package org.wso2.carbon.apimgt.gateway.inbound.websocket;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.QueryStringDecoder;
import io.netty.handler.codec.http.websocketx.TextWebSocketFrame;
import io.netty.handler.codec.http.websocketx.WebSocketFrame;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import org.apache.axis2.AxisFault;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.api.API;
import org.apache.synapse.api.ApiUtils;
import org.apache.synapse.api.Resource;
import org.apache.synapse.api.dispatch.RESTDispatcher;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.handlers.WebsocketUtil;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.ResourceNotFoundException;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketAnalyticsMetricsHandler;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketApiConstants;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketApiException;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketUtils;
import org.wso2.carbon.apimgt.gateway.inbound.InboundMessageContext;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.handshake.HandshakeProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.request.GraphQLRequestProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.request.RequestProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.response.GraphQLResponseProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.response.ResponseProcessor;
import org.wso2.carbon.apimgt.gateway.inbound.websocket.utils.InboundWebsocketProcessorUtil;
import org.wso2.carbon.apimgt.gateway.internal.DataHolder;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/inbound/websocket/InboundWebSocketProcessor.class */
public class InboundWebSocketProcessor {
    private static final Log log = LogFactory.getLog(InboundWebSocketProcessor.class);
    private WebSocketAnalyticsMetricsHandler metricsHandler;

    public InboundWebSocketProcessor() {
        if (APIUtil.isAnalyticsEnabled()) {
            this.metricsHandler = new WebSocketAnalyticsMetricsHandler();
        }
    }

    public InboundProcessorResponseDTO handleHandshake(FullHttpRequest fullHttpRequest, ChannelHandlerContext channelHandlerContext, InboundMessageContext inboundMessageContext) {
        InboundProcessorResponseDTO handshakeErrorDTO;
        InboundProcessorResponseDTO handshakeErrorDTO2;
        try {
            HandshakeProcessor handshakeProcessor = new HandshakeProcessor();
            setUris(fullHttpRequest, inboundMessageContext);
            InboundWebsocketProcessorUtil.setTenantDomainToContext(inboundMessageContext);
            setMatchingResource(channelHandlerContext, fullHttpRequest, inboundMessageContext);
            String str = fullHttpRequest.headers().get("User-Agent");
            inboundMessageContext.getRequestHeaders().put("User-Agent", str != null ? str : "-");
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(inboundMessageContext.getTenantDomain(), true);
            if (validateOAuthHeader(fullHttpRequest, inboundMessageContext)) {
                setRequestHeaders(fullHttpRequest, inboundMessageContext);
                inboundMessageContext.getRequestHeaders().put(WebsocketUtil.authorizationHeader, fullHttpRequest.headers().get(WebsocketUtil.authorizationHeader));
                handshakeErrorDTO2 = handshakeProcessor.processHandshake(inboundMessageContext);
                setRequestHeaders(fullHttpRequest, inboundMessageContext);
            } else {
                log.error("No Authorization Header or access_token query parameter present in request for the websocket context " + inboundMessageContext.getApiContext());
                handshakeErrorDTO2 = InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_ERROR, "No Authorization Header or access_token query parameter present");
            }
            if (handshakeErrorDTO2.isError()) {
                publishHandshakeAuthErrorEvent(channelHandlerContext, handshakeErrorDTO2.getErrorMessage());
            }
            return handshakeErrorDTO2;
        } catch (APISecurityException e) {
            log.error("Authentication Failure for the websocket context: " + inboundMessageContext.getApiContext() + e.getMessage());
            handshakeErrorDTO = InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_ERROR, e.getMessage());
            publishHandshakeAuthErrorEvent(channelHandlerContext, e.getMessage());
            return handshakeErrorDTO;
        } catch (ResourceNotFoundException e2) {
            log.error(e2.getMessage());
            handshakeErrorDTO = InboundWebsocketProcessorUtil.getHandshakeErrorDTO(404, e2.getMessage());
            publishResourceNotFoundEvent(channelHandlerContext);
            return handshakeErrorDTO;
        } catch (WebSocketApiException e3) {
            log.error(e3.getMessage());
            handshakeErrorDTO = InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.INTERNAL_SERVER_ERROR, e3.getMessage());
            return handshakeErrorDTO;
        }
    }

    public InboundProcessorResponseDTO handleRequest(WebSocketFrame webSocketFrame, InboundMessageContext inboundMessageContext) {
        RequestProcessor requestProcessor;
        String str = null;
        if ("GRAPHQL".equals(inboundMessageContext.getElectedAPI().getApiType()) && (webSocketFrame instanceof TextWebSocketFrame)) {
            requestProcessor = new GraphQLRequestProcessor();
            str = ((TextWebSocketFrame) webSocketFrame).text();
        } else {
            requestProcessor = new RequestProcessor();
        }
        return requestProcessor.handleRequest(webSocketFrame.content().capacity(), str, inboundMessageContext);
    }

    public InboundProcessorResponseDTO handleResponse(WebSocketFrame webSocketFrame, InboundMessageContext inboundMessageContext) throws Exception {
        ResponseProcessor responseProcessor;
        String str = null;
        if ("GRAPHQL".equals(inboundMessageContext.getElectedAPI().getApiType()) && (webSocketFrame instanceof TextWebSocketFrame)) {
            responseProcessor = new GraphQLResponseProcessor();
            str = ((TextWebSocketFrame) webSocketFrame).text();
        } else {
            responseProcessor = new ResponseProcessor();
        }
        return responseProcessor.handleResponse(webSocketFrame.content().capacity(), str, inboundMessageContext);
    }

    private boolean validateOAuthHeader(FullHttpRequest fullHttpRequest, InboundMessageContext inboundMessageContext) throws APISecurityException {
        if (inboundMessageContext.getRequestHeaders().containsKey(WebsocketUtil.authorizationHeader)) {
            return true;
        }
        Map parameters = new QueryStringDecoder(inboundMessageContext.getFullRequestPath()).parameters();
        if (!parameters.containsKey("access_token")) {
            return false;
        }
        inboundMessageContext.getHeadersToAdd().put(WebsocketUtil.authorizationHeader, "Bearer " + ((String) ((List) parameters.get("access_token")).get(0)));
        InboundWebsocketProcessorUtil.removeTokenFromQuery(parameters, inboundMessageContext);
        fullHttpRequest.setUri(inboundMessageContext.getFullRequestPath());
        return true;
    }

    private void setUris(FullHttpRequest fullHttpRequest, InboundMessageContext inboundMessageContext) throws WebSocketApiException {
        try {
            String uri = fullHttpRequest.uri();
            inboundMessageContext.setFullRequestPath(fullHttpRequest.uri());
            URI uri2 = new URI(uri);
            String uri3 = new URI(uri2.getScheme(), uri2.getAuthority(), uri2.getPath(), null, uri2.getFragment()).toString();
            if (uri3.endsWith(WebSocketApiConstants.URL_SEPARATOR)) {
                uri3 = uri3.substring(0, uri3.length() - 1);
            }
            inboundMessageContext.setRequestPath(uri3);
            if (log.isDebugEnabled()) {
                log.debug("Websocket API fullRequestPath = " + inboundMessageContext.getRequestPath());
            }
        } catch (URISyntaxException e) {
            throw new WebSocketApiException("Error while parsing uri: " + e.getMessage());
        }
    }

    private void setMatchingResource(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest, InboundMessageContext inboundMessageContext) throws WebSocketApiException, ResourceNotFoundException {
        try {
            MessageContext messageContext = getMessageContext(inboundMessageContext);
            API api = InboundWebsocketProcessorUtil.getApi(messageContext, inboundMessageContext);
            if (api == null) {
                throw new ResourceNotFoundException("No matching API found to dispatch the request");
            }
            inboundMessageContext.setApi(api);
            reConstructFullUriWithVersion(fullHttpRequest, messageContext, inboundMessageContext);
            inboundMessageContext.setApiContext(api.getContext());
            Resource resource = null;
            Utils.setSubRequestPath(api, messageContext);
            LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(api.getResources()));
            if (!linkedHashSet.isEmpty()) {
                Iterator it = ApiUtils.getDispatchers().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Resource findResource = ((RESTDispatcher) it.next()).findResource(messageContext, linkedHashSet);
                    if (findResource != null) {
                        resource = findResource;
                        if (APIUtil.isAnalyticsEnabled()) {
                            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, APIMgtGatewayConstants.SYNAPSE_ENDPOINT_ADDRESS, WebSocketUtils.getEndpointUrl(findResource, messageContext));
                        }
                    }
                }
            }
            setApiPropertiesToChannel(channelHandlerContext, inboundMessageContext);
            if (resource == null) {
                throw new ResourceNotFoundException("No matching resource found to dispatch the request");
            }
            if ("GRAPHQL".equals(inboundMessageContext.getElectedAPI().getApiType())) {
                inboundMessageContext.setGraphQLSchemaDTO(DataHolder.getInstance().getGraphQLSchemaDTOForAPI(inboundMessageContext.getElectedAPI().getUuid()));
            }
            String string = resource.getDispatcherHelper().getString();
            if (log.isDebugEnabled()) {
                log.info("Selected resource for API dispatch : " + string);
            }
            inboundMessageContext.setMatchingResource(string);
        } catch (AxisFault | URISyntaxException e) {
            throw new WebSocketApiException("Error while getting matching resource for Websocket API");
        }
    }

    private MessageContext getMessageContext(InboundMessageContext inboundMessageContext) throws AxisFault, URISyntaxException {
        Axis2MessageContext synapseMessageContext = WebsocketUtil.getSynapseMessageContext(inboundMessageContext.getTenantDomain());
        org.apache.axis2.context.MessageContext axis2MessageContext = synapseMessageContext.getAxis2MessageContext();
        axis2MessageContext.setIncomingTransportName(new URI(inboundMessageContext.getFullRequestPath()).getScheme());
        axis2MessageContext.setProperty("TransportInURL", inboundMessageContext.getFullRequestPath());
        inboundMessageContext.setAxis2MessageContext(axis2MessageContext);
        return synapseMessageContext;
    }

    private void setApiPropertiesToChannel(ChannelHandlerContext channelHandlerContext, InboundMessageContext inboundMessageContext) {
        Map<String, Object> apiProperties = WebSocketUtils.getApiProperties(channelHandlerContext);
        apiProperties.put("SYNAPSE_REST_API", inboundMessageContext.getApiName());
        apiProperties.put("PROCESSED_API", inboundMessageContext.getApi());
        apiProperties.put(ThreatProtectorConstants.API_CONTEXT, inboundMessageContext.getApiContext());
        apiProperties.put("SYNAPSE_REST_API_VERSION", inboundMessageContext.getVersion());
        if (inboundMessageContext.getElectedAPI().getApiType().equals("GRAPHQL")) {
            apiProperties.put(APIMgtGatewayConstants.API_OBJECT, inboundMessageContext.getElectedAPI());
            apiProperties.put("isGraphqlSubscriptionRequest", true);
        }
        channelHandlerContext.channel().attr(WebSocketUtils.WSO2_PROPERTIES).set(apiProperties);
    }

    private void reConstructFullUriWithVersion(FullHttpRequest fullHttpRequest, MessageContext messageContext, InboundMessageContext inboundMessageContext) {
        String replace = inboundMessageContext.getFullRequestPath().replace(inboundMessageContext.getElectedRoute(), inboundMessageContext.getElectedAPI().getContext());
        fullHttpRequest.setUri(replace);
        ((Axis2MessageContext) messageContext).getAxis2MessageContext().setProperty("TransportInURL", replace);
        inboundMessageContext.getAxis2MessageContext().setProperty("TransportInURL", replace);
        if (log.isDebugEnabled()) {
            log.debug("Updated full request uri : " + replace);
        }
    }

    private void publishResourceNotFoundEvent(ChannelHandlerContext channelHandlerContext) {
        if (APIUtil.isAnalyticsEnabled()) {
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_CODE, 404);
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_MESSAGE, "No matching resource found to dispatch the request");
            this.metricsHandler.handleHandshake(channelHandlerContext);
            removeErrorPropertiesFromChannel(channelHandlerContext);
        }
    }

    private void publishHandshakeAuthErrorEvent(ChannelHandlerContext channelHandlerContext, String str) {
        if (APIUtil.isAnalyticsEnabled()) {
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_CODE, Integer.valueOf(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS));
            WebSocketUtils.setApiPropertyToChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_MESSAGE, str);
            this.metricsHandler.handleHandshake(channelHandlerContext);
            removeErrorPropertiesFromChannel(channelHandlerContext);
        }
    }

    private void removeErrorPropertiesFromChannel(ChannelHandlerContext channelHandlerContext) {
        WebSocketUtils.removeApiPropertyFromChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_CODE);
        WebSocketUtils.removeApiPropertyFromChannel(channelHandlerContext, ThreatProtectorConstants.ERROR_MESSAGE);
    }

    private void setRequestHeaders(FullHttpRequest fullHttpRequest, InboundMessageContext inboundMessageContext) {
        Map<String, String> headersToAdd = inboundMessageContext.getHeadersToAdd();
        List<String> headersToRemove = inboundMessageContext.getHeadersToRemove();
        for (Map.Entry<String, String> entry : headersToAdd.entrySet()) {
            fullHttpRequest.headers().add(entry.getKey(), entry.getValue());
        }
        Iterator<String> it = headersToRemove.iterator();
        while (it.hasNext()) {
            fullHttpRequest.headers().remove(it.next());
        }
        inboundMessageContext.setHeadersToRemove(new ArrayList());
    }
}
