package com.apifest.oauth20;

import com.apifest.oauth20.api.AuthenticationException;
import com.apifest.oauth20.api.UserDetails;
import com.apifest.oauth20.bean.ApplicationInfo;
import com.apifest.oauth20.bean.AuthCode;
import com.apifest.oauth20.bean.AuthRequest;
import com.apifest.oauth20.bean.ClientCredentials;
import com.apifest.oauth20.bean.OAuthException;
import com.apifest.oauth20.bean.RevokeTokenRequest;
import com.apifest.oauth20.bean.Scope;
import com.apifest.oauth20.bean.token_request.TokenRequest;
import com.apifest.oauth20.conf.OAuthConfig;
import com.apifest.oauth20.persistence.DBManager;
import com.apifest.oauth20.persistence.DBManagerFactory;
import com.apifest.oauth20.utils.ResponseBuilder;
import com.apifest.oauth20.validator.InputValidator;
import info.xiancloud.core.support.authen.AccessToken;
import info.xiancloud.core.util.LOG;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.QueryStringEncoder;
import io.netty.util.CharsetUtil;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/apifest/oauth20/Authenticator.class */
public class Authenticator {
    static final String BASIC = "Basic ";
    private static final String TOKEN_TYPE_BEARER = "Bearer";
    private static final Pattern CLIENT_CREDENTIALS_PATTERN = Pattern.compile("[a-f[0-9]]+");
    public static final String SCOPE_SPLITTER = " ";
    protected DBManager db = DBManagerFactory.getInstance();
    protected ScopeService scopeService = new ScopeService();

    public ClientCredentials issueClientCredentials(HttpRequest httpRequest) throws OAuthException {
        ClientCredentials clientCredentials;
        String str = httpRequest.headers().get(HttpHeaderNames.CONTENT_TYPE);
        if (str == null || !str.contains(HttpHeaderValues.APPLICATION_JSON)) {
            throw new OAuthException(ResponseBuilder.UNSUPPORTED_MEDIA_TYPE, HttpResponseStatus.BAD_REQUEST);
        }
        try {
            ApplicationInfo applicationInfo = (ApplicationInfo) InputValidator.validate(((FullHttpRequest) httpRequest).content().toString(CharsetUtil.UTF_8), ApplicationInfo.class);
            if (!applicationInfo.valid()) {
                throw new OAuthException(ResponseBuilder.NAME_OR_SCOPE_OR_URI_IS_NULL, HttpResponseStatus.BAD_REQUEST);
            }
            String[] split = applicationInfo.getScope().split(SCOPE_SPLITTER);
            List<Scope> allScopes = this.db.getAllScopes();
            for (String str2 : split) {
                if (findScope(allScopes, str2) == null) {
                    throw new OAuthException(ResponseBuilder.SCOPE_NOT_EXIST, HttpResponseStatus.BAD_REQUEST);
                }
            }
            if (applicationInfo.getId() == null || applicationInfo.getId().length() <= 0 || applicationInfo.getSecret() == null || applicationInfo.getSecret().length() <= 0) {
                clientCredentials = new ClientCredentials(applicationInfo.getName(), applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getRedirectUri(), applicationInfo.getApplicationDetails());
            } else {
                if (!areClientCredentialsValid(applicationInfo.getId(), applicationInfo.getSecret())) {
                    throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
                }
                if (this.db.findClientCredentials(applicationInfo.getId()) != null) {
                    throw new OAuthException(ResponseBuilder.ALREADY_REGISTERED_APP, HttpResponseStatus.BAD_REQUEST);
                }
                clientCredentials = new ClientCredentials(applicationInfo.getName(), applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getRedirectUri(), applicationInfo.getId(), applicationInfo.getSecret(), applicationInfo.getApplicationDetails());
            }
            this.db.storeClientCredentials(clientCredentials);
            return clientCredentials;
        } catch (IOException e) {
            throw new OAuthException(e, ResponseBuilder.CANNOT_REGISTER_APP, HttpResponseStatus.BAD_REQUEST);
        }
    }

    private Scope findScope(List<Scope> list, String str) {
        for (Scope scope : list) {
            if (scope.getScope().equals(str)) {
                return scope;
            }
        }
        return null;
    }

    private boolean areClientCredentialsValid(String str, String str2) {
        return CLIENT_CREDENTIALS_PATTERN.matcher(str).matches() && CLIENT_CREDENTIALS_PATTERN.matcher(str2).matches();
    }

    public String issueAuthorizationCode(HttpRequest httpRequest) throws OAuthException {
        AuthRequest authRequest = new AuthRequest(httpRequest);
        LOG.info("received client_id:" + authRequest.getClientId());
        if (!isActiveClientId(authRequest.getClientId())) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        authRequest.validate();
        String validScope = this.scopeService.getValidScope(authRequest.getScope(), authRequest.getClientId());
        if (validScope == null) {
            throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
        }
        AuthCode authCode = new AuthCode(generateCode(), authRequest.getClientId(), authRequest.getRedirectUri(), authRequest.getState(), validScope, authRequest.getResponseType(), authRequest.getUserId());
        LOG.info("authCode: {" + authCode.getCode() + "}");
        this.db.storeAuthCode(authCode);
        QueryStringEncoder queryStringEncoder = new QueryStringEncoder(authRequest.getRedirectUri());
        queryStringEncoder.addParam("code", authCode.getCode());
        return queryStringEncoder.toString();
    }

    public AccessToken issueAccessToken(FullHttpRequest fullHttpRequest) throws OAuthException {
        String scope;
        TokenRequest create = TokenRequest.create(fullHttpRequest);
        create.validate();
        if (!isActiveClient(create.getClientId(), create.getClientSecret())) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        AccessToken accessToken = null;
        if (TokenRequest.AUTHORIZATION_CODE.equals(create.getGrantType())) {
            AuthCode findAuthCode = findAuthCode(create);
            if (findAuthCode == null) {
                throw new OAuthException(ResponseBuilder.INVALID_AUTH_CODE, HttpResponseStatus.BAD_REQUEST);
            }
            if (!create.getClientId().equals(findAuthCode.getClientId())) {
                throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
            }
            if (findAuthCode.getRedirectUri() != null && !create.getRedirectUri().equals(findAuthCode.getRedirectUri())) {
                throw new OAuthException(ResponseBuilder.INVALID_REDIRECT_URI, HttpResponseStatus.BAD_REQUEST);
            }
            this.db.updateAuthCodeValidStatus(findAuthCode.getCode(), false);
            accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, findAuthCode.getScope()), findAuthCode.getScope(), getExpiresIn(TokenRequest.REFRESH_TOKEN, findAuthCode.getScope()));
            accessToken.setUserId(findAuthCode.getUserId());
            accessToken.setClientId(findAuthCode.getClientId());
            accessToken.setCodeId(findAuthCode.getId());
            this.db.storeAccessToken(accessToken);
        } else {
            if (TokenRequest.REFRESH_TOKEN.equals(create.getGrantType())) {
                AccessToken findAccessTokenByRefreshToken = this.db.findAccessTokenByRefreshToken(create.getRefreshToken(), create.getClientId());
                if (findAccessTokenByRefreshToken == null) {
                    throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
                }
                if (findAccessTokenByRefreshToken.refreshTokenExpired()) {
                    this.db.removeAccessToken(findAccessTokenByRefreshToken.getToken());
                    throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
                }
                if (create.getScope() == null) {
                    scope = findAccessTokenByRefreshToken.getScope();
                } else {
                    if (!this.scopeService.scopeAllowed(create.getScope(), findAccessTokenByRefreshToken.getScope())) {
                        throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                    }
                    scope = create.getScope();
                }
                this.db.updateAccessTokenValidStatus(findAccessTokenByRefreshToken.getToken(), false);
                AccessToken accessToken2 = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, findAccessTokenByRefreshToken.getRefreshToken(), findAccessTokenByRefreshToken.getRefreshExpiresIn());
                accessToken2.setUserId(findAccessTokenByRefreshToken.getUserId());
                accessToken2.setDetails(findAccessTokenByRefreshToken.getDetails());
                accessToken2.setClientId(findAccessTokenByRefreshToken.getClientId());
                this.db.storeAccessToken(accessToken2);
                this.db.removeAccessToken(findAccessTokenByRefreshToken.getToken());
                return accessToken2;
            }
            if (TokenRequest.CLIENT_CREDENTIALS.equals(create.getGrantType())) {
                ClientCredentials findClientCredentials = this.db.findClientCredentials(create.getClientId());
                String validScopeByScope = this.scopeService.getValidScopeByScope(create.getScope(), findClientCredentials.getScope());
                if (validScopeByScope == null) {
                    throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.CLIENT_CREDENTIALS, validScopeByScope), validScopeByScope, false, (String) null);
                accessToken.setClientId(create.getClientId());
                Map<String, String> applicationDetails = findClientCredentials.getApplicationDetails();
                if (applicationDetails != null && applicationDetails.size() > 0) {
                    accessToken.setDetails(applicationDetails);
                    accessToken.setApplicationDetails(applicationDetails);
                }
                this.db.storeAccessToken(accessToken);
            } else if (TokenRequest.PASSWORD.equals(create.getGrantType())) {
                ClientCredentials findClientCredentials2 = this.db.findClientCredentials(create.getClientId());
                String validScopeByScope2 = this.scopeService.getValidScopeByScope(create.getScope(), findClientCredentials2.getScope());
                if (validScopeByScope2 == null) {
                    throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                try {
                    UserDetails authenticateUser = authenticateUser(create.getUsername(), create.getPassword(), fullHttpRequest);
                    if (authenticateUser == null || authenticateUser.getUserId() == null) {
                        throw new OAuthException(ResponseBuilder.INVALID_USERNAME_PASSWORD, HttpResponseStatus.UNAUTHORIZED);
                    }
                    accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScopeByScope2), validScopeByScope2, getExpiresIn(TokenRequest.REFRESH_TOKEN, validScopeByScope2));
                    accessToken.setUserId(authenticateUser.getUserId());
                    accessToken.setDetails(authenticateUser.getDetails());
                    accessToken.setClientId(create.getClientId());
                    accessToken.setApplicationDetails(findClientCredentials2.getApplicationDetails());
                    this.db.storeAccessToken(accessToken);
                } catch (AuthenticationException e) {
                    if (e.getResponse() != null) {
                        throw new OAuthException(e, e.getResponse().content().toString(CharsetUtil.UTF_8), e.getResponse().getStatus());
                    }
                    LOG.error("Cannot authenticate user", e);
                    throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
                }
            } else if (create.getGrantType().equals(OAuthConfig.getCustomGrantType())) {
                String validScope = this.scopeService.getValidScope(create.getScope(), create.getClientId());
                if (validScope == null) {
                    throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
                }
                try {
                    accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope), validScope, getExpiresIn(TokenRequest.REFRESH_TOKEN, validScope));
                    accessToken.setClientId(create.getClientId());
                    UserDetails callCustomGrantTypeHandler = callCustomGrantTypeHandler(fullHttpRequest);
                    if (callCustomGrantTypeHandler != null && callCustomGrantTypeHandler.getUserId() != null) {
                        accessToken.setUserId(callCustomGrantTypeHandler.getUserId());
                        accessToken.setDetails(callCustomGrantTypeHandler.getDetails());
                    }
                    this.db.storeAccessToken(accessToken);
                } catch (AuthenticationException e2) {
                    LOG.error("Cannot authenticate user", e2);
                    throw new OAuthException(e2, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
                }
            }
        }
        return accessToken;
    }

    protected UserDetails authenticateUser(String str, String str2, HttpRequest httpRequest) throws AuthenticationException {
        UserDetails authenticate;
        if (OAuthConfig.getUserAuthenticationClass() != null) {
            try {
                authenticate = OAuthConfig.getUserAuthenticationClass().newInstance().authenticate(str, str2, httpRequest);
            } catch (IllegalAccessException | InstantiationException e) {
                LOG.error("cannot instantiate user authentication class", e);
                throw new AuthenticationException(e.getMessage());
            }
        } else {
            authenticate = new UserDetails("12345", (Map) null);
        }
        return authenticate;
    }

    protected UserDetails callCustomGrantTypeHandler(HttpRequest httpRequest) throws AuthenticationException {
        UserDetails userDetails = null;
        if (OAuthConfig.getCustomGrantTypeHandler() != null) {
            try {
                userDetails = OAuthConfig.getCustomGrantTypeHandler().newInstance().execute(httpRequest);
            } catch (IllegalAccessException | InstantiationException e) {
                LOG.error("cannot instantiate custom grant_type class", e);
                throw new AuthenticationException(e.getMessage());
            }
        }
        return userDetails;
    }

    public static String[] getBasicAuthorizationClientCredentials(HttpRequest httpRequest) {
        String str = httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION);
        String[] strArr = new String[2];
        if (str != null && str.contains(BASIC)) {
            String[] split = new String(new Base64().decode(str.replace(BASIC, "")), Charset.forName("UTF-8")).split(":");
            if (split.length == 2) {
                strArr[0] = split[0];
                strArr[1] = split[1];
            }
        }
        return strArr;
    }

    protected AuthCode findAuthCode(TokenRequest tokenRequest) {
        return this.db.findAuthCode(tokenRequest.getCode());
    }

    public AccessToken isValidToken(String str) {
        AccessToken findAccessToken = this.db.findAccessToken(str);
        LOG.info("token详情:" + findAccessToken);
        if (findAccessToken == null || !findAccessToken.isValid()) {
            return null;
        }
        if (!findAccessToken.tokenExpired()) {
            return findAccessToken;
        }
        LOG.info("accessToken 已过期,client_id= " + findAccessToken.getClientId());
        this.db.updateAccessTokenValidStatus(findAccessToken.getToken(), false);
        return null;
    }

    public ApplicationInfo getApplicationInfo(String str) {
        ApplicationInfo applicationInfo = null;
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        if (findClientCredentials != null) {
            applicationInfo = ApplicationInfo.loadFromClientCredentials(findClientCredentials);
        }
        return applicationInfo;
    }

    protected String generateCode() {
        return AuthCode.generate();
    }

    protected boolean isActiveClientId(String str) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getStatus() == 1;
    }

    protected boolean isValidClientCredentials(String str, String str2) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getSecret().equals(str2);
    }

    protected boolean isActiveClient(String str, String str2) {
        ClientCredentials findClientCredentials = this.db.findClientCredentials(str);
        return findClientCredentials != null && findClientCredentials.getSecret().equals(str2) && findClientCredentials.getStatus() == 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isExistingClient(String str) {
        return this.db.findClientCredentials(str) != null;
    }

    protected String getExpiresIn(String str, String str2) {
        return String.valueOf(this.scopeService.getExpiresIn(str, str2));
    }

    public boolean revokeToken(FullHttpRequest fullHttpRequest) throws OAuthException {
        RevokeTokenRequest revokeTokenRequest = new RevokeTokenRequest(fullHttpRequest);
        revokeTokenRequest.checkMandatoryParams();
        String clientId = revokeTokenRequest.getClientId();
        if (!isExistingClient(clientId)) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        String accessToken = revokeTokenRequest.getAccessToken();
        AccessToken findAccessToken = this.db.findAccessToken(accessToken);
        if (findAccessToken == null) {
            LOG.info(String.format("access token {%s} not found", accessToken));
            return false;
        }
        if (findAccessToken.tokenExpired()) {
            LOG.info(String.format("access token {%s} is expired", accessToken));
            return true;
        }
        if (!clientId.equals(findAccessToken.getClientId())) {
            LOG.info(String.format("access token {%s} is not obtained for that LOCAL_NODE_ID {%s}", accessToken, clientId));
            return false;
        }
        this.db.removeAccessToken(findAccessToken.getToken());
        LOG.info(String.format("access token {%s} set status invalid", accessToken));
        return true;
    }

    public boolean updateClientApp(HttpRequest httpRequest, String str) throws OAuthException {
        String str2 = httpRequest.headers().get(HttpHeaderNames.CONTENT_TYPE);
        if (str2 == null || !str2.contains(ResponseBuilder.APPLICATION_JSON)) {
            throw new OAuthException(ResponseBuilder.UNSUPPORTED_MEDIA_TYPE, HttpResponseStatus.BAD_REQUEST);
        }
        if (!isExistingClient(str)) {
            throw new OAuthException("{\"error\": \"invalid client_id/client_secret\"}", HttpResponseStatus.BAD_REQUEST);
        }
        try {
            ApplicationInfo applicationInfo = (ApplicationInfo) InputValidator.validate(((FullHttpRequest) httpRequest).content().toString(CharsetUtil.UTF_8), ApplicationInfo.class);
            if (!applicationInfo.validForUpdate()) {
                throw new OAuthException(ResponseBuilder.UPDATE_APP_MANDATORY_PARAM_MISSING, HttpResponseStatus.BAD_REQUEST);
            }
            if (applicationInfo.getScope() != null) {
                for (String str3 : applicationInfo.getScope().split(SCOPE_SPLITTER)) {
                    if (this.db.findScope(str3) == null) {
                        throw new OAuthException(ResponseBuilder.SCOPE_NOT_EXIST, HttpResponseStatus.BAD_REQUEST);
                    }
                }
            }
            this.db.updateClientCredentials(str, applicationInfo.getScope(), applicationInfo.getDescription(), applicationInfo.getStatus(), applicationInfo.getApplicationDetails());
            return true;
        } catch (IOException e) {
            LOG.error("cannot update client application", e);
            throw new OAuthException(e, ResponseBuilder.CANNOT_UPDATE_APP, HttpResponseStatus.BAD_REQUEST);
        }
    }
}
