package com.networknt.token.limit;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.networknt.cache.CacheManager;
import com.networknt.config.Config;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.http.CachedResponseEntity;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.httpstring.CacheTask;
import com.networknt.utility.ModuleRegistry;
import com.networknt.utility.StringUtils;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.ResponseCodeHandler;
import io.undertow.util.Headers;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/token/limit/TokenLimitHandler.class */
public class TokenLimitHandler implements MiddlewareHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) TokenLimitHandler.class);
    static final String TOKEN_LIMIT = "token-limit";
    static final String CLIENT_TOKEN = "client-token";
    static final String GRANT_TYPE = "grant_type";
    static final String CLIENT_CREDENTIALS = "client_credentials";
    static final String AUTHORIZATION_CODE = "authorization_code";
    static final String CLIENT_ID = "client_id";
    static final String CLIENT_SECRET = "client_secret";
    static final String SCOPE = "scope";
    static final String CODE = "code";
    static final String TOKEN_LIMIT_ERROR = "ERR10091";
    static final String BASIC_PREFIX = "BASIC";
    private volatile HttpHandler next;
    private final TokenLimitConfig config;
    private List<Pattern> patterns;
    CacheManager cacheManager;

    public TokenLimitHandler() throws Exception {
        this.cacheManager = CacheManager.getInstance();
        this.config = TokenLimitConfig.load();
        List<String> tokenPathTemplates = this.config.getTokenPathTemplates();
        if (tokenPathTemplates != null && !tokenPathTemplates.isEmpty()) {
            this.patterns = (List) tokenPathTemplates.stream().map(Pattern::compile).collect(Collectors.toList());
        }
        logger.info("TokenLimitHandler constructed.");
    }

    @Deprecated
    public TokenLimitHandler(TokenLimitConfig tokenLimitConfig) throws Exception {
        this.cacheManager = CacheManager.getInstance();
        this.config = tokenLimitConfig;
        List<String> tokenPathTemplates = this.config.getTokenPathTemplates();
        if (tokenPathTemplates != null && !tokenPathTemplates.isEmpty()) {
            this.patterns = (List) tokenPathTemplates.stream().map(Pattern::compile).collect(Collectors.toList());
        }
        logger.info("TokenLimitHandler constructed.");
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        return this.config.isEnabled().booleanValue();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule("token-limit", TokenLimitHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache("token-limit"), null);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void reload() {
        this.config.reload();
        ModuleRegistry.registerModule("token-limit", TokenLimitHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache("token-limit"), null);
        if (logger.isInfoEnabled()) {
            logger.info("TokenLimitHandler is reloaded.");
        }
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("TokenLimitHandler.handleRequest starts.");
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String first = httpServerExchange.getRequestHeaders().contains(Headers.X_FORWARDED_FOR) ? httpServerExchange.getRequestHeaders().getFirst(Headers.X_FORWARDED_FOR) : httpServerExchange.getSourceAddress().getAddress().getHostAddress();
        if (logger.isTraceEnabled()) {
            logger.trace("client address {}", first);
        }
        String requestPath = httpServerExchange.getRequestPath();
        if (matchPath(requestPath) && this.cacheManager != null) {
            if (logger.isTraceEnabled()) {
                logger.trace("request path {} matches with one of the {} patterns.", requestPath, Integer.valueOf(this.config.getTokenPathTemplates().size()));
            }
            String str4 = (String) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY_STRING);
            if (logger.isTraceEnabled()) {
                logger.trace("requestBodyString = {}", str4);
            }
            Map<String, String> convertStringToHashMap = convertStringToHashMap(str4);
            String str5 = convertStringToHashMap.get(GRANT_TYPE);
            String replace = convertStringToHashMap.get("scope") != null ? convertStringToHashMap.get("scope").replace(" ", "") : "";
            String first2 = httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION);
            if (first2 == null || first2.trim().length() == 0) {
                if (logger.isTraceEnabled()) {
                    logger.trace("No authorization header found. Will obtain credentials from body.");
                }
                str2 = convertStringToHashMap.get("client_id");
                convertStringToHashMap.get("client_secret");
            } else {
                if (!BASIC_PREFIX.equalsIgnoreCase(first2.substring(0, 5))) {
                    logger.error("Invalid/Unsupported authorization header {}", first2);
                    ResponseCodeHandler.HANDLE_403.handleRequest(httpServerExchange);
                    return;
                }
                String substring = first2.substring(6);
                if (substring.indexOf(58) == -1) {
                    substring = new String(Base64.decodeBase64(substring), StandardCharsets.UTF_8);
                }
                int indexOf = substring.indexOf(58);
                if (indexOf != -1) {
                    str2 = substring.substring(0, indexOf);
                    str3 = substring.substring(indexOf + 1);
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("Credentials obtained from body as username = {}, password = {}", str2, StringUtils.maskHalfString(str3));
                }
            }
            if (str5.equals("client_credentials")) {
                str = str2 + ":" + first + ":" + replace;
                if (logger.isTraceEnabled()) {
                    logger.trace("client credentials key = {}", str);
                }
            } else if (str5.equals("authorization_code")) {
                str = str2 + ":" + convertStringToHashMap.get("code") + ":" + first + ":" + replace;
                if (logger.isTraceEnabled()) {
                    logger.trace("authorization code key = {}", str);
                }
            } else if (logger.isTraceEnabled()) {
                logger.trace("other grant type {}, ignore it", str5);
            }
            if (this.config.getLegacyClient().contains(str2)) {
                if (logger.isTraceEnabled()) {
                    logger.trace("client {} is configured as Legacy, bypass the token limit.", str2);
                }
                String expireKey = this.config.getExpireKey();
                CachedResponseEntity<String> updatedResponseEntity = expireKey.isEmpty() ? (CachedResponseEntity) this.cacheManager.get(CLIENT_TOKEN, str) : getUpdatedResponseEntity((CachedResponseEntity) this.cacheManager.get(CLIENT_TOKEN, str), expireKey);
                if (updatedResponseEntity == null) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("legacy client cache key {} has NO token cached, calling next handler.", str);
                    }
                    httpServerExchange.putAttachment(AttachmentConstants.RESPONSE_CACHE, new CacheTask(CLIENT_TOKEN, str));
                    Handler.next(httpServerExchange, this.next);
                    return;
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("legacy client cache key {} has token value, returning cached token.", str);
                }
                httpServerExchange.getResponseHeaders().putAll(updatedResponseEntity.getHeaders());
                httpServerExchange.setStatusCode(updatedResponseEntity.getStatusCode().value());
                httpServerExchange.getResponseSender().send(updatedResponseEntity.getBody());
                return;
            }
            if (str != null) {
                synchronized (this) {
                    Integer num = (Integer) this.cacheManager.get("token-limit", str);
                    if (logger.isTraceEnabled()) {
                        logger.trace("count = {} and dupLimit = {}", num, this.config.duplicateLimit);
                    }
                    if (num == null) {
                        this.cacheManager.put("token-limit", str, 1);
                    } else if (num.intValue() < this.config.duplicateLimit.intValue()) {
                        this.cacheManager.put("token-limit", str, Integer.valueOf(num.intValue() + 1));
                    } else {
                        if (this.config.errorOnLimit.booleanValue()) {
                            setExchangeStatus(httpServerExchange, TOKEN_LIMIT_ERROR, new Object[0]);
                            return;
                        }
                        logger.error("Too many token requests. Please cache the token on the client side.");
                    }
                }
            }
        }
        Handler.next(httpServerExchange, this.next);
        if (logger.isDebugEnabled()) {
            logger.debug("TokenLimitHandler.handleRequest ends.");
        }
    }

    private CachedResponseEntity<String> getUpdatedResponseEntity(CachedResponseEntity<String> cachedResponseEntity, String str) {
        if (cachedResponseEntity != null && cachedResponseEntity.getBody() != null && cachedResponseEntity.getBody().length() > 0) {
            try {
                JsonNode readTree = new ObjectMapper().readTree(cachedResponseEntity.getBody());
                long asLong = readTree.get(str).asLong() - TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - cachedResponseEntity.getTimestamp().longValue());
                if (logger.isTraceEnabled()) {
                    logger.trace("Original expire field value = {} updated to value = {}", readTree.get(str), Long.valueOf(asLong));
                }
                ((ObjectNode) readTree).put(str, asLong);
                return new CachedResponseEntity<>(readTree.toString(), cachedResponseEntity.getHeaders(), cachedResponseEntity.getStatusCode(), cachedResponseEntity.getTimestamp());
            } catch (JsonProcessingException e) {
                logger.error("Error parsing response body and updating " + str + " field. Will proceed with cached response.", (Throwable) e);
            }
        }
        return cachedResponseEntity;
    }

    public Map<String, String> convertStringToHashMap(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            if (split.length == 2) {
                hashMap.put(split[0], split[1]);
            }
        }
        return hashMap;
    }

    public boolean matchPath(String str) {
        if (this.patterns == null || this.patterns.isEmpty()) {
            return false;
        }
        Iterator<Pattern> it = this.patterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }
}
