package info.xiancloud.plugin.access_token_validation;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import info.xiancloud.plugin.Scope;
import info.xiancloud.plugin.Unit;
import info.xiancloud.plugin.conf.EnvConfig;
import info.xiancloud.plugin.distribution.exception.UnitUndefinedException;
import info.xiancloud.plugin.distribution.loadbalance.UnitRouter;
import info.xiancloud.plugin.executor.URIBean;
import info.xiancloud.plugin.message.SyncXian;
import info.xiancloud.plugin.message.UnitRequest;
import info.xiancloud.plugin.message.UnitResponse;
import info.xiancloud.plugin.support.authen.AccessToken;
import info.xiancloud.plugin.util.LOG;
import info.xiancloud.plugin.util.StringUtil;
import java.util.Arrays;
import java.util.regex.Pattern;

/* loaded from: input_file:info/xiancloud/plugin/access_token_validation/ValidateAccessToken.class */
public class ValidateAccessToken {
    public static boolean validate(UnitRequest unitRequest) {
        if (!isSecure(unitRequest.getContext().getUri())) {
            return true;
        }
        try {
            return Scope.validate(fetchAccessTokenAndReturnScope(unitRequest), unitRequest.getContext().getGroup(), unitRequest.getContext().getUnit());
        } catch (AccessTokenFailure e) {
            LOG.warn(e);
            return false;
        }
    }

    private static boolean isSecure(String str) {
        if (Arrays.asList(EnvConfig.getStringArray("api_gateway_white_uri_list")).contains(str)) {
            return false;
        }
        URIBean create = URIBean.create(str);
        try {
            return UnitRouter.singleton.newestDefinition(Unit.fullName(create.getGroup(), create.getUnit())).getMeta().isSecure();
        } catch (UnitUndefinedException e) {
            return true;
        }
    }

    private static String fetchAccessTokenAndReturnScope(UnitRequest unitRequest) throws AccessTokenFailure {
        String ip = unitRequest.getContext().getIp();
        if (StringUtil.isEmpty(ip)) {
            throw new IllegalArgumentException("Client's ip is empty, please check!");
        }
        if (isWhiteIp(ip)) {
            return "api_all";
        }
        String str = unitRequest.getContext().getHeader() == null ? null : (String) unitRequest.getContext().getHeader().getOrDefault("xian-accessToken", null);
        if (StringUtil.isEmpty(str)) {
            throw new AccessTokenFailure(null);
        }
        AccessToken forToken = forToken(str);
        unitRequest.getContext().setAccessToken(forToken);
        return forToken.getScope();
    }

    private static boolean isWhiteIp(String str) {
        for (String str2 : EnvConfig.getStringArray("api_gateway_white_ip_list", new String[]{"*.*.*.*", "*:*:*:*:*:*:*:*"})) {
            if (match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    private static AccessToken forToken(final String str) throws AccessTokenFailure {
        UnitResponse call = SyncXian.call("OAuth", "validateAccessToken", new JSONObject() { // from class: info.xiancloud.plugin.access_token_validation.ValidateAccessToken.1
            {
                put("accessToken", str);
            }
        });
        if (call.succeeded()) {
            return (AccessToken) call.dataToType(AccessToken.class);
        }
        throw new AccessTokenFailure(str);
    }

    private static JSONObject requestForTokenObject(final String str) throws AccessTokenFailure {
        JSONObject dataToJson = SyncXian.call("httpClient", "apacheHttpClientGet", new JSONObject() { // from class: info.xiancloud.plugin.access_token_validation.ValidateAccessToken.2
            {
                put("url", ValidateAccessToken.getOauth20Url(str));
            }
        }).dataToJson();
        if (dataToJson.getJSONObject("statusLine").getIntValue("statusCode") == 200) {
            return JSON.parseObject(dataToJson.getString("entity"));
        }
        throw new AccessTokenFailure(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getOauth20Url(String str) {
        return "http://" + EnvConfig.get("oauth_server_host") + ":" + EnvConfig.get("oauth_server_port") + "/oauth2.0/tokens/validate?token=" + str;
    }

    private static boolean match(String str, String str2) {
        LOG.debug("deal with the regex *");
        return Pattern.compile(str.contains(".") ? toIpv4Reg(str) : toIpv6Reg(str)).matcher(str2).matches();
    }

    private static String toIpv4Reg(String str) {
        return str.replace("*", "[0-9]*").replace(".", "\\.");
    }

    private static String toIpv6Reg(String str) {
        return str.replace("*", "[A-Fa-f0-9]*");
    }
}
