package org.wso2.carbon.apimgt.gateway.handlers.security;

import com.atlassian.oai.validator.OpenApiInteractionValidator;
import com.atlassian.oai.validator.report.LevelResolver;
import com.atlassian.oai.validator.report.ValidationReport;
import io.swagger.parser.OpenAPIParser;
import io.swagger.v3.parser.core.models.ParseOptions;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.model.OpenAPIRequest;
import org.wso2.carbon.apimgt.gateway.handlers.security.model.OpenAPIResponse;
import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/SchemaValidator.class */
public class SchemaValidator extends AbstractHandler {
    private static final String INTERNAL_ERROR_CODE = "500";
    private static final Log logger = LogFactory.getLog(SchemaValidator.class);
    private static final String HTTP_SC_CODE = "400";

    private static OpenApiInteractionValidator getOpenAPIValidator(String str) {
        OpenAPIParser openAPIParser = new OpenAPIParser();
        ParseOptions parseOptions = new ParseOptions();
        parseOptions.setResolveFully(true);
        return OpenApiInteractionValidator.createFor(openAPIParser.readContents(str, new ArrayList(), parseOptions).getOpenAPI()).withLevelResolver(LevelResolver.create().withLevel("validation.schema.required", ValidationReport.Level.INFO).withLevel("validation.response.body.missing", ValidationReport.Level.INFO).build()).build();
    }

    public boolean handleRequest(MessageContext messageContext) {
        logger.debug("Validating the API request Body content..");
        String obj = messageContext.getProperty(APIMgtGatewayConstants.OPEN_API_STRING).toString();
        if (obj == null) {
            return true;
        }
        ValidationReport validateRequest = getOpenAPIValidator(obj).validateRequest(new OpenAPIRequest(messageContext));
        if (!validateRequest.hasErrors()) {
            return true;
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = validateRequest.getMessages().iterator();
        while (it.hasNext()) {
            sb.append(((ValidationReport.Message) it.next()).getMessage()).append(", ");
        }
        logger.error("Schema validation failed in the Request: ");
        GatewayUtils.handleThreat(messageContext, "400", "Schema validation failed in the Request: " + ((Object) sb));
        return true;
    }

    public boolean handleResponse(MessageContext messageContext) {
        OpenApiInteractionValidator openAPIValidator = getOpenAPIValidator(messageContext.getProperty(APIMgtGatewayConstants.OPEN_API_STRING).toString());
        OpenAPIResponse openAPIResponse = new OpenAPIResponse(messageContext);
        ValidationReport validateResponse = openAPIValidator.validateResponse(openAPIResponse.getPath(), openAPIResponse.getMethod(), openAPIResponse);
        if (!validateResponse.hasErrors()) {
            return true;
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = validateResponse.getMessages().iterator();
        while (it.hasNext()) {
            sb.append(((ValidationReport.Message) it.next()).getMessage()).append(", ");
        }
        logger.error("Schema validation failed in the Response: ");
        GatewayUtils.handleThreat(messageContext, INTERNAL_ERROR_CODE, "Schema validation failed in the Response: " + ((Object) sb));
        return true;
    }
}
