package org.wso2.carbon.apimgt.gateway.handlers.security.authenticator;

import java.util.HashMap;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.cert.X509Certificate;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.MethodStats;
import org.wso2.carbon.apimgt.gateway.MethodTimeLogger;
import org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext;
import org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator.class */
public class MutualSSLAuthenticator implements Authenticator {
    private static final Log log;
    private String apiLevelPolicy;
    private String requestOrigin;
    private static String challengeString;
    private HashMap<String, String> certificates = new HashMap<>();
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            MutualSSLAuthenticator.init_aroundBody0((MutualSSLAuthenticator) objArr2[0], (SynapseEnvironment) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return MutualSSLAuthenticator.getChallengeString_aroundBody10((MutualSSLAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return MutualSSLAuthenticator.getRequestOrigin_aroundBody12((MutualSSLAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            MutualSSLAuthenticator.destroy_aroundBody2((MutualSSLAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(MutualSSLAuthenticator.authenticate_aroundBody4((MutualSSLAuthenticator) objArr2[0], (MessageContext) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            MutualSSLAuthenticator.setAuthContext_aroundBody6((MutualSSLAuthenticator) objArr2[0], (MessageContext) objArr2[1], objArr2[2], (JoinPoint) objArr2[3]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/authenticator/MutualSSLAuthenticator$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return MutualSSLAuthenticator.getAPIIdentifier_aroundBody8((MutualSSLAuthenticator) objArr2[0], (MessageContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(APIAuthenticationHandler.class);
        challengeString = "Mutual SSL realm=\"" + ServiceReferenceHolder.getInstance().getServerConfigurationService().getFirstProperty("Name") + "\"";
    }

    public MutualSSLAuthenticator(String str, String str2) {
        this.apiLevelPolicy = str;
        if (StringUtils.isNotEmpty(str2)) {
            for (String str3 : str2.substring(1, str2.length() - 1).split(",")) {
                int lastIndexOf = str3.lastIndexOf("=");
                if (lastIndexOf > 0) {
                    this.certificates.put(str3.substring(0, lastIndexOf).trim(), str3.substring(lastIndexOf + 1));
                }
            }
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void init(SynapseEnvironment synapseEnvironment) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, synapseEnvironment);
        if ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, synapseEnvironment, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            init_aroundBody0(this, synapseEnvironment, makeJP);
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void destroy() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        if ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            destroy_aroundBody2(this, makeJP);
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public boolean authenticate(MessageContext messageContext) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, messageContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, messageContext, makeJP}).linkClosureAndJoinPoint(69648))) : authenticate_aroundBody4(this, messageContext, makeJP);
    }

    private void setAuthContext(MessageContext messageContext, Object obj) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, messageContext, obj);
        if ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, messageContext, obj, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            setAuthContext_aroundBody6(this, messageContext, obj, makeJP);
        }
    }

    private APIIdentifier getAPIIdentifier(MessageContext messageContext) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, messageContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (APIIdentifier) MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, messageContext, makeJP}).linkClosureAndJoinPoint(69648)) : getAPIIdentifier_aroundBody8(this, messageContext, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public String getChallengeString() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getChallengeString_aroundBody10(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public String getRequestOrigin() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure13(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getRequestOrigin_aroundBody12(this, makeJP);
    }

    static final void init_aroundBody0(MutualSSLAuthenticator mutualSSLAuthenticator, SynapseEnvironment synapseEnvironment, JoinPoint joinPoint) {
    }

    static final void destroy_aroundBody2(MutualSSLAuthenticator mutualSSLAuthenticator, JoinPoint joinPoint) {
    }

    static final boolean authenticate_aroundBody4(MutualSSLAuthenticator mutualSSLAuthenticator, MessageContext messageContext, JoinPoint joinPoint) {
        Object property = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("ssl.client.auth.cert.X509");
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS);
        if (map != null) {
            mutualSSLAuthenticator.requestOrigin = (String) map.get("Origin");
        }
        if (property != null) {
            mutualSSLAuthenticator.setAuthContext(messageContext, property);
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Mutual SSL authentication has not happened in the transport level for the API " + mutualSSLAuthenticator.getAPIIdentifier(messageContext).toString() + ", hence API invocation is not allowed");
        }
        throw new APISecurityException(APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE, APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE_MESSAGE);
    }

    static final void setAuthContext_aroundBody6(MutualSSLAuthenticator mutualSSLAuthenticator, MessageContext messageContext, Object obj, JoinPoint joinPoint) {
        X509Certificate x509Certificate = ((X509Certificate[]) obj)[0];
        String name = x509Certificate.getSubjectDN().getName();
        String trim = String.valueOf(x509Certificate.getSerialNumber() + "_" + x509Certificate.getIssuerDN()).replaceAll(",", "#").replaceAll("\"", "'").trim();
        String str = mutualSSLAuthenticator.certificates.get(trim);
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("The client certificate presented is available in gateway, however it was not added against the API " + mutualSSLAuthenticator.getAPIIdentifier(messageContext));
            }
            throw new APISecurityException(APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE, APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE_MESSAGE);
        }
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.setAuthenticated(true);
        authenticationContext.setUsername(name);
        try {
            for (Rdn rdn : new LdapName(name).getRdns()) {
                if ("CN".equalsIgnoreCase(rdn.getType())) {
                    authenticationContext.setUsername((String) rdn.getValue());
                }
            }
        } catch (InvalidNameException e) {
            log.warn("Cannot get the CN name from certificate:" + e.getMessage() + ". Please make sure the certificate to include a proper common name that follows naming convention.");
            authenticationContext.setUsername(name);
        }
        authenticationContext.setApiTier(mutualSSLAuthenticator.apiLevelPolicy);
        APIIdentifier aPIIdentifier = mutualSSLAuthenticator.getAPIIdentifier(messageContext);
        authenticationContext.setKeyType("PRODUCTION");
        authenticationContext.setStopOnQuotaReach(true);
        authenticationContext.setApiKey(String.valueOf(trim) + "_" + aPIIdentifier.toString());
        authenticationContext.setTier(str);
        VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
        verbInfoDTO.setThrottling("Unlimited");
        messageContext.setProperty("VERB_INFO", verbInfoDTO);
        if (log.isDebugEnabled()) {
            log.debug("Auth context for the API " + mutualSSLAuthenticator.getAPIIdentifier(messageContext) + ": Username[" + authenticationContext.getUsername() + "APIKey[(" + authenticationContext.getApiKey() + "] Tier[" + authenticationContext.getTier() + "]");
        }
        APISecurityUtils.setAuthenticationContext(messageContext, authenticationContext, null);
    }

    static final APIIdentifier getAPIIdentifier_aroundBody8(MutualSSLAuthenticator mutualSSLAuthenticator, MessageContext messageContext, JoinPoint joinPoint) {
        String str = (String) messageContext.getProperty("SYNAPSE_REST_API");
        String str2 = (String) messageContext.getProperty(APIMgtGatewayConstants.API_PUBLISHER);
        String str3 = null;
        if (str2 == null && str != null) {
            str2 = str.substring(0, str.indexOf("--"));
        }
        if (str != null) {
            int indexOf = str.indexOf("--");
            if (indexOf != -1) {
                str = str.substring(indexOf + 2);
            }
            String[] split = str.split(":");
            str3 = split[0];
            str = split[1].substring(1);
        }
        return new APIIdentifier(str2, str3, str);
    }

    static final String getChallengeString_aroundBody10(MutualSSLAuthenticator mutualSSLAuthenticator, JoinPoint joinPoint) {
        return challengeString;
    }

    static final String getRequestOrigin_aroundBody12(MutualSSLAuthenticator mutualSSLAuthenticator, JoinPoint joinPoint) {
        return mutualSSLAuthenticator.requestOrigin;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("MutualSSLAuthenticator.java", MutualSSLAuthenticator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "init", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "org.apache.synapse.core.SynapseEnvironment", "env", "", "void"), 86);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "destroy", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "", "", "", "void"), 91);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "org.apache.synapse.MessageContext", "messageContext", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "boolean"), 96);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "setAuthContext", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "org.apache.synapse.MessageContext:java.lang.Object", "messageContext:sslCertObject", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "void"), 130);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getAPIIdentifier", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "org.apache.synapse.MessageContext", "messageContext", "", "org.wso2.carbon.apimgt.api.model.APIIdentifier"), 186);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getChallengeString", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "", "", "", "java.lang.String"), 209);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getRequestOrigin", "org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator", "", "", "", "java.lang.String"), 214);
    }
}
