package com.networknt.security;

import com.networknt.client.ClientConfig;
import com.networknt.client.oauth.OauthHelper;
import com.networknt.client.oauth.TokenInfo;
import com.networknt.client.oauth.TokenIntrospectionRequest;
import com.networknt.config.ConfigException;
import com.networknt.config.JsonMapper;
import com.networknt.monad.Failure;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.status.Status;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/security/SwtVerifier.class */
public class SwtVerifier extends TokenVerifier {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) SwtVerifier.class);
    public static final String OAUTH_INTROSPECTION_ERROR = "ERR10079";
    public static final String TOKEN_INFO_ERROR = "ERR10080";
    public static final String INTROSPECTED_TOKEN_EXPIRED = "ERR10081";
    static SecurityConfig config;

    public SwtVerifier(SecurityConfig securityConfig) {
        config = securityConfig;
        if (logger.isInfoEnabled()) {
            logger.info("SwtVerifier is constructed.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Result<TokenInfo> verifySwt(String str, String str2, List<String> list, String str3, String str4) {
        return getTokenInfoForToken(str, list != 0 ? list : str2, str3, str4);
    }

    private Result<TokenInfo> getTokenInfoForToken(String str, Object obj, String str2, String str3) {
        if (logger.isTraceEnabled()) {
            logger.trace(("swt = " + str + String.valueOf(obj)) instanceof String ? " requestPath = " + String.valueOf(obj) : " swtServiceIds = " + String.valueOf(obj) + " clientId = " + str2 + " clientSecret = " + str3);
        }
        ClientConfig clientConfig = ClientConfig.get();
        Result<TokenInfo> result = null;
        if (obj != null && clientConfig.isMultipleAuthServers()) {
            if (!(obj instanceof String)) {
                if (!(obj instanceof List)) {
                    throw new ConfigException("requestPathOrSwtServiceIds must be a string or a list of strings");
                }
                Iterator it = ((List) obj).iterator();
                while (it.hasNext()) {
                    Map<String, Object> jwkConfig = getJwkConfig(clientConfig, (String) it.next());
                    if (jwkConfig != null && str2 != null && str3 != null) {
                        jwkConfig.put("client_id", str2);
                        jwkConfig.put("client_secret", str3);
                    }
                    result = inspectToken(str, jwkConfig);
                    if (result.isSuccess()) {
                        break;
                    }
                }
            } else {
                String str4 = (String) obj;
                Map<String, String> pathPrefixServices = clientConfig.getPathPrefixServices();
                if (pathPrefixServices == null || pathPrefixServices.size() == 0) {
                    throw new ConfigException("pathPrefixServices property is missing or has an empty value in client.yml");
                }
                String str5 = null;
                for (Map.Entry<String, String> entry : pathPrefixServices.entrySet()) {
                    if (str4.startsWith(entry.getKey())) {
                        str5 = entry.getValue();
                    }
                }
                if (str5 == null) {
                    throw new ConfigException("serviceId cannot be identified in client.yml with the requestPath = " + str4);
                }
                Map<String, Object> jwkConfig2 = getJwkConfig(clientConfig, str5);
                if (jwkConfig2 != null && str2 != null && str3 != null) {
                    jwkConfig2.put("client_id", str2);
                    jwkConfig2.put("client_secret", str3);
                }
                result = inspectToken(str, jwkConfig2);
            }
        } else {
            HashMap hashMap = new HashMap();
            if (str2 != null && str3 != null) {
                hashMap.put("client_id", str2);
                hashMap.put("client_secret", str3);
            }
            result = inspectToken(str, hashMap);
        }
        return result;
    }

    private Result<TokenInfo> inspectToken(String str, Map<String, Object> map) {
        if (logger.isTraceEnabled() && map != null) {
            logger.trace("OAuth token info introspection config = " + JsonMapper.toJson(map));
        }
        TokenIntrospectionRequest tokenIntrospectionRequest = new TokenIntrospectionRequest(str, map);
        try {
            if (logger.isTraceEnabled()) {
                logger.trace("Getting token info from {}", tokenIntrospectionRequest.getServerUrl());
            }
            Result<String> introspection = OauthHelper.getIntrospection(str, tokenIntrospectionRequest);
            if (logger.isTraceEnabled()) {
                logger.trace("Got token info response body {} from {}", introspection.getResult(), tokenIntrospectionRequest.getServerUrl());
            }
            if (introspection.isFailure()) {
                return Failure.of(introspection.getError());
            }
            TokenInfo tokenInfo = (TokenInfo) JsonMapper.fromJson(introspection.getResult(), TokenInfo.class);
            return tokenInfo.getError() != null ? Failure.of(new Status(TOKEN_INFO_ERROR, tokenInfo.getError(), tokenInfo.getErrorDescription())) : !tokenInfo.isActive() ? Failure.of(new Status(INTROSPECTED_TOKEN_EXPIRED, str)) : Success.of(tokenInfo);
        } catch (Exception e) {
            logger.error("Failed to get token info - {} - {}", new Status(OAUTH_INTROSPECTION_ERROR, tokenIntrospectionRequest.getServerUrl(), str), e.getMessage(), e);
            return Failure.of(new Status(OAUTH_INTROSPECTION_ERROR, tokenIntrospectionRequest.getServerUrl(), str));
        }
    }
}
