package org.wso2.carbon.apimgt.gateway.handlers.security;

import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.util.Date;
import java.util.Map;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axis2.AxisFault;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.synapse.transport.passthru.util.RelayUtils;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.metrics.manager.Level;
import org.wso2.carbon.metrics.manager.MetricManager;
import org.wso2.carbon.metrics.manager.Timer;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/APIAuthenticationHandler.class */
public class APIAuthenticationHandler extends AbstractHandler implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(APIAuthenticationHandler.class);
    private volatile Authenticator authenticator;
    private SynapseEnvironment synapseEnvironment;

    public void init(SynapseEnvironment synapseEnvironment) {
        this.synapseEnvironment = synapseEnvironment;
        if (log.isDebugEnabled()) {
            log.debug("Initializing API authentication handler instance");
        }
        if (ServiceReferenceHolder.getInstance().getApiManagerConfigurationService() != null) {
            initializeAuthenticator();
        }
    }

    public void destroy() {
        if (this.authenticator != null) {
            this.authenticator.destroy();
        } else {
            log.warn("Unable to destroy uninitialized authentication handler instance");
        }
    }

    @SuppressWarnings(value = {"LEST_LOST_EXCEPTION_STACK_TRACE"}, justification = "The exception needs to thrown for fault sequence invocation")
    private void initializeAuthenticator() {
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty(APISecurityConstants.API_SECURITY_AUTHENTICATOR);
        if (firstProperty == null) {
            firstProperty = OAuthAuthenticator.class.getName();
        }
        try {
            this.authenticator = (Authenticator) APIUtil.getClassForName(firstProperty).newInstance();
            this.authenticator.init(this.synapseEnvironment);
        } catch (Exception e) {
            throw new SynapseException("Error while initializing authenticator of type: " + firstProperty);
        }
    }

    @SuppressWarnings(value = {"EXS_EXCEPTION_SOFTENING_RETURN_FALSE"}, justification = "Error is sent through payload")
    public boolean handleRequest(MessageContext messageContext) {
        Timer.Context start = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName()})).start();
        long nanoTime = System.nanoTime();
        try {
            try {
                if (Utils.isStatsEnabled()) {
                    messageContext.setProperty(APIMgtGatewayConstants.REQUEST_START_TIME, Long.toString(System.currentTimeMillis()));
                }
                if (this.authenticator == null) {
                    initializeAuthenticator();
                }
                if (!this.authenticator.authenticate(messageContext)) {
                    start.stop();
                    return false;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Authenticated API, authentication response relieved: " + logMessageDetails(messageContext) + ", elapsedTimeInMilliseconds=" + (((System.nanoTime() - nanoTime) / 1000000) / 1000000));
                }
                setAPIParametersToMessageContext(messageContext);
                start.stop();
                return true;
            } catch (APISecurityException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Call to API gateway : " + logMessageDetails(messageContext) + ", elapsedTimeInMilliseconds=" + (((System.nanoTime() - nanoTime) / 1000000) / 1000000));
                }
                log.warn("API authentication failure due to " + APISecurityConstants.getAuthenticationFailureMessage(e.getErrorCode()));
                if (log.isDebugEnabled()) {
                    log.debug("API authentication failed with error " + e.getErrorCode(), e);
                }
                handleAuthFailure(messageContext, e);
                start.stop();
                return false;
            }
        } catch (Throwable th) {
            start.stop();
            throw th;
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        if (!Utils.isStatsEnabled()) {
            return true;
        }
        messageContext.setProperty(APIMgtGatewayConstants.BACKEND_REQUEST_END_TIME, Long.toString(System.currentTimeMillis()));
        return true;
    }

    private void handleAuthFailure(MessageContext messageContext, APISecurityException aPISecurityException) {
        int i;
        messageContext.setProperty("ERROR_CODE", Integer.valueOf(aPISecurityException.getErrorCode()));
        messageContext.setProperty("ERROR_MESSAGE", APISecurityConstants.getAuthenticationFailureMessage(aPISecurityException.getErrorCode()));
        messageContext.setProperty("ERROR_EXCEPTION", aPISecurityException);
        Mediator sequence = messageContext.getSequence(APISecurityConstants.API_AUTH_FAILURE_HANDLER);
        if (sequence == null || sequence.mediate(messageContext)) {
            org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
            axis2MessageContext.setProperty("message.builder.invoked", Boolean.TRUE);
            try {
                RelayUtils.consumeAndDiscardMessage(axis2MessageContext);
            } catch (AxisFault e) {
                log.error("Error occurred while consuming and discarding the message", e);
            }
            axis2MessageContext.setProperty("messageType", "application/soap+xml");
            if (aPISecurityException.getErrorCode() == 900900) {
                i = 500;
            } else if (aPISecurityException.getErrorCode() == 900906 || aPISecurityException.getErrorCode() == 900908 || aPISecurityException.getErrorCode() == 900910) {
                i = 403;
            } else {
                i = 401;
                Map map = (Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS");
                if (map != null) {
                    map.put("WWW-Authenticate", this.authenticator.getChallengeString());
                    axis2MessageContext.setProperty("TRANSPORT_HEADERS", map);
                }
            }
            if (messageContext.isDoingPOX() || messageContext.isDoingGET()) {
                Utils.setFaultPayload(messageContext, getFaultPayload(aPISecurityException));
            } else {
                Utils.setSOAPFault(messageContext, "Client", "Authentication Failure", aPISecurityException.getMessage());
            }
            Utils.sendFault(messageContext, i);
        }
    }

    private OMElement getFaultPayload(APISecurityException aPISecurityException) {
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMNamespace createOMNamespace = oMFactory.createOMNamespace(APISecurityConstants.API_SECURITY_NS, APISecurityConstants.API_SECURITY_NS_PREFIX);
        OMElement createOMElement = oMFactory.createOMElement("fault", createOMNamespace);
        OMElement createOMElement2 = oMFactory.createOMElement("code", createOMNamespace);
        createOMElement2.setText(String.valueOf(aPISecurityException.getErrorCode()));
        OMElement createOMElement3 = oMFactory.createOMElement("message", createOMNamespace);
        createOMElement3.setText(APISecurityConstants.getAuthenticationFailureMessage(aPISecurityException.getErrorCode()));
        OMElement createOMElement4 = oMFactory.createOMElement("description", createOMNamespace);
        createOMElement4.setText(APISecurityConstants.getFailureMessageDetailDescription(aPISecurityException.getErrorCode(), aPISecurityException.getMessage()));
        createOMElement.addChild(createOMElement2);
        createOMElement.addChild(createOMElement3);
        createOMElement.addChild(createOMElement4);
        return createOMElement;
    }

    private String logMessageDetails(MessageContext messageContext) {
        String str = (String) messageContext.getProperty(APIMgtGatewayConstants.APPLICATION_NAME);
        String str2 = (String) messageContext.getProperty(APIMgtGatewayConstants.END_USER_NAME);
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String messageId = axis2MessageContext.getOptions().getMessageId();
        String str3 = str != null ? " belonging to appName=" + str : "API call failed reason=API_authentication_failure";
        if (str2 != null) {
            str3 = str3 + " userName=" + str2;
        }
        if (messageId != null) {
            str3 = str3 + " transactionId=" + messageId;
        }
        String str4 = (String) ((TreeMap) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).get("User-Agent");
        if (str4 != null) {
            str3 = str3 + " with userAgent=" + str4;
        }
        String str5 = (String) ((TreeMap) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).get(APIMgtGatewayConstants.AUTHORIZATION);
        if (str5 != null) {
            str3 = str3 + " with accessToken=" + str5;
        }
        String str6 = (String) messageContext.getProperty("REST_FULL_REQUEST_PATH");
        if (str6 != null) {
            str3 = str3 + " for requestURI=" + str6;
        }
        String str7 = str3 + " at time=" + new Date(Long.parseLong((String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(APIMgtGatewayConstants.REQUEST_RECEIVED_TIME)));
        String str8 = (String) axis2MessageContext.getProperty("REMOTE_ADDR");
        if (str8 != null) {
            str7 = str7 + " from clientIP=" + str8;
        }
        return str7;
    }

    private void setAPIParametersToMessageContext(MessageContext messageContext) {
        AuthenticationContext authenticationContext = APISecurityUtils.getAuthenticationContext(messageContext);
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String str = "";
        String str2 = "";
        String str3 = "";
        String str4 = "";
        if (authenticationContext != null) {
            str = authenticationContext.getConsumerKey();
            str2 = authenticationContext.getUsername();
            str3 = authenticationContext.getApplicationName();
            str4 = authenticationContext.getApplicationId();
        }
        String str5 = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str6 = (String) messageContext.getProperty("SYNAPSE_REST_API");
        String str7 = (String) messageContext.getProperty(APIMgtGatewayConstants.API_PUBLISHER);
        int indexOf = str6.indexOf("--");
        if (indexOf != -1) {
            str6 = str6.substring(indexOf + 2);
        }
        String str8 = str6.split(":")[0];
        String str9 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String tenantDomainFromRequestURL = MultitenantUtils.getTenantDomainFromRequestURL((String) messageContext.getProperty("REST_FULL_REQUEST_PATH"));
        if (str7 == null) {
            str7 = APIUtil.getAPIProviderFromRESTAPI(str6, tenantDomainFromRequestURL);
        }
        String extractResource = extractResource(messageContext);
        String str10 = (String) axis2MessageContext.getProperty("HTTP_METHOD");
        String hostAddress = APIUtil.getHostAddress();
        messageContext.setProperty(APIMgtGatewayConstants.CONSUMER_KEY, str);
        messageContext.setProperty(APIMgtGatewayConstants.USER_ID, str2);
        messageContext.setProperty(APIMgtGatewayConstants.CONTEXT, str5);
        messageContext.setProperty(APIMgtGatewayConstants.API_VERSION, str6);
        messageContext.setProperty(APIMgtGatewayConstants.API, str8);
        messageContext.setProperty(APIMgtGatewayConstants.VERSION, str9);
        messageContext.setProperty(APIMgtGatewayConstants.RESOURCE, extractResource);
        messageContext.setProperty(APIMgtGatewayConstants.HTTP_METHOD, str10);
        messageContext.setProperty(APIMgtGatewayConstants.HOST_NAME, hostAddress);
        messageContext.setProperty(APIMgtGatewayConstants.API_PUBLISHER, str7);
        messageContext.setProperty(APIMgtGatewayConstants.APPLICATION_NAME, str3);
        messageContext.setProperty(APIMgtGatewayConstants.APPLICATION_ID, str4);
    }

    private String extractResource(MessageContext messageContext) {
        Matcher matcher = Pattern.compile(APIMgtGatewayConstants.RESOURCE_PATTERN).matcher((String) messageContext.getProperty("REST_FULL_REQUEST_PATH"));
        return matcher.find() ? matcher.group(1) : "/";
    }
}
