package info.xiancloud.gateway.access_token_validation;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import info.xiancloud.core.Scope;
import info.xiancloud.core.Unit;
import info.xiancloud.core.conf.XianConfig;
import info.xiancloud.core.distribution.exception.UnitUndefinedException;
import info.xiancloud.core.distribution.loadbalance.UnitRouter;
import info.xiancloud.core.message.SingleRxXian;
import info.xiancloud.core.message.UnitRequest;
import info.xiancloud.core.support.authen.AccessToken;
import info.xiancloud.core.util.LOG;
import info.xiancloud.core.util.StringUtil;
import info.xiancloud.gateway.LogTypeGateway;
import info.xiancloud.gateway.controller.URIBean;
import io.reactivex.Single;
import java.util.Optional;
import java.util.regex.Pattern;

/* loaded from: input_file:info/xiancloud/gateway/access_token_validation/ValidateAccessToken.class */
public class ValidateAccessToken {
    public static Single<Boolean> validate(UnitRequest unitRequest) {
        LOG.debug("ValidateAccessToken");
        return !isSecure(unitRequest.getContext().getUri()) ? Single.just(true) : fetchAccessTokenAndReturnScope(unitRequest).map(optional -> {
            return Boolean.valueOf(optional.isPresent() && Scope.validate((String) optional.get(), unitRequest.getContext().getGroup(), unitRequest.getContext().getUnit()));
        });
    }

    private static boolean isSecure(String str) {
        if (!StringUtil.isEmpty(str)) {
            for (String str2 : XianConfig.getStringArray("api_gateway_white_uri_list")) {
                if (str.startsWith(str2)) {
                    return false;
                }
            }
        }
        URIBean create = URIBean.create(str);
        try {
            return UnitRouter.SINGLETON.newestDefinition(Unit.fullName(create.getGroup(), create.getUnit())).getMeta().isSecure();
        } catch (UnitUndefinedException e) {
            return true;
        }
    }

    private static Single<Optional<String>> fetchAccessTokenAndReturnScope(UnitRequest unitRequest) {
        LOG.info("fetchAccessTokenAndReturnScope");
        String ip = unitRequest.getContext().getIp();
        if (StringUtil.isEmpty(ip)) {
            throw new IllegalArgumentException("Client's ip is empty, please check!");
        }
        if (isWhiteIp(ip)) {
            LOG.info(new JSONObject().fluentPut("type", LogTypeGateway.whiteIp).fluentPut("description", "request is from white ip " + ip).fluentPut("ip", ip));
            return Single.just(Optional.of("api_all"));
        }
        String str = unitRequest.getContext().getHeader() == null ? null : (String) unitRequest.getContext().getHeader().getOrDefault("xian-accessToken", null);
        return StringUtil.isEmpty(str) ? Single.just(Optional.empty()) : forToken(str).map(optional -> {
            if (!optional.isPresent()) {
                return Optional.empty();
            }
            unitRequest.getContext().setAccessToken((AccessToken) optional.get());
            return Optional.of(((AccessToken) optional.get()).getScope());
        });
    }

    private static boolean isWhiteIp(String str) {
        for (String str2 : XianConfig.getStringArray("api_gateway_white_ip_list", new String[]{"*.*.*.*", "*:*:*:*:*:*:*:*"})) {
            if (match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    private static Single<Optional<AccessToken>> forToken(String str) {
        return SingleRxXian.call("OAuth", "validateAccessToken", new JSONObject().fluentPut("access_token", str)).map(unitResponse -> {
            return !unitResponse.succeeded() ? Optional.empty() : Optional.of(unitResponse.dataToType(AccessToken.class));
        });
    }

    private static Single<JSONObject> requestForTokenObject(final String str) {
        return SingleRxXian.call("httpClient", "apacheHttpClientGet", new JSONObject() { // from class: info.xiancloud.gateway.access_token_validation.ValidateAccessToken.1
            {
                put("url", ValidateAccessToken.getOauth20Url(str));
            }
        }).map(unitResponse -> {
            JSONObject dataToJson = unitResponse.dataToJson();
            if (dataToJson.getJSONObject("statusLine").getIntValue("statusCode") == 200) {
                return JSON.parseObject(dataToJson.getString("entity"));
            }
            throw new AccessTokenFailure(str);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getOauth20Url(String str) {
        return "http://" + XianConfig.get("oauth_server_host") + ":" + XianConfig.get("oauth_server_port") + "/oauth2.0/tokens/validate?token=" + str;
    }

    private static boolean match(String str, String str2) {
        LOG.debug("deal with the regex *");
        return Pattern.compile(str.contains(".") ? toIpv4Reg(str) : toIpv6Reg(str)).matcher(str2).matches();
    }

    private static String toIpv4Reg(String str) {
        return str.replace("*", "[0-9]*").replace(".", "\\.");
    }

    private static String toIpv6Reg(String str) {
        return str.replace("*", "[A-Fa-f0-9]*");
    }
}
