package org.wso2.carbon.appmgt.gateway.utils;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Map;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.apache.synapse.transport.passthru.util.RelayUtils;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.xml.security.credential.Credential;
import org.wso2.carbon.appmgt.api.model.URITemplate;
import org.wso2.carbon.appmgt.api.model.WebApp;
import org.wso2.carbon.appmgt.gateway.handlers.security.Session;
import org.wso2.carbon.appmgt.gateway.handlers.security.SessionStore;
import org.wso2.carbon.appmgt.gateway.handlers.security.saml2.SAMLException;
import org.wso2.carbon.appmgt.gateway.handlers.security.saml2.SAMLUtils;
import org.wso2.carbon.appmgt.gateway.handlers.throttling.APIThrottleConstants;
import org.wso2.carbon.appmgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.appmgt.impl.dto.Environment;
import org.wso2.carbon.appmgt.impl.utils.UrlPatternMatcher;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;

/* loaded from: input_file:org/wso2/carbon/appmgt/gateway/utils/GatewayUtils.class */
public class GatewayUtils {
    private static Log log = LogFactory.getLog(GatewayUtils.class);

    public static String getIDPUrl() {
        return ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("SSOConfiguration.IdentityProviderUrl");
    }

    public static String getACSURLPostfix() {
        return ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("SSOConfiguration.ACSURLPostfix");
    }

    public static String getAppRootURL(MessageContext messageContext) {
        try {
            String protocol = new URL(((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("SERVICE_PREFIX").toString()).getProtocol();
            String[] split = ((Environment) ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getApiGatewayEnvironments().get(0)).getApiGatewayEndpoint().split(",");
            URL url = null;
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                URL url2 = new URL(split[i]);
                if (url2.getProtocol().equals(protocol)) {
                    url = url2;
                    break;
                }
                i++;
            }
            return new URL(url.getProtocol(), url.getHost(), url.getPort(), ((String) messageContext.getProperty("REST_API_CONTEXT")) + APIThrottleConstants.URL_MAPPING_SEPERATOR + ((String) messageContext.getProperty("SYNAPSE_REST_API_VERSION")) + APIThrottleConstants.URL_MAPPING_SEPERATOR).toString();
        } catch (MalformedURLException e) {
            log.error("Error occurred while constructing the app root URL.", e);
            return null;
        }
    }

    public static boolean isAnonymousAccessAllowed(WebApp webApp, URITemplate uRITemplate) {
        return webApp.getAllowAnonymous().booleanValue() || uRITemplate.getPolicyGroup().isAllowAnonymous();
    }

    public static void logAndThrowException(Log log2, String str, Exception exc) {
        if (exc == null) {
            log2.error(str);
            throw new SynapseException(str);
        }
        log2.error(str, exc);
        throw new SynapseException(str, exc);
    }

    public static void send401(MessageContext messageContext, String str) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement("error", oMFactory.createOMNamespace("http://wso2.org/appm", "appm"));
        createOMElement.setText("Unauthorized access");
        OMElement firstElement = messageContext.getEnvelope().getBody().getFirstElement();
        if (firstElement != null) {
            firstElement.insertSiblingAfter(createOMElement);
            firstElement.detach();
        } else {
            messageContext.getEnvelope().getBody().addChild(createOMElement);
        }
        axis2MessageContext.setProperty("HTTP_SC", 401);
        messageContext.setResponse(true);
        messageContext.setProperty("RESPONSE", "true");
        messageContext.setTo((EndpointReference) null);
        axis2MessageContext.removeProperty("NO_ENTITY_BODY");
        axis2MessageContext.setProperty("messageType", "application/xml");
        axis2MessageContext.removeProperty("ContentType");
        Axis2Sender.sendBack(messageContext);
    }

    public static void send200(MessageContext messageContext, OMElement oMElement) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        OMElement firstElement = messageContext.getEnvelope().getBody().getFirstElement();
        if (firstElement != null) {
            firstElement.insertSiblingAfter(oMElement);
            firstElement.detach();
        } else {
            messageContext.getEnvelope().getBody().addChild(oMElement);
        }
        axis2MessageContext.setProperty("HTTP_SC", 200);
        messageContext.setResponse(true);
        messageContext.setProperty("RESPONSE", "true");
        messageContext.setTo((EndpointReference) null);
        axis2MessageContext.removeProperty("NO_ENTITY_BODY");
        axis2MessageContext.setProperty("messageType", "application/xml");
        axis2MessageContext.removeProperty("ContentType");
        Axis2Sender.sendBack(messageContext);
    }

    public static boolean shouldSkipSecurity(MessageContext messageContext) {
        Boolean bool = (Boolean) messageContext.getProperty("appm.gateway.skipSecurity");
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public static Session getSession(MessageContext messageContext) {
        return getSession(messageContext, false);
    }

    public static Session getSession(MessageContext messageContext, boolean z) {
        Session session = SessionStore.getInstance().getSession((String) messageContext.getProperty("APPMSESSIONID"), z);
        if (z) {
            messageContext.setProperty("APPMSESSIONID", session.getUuid());
        }
        return session;
    }

    public static URITemplate findMatchedURITemplate(WebApp webApp, String str, String str2) {
        URITemplate uRITemplate = null;
        for (URITemplate uRITemplate2 : webApp.getUriTemplates()) {
            if (UrlPatternMatcher.match(String.format("%s:%s", uRITemplate2.getHTTPVerb(), uRITemplate2.getUriTemplate()), String.format("%s:/%s", str, str2))) {
                if (uRITemplate == null) {
                    uRITemplate = uRITemplate2;
                } else if (uRITemplate.getUriTemplate().split(APIThrottleConstants.URL_MAPPING_SEPERATOR).length < uRITemplate2.getUriTemplate().split(APIThrottleConstants.URL_MAPPING_SEPERATOR).length) {
                    uRITemplate = uRITemplate2;
                } else if (uRITemplate.getUriTemplate().split(APIThrottleConstants.URL_MAPPING_SEPERATOR).length == uRITemplate2.getUriTemplate().split(APIThrottleConstants.URL_MAPPING_SEPERATOR).length) {
                    String[] split = uRITemplate2.getUriTemplate().split(APIThrottleConstants.URL_MAPPING_SEPERATOR);
                    if (!split[split.length - 1].equals("*")) {
                        uRITemplate = uRITemplate2;
                    }
                }
            }
        }
        return uRITemplate;
    }

    public static void logRequest(Log log2, MessageContext messageContext) {
        if (log2.isDebugEnabled()) {
            logWithRequestInfo(log2, messageContext, String.format("Processing request : '%s':'%s'", (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD"), (String) messageContext.getProperty("REST_FULL_REQUEST_PATH")));
        }
    }

    public static void logWithRequestInfo(Log log2, MessageContext messageContext, String str) {
        Session session = getSession(messageContext);
        String str2 = null;
        if (session != null) {
            str2 = getMD5Hash(session.getUuid());
        }
        log2.debug(String.format("%s - %s", String.format("{%s;%s;%s;%s}", str2, messageContext.getMessageID(), (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD"), (String) messageContext.getProperty("REST_FULL_REQUEST_PATH")), str));
    }

    public static String getMD5Hash(String str) {
        return DigestUtils.shaHex(str);
    }

    public static void redirectToIDPWithSAMLRequest(MessageContext messageContext, RequestAbstractType requestAbstractType) {
        String str = null;
        try {
            str = SAMLUtils.marshallAndEncodeSAMLRequest(requestAbstractType);
        } catch (SAMLException e) {
            e.printStackTrace();
        }
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String str2 = getIDPUrl() + "?SAMLRequest=" + str;
        if (!"carbon.super".equals(tenantDomain)) {
            str2 = getIDPUrl() + "/t/" + tenantDomain + APIThrottleConstants.URL_MAPPING_SEPERATOR + "?SAMLRequest=" + str;
        }
        redirectToURL(messageContext, str2);
    }

    public static void redirectToURL(MessageContext messageContext, String str) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        axis2MessageContext.setProperty("HTTP_SC", "302");
        messageContext.setResponse(true);
        messageContext.setProperty("RESPONSE", "true");
        messageContext.setTo((EndpointReference) null);
        axis2MessageContext.removeProperty("NO_ENTITY_BODY");
        axis2MessageContext.removeProperty("ContentType");
        Map map = (Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS");
        map.put("Location", str);
        if (log.isDebugEnabled()) {
            logWithRequestInfo(log, messageContext, String.format("Sending HTTP redirect to '%s'", str));
        }
        removeIrrelevantHeadersBeforeResponding(map);
        Axis2Sender.sendBack(messageContext);
    }

    public static boolean isLogoutURL(WebApp webApp, String str) {
        String logoutURL = webApp.getLogoutURL();
        return (logoutURL == null || logoutURL.trim().isEmpty() || str.trim().isEmpty() || !logoutURL.endsWith(str)) ? false : true;
    }

    private static void removeIrrelevantHeadersBeforeResponding(Map map) {
        map.remove("Host");
        map.remove("Cookie");
    }

    public static void buildIncomingMessage(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String str = (String) messageContext.getProperty("REST_FULL_REQUEST_PATH");
        try {
            RelayUtils.buildMessage(axis2MessageContext);
        } catch (XMLStreamException e) {
            logAndThrowException(log, String.format("Can't build the incoming request message for '%s'.", str), e);
        } catch (IOException e2) {
            logAndThrowException(log, String.format("Can't build the incoming request message for '%s'.", str), e2);
        }
    }

    public static Credential getIDPCertificate(String str, String str2) throws IdentitySAML2SSOException {
        return SAMLSSOUtil.getX509CredentialImplForTenant(str, str2);
    }
}
