package com.networknt.aws.lambda.handler.middleware.token;

import com.networknt.aws.lambda.LightLambdaExchange;
import com.networknt.aws.lambda.handler.MiddlewareHandler;
import com.networknt.cache.CacheManager;
import com.networknt.client.ClientConfig;
import com.networknt.client.oauth.Jwt;
import com.networknt.client.oauth.OauthHelper;
import com.networknt.config.Config;
import com.networknt.config.JsonMapper;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.router.middleware.TokenConfig;
import com.networknt.status.Status;
import com.networknt.utility.MapUtil;
import com.networknt.utility.ModuleRegistry;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/aws/lambda/handler/middleware/token/TokenMiddleware.class */
public class TokenMiddleware implements MiddlewareHandler {
    private static final String HANDLER_DEPENDENCY_ERROR = "ERR10074";
    private static TokenConfig CONFIG;
    private static final String TOKEN = "token";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TokenMiddleware.class);
    private static final CacheManager cacheManager = CacheManager.getInstance();

    public TokenMiddleware() {
        if (LOG.isInfoEnabled()) {
            LOG.info("TokenMiddleware is constructed");
        }
        CONFIG = TokenConfig.load();
    }

    @Deprecated
    public TokenMiddleware(TokenConfig tokenConfig) {
        if (LOG.isInfoEnabled()) {
            LOG.info("TokenMiddleware is constructed");
        }
        CONFIG = tokenConfig;
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public Status execute(LightLambdaExchange lightLambdaExchange) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("TokenMiddleware.execute starts.");
        }
        Optional valueIgnoreCase = MapUtil.getValueIgnoreCase(lightLambdaExchange.getRequest().getHeaders(), "service_id");
        if (valueIgnoreCase.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("TokenMiddleware.execute ends. The service_id is not in the header.");
            }
            return successMiddlewareStatus();
        }
        String path = lightLambdaExchange.getRequest().getPath();
        if (CONFIG.getAppliedPathPrefixes() != null && CONFIG.getAppliedPathPrefixes().stream().anyMatch(str -> {
            return path.startsWith(str);
        })) {
            Result<Jwt> jwtToken = getJwtToken((String) valueIgnoreCase.get());
            if (jwtToken.isFailure()) {
                LOG.error("Cannot populate or renew jwt for client credential grant type: {}", jwtToken.getError().toString());
                if (LOG.isDebugEnabled()) {
                    LOG.debug("TokenMiddleware.execute ends with an error.");
                }
                return jwtToken.getError();
            }
            Jwt result = jwtToken.getResult();
            Optional valueIgnoreCase2 = MapUtil.getValueIgnoreCase(lightLambdaExchange.getRequest().getHeaders(), "Authorization");
            if (valueIgnoreCase2.isEmpty()) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Adding jwt token to Authorization header with Bearer {}", result.getJwt().substring(0, 20));
                }
                lightLambdaExchange.getRequest().getHeaders().put("Authorization", "Bearer " + result.getJwt());
            } else {
                String str2 = (String) valueIgnoreCase2.get();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Authorization header is used with {}", str2.length() > 10 ? str2.substring(0, 10) : str2);
                    LOG.trace("Adding jwt token to X-Scope-Token header with Bearer {}", result.getJwt().substring(0, 20));
                }
                lightLambdaExchange.getRequest().getHeaders().put("X-Scope-Token", "Bearer " + result.getJwt());
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("TokenMiddleware.execute ends.");
        }
        return successMiddlewareStatus();
    }

    public static Result<Jwt> getJwtToken(String str) {
        Result<Jwt> populateCCToken;
        ClientConfig clientConfig = ClientConfig.get();
        Map<String, Object> tokenConfig = clientConfig.getTokenConfig();
        Map<String, Object> map = (Map) tokenConfig.get(ClientConfig.CLIENT_CREDENTIALS);
        Jwt jwt = null;
        if (cacheManager != null) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Get jwt token from cache for serviceId: {}", str);
            }
            String str2 = (String) cacheManager.get("token", str);
            if (str2 != null && !str2.isEmpty()) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Cached jwt token: {}", str2);
                }
                jwt = (Jwt) JsonMapper.fromJson(str2, Jwt.class);
            }
        }
        if (jwt == null || jwt.getExpire() - Long.valueOf(((Integer) tokenConfig.get(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED)).intValue()).longValue() < System.currentTimeMillis()) {
            Jwt jwt2 = new Jwt(new Jwt.Key(str));
            if (clientConfig.isMultipleAuthServers()) {
                Map<String, Object> serviceIdAuthServers = ClientConfig.getServiceIdAuthServers(map.get(ClientConfig.SERVICE_ID_AUTH_SERVERS));
                if (serviceIdAuthServers == null) {
                    throw new RuntimeException("serviceIdAuthServers property is missing in the token client credentials configuration");
                }
                Map<String, Object> map2 = (Map) serviceIdAuthServers.get(str);
                if (map2.get(ClientConfig.PROXY_HOST) == null) {
                    map2.put(ClientConfig.PROXY_HOST, tokenConfig.get(ClientConfig.PROXY_HOST));
                }
                if (map2.get(ClientConfig.PROXY_PORT) == null) {
                    map2.put(ClientConfig.PROXY_PORT, tokenConfig.get(ClientConfig.PROXY_PORT));
                }
                if (map2.get(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED) == null) {
                    map2.put(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED, tokenConfig.get(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED));
                }
                if (map2.get(ClientConfig.EXPIRED_REFRESH_RETRY_DELAY) == null) {
                    map2.put(ClientConfig.EXPIRED_REFRESH_RETRY_DELAY, tokenConfig.get(ClientConfig.EXPIRED_REFRESH_RETRY_DELAY));
                }
                if (map2.get(ClientConfig.EARLY_REFRESH_RETRY_DELAY) == null) {
                    map2.put(ClientConfig.EARLY_REFRESH_RETRY_DELAY, tokenConfig.get(ClientConfig.EARLY_REFRESH_RETRY_DELAY));
                }
                jwt2.setCcConfig(map2);
            } else {
                map.put(ClientConfig.PROXY_HOST, tokenConfig.get(ClientConfig.PROXY_HOST));
                map.put(ClientConfig.PROXY_PORT, tokenConfig.get(ClientConfig.PROXY_PORT));
                map.put(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED, tokenConfig.get(ClientConfig.TOKEN_RENEW_BEFORE_EXPIRED));
                map.put(ClientConfig.EXPIRED_REFRESH_RETRY_DELAY, tokenConfig.get(ClientConfig.EXPIRED_REFRESH_RETRY_DELAY));
                map.put(ClientConfig.EARLY_REFRESH_RETRY_DELAY, tokenConfig.get(ClientConfig.EARLY_REFRESH_RETRY_DELAY));
                jwt2.setCcConfig(map);
            }
            populateCCToken = OauthHelper.populateCCToken(jwt2);
            if (populateCCToken.isSuccess() && cacheManager != null) {
                cacheManager.put("token", str, JsonMapper.toJson(jwt2));
            }
        } else {
            populateCCToken = Success.of(jwt);
        }
        return populateCCToken;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isContinueOnFailure() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isAudited() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public void getCachedConfigurations() {
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isEnabled() {
        return CONFIG.isEnabled();
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void register() {
        ModuleRegistry.registerModule("token", TokenMiddleware.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache("token"), null);
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void reload() {
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isAsynchronous() {
        return false;
    }
}
