package org.wso2.carbon.apimgt.gateway.handlers.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.API;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.synapse.rest.RESTUtils;
import org.apache.synapse.rest.Resource;
import org.apache.synapse.rest.dispatch.RESTDispatcher;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.metrics.manager.Level;
import org.wso2.carbon.metrics.manager.MetricManager;
import org.wso2.carbon.metrics.manager.Timer;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/CORSRequestHandler.class */
public class CORSRequestHandler extends AbstractHandler implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(CORSRequestHandler.class);
    private String apiImplementationType;
    private String allowHeaders;
    private String allowCredentials;
    private Set<String> allowedOrigins;
    private boolean initializeHeaderValues;
    private String allowedMethods;
    private boolean allowCredentialsEnabled;

    public void init(SynapseEnvironment synapseEnvironment) {
        if (log.isDebugEnabled()) {
            log.debug("Initializing CORSRequest Handler instance");
        }
        if (ServiceReferenceHolder.getInstance().getApiManagerConfigurationService() != null) {
            initializeHeaders();
        }
    }

    void initializeHeaders() {
        if (this.allowHeaders == null) {
            this.allowHeaders = APIUtil.getAllowedHeaders();
        }
        if (this.allowedOrigins == null) {
            String allowedOrigins = APIUtil.getAllowedOrigins();
            if (!allowedOrigins.isEmpty()) {
                this.allowedOrigins = new HashSet(Arrays.asList(allowedOrigins.split(",")));
            }
        }
        if (this.allowCredentials == null) {
            this.allowCredentialsEnabled = APIUtil.isAllowCredentials();
        }
        if (this.allowedMethods == null) {
            this.allowedMethods = APIUtil.getAllowedMethods();
        }
        this.initializeHeaderValues = true;
    }

    public void destroy() {
        if (log.isDebugEnabled()) {
            log.debug("Destroying CORSRequest Handler instance");
        }
    }

    public boolean handleRequest(MessageContext messageContext) {
        System.currentTimeMillis();
        Timer.Context start = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName()})).start();
        try {
            if (!this.initializeHeaderValues) {
                initializeHeaders();
            }
            String str = (String) messageContext.getProperty("REST_API_CONTEXT");
            String str2 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
            String str3 = (String) messageContext.getProperty("SYNAPSE_REST_API");
            String str4 = (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD");
            API api = messageContext.getConfiguration().getAPI(str3);
            Resource resource = null;
            String fullRequestPath = RESTUtils.getFullRequestPath(messageContext);
            String substring = api != null ? "url".equals(api.getVersionStrategy().getVersionType()) ? fullRequestPath.substring(api.getContext().length() + api.getVersionStrategy().getVersion().length() + 1) : fullRequestPath.substring(api.getContext().length()) : null;
            if ("".equals(substring)) {
                substring = "/";
            }
            messageContext.setProperty("REST_SUB_REQUEST_PATH", substring);
            if (api != null) {
                Resource[] resources = api.getResources();
                HashSet hashSet = new HashSet();
                for (Resource resource2 : resources) {
                    if ("OPTIONS".equals(str4) || (resource2.getMethods() != null && Arrays.asList(resource2.getMethods()).contains(str4))) {
                        hashSet.add(resource2);
                    }
                }
                if (hashSet.size() <= 0) {
                    handleResourceNotFound(messageContext, Arrays.asList(resources));
                    start.stop();
                    return false;
                }
                Iterator it = RESTUtils.getDispatchers().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Resource findResource = ((RESTDispatcher) it.next()).findResource(messageContext, hashSet);
                    if (findResource != null) {
                        resource = findResource;
                        break;
                    }
                }
                if (resource == null) {
                    onResourceNotFoundError(messageContext, 404, APIMgtGatewayConstants.RESOURCE_NOT_FOUND_ERROR_MSG);
                    start.stop();
                    return false;
                }
            }
            String string = resource.getDispatcherHelper().getString();
            String resourceInfoDTOCacheKey = APIUtil.getResourceInfoDTOCacheKey(str, str2, string, str4);
            messageContext.setProperty("API_ELECTED_RESOURCE", string);
            messageContext.setProperty("API_RESOURCE_CACHE_KEY", resourceInfoDTOCacheKey);
            if (!APIConstants.SupportedHTTPVerbs.OPTIONS.name().equalsIgnoreCase(str4)) {
                if ("INLINE".equalsIgnoreCase(this.apiImplementationType)) {
                    setCORSHeaders(messageContext, resource);
                    messageContext.getSequence("_cors_request_handler_").mediate(messageContext);
                }
                setCORSHeaders(messageContext, resource);
                start.stop();
                return true;
            }
            if (Arrays.asList(resource.getMethods()).contains(APIConstants.SupportedHTTPVerbs.OPTIONS.name())) {
                return true;
            }
            setCORSHeaders(messageContext, resource);
            Mediator sequence = messageContext.getSequence("_cors_request_handler_");
            if (sequence != null) {
                sequence.mediate(messageContext);
            }
            Utils.send(messageContext, 200);
            start.stop();
            return false;
        } finally {
            start.stop();
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        Mediator sequence = messageContext.getSequence("_cors_request_handler_");
        if (sequence == null) {
            return true;
        }
        sequence.mediate(messageContext);
        return true;
    }

    private void handleResourceNotFound(MessageContext messageContext, List<Resource> list) {
        Resource resource = null;
        Iterator it = RESTUtils.getDispatchers().iterator();
        while (it.hasNext()) {
            resource = ((RESTDispatcher) it.next()).findResource(messageContext, list);
            if (resource != null) {
                onResourceNotFoundError(messageContext, 405, APIMgtGatewayConstants.METHOD_NOT_FOUND_ERROR_MSG);
                return;
            }
        }
        if (resource == null) {
            onResourceNotFoundError(messageContext, 404, APIMgtGatewayConstants.RESOURCE_NOT_FOUND_ERROR_MSG);
        }
    }

    private void onResourceNotFoundError(MessageContext messageContext, int i, String str) {
        messageContext.setProperty("CUSTOM_HTTP_SC", Integer.valueOf(i));
        messageContext.setProperty("ERROR_CODE", Integer.valueOf(i));
        messageContext.setProperty("ERROR_MESSAGE", str);
        Mediator sequence = messageContext.getSequence("_resource_mismatch_handler_");
        if (sequence != null) {
            sequence.mediate(messageContext);
        }
    }

    public void setCORSHeaders(MessageContext messageContext, Resource resource) {
        String str;
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        String allowedOrigins = getAllowedOrigins((String) map.get("Origin"));
        if (this.allowCredentialsEnabled && !"*".equals(allowedOrigins)) {
            messageContext.setProperty("Access-Control-Allow-Credentials", Boolean.TRUE);
        }
        messageContext.setProperty("Access-Control-Allow-Origin", allowedOrigins);
        StringBuffer stringBuffer = new StringBuffer();
        if (resource != null) {
            String[] methods = resource.getMethods();
            for (String str2 : methods) {
                stringBuffer.append(str2).append(',');
            }
            str = stringBuffer.toString();
            if (methods.length != 0) {
                str = str.substring(0, str.length() - 1);
            }
        } else {
            str = this.allowedMethods;
        }
        if ("*".equals(this.allowHeaders)) {
            this.allowHeaders = (String) map.get("Access-Control-Request-Headers");
        }
        messageContext.setProperty("CORSConfiguration.Enabled", Boolean.valueOf(APIUtil.isCORSEnabled()));
        messageContext.setProperty("Access-Control-Allow-Methods", str);
        messageContext.setProperty("Access-Control-Allow-Headers", this.allowHeaders);
    }

    public String getAllowHeaders() {
        return this.allowHeaders;
    }

    public void setAllowHeaders(String str) {
        this.allowHeaders = str;
    }

    public String getAllowedOrigins(String str) {
        if (this.allowedOrigins.contains("*")) {
            return "*";
        }
        if (this.allowedOrigins.contains(str)) {
            return str;
        }
        return null;
    }

    public void setAllowedOrigins(String str) {
        this.allowedOrigins = new HashSet(Arrays.asList(str.split(",")));
    }

    public String getApiImplementationType() {
        return this.apiImplementationType;
    }

    public void setApiImplementationType(String str) {
        this.apiImplementationType = str;
    }

    public String getInline() {
        return getApiImplementationType();
    }

    public void setInline(String str) {
        setApiImplementationType(str);
    }

    public String isAllowCredentials() {
        return this.allowCredentials;
    }

    public void setAllowCredentials(String str) {
        this.allowCredentialsEnabled = Boolean.parseBoolean(str);
        this.allowCredentials = str;
    }

    public String getAllowedMethods() {
        return this.allowedMethods;
    }

    public void setAllowedMethods(String str) {
        this.allowedMethods = str;
    }
}
