package com.networknt.oauth.handler;

import com.networknt.config.JsonMapper;
import com.networknt.exception.ApiException;
import com.networknt.handler.LightHttpHandler;
import com.networknt.monad.Result;
import com.networknt.oauth.common.ClientUtil;
import com.networknt.status.Status;
import com.networknt.utility.HashUtil;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Locale;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/handler/ProviderIdDerefTokenGetHandler.class */
public class ProviderIdDerefTokenGetHandler implements LightHttpHandler {
    private static final String DEREF_TOKEN_NOT_FOUND = "ERR12045";
    private static final String MISSING_AUTHORIZATION_HEADER = "ERR12002";
    private static final String CLIENT_NOT_FOUND = "ERR12014";
    private static final String DEREF_CLIENT_NOT_MATCH = "ERR12044";
    private static final String UNAUTHORIZED_CLIENT = "ERR12007";
    private static final String JWT_TOKEN_NOT_FOUND = "ERR12046";
    private static final String RUNTIME_EXCEPTION = "ERR10010";
    private static final String COLON = ":";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ProviderIdDerefTokenGetHandler.class);
    private static final String BASIC_PREFIX = String.valueOf(Headers.BASIC) + " ";
    private static final String LOWERCASE_BASIC_PREFIX = BASIC_PREFIX.toLowerCase(Locale.ENGLISH);
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        HeaderValues headerValues = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
        if (headerValues == null) {
            setExchangeStatus(httpServerExchange, MISSING_AUTHORIZATION_HEADER, new Object[0]);
            httpServerExchange.endExchange();
            return;
        }
        String first = headerValues.getFirst();
        if (first == null) {
            setExchangeStatus(httpServerExchange, MISSING_AUTHORIZATION_HEADER, new Object[0]);
            httpServerExchange.endExchange();
            return;
        }
        String authenticate = authenticate(first);
        if (authenticate != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("clientId = " + authenticate);
            }
            String first2 = httpServerExchange.getQueryParameters().get("token").getFirst();
            if (logger.isDebugEnabled()) {
                logger.debug("token = " + first2);
            }
            Result<String> refTokenDetail = ClientUtil.getRefTokenDetail(first2);
            if (refTokenDetail.isFailure()) {
                setExchangeStatus(httpServerExchange, DEREF_TOKEN_NOT_FOUND, first2);
                httpServerExchange.endExchange();
                return;
            }
            Map<String, Object> string2Map = JsonMapper.string2Map(refTokenDetail.getResult());
            String str = (String) string2Map.get("clientId");
            if (str != null && !str.equals(authenticate)) {
                setExchangeStatus(httpServerExchange, DEREF_CLIENT_NOT_MATCH, authenticate);
                httpServerExchange.endExchange();
                return;
            }
            String str2 = (String) string2Map.get("jwt");
            if (str2 == null) {
                setExchangeStatus(httpServerExchange, JWT_TOKEN_NOT_FOUND, first2);
                httpServerExchange.endExchange();
            } else {
                httpServerExchange.getResponseHeaders().add(Headers.CONTENT_TYPE, "application/text");
                httpServerExchange.getResponseSender().send(str2);
            }
        }
    }

    private String authenticate(String str) throws ApiException {
        String str2 = null;
        if (str.toLowerCase(Locale.ENGLISH).startsWith(LOWERCASE_BASIC_PREFIX)) {
            try {
                ByteBuffer decode = FlexBase64.decode(str.substring(PREFIX_LENGTH));
                Charset charset = StandardCharsets.UTF_8;
                String str3 = new String(decode.array(), decode.arrayOffset(), decode.limit(), charset);
                if (logger.isTraceEnabled()) {
                    logger.trace("Found basic auth header {} (decoded using charset {}) in {}", str3, charset, str);
                }
                int indexOf = str3.indexOf(":");
                if (indexOf > -1) {
                    String substring = str3.substring(0, indexOf);
                    String substring2 = str3.substring(indexOf + 1);
                    Result<String> clientById = ClientUtil.getClientById(substring);
                    if (clientById.isFailure()) {
                        logger.error("failed to get the client: " + String.valueOf(clientById.getError()));
                        throw new ApiException(clientById.getError());
                    }
                    String result = clientById.getResult();
                    if (result == null) {
                        throw new ApiException(new Status(CLIENT_NOT_FOUND, substring));
                    }
                    if (!HashUtil.validatePassword(substring2.toCharArray(), (String) JsonMapper.string2Map(result).get("clientSecret"))) {
                        throw new ApiException(new Status(UNAUTHORIZED_CLIENT, new Object[0]));
                    }
                    str2 = substring;
                }
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                logger.error("Exception:", e);
                throw new ApiException(new Status(RUNTIME_EXCEPTION, new Object[0]));
            }
        }
        return str2;
    }
}
