package io.integon;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.apache.synapse.rest.Handler;

/* loaded from: input_file:io/integon/JwtAuthHandler.class */
public class JwtAuthHandler implements Handler {
    private static final Log log = LogFactory.getLog(JwtAuthMediator.class);
    private String jwtHeader;
    private String jwksEndpoint;
    private String jwksEnvVariable;
    private String iatClaim;
    private String issClaim;
    private String subClaim;
    private String audClaim;
    private String jtiClaim;
    private String jwksTimeout;
    private String jwksRefreshTime;
    private long cachedTimeValidator = 0;
    private long cachedTimeValidatorReset = 86400000;
    private JWTValidator validator = null;

    public void addProperty(String str, Object obj) {
    }

    public Map getProperties() {
        return null;
    }

    public boolean handleRequest(MessageContext messageContext) {
        if (this.validator == null || this.cachedTimeValidator + this.cachedTimeValidatorReset < System.currentTimeMillis()) {
            this.validator = new JWTValidator();
            this.cachedTimeValidator = System.currentTimeMillis();
            log.debug("JWTValidator initialized: " + this.validator);
        }
        Object property = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        String str = null;
        if (property != null && (property instanceof Map)) {
            str = (String) ((Map) property).get(this.jwtHeader);
        }
        if (str == null || str.isEmpty()) {
            log.debug("JWT token not found in the message");
            handleException("JWT token not found in the message", messageContext);
            return false;
        }
        log.debug(this.jwtHeader + ": has the following value: " + str);
        if (!str.trim().startsWith("Bearer")) {
            log.debug("Invalid JWT token format: " + str);
            handleException("Invalid JWT token format", messageContext);
            return false;
        }
        String substring = str.substring(7);
        if (substring == null || substring.isEmpty()) {
            log.debug("JWT token not found in the message");
            handleException("JWT token not found in the message", messageContext);
            return false;
        }
        if (this.jwksEnvVariable == null || System.getenv().get(this.jwksEnvVariable) == null) {
            if (this.jwksEndpoint == null || this.jwksEndpoint.isEmpty()) {
                handleException("JWKS endpoint not found", messageContext);
                return false;
            }
        } else if (CommonUtils.containsUrl(System.getenv().get(this.jwksEnvVariable))) {
            this.jwksEndpoint = System.getenv().get(this.jwksEnvVariable);
        }
        this.validator.setCacheTimeouts(this.jwksTimeout, this.jwksRefreshTime);
        try {
            log.debug("isValidJWT: " + this.validator.validateToken(substring, this.jwksEndpoint));
        } catch (Exception e) {
            handleException(e.getMessage(), messageContext);
        }
        try {
            if (this.validator.isTokenExpired(substring)) {
                handleException("JWT token is expired", messageContext);
            }
        } catch (Exception e2) {
            handleException(e2.getMessage(), messageContext);
        }
        HashMap<String, String> hashMap = new HashMap<>();
        if (this.iatClaim != null && this.iatClaim.isEmpty()) {
            this.iatClaim = null;
        }
        hashMap.put("iat", this.iatClaim);
        if (this.issClaim != null && this.issClaim.isEmpty()) {
            this.issClaim = null;
        }
        hashMap.put("iss", this.issClaim);
        if (this.subClaim != null && this.subClaim.isEmpty()) {
            this.subClaim = null;
        }
        hashMap.put("sub", this.subClaim);
        if (this.audClaim != null && this.audClaim.isEmpty()) {
            this.audClaim = null;
        }
        hashMap.put("aud", this.audClaim);
        if (this.jtiClaim != null && this.jtiClaim.isEmpty()) {
            this.jtiClaim = null;
        }
        hashMap.put("jti", this.jtiClaim);
        boolean z = true;
        Iterator<String> it = hashMap.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next() != null) {
                z = false;
                break;
            }
        }
        if (!z) {
            try {
                this.validator.areClaimsValid(substring, hashMap);
            } catch (Exception e3) {
                handleException(e3.getMessage(), messageContext);
            }
        }
        log.debug("JWT validation successful");
        return true;
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;
    }

    protected void handleException(String str, MessageContext messageContext) {
        CommonUtils.setJsonEnvelopMessageContext(messageContext, str);
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        ((Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).clear();
        axis2MessageContext.setProperty("HTTP_SC", 401);
        axis2MessageContext.setProperty("NO_ENTITY_BODY", Boolean.FALSE);
        messageContext.setProperty("RESPONSE", "true");
        axis2MessageContext.setProperty("messageType", "application/json");
        axis2MessageContext.setProperty("ContentType", "application/json");
        messageContext.setTo((EndpointReference) null);
        Axis2Sender.sendBack(messageContext);
    }

    public String getJwksEndpoint() {
        return this.jwksEndpoint;
    }

    public void setJwksEndpoint(String str) {
        this.jwksEndpoint = str;
    }

    public String getJwksEnvVariable() {
        return this.jwksEnvVariable;
    }

    public void setJwksEnvVariable(String str) {
        this.jwksEnvVariable = str;
    }

    public String getJwtHeader() {
        return this.jwtHeader;
    }

    public void setJwtHeader(String str) {
        this.jwtHeader = str;
    }

    public String getIatClaim() {
        return this.iatClaim;
    }

    public void setIatClaim(String str) {
        this.iatClaim = str;
    }

    public String getIssClaim() {
        return this.issClaim;
    }

    public void setIssClaim(String str) {
        this.issClaim = str;
    }

    public String getAudClaim() {
        return this.audClaim;
    }

    public void setAudClaim(String str) {
        this.audClaim = str;
    }

    public String getSubClaim() {
        return this.subClaim;
    }

    public void setSubClaim(String str) {
        this.subClaim = str;
    }

    public String getJtiClaim() {
        return this.jtiClaim;
    }

    public void setJtiClaim(String str) {
        this.jtiClaim = str;
    }

    public String getJwksTimeout() {
        return this.jwksTimeout;
    }

    public void setJwksTimeout(String str) {
        this.jwksTimeout = str;
    }

    public String getJwksRefreshTime() {
        return this.jwksRefreshTime;
    }

    public void setJwksRefreshTime(String str) {
        this.jwksRefreshTime = str;
    }
}
