package org.wso2.carbon.apimgt.gateway.mediators;

import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.mediators.AbstractMediator;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.reflect.MethodSignature;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.MDC;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.MethodTimeLogger;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.impl.correlation.MethodCallsCorrelationConfigDataHolder;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/mediators/ClaimBasedResourceAccessValidationMediator.class */
public class ClaimBasedResourceAccessValidationMediator extends AbstractMediator {
    private static final Log log;
    private String accessVerificationClaim;
    private String accessVerificationClaimValue;
    private String accessVerificationClaimValueRegex;
    private boolean shouldAllowValidation;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_5;

    static {
        ajc$preClinit();
        log = LogFactory.getLog(ClaimBasedResourceAccessValidationMediator.class);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean mediate(MessageContext messageContext) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, messageContext);
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        return (isEnable && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(mediate_aroundBody1$advice(this, messageContext, makeJP, MethodTimeLogger.aspectOf(), makeJP)) : mediate_aroundBody0(this, messageContext, makeJP);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void handleAuthFailure(int i, MessageContext messageContext, String str, String str2) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, new Object[]{Conversions.intObject(i), messageContext, str, str2});
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        if (isEnable && MethodTimeLogger.pointCutAll()) {
            handleAuthFailure_aroundBody3$advice(this, i, messageContext, str, str2, makeJP, MethodTimeLogger.aspectOf(), makeJP);
        } else {
            handleAuthFailure_aroundBody2(this, i, messageContext, str, str2, makeJP);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setAccessVerificationClaim(String str) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        if (isEnable && MethodTimeLogger.pointCutAll()) {
            setAccessVerificationClaim_aroundBody5$advice(this, str, makeJP, MethodTimeLogger.aspectOf(), makeJP);
        } else {
            this.accessVerificationClaim = str;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setAccessVerificationClaimValue(String str) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, str);
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        if (isEnable && MethodTimeLogger.pointCutAll()) {
            setAccessVerificationClaimValue_aroundBody7$advice(this, str, makeJP, MethodTimeLogger.aspectOf(), makeJP);
        } else {
            this.accessVerificationClaimValue = str;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setShouldAllowValidation(boolean z) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, Conversions.booleanObject(z));
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        if (isEnable && MethodTimeLogger.pointCutAll()) {
            setShouldAllowValidation_aroundBody9$advice(this, z, makeJP, MethodTimeLogger.aspectOf(), makeJP);
        } else {
            this.shouldAllowValidation = z;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setAccessVerificationClaimValueRegex(String str) {
        boolean isEnable;
        ProceedingJoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, str);
        isEnable = MethodCallsCorrelationConfigDataHolder.isEnable();
        if (isEnable && MethodTimeLogger.pointCutAll()) {
            setAccessVerificationClaimValueRegex_aroundBody11$advice(this, str, makeJP, MethodTimeLogger.aspectOf(), makeJP);
        } else {
            this.accessVerificationClaimValueRegex = str;
        }
    }

    private static final /* synthetic */ boolean mediate_aroundBody0(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, MessageContext messageContext, JoinPoint joinPoint) {
        String str = (String) ((Map) messageContext.getProperty(APIMgtGatewayConstants.JWT_CLAIMS)).get(claimBasedResourceAccessValidationMediator.accessVerificationClaim);
        try {
            if (StringUtils.isBlank(str)) {
                log.error(APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_INVALID_DESCRIPTION);
                throw new APISecurityException(APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_INVALID, APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_INVALID_MESSAGE, String.format("Token doesn't contain the claim \"%s\"", claimBasedResourceAccessValidationMediator.accessVerificationClaim));
            }
            if (!StringUtils.isNotBlank(claimBasedResourceAccessValidationMediator.accessVerificationClaimValueRegex)) {
                log.debug("A regex is not provided, validating the claim values based on equality.");
                if (StringUtils.equals(claimBasedResourceAccessValidationMediator.accessVerificationClaimValue, str) || claimBasedResourceAccessValidationMediator.shouldAllowValidation) {
                    log.debug("Claim values match or the flow is configured to allow when claims doesn't match. Hence the flow is allowed.");
                    return true;
                }
                log.debug("Claim values don't match. Hence the flow is not allowed.");
                throw new APISecurityException(APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH, APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH_MESSAGE, APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH_DESCRIPTION);
            }
            log.debug("A regex is provided, hence, validating the claim values using the provided regex.");
            Pattern compile = Pattern.compile(claimBasedResourceAccessValidationMediator.accessVerificationClaimValueRegex);
            Matcher matcher = compile.matcher(claimBasedResourceAccessValidationMediator.accessVerificationClaimValue);
            Matcher matcher2 = compile.matcher(str);
            if ((matcher.matches() && matcher2.matches()) || claimBasedResourceAccessValidationMediator.shouldAllowValidation) {
                log.debug("Claim values match or the flow is configured to allow when claims doesn't match. Hence the flow is allowed.");
                return true;
            }
            log.debug("Claim values don't match. Hence the flow is not allowed.");
            throw new APISecurityException(APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH, APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH_MESSAGE, APISecurityConstants.API_AUTH_ACCESS_TOKEN_CLAIMS_MISMATCH_DESCRIPTION);
        } catch (APISecurityException e) {
            claimBasedResourceAccessValidationMediator.handleAuthFailure(e.getErrorCode(), messageContext, e.getMessage(), e.getDescription());
            return false;
        }
    }

    private static final /* synthetic */ Object mediate_aroundBody1$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, MessageContext messageContext, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Object booleanObject = Conversions.booleanObject(mediate_aroundBody0(claimBasedResourceAccessValidationMediator, messageContext, proceedingJoinPoint));
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return booleanObject;
    }

    private static final /* synthetic */ void handleAuthFailure_aroundBody2(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, int i, MessageContext messageContext, String str, String str2, JoinPoint joinPoint) {
        messageContext.setProperty(ThreatProtectorConstants.ERROR_CODE, Integer.valueOf(i));
        messageContext.setProperty(ThreatProtectorConstants.ERROR_MESSAGE, str);
        messageContext.setProperty("ERROR_DETAIL", str2);
        Mediator sequence = messageContext.getSequence(APISecurityConstants.BACKEND_AUTH_FAILURE_HANDLER);
        if (sequence == null || sequence.mediate(messageContext)) {
            Utils.sendFault(messageContext, 403);
        }
    }

    private static final /* synthetic */ Object handleAuthFailure_aroundBody3$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, int i, MessageContext messageContext, String str, String str2, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        handleAuthFailure_aroundBody2(claimBasedResourceAccessValidationMediator, i, messageContext, str, str2, proceedingJoinPoint);
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str3 = "";
            for (String str4 : parameterNames) {
                sb.append(str3);
                str3 = ", ";
                sb.append(str4);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str5 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str5)) {
                MDC.put("Correlation-ID", str5);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return null;
    }

    private static final /* synthetic */ Object setAccessVerificationClaim_aroundBody5$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, String str, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        claimBasedResourceAccessValidationMediator.accessVerificationClaim = str;
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str2 = "";
            for (String str3 : parameterNames) {
                sb.append(str2);
                str2 = ", ";
                sb.append(str3);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str4 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str4)) {
                MDC.put("Correlation-ID", str4);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return null;
    }

    private static final /* synthetic */ Object setAccessVerificationClaimValue_aroundBody7$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, String str, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        claimBasedResourceAccessValidationMediator.accessVerificationClaimValue = str;
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str2 = "";
            for (String str3 : parameterNames) {
                sb.append(str2);
                str2 = ", ";
                sb.append(str3);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str4 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str4)) {
                MDC.put("Correlation-ID", str4);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return null;
    }

    private static final /* synthetic */ Object setShouldAllowValidation_aroundBody9$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, boolean z, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        claimBasedResourceAccessValidationMediator.shouldAllowValidation = z;
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str = "";
            for (String str2 : parameterNames) {
                sb.append(str);
                str = ", ";
                sb.append(str2);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str3 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str3)) {
                MDC.put("Correlation-ID", str3);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return null;
    }

    private static final /* synthetic */ Object setAccessVerificationClaimValueRegex_aroundBody11$advice(ClaimBasedResourceAccessValidationMediator claimBasedResourceAccessValidationMediator, String str, JoinPoint joinPoint, MethodTimeLogger methodTimeLogger, ProceedingJoinPoint proceedingJoinPoint) {
        Map map;
        long currentTimeMillis = System.currentTimeMillis();
        MethodSignature signature = proceedingJoinPoint.getSignature();
        claimBasedResourceAccessValidationMediator.accessVerificationClaimValueRegex = str;
        String[] parameterNames = signature.getParameterNames();
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        if (parameterNames != null && parameterNames.length != 0) {
            String str2 = "";
            for (String str3 : parameterNames) {
                sb.append(str2);
                str2 = ", ";
                sb.append(str3);
            }
        }
        sb.append("]");
        String sb2 = sb.toString();
        org.apache.axis2.context.MessageContext currentMessageContext = org.apache.axis2.context.MessageContext.getCurrentMessageContext();
        if (MDC.get("Correlation-ID") == null && currentMessageContext != null && (map = (Map) currentMessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) != null) {
            String str4 = (String) map.get("activityid");
            if (StringUtils.isNotEmpty(str4)) {
                MDC.put("Correlation-ID", str4);
            }
            if (StringUtils.isEmpty(MDC.get("Correlation-ID"))) {
                String uuid = UUID.randomUUID().toString();
                MDC.put("Correlation-ID", uuid);
                map.put("activityid", uuid);
            }
        }
        MethodTimeLogger.log.info(String.valueOf(System.currentTimeMillis() - currentTimeMillis) + "|METHOD|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getDeclaringTypeName() + "|" + ((MethodSignature) MethodSignature.class.cast(proceedingJoinPoint.getSignature())).getMethod().getName() + "|" + sb2);
        return null;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("ClaimBasedResourceAccessValidationMediator.java", ClaimBasedResourceAccessValidationMediator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "mediate", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "org.apache.synapse.MessageContext", "messageContext", "", "boolean"), 56);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "handleAuthFailure", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "int:org.apache.synapse.MessageContext:java.lang.String:java.lang.String", "errorCode:messageContext:errorMessage:errorDescription", "", "void"), 118);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "setAccessVerificationClaim", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "java.lang.String", "accessVerificationClaim", "", "void"), 131);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "setAccessVerificationClaimValue", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "java.lang.String", "accessVerificationClaimValue", "", "void"), 135);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "setShouldAllowValidation", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "boolean", APIMgtGatewayConstants.SHOULD_ALLOW_ACCESS_VALIDATION, "", "void"), 139);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "setAccessVerificationClaimValueRegex", "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", "java.lang.String", "accessVerificationClaimValueRegex", "", "void"), 143);
    }
}
