package org.wso2.micro.gateway.enforcer.security.jwt.issuer;

import io.grpc.netty.shaded.io.netty.buffer.Unpooled;
import io.grpc.netty.shaded.io.netty.channel.ChannelFuture;
import io.grpc.netty.shaded.io.netty.channel.ChannelFutureListener;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandlerContext;
import io.grpc.netty.shaded.io.netty.channel.SimpleChannelInboundHandler;
import io.grpc.netty.shaded.io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.grpc.netty.shaded.io.netty.handler.codec.http.HttpObject;
import io.grpc.netty.shaded.io.netty.handler.codec.http.HttpRequest;
import io.grpc.netty.shaded.io.netty.handler.codec.http.HttpResponseStatus;
import io.grpc.netty.shaded.io.netty.handler.codec.http.HttpUtil;
import io.grpc.netty.shaded.io.netty.util.concurrent.Future;
import io.grpc.netty.shaded.io.netty.util.concurrent.GenericFutureListener;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.micro.gateway.enforcer.config.ConfigHolder;
import org.wso2.micro.gateway.enforcer.config.dto.CredentialDto;
import org.wso2.micro.gateway.enforcer.dto.APIKeyValidationInfoDTO;
import org.wso2.micro.gateway.enforcer.security.TokenValidationContext;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/security/jwt/issuer/HttpTokenServerHandler.class */
public class HttpTokenServerHandler extends SimpleChannelInboundHandler<HttpObject> {
    private static final String CONTENT_LENGTH = "content-length";
    private static final String KEEP_ALIVE = "keep-alive";
    private static final String TEXT_PLAIN = "text/plain";
    private static final String CONNECTION = "Connection";
    private static final String CLOSE = "close";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String AUTHORIZATION = "Authorization";
    private static final String BASIC_VALUE = "Basic";
    private static final String BASIC_LOWER = "basic";
    private static TokenIssuer tokenIssuer;
    private static String username = null;
    private static boolean isAuthorized = false;
    private static final Logger logger = LogManager.getLogger((Class<?>) HttpTokenServerHandler.class);

    @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
    public void channelReadComplete(ChannelHandlerContext channelHandlerContext) {
        channelHandlerContext.flush();
    }

    @Override // io.grpc.netty.shaded.io.netty.channel.SimpleChannelInboundHandler
    public void channelRead0(ChannelHandlerContext channelHandlerContext, HttpObject httpObject) throws Exception {
        DefaultFullHttpResponse defaultFullHttpResponse = null;
        if (httpObject instanceof HttpRequest) {
            HttpRequest httpRequest = (HttpRequest) httpObject;
            boolean isKeepAlive = HttpUtil.isKeepAlive(httpRequest);
            String str = httpRequest.headers().get("Authorization");
            if (str == null) {
                isAuthorized = false;
                defaultFullHttpResponse = new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.UNAUTHORIZED, Unpooled.wrappedBuffer("User is NOT authorized to generate a token. Please provide a valid Authorization header to continue.".getBytes()));
                defaultFullHttpResponse.headers().set("Content-Type", (Object) "text/plain");
                logger.error("User is NOT authorized to generate a token.");
            } else if (str.toLowerCase().startsWith(BASIC_LOWER)) {
                try {
                    String[] split = new String(Base64.getDecoder().decode(str.substring("Basic".length()).trim()), StandardCharsets.UTF_8).split(":", 2);
                    for (CredentialDto credentialDto : ConfigHolder.getInstance().getConfig().getJwtUsersCredentials()) {
                        if (split[0].equals(credentialDto.getUsername()) && split[1].equals(new String(credentialDto.getPwd()))) {
                            username = split[0];
                            isAuthorized = true;
                        } else {
                            isAuthorized = false;
                            defaultFullHttpResponse = new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.UNAUTHORIZED, Unpooled.wrappedBuffer("Wrong username or password. Please provide valid credentials.".getBytes()));
                            defaultFullHttpResponse.headers().set("Content-Type", (Object) "text/plain");
                            logger.error("Wrong username or password.");
                        }
                    }
                } catch (ArrayIndexOutOfBoundsException e) {
                    defaultFullHttpResponse = new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.BAD_REQUEST, Unpooled.wrappedBuffer("Error occurred while processing the request.".getBytes()));
                    defaultFullHttpResponse.headers().set("Content-Type", (Object) "text/plain");
                    logger.error("Error occurred while processing the request.");
                } catch (IllegalArgumentException e2) {
                    defaultFullHttpResponse = new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.BAD_REQUEST, Unpooled.wrappedBuffer("Error occurred while processing the request.".getBytes()));
                    defaultFullHttpResponse.headers().set("Content-Type", (Object) "text/plain");
                    logger.error("Error occurred while processing the request.");
                }
            }
            if (isAuthorized) {
                tokenIssuer = new JWTIssuerImpl();
                TokenValidationContext tokenValidationContext = new TokenValidationContext();
                tokenValidationContext.setValidationInfoDTO(new APIKeyValidationInfoDTO());
                tokenValidationContext.getValidationInfoDTO().setEndUserName(username);
                defaultFullHttpResponse = new DefaultFullHttpResponse(httpRequest.protocolVersion(), HttpResponseStatus.OK, Unpooled.wrappedBuffer(tokenIssuer.generateToken(tokenValidationContext).getBytes()));
                defaultFullHttpResponse.headers().set("Content-Type", (Object) "text/plain").setInt("content-length", defaultFullHttpResponse.content().readableBytes());
            }
            if (!isKeepAlive) {
                defaultFullHttpResponse.headers().set("Connection", (Object) "close");
            } else if (!httpRequest.protocolVersion().isKeepAliveDefault()) {
                defaultFullHttpResponse.headers().set("Connection", (Object) "keep-alive");
            }
            ChannelFuture write = channelHandlerContext.write(defaultFullHttpResponse);
            if (isKeepAlive) {
                return;
            }
            write.addListener2((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.CLOSE);
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        logger.error(th);
        channelHandlerContext.close();
    }
}
