getUsers() {
        return this.users;
    }

    private void setConfigData() {
        Object obj = this.mappedConfig.get("enabled");
        if (obj != null) {
            this.enabled = Config.loadBooleanValue("enabled", obj).booleanValue();
        }
        Object obj2 = this.mappedConfig.get(ENABLE_AD);
        if (obj2 != null) {
            this.enableAD = Config.loadBooleanValue(ENABLE_AD, obj2).booleanValue();
        }
        Object obj3 = this.mappedConfig.get(ALLOW_ANONYMOUS);
        if (obj3 != null) {
            this.allowAnonymous = Config.loadBooleanValue(ALLOW_ANONYMOUS, obj3).booleanValue();
        }
        Object obj4 = this.mappedConfig.get(ALLOW_BEARER_TOKEN);
        if (obj4 != null) {
            this.allowBearerToken = Config.loadBooleanValue(ALLOW_BEARER_TOKEN, obj4).booleanValue();
        }
    }

    private void setConfigUser() {
        if (this.mappedConfig.get("users") instanceof List) {
            populateUsers((List) this.mappedConfig.get("users"));
            return;
        }
        if (!(this.mappedConfig.get("users") instanceof String)) {
            if (this.enabled) {
                throw new ConfigException("Basic Auth is enabled but there is no users definition.");
            }
        } else {
            String trim = ((String) this.mappedConfig.get("users")).trim();
            if (!trim.startsWith(SelectorUtils.PATTERN_HANDLER_PREFIX)) {
                throw new ConfigException("The string value must be start with [ as a JSON list");
            }
            populateUsers(JsonMapper.string2List(trim));
        }
    }

    private void populateUsers(List<Map<String, Object>> list) {
        this.users = new HashMap();
        list.forEach(map -> {
            if (map instanceof Map) {
                UserAuth userAuth = new UserAuth();
                map.forEach((str, obj) -> {
                    if ("username".equals(str)) {
                        userAuth.setUsername((String) obj);
                    }
                    if ("password".equals(str)) {
                        userAuth.setPassword((String) obj);
                    }
                    if ("paths".equals(str)) {
                        if (!(obj instanceof List)) {
                            throw new ConfigException("Paths must be an array of strings.");
                        }
                        userAuth.setPaths((List) obj);
                    }
                });
                this.users.put(userAuth.getUsername(), userAuth);
            }
        });
    }
}
