package de.cidaas.oauth.interceptor;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.cidaas.jwt.JWT;
import de.cidaas.jwt.Options;
import de.cidaas.oauth.cache.LRUCache;
import de.cidaas.oauth.model.ResolvedUserInfoFromToken;
import de.cidaas.oauth.model.TokenCheckEntity;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.annotation.security.RolesAllowed;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpException;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cidaas/oauth/interceptor/TokenHelper.class */
public class TokenHelper {
    private static final Logger LOG = LoggerFactory.getLogger(TokenHelper.class);
    LRUCache tokenCache = LRUCache.getInstance();

    public TokenCheckEntity validateAccessToken(TokenCheckEntity tokenCheckEntity, Method method, String str) {
        if (StringUtils.isEmpty(str)) {
            tokenCheckEntity.setSuccess(false);
            return tokenCheckEntity;
        }
        if (!str.contains(".")) {
            return validateAccessTokenFromServer(tokenCheckEntity, method, str);
        }
        LOG.info("JWT Token Try to resolve from local");
        return (str.split("\\.").length == 5 && StringUtils.isEmpty(Constants.get_private_key_path())) ? validateAccessTokenFromServer(tokenCheckEntity, method, str) : validateAccessTokenLocal(tokenCheckEntity, method, str);
    }

    private TokenCheckEntity validateAccessTokenFromServer(TokenCheckEntity tokenCheckEntity, Method method, String str) {
        try {
            try {
                ResolvedUserInfoFromToken userInfoByToken = getUserInfoByToken(tokenCheckEntity);
                if (userInfoByToken == null) {
                    LOG.info("No userid found for accesstoken, {} ", str);
                    tokenCheckEntity.setSuccess(false);
                    return tokenCheckEntity;
                }
                tokenCheckEntity.setUserId(userInfoByToken.getUserId());
                tokenCheckEntity.setClientId(userInfoByToken.getClientId());
                this.tokenCache.put(Integer.valueOf(str.hashCode()), Long.valueOf(new Date().getTime()));
                tokenCheckEntity.setSuccess(true);
                tokenCheckEntity.setNeedServerSubmit(false);
                return tokenCheckEntity;
            } catch (Exception e) {
                LOG.error("Exception ", e);
                tokenCheckEntity.setSuccess(false);
                return tokenCheckEntity;
            }
        } catch (IOException | HttpException e2) {
            LOG.error("OAuth-Exception ", e2);
            tokenCheckEntity.setSuccess(false);
            return tokenCheckEntity;
        }
    }

    private TokenCheckEntity validateAccessTokenLocal(TokenCheckEntity tokenCheckEntity, Method method, String str) {
        Map<String, Object> parseAccessToken = parseAccessToken(str);
        if (parseAccessToken == null) {
            LOG.info("claims cannot be null ");
            tokenCheckEntity.setSuccess(false);
            tokenCheckEntity.setRequestedScopes(getAnotationRequestedScopeJoined(method));
            tokenCheckEntity.setRequestedRoles(getAnotationRequestedRolesJoined(method));
            return tokenCheckEntity;
        }
        String str2 = null;
        if (parseAccessToken.containsKey("exp")) {
            str2 = parseAccessToken.get("exp").toString();
        }
        if (str2 == null) {
            tokenCheckEntity.setSuccess(false);
            LOG.info("exp cannot be null ");
            return tokenCheckEntity;
        }
        if (!validateToken(str2)) {
            tokenCheckEntity.setSuccess(false);
            return tokenCheckEntity;
        }
        String str3 = null;
        if (parseAccessToken.containsKey("sub")) {
            str3 = parseAccessToken.get("sub").toString();
        }
        if (StringUtils.isEmpty(str3)) {
            LOG.info("sub cannot be null ");
            tokenCheckEntity.setSuccess(false);
            return tokenCheckEntity;
        }
        tokenCheckEntity.setUserId(str3);
        if (!this.tokenCache.isPresent(str)) {
            return validateAccessTokenFromServer(tokenCheckEntity, method, str);
        }
        String str4 = null;
        if (parseAccessToken.containsKey("clientid")) {
            str4 = parseAccessToken.get("clientid").toString();
        }
        if (StringUtils.isEmpty(str4)) {
            LOG.info("clientid cannot be null ");
            tokenCheckEntity.setSuccess(false);
            return tokenCheckEntity;
        }
        tokenCheckEntity.setClientId(str4);
        String obj = parseAccessToken.containsKey("scope") ? parseAccessToken.get("scope").toString() : "";
        String[] anotationRequestedScope = getAnotationRequestedScope(method);
        if (anotationRequestedScope != null && anotationRequestedScope.length > 0) {
            tokenCheckEntity.setRequestedScopes(getAnotationRequestedScopeJoined(method));
            tokenCheckEntity.setAllowedScopes(obj);
            if (!validateScope(anotationRequestedScope, Arrays.asList(obj.split(" ")))) {
                LOG.info("Scope validation failed, Requested scopes {}, Allowed Scopes {} ", tokenCheckEntity.getRequestedScopes(), tokenCheckEntity.getAllowedScopes());
                tokenCheckEntity.setSuccess(false);
                return tokenCheckEntity;
            }
        }
        String obj2 = parseAccessToken.containsKey("role") ? parseAccessToken.get("role").toString() : "";
        String[] anotationRequestedRoles = getAnotationRequestedRoles(method);
        if (anotationRequestedRoles != null && anotationRequestedRoles.length > 0) {
            tokenCheckEntity.setRequestedRoles(getAnotationRequestedRolesJoined(method));
            tokenCheckEntity.setAllowedRoles(obj2);
            if (!validateRole(anotationRequestedRoles, Arrays.asList(obj2.split(",")))) {
                LOG.info("Role validation failed, Requested Roles {}, Allowed Roles {} ", tokenCheckEntity.getRequestedRoles(), tokenCheckEntity.getAllowedRoles());
                tokenCheckEntity.setSuccess(false);
                return tokenCheckEntity;
            }
        }
        tokenCheckEntity.setSuccess(true);
        return tokenCheckEntity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAnotationRequestedScopeJoined(Method method) {
        String[] anotationRequestedScope = getAnotationRequestedScope(method);
        if (anotationRequestedScope == null || anotationRequestedScope.length <= 0) {
            return null;
        }
        return StringUtils.join(getAnotationRequestedScope(method), " ");
    }

    protected String[] getAnotationRequestedScope(Method method) {
        OAuthScopes oAuthScopes;
        if (!method.isAnnotationPresent(OAuthScopes.class) || (oAuthScopes = (OAuthScopes) method.getAnnotation(OAuthScopes.class)) == null || oAuthScopes.scopes().length <= 0) {
            return null;
        }
        return oAuthScopes.scopes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAnotationRequestedRolesJoined(Method method) {
        String[] anotationRequestedRoles = getAnotationRequestedRoles(method);
        if (anotationRequestedRoles == null || anotationRequestedRoles.length <= 0) {
            return null;
        }
        return StringUtils.join(anotationRequestedRoles, ",");
    }

    protected String[] getAnotationRequestedRoles(Method method) {
        RolesAllowed annotation;
        if (!method.isAnnotationPresent(RolesAllowed.class) || (annotation = method.getAnnotation(RolesAllowed.class)) == null || annotation.value().length <= 0) {
            return null;
        }
        return annotation.value();
    }

    public boolean validateToken(Object obj) {
        long j = 0;
        if (obj instanceof Date) {
            j = ((Date) obj).getTime();
        } else {
            try {
                j = Long.parseLong((String) obj);
            } catch (Exception e) {
            }
        }
        return j != 0 && System.currentTimeMillis() < j;
    }

    private Map<String, Object> parseAccessToken(String str) {
        String[] split = str.split("\\.");
        if (split.length == 3) {
            try {
                return JWT.parsePlainJWT(str);
            } catch (Exception e) {
                LOG.info("Error while parsing the Plain JWT token, Error : {}", e);
                return null;
            }
        }
        if (split.length != 5) {
            return null;
        }
        try {
            String str2 = Constants.get_private_key_path();
            if (!StringUtils.isNotEmpty(str2)) {
                return null;
            }
            Options options = new Options();
            options.setJWEToken(true);
            options.setPrivateKeyPath(str2);
            return JWT.decodeJWT(str, options);
        } catch (Exception e2) {
            LOG.info("Error while parsing the Plain JWT token, Error : {}", e2);
            return null;
        }
    }

    private boolean validateScope(String[] strArr, List<String> list) {
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        if (list == null || list.size() == 0) {
            return false;
        }
        if (list.contains("openid")) {
            return true;
        }
        boolean z = false;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str = strArr[i];
            if (list.stream().filter(str2 -> {
                return str2.equalsIgnoreCase(str);
            }).findFirst().isPresent()) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private boolean validateRole(String[] strArr, List<String> list) {
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        if (list == null || list.size() == 0) {
            return false;
        }
        boolean z = false;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str = strArr[i];
            if (list.stream().filter(str2 -> {
                return str2.equalsIgnoreCase(str);
            }).findFirst().isPresent()) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private ResolvedUserInfoFromToken getUserInfoByToken(TokenCheckEntity tokenCheckEntity) throws HttpException, ClientProtocolException, IOException, URISyntaxException {
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            String str = Constants.get_user_info_by_token();
            HttpPost httpPost = new HttpPost(new URI(str));
            httpPost.addHeader(Constants.get_tokenKey(), tokenCheckEntity.getAccessToken());
            if (tokenCheckEntity != null) {
                httpPost.setEntity(new StringEntity(objectMapper.writeValueAsString(tokenCheckEntity), ContentType.APPLICATION_JSON));
                httpPost.addHeader("Content-Type", "application/json; charset=UTF-8");
            }
            CloseableHttpResponse execute = HttpClientBuilder.create().build().execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            LOG.info("User Info By Token Status Code:" + statusCode);
            if (statusCode == 200) {
                return (ResolvedUserInfoFromToken) objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES, false).readValue(execute.getEntity().getContent(), ResolvedUserInfoFromToken.class);
            }
            LOG.error("User id by token fails. URL : " + str);
            return null;
        } catch (Exception e) {
            LOG.error("Exception at getUserInfoByToken {}", e);
            throw e;
        }
    }
}
