package org.apache.synapse.mediators.opa;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Map;
import javax.net.ssl.SSLContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

/* loaded from: input_file:WEB-INF/lib/synapse-extensions-2.1.7-wso2v278.jar:org/apache/synapse/mediators/opa/OPAClient.class */
public class OPAClient {
    private static final Log log = LogFactory.getLog(OPAClient.class);
    private int maxOpenConnections;
    private int maxPerRoute;
    private int connectionTimeout;
    private CloseableHttpClient httpClient;

    public OPAClient(String str, Map<String, String> map) throws OPASecurityException {
        this.maxOpenConnections = 500;
        this.maxPerRoute = 200;
        this.connectionTimeout = 30;
        this.httpClient = null;
        if (map.get(OPAConstants.MAX_OPEN_CONNECTIONS_PARAMETER) != null) {
            this.maxOpenConnections = Integer.parseInt(map.get(OPAConstants.MAX_OPEN_CONNECTIONS_PARAMETER));
        }
        if (map.get(OPAConstants.MAX_PER_ROUTE_PARAMETER) != null) {
            this.maxPerRoute = Integer.parseInt(map.get(OPAConstants.MAX_PER_ROUTE_PARAMETER));
        }
        if (map.get(OPAConstants.CONNECTION_TIMEOUT_PARAMETER) != null) {
            this.connectionTimeout = Integer.parseInt(map.get(OPAConstants.CONNECTION_TIMEOUT_PARAMETER));
        }
        this.httpClient = createHttpClient(str);
    }

    public String publish(String str, String str2, String str3) throws OPASecurityException {
        if (log.isDebugEnabled()) {
            log.debug("Initializing opa policy validation request: [validation-endpoint] " + str);
        }
        HttpPost httpPost = new HttpPost(str);
        httpPost.setHeader("Content-Type", "application/json");
        if (str3 != null) {
            httpPost.setHeader("Authorization", str3);
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                httpPost.setEntity(new StringEntity(str2));
                closeableHttpResponse = this.httpClient.execute((HttpUriRequest) httpPost);
                String extractResponse = extractResponse(closeableHttpResponse);
                httpPost.releaseConnection();
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e) {
                        log.error("Error when closing the response of the opa request", e);
                    }
                }
                return extractResponse;
            } catch (Throwable th) {
                httpPost.releaseConnection();
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e2) {
                        log.error("Error when closing the response of the opa request", e2);
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            log.error("Error occurred while publishing to OPA server", e3);
            throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, OPASecurityException.INTERNAL_ERROR_MESSAGE, e3);
        }
    }

    private String extractResponse(CloseableHttpResponse closeableHttpResponse) throws OPASecurityException {
        try {
            int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                log.error("Error occurred while connecting to the OPA server. " + statusCode + " response returned");
                throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, "Error while accessing the OPA server URL. " + closeableHttpResponse.getStatusLine());
            }
            HttpEntity entity = closeableHttpResponse.getEntity();
            Charset charset = ContentType.getOrDefault(entity).getCharset();
            if (charset == null) {
                charset = StandardCharsets.UTF_8;
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent(), charset));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            String sb2 = sb.toString();
            if (log.isDebugEnabled()) {
                log.debug("Response: [status-code] " + statusCode + " [message] " + sb2);
            }
            return sb2;
        } catch (IOException e) {
            log.error("Error while reading the OPA policy validation response", e);
            throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, "Error while reading the OPA policy validation response", e);
        }
    }

    private PoolingHttpClientConnectionManager getPoolingHttpClientConnectionManager(String str) throws OPASecurityException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        if ("https".equals(str)) {
            char[] charArray = System.getProperty("javax.net.ssl.trustStorePassword").toCharArray();
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(System.getProperty("javax.net.ssl.trustStore")));
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(fileInputStream, charArray);
                        SSLContext build = SSLContexts.custom().loadTrustMaterial(keyStore).build();
                        String property = System.getProperty(OPAConstants.HOST_NAME_VERIFIER);
                        poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register("https", new SSLConnectionSocketFactory(build, OPAConstants.ALLOW_ALL.equalsIgnoreCase(property) ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : "Strict".equalsIgnoreCase(property) ? SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER)).build());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                log.error("Error while reading and setting truststore", e);
                throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, "Error while reading and setting truststore", e);
            }
        } else {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        }
        return poolingHttpClientConnectionManager;
    }

    public CloseableHttpClient createHttpClient(String str) throws OPASecurityException {
        try {
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = getPoolingHttpClientConnectionManager(new URL(str).getProtocol());
            poolingHttpClientConnectionManager.setMaxTotal(this.maxOpenConnections);
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.maxPerRoute);
            return HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(this.connectionTimeout * 1000).setSocketTimeout((this.connectionTimeout + 10) * 10000).build()).build();
        } catch (MalformedURLException | OPASecurityException e) {
            log.error("Error while creating the http client", e);
            throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, OPASecurityException.INTERNAL_ERROR_MESSAGE, e);
        }
    }
}
