package org.wso2.carbon.apimgt.gateway.handlers;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.websocketx.TextWebSocketFrame;
import io.netty.handler.codec.http.websocketx.WebSocketFrame;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.UUID;
import org.apache.axiom.util.UIDGenerator;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONObject;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleConstants;
import org.wso2.carbon.apimgt.gateway.throttling.publisher.ThrottleDataPublisher;
import org.wso2.carbon.apimgt.gateway.utils.APIMgtGoogleAnalyticsUtils;
import org.wso2.carbon.apimgt.impl.APIManagerAnalyticsConfiguration;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataPublisher;
import org.wso2.carbon.apimgt.usage.publisher.DataPublisherUtil;
import org.wso2.carbon.apimgt.usage.publisher.dto.RequestResponseStreamDTO;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.databridge.commons.Event;
import org.wso2.carbon.ganalytics.publisher.GoogleAnalyticsData;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/WebsocketInboundHandler.class */
public class WebsocketInboundHandler extends ChannelInboundHandlerAdapter {
    private static final Log log = LogFactory.getLog(WebsocketInboundHandler.class);
    private static volatile ThrottleDataPublisher throttleDataPublisher = null;
    private String tenantDomain;
    private static APIMgtUsageDataPublisher usageDataPublisher;
    private String uri;
    private String apiContextUri;
    private String version;
    private APIKeyValidationInfoDTO infoDTO = new APIKeyValidationInfoDTO();
    private HttpHeaders headers = new DefaultHttpHeaders();
    private String token;

    public WebsocketInboundHandler() {
        if (throttleDataPublisher == null) {
            synchronized (this) {
                throttleDataPublisher = new ThrottleDataPublisher();
            }
        }
        initializeDataPublisher();
    }

    private void initializeDataPublisher() {
        if (APIUtil.isAnalyticsEnabled() && usageDataPublisher == null) {
            String publisherClass = getApiManagerAnalyticsConfiguration().getPublisherClass();
            try {
                synchronized (this) {
                    if (usageDataPublisher == null) {
                        try {
                            log.debug("Instantiating Web Socket Data Publisher");
                            usageDataPublisher = (APIMgtUsageDataPublisher) APIUtil.getClassForName(publisherClass).newInstance();
                            usageDataPublisher.init();
                        } catch (ClassNotFoundException e) {
                            log.error("Class not found " + publisherClass, e);
                        } catch (IllegalAccessException e2) {
                            log.error("Illegal access to " + publisherClass, e2);
                        } catch (InstantiationException e3) {
                            log.error("Error instantiating " + publisherClass, e3);
                        }
                    }
                }
            } catch (Exception e4) {
                log.error("Cannot publish event. " + e4.getMessage(), e4);
            }
        }
    }

    private String getVersionFromUrl(String str) {
        return str.replaceFirst(".*/([^/?]+).*", "$1");
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof FullHttpRequest)) {
            if (obj instanceof WebSocketFrame) {
                boolean doThrottle = doThrottle(channelHandlerContext, (WebSocketFrame) obj);
                String remoteIP = getRemoteIP(channelHandlerContext);
                if (doThrottle) {
                    channelHandlerContext.fireChannelRead(obj);
                } else {
                    channelHandlerContext.writeAndFlush(new TextWebSocketFrame("Websocket frame throttled out"));
                }
                if (APIUtil.isAnalyticsEnabled()) {
                    publishRequestEvent(this.infoDTO, remoteIP, doThrottle);
                    return;
                }
                return;
            }
            return;
        }
        FullHttpRequest fullHttpRequest = (FullHttpRequest) obj;
        this.uri = fullHttpRequest.getUri();
        URI uri = new URI(this.uri);
        this.apiContextUri = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, uri.getFragment()).toString();
        if (fullHttpRequest.getUri().contains("/t/")) {
            this.tenantDomain = MultitenantUtils.getTenantDomainFromUrl(fullHttpRequest.getUri());
        } else {
            this.tenantDomain = "carbon.super";
        }
        String str = fullHttpRequest.headers().get("User-Agent");
        String str2 = fullHttpRequest.headers().get(APIMgtGatewayConstants.AUTHORIZATION);
        String str3 = str != null ? str : "-";
        this.headers.add(APIMgtGatewayConstants.AUTHORIZATION, str2);
        this.headers.add("User-Agent", str3);
        if (!validateOAuthHeader(fullHttpRequest)) {
            channelHandlerContext.writeAndFlush(new TextWebSocketFrame(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE));
            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
        }
        if ("carbon.super".equals(this.tenantDomain)) {
            fullHttpRequest.setUri(this.uri);
        } else {
            fullHttpRequest.setUri(fullHttpRequest.getUri().replaceFirst("/", "-"));
            fullHttpRequest.setUri(this.uri.replaceFirst("/t/", "-t/"));
            obj = fullHttpRequest;
        }
        if (StringUtils.isNotEmpty(this.token)) {
            ((FullHttpRequest) obj).headers().set(APIMgtGatewayConstants.WS_JWT_TOKEN_HEADER, this.token);
        }
        channelHandlerContext.fireChannelRead(obj);
        GoogleAnalyticsData.DataBuilder iPOverride = new GoogleAnalyticsData.DataBuilder((String) null, (String) null, (String) null, (String) null).setDocumentPath(this.uri).setDocumentHostName(DataPublisherUtil.getHostAddress()).setSessionControl("end").setCacheBuster(APIMgtGoogleAnalyticsUtils.getCacheBusterId()).setIPOverride(channelHandlerContext.channel().remoteAddress().toString());
        APIMgtGoogleAnalyticsUtils aPIMgtGoogleAnalyticsUtils = new APIMgtGoogleAnalyticsUtils();
        aPIMgtGoogleAnalyticsUtils.init(this.tenantDomain);
        aPIMgtGoogleAnalyticsUtils.publishGATrackingData(iPOverride, fullHttpRequest.headers().get("User-Agent"), str2);
    }

    private boolean validateOAuthHeader(FullHttpRequest fullHttpRequest) throws APIManagementException, APISecurityException {
        APIKeyValidationInfoDTO apiKeyDataForThriftClient;
        APIKeyValidationInfoDTO validateCache;
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(this.tenantDomain, true);
            this.version = getVersionFromUrl(this.uri);
            if (!fullHttpRequest.headers().contains(APIMgtGatewayConstants.AUTHORIZATION)) {
                log.error("No Authorization Header Present");
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            }
            String[] split = fullHttpRequest.headers().get(APIMgtGatewayConstants.AUTHORIZATION).split(" ");
            if (!"Bearer".equals(split[0])) {
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            }
            String str = split[1];
            if (WebsocketUtil.isRemoveOAuthHeadersFromOutMessage()) {
                fullHttpRequest.headers().remove(APIMgtGatewayConstants.AUTHORIZATION);
            }
            if (WebsocketUtil.isGatewayTokenCacheEnabled() && (validateCache = WebsocketUtil.validateCache(str, WebsocketUtil.getAccessTokenCacheKey(str, this.uri))) != null) {
                this.infoDTO = validateCache;
                boolean isAuthorized = validateCache.isAuthorized();
                PrivilegedCarbonContext.endTenantFlow();
                return isAuthorized;
            }
            String keyValidatorClientType = APISecurityUtils.getKeyValidatorClientType();
            if ("WSClient".equals(keyValidatorClientType)) {
                apiKeyDataForThriftClient = getApiKeyDataForWSClient(str);
            } else {
                if (!"ThriftClient".equals(keyValidatorClientType)) {
                    PrivilegedCarbonContext.endTenantFlow();
                    return false;
                }
                apiKeyDataForThriftClient = getApiKeyDataForThriftClient(str);
            }
            if (apiKeyDataForThriftClient == null || !apiKeyDataForThriftClient.isAuthorized()) {
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            }
            if (apiKeyDataForThriftClient.getApiName() != null && apiKeyDataForThriftClient.getApiName().contains("*")) {
                String[] split2 = apiKeyDataForThriftClient.getApiName().split("\\*");
                this.version = split2[1];
                this.uri += "/" + split2[1];
                apiKeyDataForThriftClient.setApiName(split2[0]);
            }
            if ("PRODUCTION".equals(apiKeyDataForThriftClient.getType())) {
                this.uri = "/_PRODUCTION_" + this.uri;
            } else if ("SANDBOX".equals(apiKeyDataForThriftClient.getType())) {
                this.uri = "/_SANDBOX_" + this.uri;
            }
            if (WebsocketUtil.isGatewayTokenCacheEnabled()) {
                WebsocketUtil.putCache(apiKeyDataForThriftClient, str, WebsocketUtil.getAccessTokenCacheKey(str, this.uri));
            }
            this.token = apiKeyDataForThriftClient.getEndUserToken();
            this.infoDTO = apiKeyDataForThriftClient;
            PrivilegedCarbonContext.endTenantFlow();
            return true;
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    protected APIKeyValidationInfoDTO getApiKeyDataForThriftClient(String str) throws APISecurityException {
        return new WebsocketThriftClient().getAPIKeyData(this.apiContextUri, this.version, str);
    }

    protected APIKeyValidationInfoDTO getApiKeyDataForWSClient(String str) throws APISecurityException {
        return new WebsocketWSClient().getAPIKeyData(this.apiContextUri, this.version, str);
    }

    protected APIManagerAnalyticsConfiguration getApiManagerAnalyticsConfiguration() {
        return DataPublisherUtil.getApiManagerAnalyticsConfiguration();
    }

    public boolean doThrottle(ChannelHandlerContext channelHandlerContext, WebSocketFrame webSocketFrame) throws APIManagementException {
        String applicationTier = this.infoDTO.getApplicationTier();
        String apiTier = this.infoDTO.getApiTier();
        String tier = this.infoDTO.getTier();
        String subscriber = "carbon.super".equalsIgnoreCase(this.infoDTO.getSubscriberTenantDomain()) ? this.infoDTO.getSubscriber() + "@" + this.infoDTO.getSubscriberTenantDomain() : this.infoDTO.getSubscriber();
        String apiName = this.infoDTO.getApiName();
        String str = this.apiContextUri;
        String str2 = this.version;
        String subscriberTenantDomain = this.infoDTO.getSubscriberTenantDomain();
        String str3 = this.tenantDomain;
        String applicationId = this.infoDTO.getApplicationId();
        String str4 = applicationId + ":" + subscriber;
        String str5 = str + ":" + str2;
        String str6 = applicationId + ":" + str + ":" + str2;
        String generateURNString = UIDGenerator.generateURNString();
        String remoteIP = getRemoteIP(channelHandlerContext);
        if (remoteIP.indexOf(":") > 0) {
            remoteIP = remoteIP.substring(1, remoteIP.indexOf(":"));
        }
        JSONObject jSONObject = new JSONObject();
        if (remoteIP != null && remoteIP.length() > 0) {
            jSONObject.put(APIThrottleConstants.IP, Long.valueOf(APIUtil.ipToLong(remoteIP)));
        }
        jSONObject.put(APIThrottleConstants.MESSAGE_SIZE, Integer.valueOf(webSocketFrame.content().capacity()));
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(this.tenantDomain, true);
            if (WebsocketUtil.isThrottled(str5, str6, str4)) {
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            }
            Event event = new Event("org.wso2.throttle.request.stream:1.0.0", System.currentTimeMillis(), (Object[]) null, (Object[]) null, new Object[]{generateURNString, str4, applicationTier, str5, apiTier, str6, tier, str5, apiTier, subscriber, str, str2, subscriberTenantDomain, str3, applicationId, apiName, jSONObject.toString()});
            ThrottleDataPublisher throttleDataPublisher2 = throttleDataPublisher;
            ThrottleDataPublisher.getDataPublisher().tryPublish(event);
            return true;
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    protected String getRemoteIP(ChannelHandlerContext channelHandlerContext) {
        return ((InetSocketAddress) channelHandlerContext.channel().remoteAddress()).getAddress().getHostAddress();
    }

    private void publishRequestEvent(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str, boolean z) {
        long currentTimeMillis = System.currentTimeMillis();
        String str2 = this.headers.get("User-Agent");
        try {
            String subscriber = aPIKeyValidationInfoDTO.getSubscriber();
            String type = aPIKeyValidationInfoDTO.getType();
            String uuid = UUID.randomUUID().toString();
            RequestResponseStreamDTO requestResponseStreamDTO = new RequestResponseStreamDTO();
            requestResponseStreamDTO.setApiName(aPIKeyValidationInfoDTO.getApiName());
            requestResponseStreamDTO.setApiCreator(aPIKeyValidationInfoDTO.getApiPublisher());
            requestResponseStreamDTO.setApiCreatorTenantDomain(MultitenantUtils.getTenantDomain(aPIKeyValidationInfoDTO.getApiPublisher()));
            requestResponseStreamDTO.setApiVersion(aPIKeyValidationInfoDTO.getApiName() + ':' + this.version);
            requestResponseStreamDTO.setApplicationId(aPIKeyValidationInfoDTO.getApplicationId());
            requestResponseStreamDTO.setApplicationName(aPIKeyValidationInfoDTO.getApplicationName());
            requestResponseStreamDTO.setApplicationOwner(subscriber);
            requestResponseStreamDTO.setUserIp(str);
            requestResponseStreamDTO.setApplicationConsumerKey(aPIKeyValidationInfoDTO.getConsumerKey());
            requestResponseStreamDTO.setApiContext("");
            requestResponseStreamDTO.setThrottledOut(z);
            requestResponseStreamDTO.setApiHostname(DataPublisherUtil.getHostAddress());
            requestResponseStreamDTO.setApiMethod("-");
            requestResponseStreamDTO.setRequestTimestamp(currentTimeMillis);
            requestResponseStreamDTO.setApiResourcePath("-");
            requestResponseStreamDTO.setApiResourceTemplate("-");
            requestResponseStreamDTO.setUserAgent(str2);
            requestResponseStreamDTO.setUsername(aPIKeyValidationInfoDTO.getEndUserName());
            requestResponseStreamDTO.setUserTenantDomain(this.tenantDomain);
            requestResponseStreamDTO.setApiTier(aPIKeyValidationInfoDTO.getTier());
            requestResponseStreamDTO.setApiVersion(this.version);
            requestResponseStreamDTO.setMetaClientType(type);
            requestResponseStreamDTO.setCorrelationID(uuid);
            requestResponseStreamDTO.setUserAgent(str2);
            requestResponseStreamDTO.setCorrelationID(uuid);
            requestResponseStreamDTO.setGatewayType(APIMgtGatewayConstants.GATEWAY_TYPE);
            requestResponseStreamDTO.setLabel(APIMgtGatewayConstants.SYNAPDE_GW_LABEL);
            requestResponseStreamDTO.setProtocol("WebSocket");
            requestResponseStreamDTO.setDestination("");
            usageDataPublisher.publishEvent(requestResponseStreamDTO);
        } catch (Exception e) {
            log.error("Cannot publish event. " + e.getMessage(), e);
        }
    }
}
