package org.wso2.carbon.apimgt.gateway.handlers;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URLDecoder;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.cache.Caching;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFactory;
import org.apache.axiom.soap.SOAPFault;
import org.apache.axiom.soap.SOAPFaultCode;
import org.apache.axiom.soap.SOAPFaultDetail;
import org.apache.axiom.soap.SOAPFaultReason;
import org.apache.axiom.soap.SOAPFaultText;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.addressing.RelatesTo;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.api.API;
import org.apache.synapse.api.ApiUtils;
import org.apache.synapse.commons.json.JsonUtil;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.json.JSONObject;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.streaming.websocket.WebSocketApiConstants;
import org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleConstants;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.SubscriptionDataHolder;
import org.wso2.carbon.apimgt.keymgt.model.SubscriptionDataStore;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/Utils.class */
public class Utils {
    private static final Log log = LogFactory.getLog(Utils.class);

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/Utils$ContextLengthSorter.class */
    private static class ContextLengthSorter implements Comparator<String> {
        private ContextLengthSorter() {
        }

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            return str2.length() - str.length();
        }
    }

    public static void sendFault(MessageContext messageContext, int i) {
        ((Axis2MessageContext) messageContext).getAxis2MessageContext().setProperty("HTTP_SC", Integer.valueOf(i));
        Axis2Sender.sendBack(messageContext);
    }

    public static void setFaultPayload(MessageContext messageContext, OMElement oMElement) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        JsonUtil.removeJsonPayload(axis2MessageContext);
        messageContext.getEnvelope().getBody().addChild(oMElement);
        String str = (String) ((Map) axis2MessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)).get("Accept");
        HashSet hashSet = new HashSet(Arrays.asList("application/x-www-form-urlencoded", "multipart/form-data", "text/html", ThreatProtectorConstants.APPLICATION_XML, ThreatProtectorConstants.TEXT_XML, "application/soap+xml", "text/plain", ThreatProtectorConstants.APPLICATION_JSON, "application/json/badgerfish", "text/javascript"));
        if (!StringUtils.isEmpty(str) && hashSet.contains(str)) {
            axis2MessageContext.setProperty(APIMgtGatewayConstants.REST_MESSAGE_TYPE, str);
        } else if (messageContext.getProperty("error_message_type") != null) {
            axis2MessageContext.setProperty(APIMgtGatewayConstants.REST_MESSAGE_TYPE, messageContext.getProperty("error_message_type"));
        }
    }

    public static void setSOAPFault(MessageContext messageContext, String str, String str2, String str3) {
        SOAPHeader header;
        SOAPFactory sOAP11Factory = messageContext.isSOAP11() ? OMAbstractFactory.getSOAP11Factory() : OMAbstractFactory.getSOAP12Factory();
        OMDocument createOMDocument = sOAP11Factory.createOMDocument();
        SOAPEnvelope defaultFaultEnvelope = sOAP11Factory.getDefaultFaultEnvelope();
        createOMDocument.addChild(defaultFaultEnvelope);
        SOAPFault fault = defaultFaultEnvelope.getBody().getFault();
        if (fault == null) {
            fault = sOAP11Factory.createSOAPFault();
        }
        SOAPFaultCode createSOAPFaultCode = sOAP11Factory.createSOAPFaultCode();
        if (messageContext.isSOAP11()) {
            createSOAPFaultCode.setText(new QName(fault.getNamespace().getNamespaceURI(), str));
        } else {
            sOAP11Factory.createSOAPFaultValue(createSOAPFaultCode).setText(new QName(fault.getNamespace().getNamespaceURI(), str));
        }
        fault.setCode(createSOAPFaultCode);
        SOAPFaultReason createSOAPFaultReason = sOAP11Factory.createSOAPFaultReason();
        if (messageContext.isSOAP11()) {
            createSOAPFaultReason.setText(str2);
        } else {
            SOAPFaultText createSOAPFaultText = sOAP11Factory.createSOAPFaultText();
            createSOAPFaultText.setText(str2);
            createSOAPFaultText.setLang("en");
            createSOAPFaultReason.addSOAPText(createSOAPFaultText);
        }
        fault.setReason(createSOAPFaultReason);
        SOAPFaultDetail createSOAPFaultDetail = sOAP11Factory.createSOAPFaultDetail();
        createSOAPFaultDetail.setText(str3);
        fault.setDetail(createSOAPFaultDetail);
        if (messageContext.getEnvelope() != null && (header = messageContext.getEnvelope().getHeader()) != null) {
            Iterator examineAllHeaderBlocks = header.examineAllHeaderBlocks();
            while (examineAllHeaderBlocks.hasNext()) {
                Object next = examineAllHeaderBlocks.next();
                if (next instanceof SOAPHeaderBlock) {
                    defaultFaultEnvelope.getHeader().addChild((SOAPHeaderBlock) next);
                } else if (next instanceof OMElement) {
                    defaultFaultEnvelope.getHeader().addChild((OMElement) next);
                }
            }
        }
        try {
            messageContext.setEnvelope(defaultFaultEnvelope);
            if (messageContext.getFaultTo() != null) {
                messageContext.setTo(messageContext.getFaultTo());
            } else if (messageContext.getReplyTo() != null) {
                messageContext.setTo(messageContext.getReplyTo());
            } else {
                messageContext.setTo((EndpointReference) null);
            }
            if (messageContext.getMessageID() != null) {
                messageContext.setRelatesTo(new RelatesTo[]{new RelatesTo(messageContext.getMessageID())});
            }
        } catch (AxisFault e) {
            log.error("Error while setting SOAP fault as payload", e);
        }
    }

    public static boolean hasAccessTokenExpired(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO) {
        long validityPeriod = aPIKeyValidationInfoDTO.getValidityPeriod() != Long.MAX_VALUE ? aPIKeyValidationInfoDTO.getValidityPeriod() * 1000 : aPIKeyValidationInfoDTO.getValidityPeriod();
        long issuedTime = aPIKeyValidationInfoDTO.getIssuedTime();
        long currentTimeMillis = System.currentTimeMillis();
        if (validityPeriod == Long.MAX_VALUE || currentTimeMillis <= issuedTime + validityPeriod) {
            return false;
        }
        aPIKeyValidationInfoDTO.setValidationStatus(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS);
        if (aPIKeyValidationInfoDTO.getEndUserToken() == null) {
            return true;
        }
        log.info("Token " + aPIKeyValidationInfoDTO.getEndUserToken() + " expired.");
        return true;
    }

    public static String getRequestPath(MessageContext messageContext, String str, String str2, String str3) {
        return "url".equals((String) messageContext.getProperty("SYNAPSE_REST_API_VERSION_STRATEGY")) ? str.substring((str2 + str3).length() + 1, str.length()) : str.substring(str2.length(), str.length());
    }

    public static void send(MessageContext messageContext, int i) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        axis2MessageContext.setProperty("HTTP_SC", Integer.valueOf(i));
        messageContext.setResponse(true);
        messageContext.setProperty("RESPONSE", "true");
        messageContext.setTo((EndpointReference) null);
        axis2MessageContext.removeProperty("ContentType");
        Axis2Sender.sendBack(messageContext);
    }

    public static void removeTokenFromTenantTokenCache(String str, String str2) {
        if (str2 == null || "carbon.super".equals(str2)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Removing cache entry " + str + " from " + str2 + " domain");
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2, true);
            removeCacheEntryFromGatewayCache(str);
            if (log.isDebugEnabled()) {
                log.debug("Removed cache entry " + str + " from " + str2 + " domain");
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public static void putInvalidTokenIntoTenantInvalidTokenCache(String str, String str2) {
        if (str2 == null || "carbon.super".equals(str2)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Putting the cache entry " + str + " of " + str2 + " domain to the invalid token cache...");
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2, true);
            putInvalidTokenEntryIntoInvalidTokenCache(str, str2);
            if (log.isDebugEnabled()) {
                log.debug(" Token " + str + " of " + str2 + " domain was put to the invalid token cache.");
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public static void invalidateApiKeyInTenantCache(String str, String str2) {
        if (str2 == null || "carbon.super".equals(str2)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Removing cache entry " + str + " from " + str2 + " domain");
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2, true);
            removeCacheEntryFromGatewayAPiKeyCache(str);
            putInvalidApiKeyEntryIntoInvalidApiKeyCache(str, str2);
            if (log.isDebugEnabled()) {
                log.debug("Removed cache entry " + str + " from " + str2 + " domain");
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public static void putInvalidApiKeyEntryIntoInvalidApiKeyCache(String str, String str2) {
        CacheProvider.getInvalidGatewayApiKeyCache().put(str, str2);
    }

    public static void removeCacheEntryFromGatewayCache(String str) {
        Caching.getCacheManager("API_MANAGER_CACHE").getCache("GATEWAY_TOKEN_CACHE").remove(str);
    }

    public static void removeCacheEntryFromGatewayAPiKeyCache(String str) {
        Caching.getCacheManager("API_MANAGER_CACHE").getCache("gatewayApiKeyCache").remove(str);
    }

    public static void putInvalidTokenEntryIntoInvalidTokenCache(String str, String str2) {
        Caching.getCacheManager("API_MANAGER_CACHE").getCache("GATEWAY_INVALID_TOKEN_CACHE").put(str, str2);
    }

    public static String getCachedTenantDomain(String str) {
        return (String) Caching.getCacheManager("API_MANAGER_CACHE").getCache("GATEWAY_TOKEN_CACHE").get(str);
    }

    public static String getApiKeyCachedTenantDomain(String str) {
        return (String) CacheProvider.getGatewayApiKeyCache().get(str);
    }

    public static String getClientCertificateHeader() {
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration();
        if (aPIManagerConfiguration == null) {
            return APIMgtGatewayConstants.BASE64_ENCODED_CLIENT_CERTIFICATE_HEADER;
        }
        String firstProperty = aPIManagerConfiguration.getFirstProperty("MutualSSL.ClientCertificateHeader");
        return StringUtils.isNotEmpty(firstProperty) ? firstProperty : APIMgtGatewayConstants.BASE64_ENCODED_CLIENT_CERTIFICATE_HEADER;
    }

    public static X509Certificate getClientCertificate(org.apache.axis2.context.MessageContext messageContext) throws APIManagementException {
        Object property = messageContext.getProperty(APIMgtGatewayConstants.VALIDATED_X509_CERT);
        if (property != null) {
            return (X509Certificate) property;
        }
        Map map = (Map) messageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS);
        Object property2 = messageContext.getProperty("ssl.client.auth.cert.X509");
        X509Certificate x509Certificate = null;
        if (property2 != null) {
            x509Certificate = ((X509Certificate[]) property2)[0];
            messageContext.setProperty(APIMgtGatewayConstants.VALIDATED_X509_CERT, x509Certificate);
        }
        if (map.containsKey(getClientCertificateHeader())) {
            try {
                if (!isClientCertificateValidationEnabled() || APIUtil.isCertificateExistsInListenerTrustStore(x509Certificate)) {
                    X509Certificate clientCertificateFromHeader = getClientCertificateFromHeader(messageContext);
                    messageContext.setProperty(APIMgtGatewayConstants.VALIDATED_X509_CERT, clientCertificateFromHeader);
                    return clientCertificateFromHeader;
                }
            } catch (APIManagementException e) {
                log.error("Error while validating into Certificate Existence", e);
                throw new APIManagementException("Error while validating into Certificate Existence", e);
            }
        }
        return x509Certificate;
    }

    private static X509Certificate getClientCertificateFromHeader(org.apache.axis2.context.MessageContext messageContext) throws APIManagementException {
        byte[] decodeBase64;
        String str = (String) ((Map) messageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)).get(getClientCertificateHeader());
        if (str == null) {
            return null;
        }
        if (isClientCertificateEncoded()) {
            try {
                decodeBase64 = Base64.decodeBase64(APIUtil.getX509certificateContent(URLDecoder.decode(str, "UTF-8")));
            } catch (UnsupportedEncodingException e) {
                throw new APIManagementException("Error while URL decoding certificate", e);
            }
        } else {
            decodeBase64 = APIUtil.getX509certificateContent(str).getBytes();
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodeBase64);
            try {
                X509Certificate x509Certificate = X509Certificate.getInstance(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e2) {
            throw new APIManagementException("Error while converting into X509Certificate", e2);
        }
    }

    private static boolean isClientCertificateValidationEnabled() {
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration();
        if (aPIManagerConfiguration != null) {
            return Boolean.parseBoolean(aPIManagerConfiguration.getFirstProperty("MutualSSL.EnableClientCertificateValidation"));
        }
        return false;
    }

    private static boolean isClientCertificateEncoded() {
        String firstProperty;
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration();
        if (aPIManagerConfiguration == null || (firstProperty = aPIManagerConfiguration.getFirstProperty("MutualSSL.ClientCertificateEncode")) == null) {
            return true;
        }
        return Boolean.parseBoolean(firstProperty);
    }

    public static Map<String, String> getCustomAnalyticsProperties(MessageContext messageContext) {
        Map<String, String> customAnalyticsProperties = getCustomAnalyticsProperties(messageContext, APIMgtGatewayConstants.CUSTOM_ANALYTICS_REQUEST_PROPERTIES);
        Map<String, String> customAnalyticsProperties2 = getCustomAnalyticsProperties(messageContext, APIMgtGatewayConstants.CUSTOM_ANALYTICS_RESPONSE_PROPERTIES);
        HashMap hashMap = new HashMap(customAnalyticsProperties);
        hashMap.putAll(customAnalyticsProperties2);
        return hashMap;
    }

    private static Map<String, String> getCustomAnalyticsProperties(MessageContext messageContext, String str) {
        Set propertyKeySet = messageContext.getPropertyKeySet();
        String str2 = (String) messageContext.getProperty(str);
        if (StringUtils.isBlank(str2)) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (String str3 : str2.split(APIMgtGatewayConstants.CUSTOM_ANALYTICS_PROPERTY_SEPARATOR)) {
            if (propertyKeySet.contains(str3.trim())) {
                hashMap.put(str3, (String) messageContext.getProperty(str3.trim()));
            }
        }
        return hashMap;
    }

    public static API getSelectedAPI(MessageContext messageContext) {
        Object property = messageContext.getProperty("PROCESSED_API");
        if (property != null) {
            return (API) property;
        }
        return messageContext.getConfiguration().getAPI((String) messageContext.getProperty("SYNAPSE_REST_API"));
    }

    public static void setSubRequestPath(API api, MessageContext messageContext) {
        messageContext.setProperty("REST_SUB_REQUEST_PATH", getSubRequestPath(api, messageContext));
    }

    public static String getSubRequestPath(API api, MessageContext messageContext) {
        Object property = messageContext.getProperty("REST_SUB_REQUEST_PATH");
        if (property != null) {
            return (String) property;
        }
        String str = null;
        String fullRequestPath = ApiUtils.getFullRequestPath(messageContext);
        if (api != null) {
            str = "url".equals(api.getVersionStrategy().getVersionType()) ? fullRequestPath.substring(api.getContext().length() + api.getVersionStrategy().getVersion().length() + 1) : fullRequestPath.substring(api.getContext().length());
        }
        if (str != null && str.isEmpty()) {
            str = WebSocketApiConstants.URL_SEPARATOR;
        }
        messageContext.setProperty("REST_SUB_REQUEST_PATH", str);
        return str;
    }

    public static JSONObject setRemoteIp(JSONObject jSONObject, String str) {
        if (str != null && str.length() > 0) {
            try {
                InetAddress address = APIUtil.getAddress(str);
                if (address instanceof Inet4Address) {
                    jSONObject.put(APIThrottleConstants.IP, APIUtil.ipToLong(str));
                } else if (address instanceof Inet6Address) {
                    jSONObject.put(APIThrottleConstants.IPv6, APIUtil.ipToBigInteger(str));
                }
            } catch (UnknownHostException e) {
                log.error("Error while parsing host IP " + str, e);
            }
        }
        return jSONObject;
    }

    public static TreeMap<String, org.wso2.carbon.apimgt.keymgt.model.entity.API> getSelectedAPIList(String str, String str2) {
        Map allAPIsByContextList;
        TreeMap<String, org.wso2.carbon.apimgt.keymgt.model.entity.API> treeMap = new TreeMap<>(new ContextLengthSorter());
        SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(str2);
        if (tenantSubscriptionStore != null && (allAPIsByContextList = tenantSubscriptionStore.getAllAPIsByContextList()) != null) {
            allAPIsByContextList.forEach((str3, api) -> {
                if (ApiUtils.matchApiPath(str, str3)) {
                    treeMap.put(str3, api);
                }
            });
        }
        return treeMap;
    }

    public static boolean isGraphQLSubscriptionRequest(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        return "ws".equals(axis2MessageContext.getIncomingTransportName()) || ("wss".equals(axis2MessageContext.getIncomingTransportName()) && ((Boolean) messageContext.getProperty("isGraphqlSubscriptionRequest")).booleanValue());
    }
}
