package org.wso2.carbon.apimgt.rest.api.util.interceptors.auth;

import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.interceptor.security.AuthenticationException;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.common.RestAPIAuthenticationManager;
import org.wso2.carbon.apimgt.rest.api.common.RestAPIAuthenticator;
import org.wso2.carbon.apimgt.rest.api.util.MethodStats;
import org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator;
import org.wso2.carbon.apimgt.rest.api.util.impl.OAuthJwtAuthenticatorImpl;
import org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl;
import org.wso2.carbon.apimgt.rest.api.util.utils.JWTAuthenticationUtils;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/interceptors/auth/OAuthAuthenticationInterceptor.class */
public class OAuthAuthenticationInterceptor extends AbstractPhaseInterceptor {
    private static final Log logger;
    private static final String OAUTH_AUTHENTICATOR = "OAuth";
    private static final String REGEX_BEARER_PATTERN = "Bearer\\s";
    private static final Pattern PATTERN;
    private Map<String, AbstractOAuthAuthenticator> authenticatorMap;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/interceptors/auth/OAuthAuthenticationInterceptor$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            OAuthAuthenticationInterceptor.handleMessage_aroundBody0((OAuthAuthenticationInterceptor) objArr2[0], (Message) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    static {
        ajc$preClinit();
        logger = LogFactory.getLog(OAuthAuthenticationInterceptor.class);
        PATTERN = Pattern.compile(REGEX_BEARER_PATTERN);
    }

    public OAuthAuthenticationInterceptor() {
        super("pre-invoke");
        this.authenticatorMap = new HashMap();
        this.authenticatorMap.put("jwt", new OAuthJwtAuthenticatorImpl());
        this.authenticatorMap.put(RestApiConstants.OAUTH2_AUTHENTICATION, new OAuthOpaqueAuthenticatorImpl());
    }

    @MethodStats
    public void handleMessage(Message message) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, message);
        if ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, message, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            handleMessage_aroundBody0(this, message, makeJP);
        }
    }

    static final void handleMessage_aroundBody0(OAuthAuthenticationInterceptor oAuthAuthenticationInterceptor, Message message, JoinPoint joinPoint) {
        if (RestApiUtil.checkIfAnonymousAPI(message)) {
            return;
        }
        HashMap<String, Object> addToJWTAuthenticationContext = JWTAuthenticationUtils.addToJWTAuthenticationContext(message);
        RestAPIAuthenticator authenticator = RestAPIAuthenticationManager.getAuthenticator(addToJWTAuthenticationContext);
        if (authenticator != null) {
            try {
                String authenticationType = authenticator.getAuthenticationType();
                message.put(RestApiConstants.REQUEST_AUTHENTICATION_SCHEME, authenticator.getAuthenticationType());
                addToJWTAuthenticationContext.put("TEMPLATES", RestApiUtil.getURITemplatesForBasePath(String.valueOf((String) message.get("org.apache.cxf.message.Message.BASE_PATH")) + ((String) message.get(RestApiConstants.API_VERSION))));
                addToJWTAuthenticationContext.put("ORG_ID", RestApiUtil.resolveOrganization(message));
                if (!authenticator.authenticate(addToJWTAuthenticationContext)) {
                    logger.error("Failed to Authenticate , authentication type : " + authenticationType);
                    throw new AuthenticationException("Unauthenticated request");
                }
                message = JWTAuthenticationUtils.addToMessageContext(message, addToJWTAuthenticationContext);
                if (logger.isDebugEnabled()) {
                    logger.debug("Request has been Authenticated , authentication type : " + authenticationType);
                }
            } catch (APIManagementException e) {
                logger.error("Authentication Failure " + e.getMessage());
                return;
            }
        }
        if (authenticator == null) {
            String extractOAuthAccessTokenFromMessage = RestApiUtil.extractOAuthAccessTokenFromMessage(message, org.wso2.carbon.apimgt.rest.api.common.RestApiConstants.REGEX_BEARER_PATTERN, RestApiConstants.AUTH_HEADER_NAME);
            message.put("maskedToken", APIUtil.getMaskedToken(extractOAuthAccessTokenFromMessage));
            if (extractOAuthAccessTokenFromMessage == null) {
                return;
            }
            if (extractOAuthAccessTokenFromMessage.contains(".")) {
                message.put(RestApiConstants.REQUEST_AUTHENTICATION_SCHEME, "jwt");
            } else {
                message.put(RestApiConstants.REQUEST_AUTHENTICATION_SCHEME, RestApiConstants.OAUTH2_AUTHENTICATION);
            }
            try {
                if (logger.isDebugEnabled()) {
                    logger.debug(String.valueOf(String.format("Authenticating request with : " + message.get(RestApiConstants.REQUEST_AUTHENTICATION_SCHEME), new Object[0])) + "Authentication");
                }
                AbstractOAuthAuthenticator abstractOAuthAuthenticator = oAuthAuthenticationInterceptor.authenticatorMap.get(message.get(RestApiConstants.REQUEST_AUTHENTICATION_SCHEME));
                logger.debug("Selected Authenticator for the token validation " + abstractOAuthAuthenticator);
                if (!abstractOAuthAuthenticator.authenticate(message)) {
                    throw new AuthenticationException("Unauthenticated request");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("User logged into Web app using OAuth Authentication");
                }
            } catch (APIManagementException e2) {
                logger.error("Error while authenticating incoming request to API Manager REST API", e2);
            }
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("OAuthAuthenticationInterceptor.java", OAuthAuthenticationInterceptor.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "handleMessage", "org.wso2.carbon.apimgt.rest.api.util.interceptors.auth.OAuthAuthenticationInterceptor", "org.apache.cxf.message.Message", "inMessage", "", "void"), 65);
    }
}
