package org.wso2.carbon.apimgt.gateway.handlers;

import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.websocketx.CloseWebSocketFrame;
import io.netty.handler.codec.http.websocketx.PingWebSocketFrame;
import io.netty.handler.codec.http.websocketx.TextWebSocketFrame;
import io.netty.handler.codec.http.websocketx.WebSocketFrame;
import io.netty.util.CharsetUtil;
import io.netty.util.ReferenceCountUtil;
import java.net.InetSocketAddress;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.analytics.Constants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketAnalyticsMetricsHandler;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketUtils;
import org.wso2.carbon.apimgt.gateway.inbound.InboundMessageContext;
import org.wso2.carbon.apimgt.gateway.inbound.InboundMessageContextDataHolder;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.InboundProcessorResponseDTO;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.InboundWebSocketProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.utils.InboundWebsocketProcessorUtil;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/WebsocketInboundHandler.class */
public class WebsocketInboundHandler extends ChannelInboundHandlerAdapter {
    private static final Log log = LogFactory.getLog(WebsocketInboundHandler.class);
    private WebSocketAnalyticsMetricsHandler metricsHandler;
    private InboundWebSocketProcessor webSocketProcessor = initializeWebSocketProcessor();

    public WebsocketInboundHandler() {
        initializeDataPublisher();
    }

    public InboundWebSocketProcessor getWebSocketProcessor() {
        return this.webSocketProcessor;
    }

    public InboundWebSocketProcessor initializeWebSocketProcessor() {
        return new InboundWebSocketProcessor();
    }

    private void initializeDataPublisher() {
        if (APIUtil.isAnalyticsEnabled()) {
            this.metricsHandler = new WebSocketAnalyticsMetricsHandler();
        }
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        InboundMessageContext inboundMessageContext;
        String asLongText = channelHandlerContext.channel().id().asLongText();
        if ((obj instanceof FullHttpRequest) && ((FullHttpRequest) obj).headers() != null && !((FullHttpRequest) obj).headers().contains("Upgrade") && ((FullHttpRequest) obj).uri().equals("/health")) {
            channelHandlerContext.fireChannelRead(obj);
            return;
        }
        if (InboundMessageContextDataHolder.getInstance().getInboundMessageContextMap().containsKey(asLongText)) {
            inboundMessageContext = InboundMessageContextDataHolder.getInstance().getInboundMessageContextForConnectionId(asLongText);
        } else {
            inboundMessageContext = new InboundMessageContext();
            inboundMessageContext.setCtx(channelHandlerContext);
            InboundMessageContextDataHolder.getInstance().addInboundMessageContextForConnection(asLongText, inboundMessageContext);
        }
        inboundMessageContext.setUserIP(getRemoteIP(channelHandlerContext));
        if (APIUtil.isAnalyticsEnabled()) {
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, Constants.REQUEST_START_TIME_PROPERTY, Long.valueOf(System.currentTimeMillis()));
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, Constants.USER_IP_PROPERTY, inboundMessageContext.getUserIP());
        }
        if (obj instanceof FullHttpRequest) {
            FullHttpRequest fullHttpRequest = (FullHttpRequest) obj;
            populateContextHeaders(fullHttpRequest, inboundMessageContext);
            validateCorsHeaders(channelHandlerContext, fullHttpRequest);
            InboundProcessorResponseDTO handleHandshake = this.webSocketProcessor.handleHandshake(fullHttpRequest, channelHandlerContext, inboundMessageContext);
            if (handleHandshake.isError()) {
                ReferenceCountUtil.release(obj);
                InboundMessageContextDataHolder.getInstance().removeInboundMessageContextForConnection(asLongText);
                DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.valueOf(handleHandshake.getErrorCode()), Unpooled.copiedBuffer(handleHandshake.getErrorMessage(), CharsetUtil.UTF_8));
                defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
                defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_LENGTH, Integer.valueOf(defaultFullHttpResponse.content().readableBytes()));
                channelHandlerContext.writeAndFlush(defaultFullHttpResponse);
                return;
            }
            setApiAuthPropertiesToChannel(channelHandlerContext, inboundMessageContext);
            if (StringUtils.isNotEmpty(inboundMessageContext.getToken())) {
                fullHttpRequest.headers().set(APIMgtGatewayConstants.WS_JWT_TOKEN_HEADER, inboundMessageContext.getToken());
            }
            channelHandlerContext.fireChannelRead(fullHttpRequest);
            publishHandshakeEvent(channelHandlerContext, inboundMessageContext);
            InboundWebsocketProcessorUtil.publishGoogleAnalyticsData(inboundMessageContext, channelHandlerContext.channel().remoteAddress().toString());
            return;
        }
        if ((obj instanceof CloseWebSocketFrame) || (obj instanceof PingWebSocketFrame)) {
            InboundMessageContextDataHolder.getInstance().getInboundMessageContextMap().remove(asLongText);
            channelHandlerContext.fireChannelRead(obj);
            return;
        }
        if (obj instanceof WebSocketFrame) {
            InboundProcessorResponseDTO handleRequest = this.webSocketProcessor.handleRequest((WebSocketFrame) obj, inboundMessageContext);
            if (!handleRequest.isError()) {
                if (log.isDebugEnabled()) {
                    log.debug("Sending Inbound Websocket frame." + channelHandlerContext.channel().toString());
                }
                channelHandlerContext.fireChannelRead(obj);
                publishPublishEvent(channelHandlerContext);
                return;
            }
            ReferenceCountUtil.release(obj);
            if (!handleRequest.isCloseConnection()) {
                channelHandlerContext.writeAndFlush(new TextWebSocketFrame(handleRequest.getErrorResponseString()));
                handlePublishFrameErrorEvent(channelHandlerContext, handleRequest);
                return;
            }
            InboundMessageContextDataHolder.getInstance().getInboundMessageContextMap().remove(asLongText);
            if (log.isDebugEnabled()) {
                log.debug("Error while handling Outbound Websocket frame. Closing connection for " + channelHandlerContext.channel().toString());
            }
            handlePublishFrameErrorEvent(channelHandlerContext, handleRequest);
            channelHandlerContext.writeAndFlush(new CloseWebSocketFrame(handleRequest.getErrorCode(), handleRequest.getErrorMessage() + " Connection closed!"));
            channelHandlerContext.close();
        }
    }

    private void handlePublishFrameErrorEvent(ChannelHandlerContext channelHandlerContext, InboundProcessorResponseDTO inboundProcessorResponseDTO) {
        if (inboundProcessorResponseDTO.getErrorCode() == 4003 || inboundProcessorResponseDTO.getErrorCode() == 4021 || inboundProcessorResponseDTO.getErrorCode() == 4020) {
            if (log.isDebugEnabled()) {
                log.debug("Inbound WebSocket frame is throttled. " + channelHandlerContext.channel().toString());
            }
        } else if (inboundProcessorResponseDTO.getErrorCode() == 4000 || inboundProcessorResponseDTO.getErrorCode() == 4001 || inboundProcessorResponseDTO.getErrorCode() == 4002) {
            if (log.isDebugEnabled()) {
                log.debug("Inbound WebSocket frame failed due to auth error. " + channelHandlerContext.channel().toString());
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Unclassified error in Inbound WebSocket frame. " + channelHandlerContext.channel().toString());
        }
        publishPublishFrameErrorEvent(channelHandlerContext, inboundProcessorResponseDTO);
    }

    private void setApiAuthPropertiesToChannel(ChannelHandlerContext channelHandlerContext, InboundMessageContext inboundMessageContext) {
        Map<String, Object> apiProperties = WebSocketUtils.getApiProperties(channelHandlerContext);
        apiProperties.put("AM_KEY_TYPE", inboundMessageContext.getKeyType());
        apiProperties.put(APISecurityUtils.API_AUTH_CONTEXT, inboundMessageContext.getAuthContext());
        channelHandlerContext.channel().attr(WebSocketUtils.WSO2_PROPERTIES).set(apiProperties);
    }

    private void publishPublishFrameErrorEvent(ChannelHandlerContext channelHandlerContext, InboundProcessorResponseDTO inboundProcessorResponseDTO) {
        if (APIUtil.isAnalyticsEnabled()) {
            addErrorPropertiesToChannel(channelHandlerContext, inboundProcessorResponseDTO);
            this.metricsHandler.handlePublish(channelHandlerContext);
            removeErrorPropertiesFromChannel(channelHandlerContext);
        }
    }

    protected String getRemoteIP(ChannelHandlerContext channelHandlerContext) {
        return ((InetSocketAddress) channelHandlerContext.channel().remoteAddress()).getAddress().getHostAddress();
    }

    private void removeErrorPropertiesFromChannel(ChannelHandlerContext channelHandlerContext) {
        WebSocketUtils.removeApiPropertyFromChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_CODE);
        WebSocketUtils.removeApiPropertyFromChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_MESSAGE);
    }

    private void addErrorPropertiesToChannel(ChannelHandlerContext channelHandlerContext, InboundProcessorResponseDTO inboundProcessorResponseDTO) {
        WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_CODE, Integer.valueOf(inboundProcessorResponseDTO.getErrorCode()));
        WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_MESSAGE, inboundProcessorResponseDTO.getErrorMessage());
    }

    private void populateContextHeaders(FullHttpRequest fullHttpRequest, InboundMessageContext inboundMessageContext) {
        for (Map.Entry entry : fullHttpRequest.headers().entries()) {
            inboundMessageContext.getRequestHeaders().put((String) entry.getKey(), (String) entry.getValue());
        }
    }

    private void publishPublishEvent(ChannelHandlerContext channelHandlerContext) {
        if (APIUtil.isAnalyticsEnabled()) {
            this.metricsHandler.handlePublish(channelHandlerContext);
        }
    }

    private void publishHandshakeEvent(ChannelHandlerContext channelHandlerContext, InboundMessageContext inboundMessageContext) {
        if (APIUtil.isAnalyticsEnabled()) {
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, Constants.USER_AGENT_PROPERTY, inboundMessageContext.getRequestHeaders().get("User-Agent"));
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, "API_ELECTED_RESOURCE", inboundMessageContext.getMatchingResource());
            this.metricsHandler.handleHandshake(channelHandlerContext);
        }
    }

    private void validateCorsHeaders(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) throws APISecurityException {
        if (APIUtil.isCORSValidationEnabledForWS() && assessAndGetAllowedOrigin(fullHttpRequest.headers().get(HttpHeaderNames.ORIGIN)) == null) {
            channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN));
            channelHandlerContext.close();
            log.warn("Validation of CORS origin header failed for WS request on: " + fullHttpRequest.uri());
            throw new APISecurityException(APISecurityConstants.CORS_ORIGIN_HEADER_VALIDATION_FAILED, APISecurityConstants.CORS_ORIGIN_HEADER_VALIDATION_FAILED_MESSAGE);
        }
    }

    private String assessAndGetAllowedOrigin(String str) {
        if (WebsocketUtil.allowedOriginsConfigured.contains("*")) {
            return "*";
        }
        if (WebsocketUtil.allowedOriginsConfigured.contains(str)) {
            return str;
        }
        if (str == null) {
            return null;
        }
        for (String str2 : WebsocketUtil.allowedOriginsConfigured) {
            if (str2.contains("*") && Pattern.compile(str2.replace("*", ".*")).matcher(str).find()) {
                return str;
            }
        }
        return null;
    }
}
