package org.wso2.carbon.apimgt.gateway.mediators;

import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.services.lambda.AWSLambda;
import com.amazonaws.services.lambda.AWSLambdaClientBuilder;
import com.amazonaws.services.lambda.model.InvocationType;
import com.amazonaws.services.lambda.model.InvokeRequest;
import com.amazonaws.services.lambda.model.InvokeResult;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.ByteArrayInputStream;
import java.util.TreeMap;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.commons.json.JsonUtil;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.mediators.AbstractMediator;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.analytics.Constants;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.gateway.utils.redis.RedisCacheUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/mediators/AWSLambdaMediator.class */
public class AWSLambdaMediator extends AbstractMediator {
    private static final Log log = LogFactory.getLog(AWSLambdaMediator.class);
    private String accessKey = "";
    private String secretKey = "";
    private String region = "";
    private String resourceName = "";
    private String roleArn = "";
    private String roleSessionName = "";
    private String roleRegion = "";
    private int resourceTimeout = 50000;
    private static final String PATH_PARAMETERS = "pathParameters";
    private static final String QUERY_STRING_PARAMETERS = "queryStringParameters";
    private static final String BODY_PARAMETER = "body";
    private static final String PATH = "path";
    private static final String HTTP_METHOD = "httpMethod";

    public boolean mediate(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        JsonObject jsonObject = new JsonObject();
        JsonObject jsonObject2 = new JsonObject();
        TreeMap treeMap = (TreeMap) axis2MessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS);
        for (Object obj : treeMap.keySet()) {
            jsonObject2.addProperty((String) obj, (String) treeMap.get(obj));
        }
        jsonObject.add("headers", jsonObject2);
        JsonObject jsonObject3 = new JsonObject();
        JsonObject jsonObject4 = new JsonObject();
        for (Object obj2 : messageContext.getPropertyKeySet()) {
            if (obj2 != null) {
                String obj3 = obj2.toString();
                if (obj3.startsWith("uri.var.")) {
                    jsonObject3.addProperty(obj3.substring("uri.var.".length()), (String) messageContext.getProperty(obj3));
                } else if (obj3.startsWith("query.param.")) {
                    jsonObject4.addProperty(obj3.substring("query.param.".length()), (String) messageContext.getProperty(obj3));
                }
            }
        }
        jsonObject.add(PATH_PARAMETERS, jsonObject3);
        jsonObject.add(QUERY_STRING_PARAMETERS, jsonObject4);
        jsonObject.addProperty(HTTP_METHOD, (String) messageContext.getProperty("REST_METHOD"));
        jsonObject.addProperty(PATH, (String) messageContext.getProperty("API_ELECTED_RESOURCE"));
        messageContext.setProperty(Constants.BACKEND_START_TIME_PROPERTY, Long.valueOf(System.currentTimeMillis()));
        jsonObject.add(BODY_PARAMETER, new JsonParser().parse(JsonUtil.hasAJsonPayload(axis2MessageContext) ? JsonUtil.jsonPayloadToString(axis2MessageContext) : "{}").getAsJsonObject());
        if (log.isDebugEnabled()) {
            log.debug("Passing the payload " + jsonObject.toString() + " to AWS Lambda function with resource name " + this.resourceName);
        }
        InvokeResult invokeLambda = invokeLambda(jsonObject.toString());
        if (invokeLambda == null) {
            if (log.isDebugEnabled()) {
                log.debug("Failed to invoke AWS Lambda function: " + this.resourceName);
            }
            axis2MessageContext.setProperty("HTTP_SC", "400");
            axis2MessageContext.setProperty("NO_ENTITY_BODY", true);
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("AWS Lambda function: " + this.resourceName + " is invoked successfully.");
        }
        JsonUtil.setJsonStream(axis2MessageContext, new ByteArrayInputStream(invokeLambda.getPayload().array()));
        axis2MessageContext.setProperty("HTTP_SC", invokeLambda.getStatusCode());
        axis2MessageContext.setProperty(APIMgtGatewayConstants.REST_MESSAGE_TYPE, ThreatProtectorConstants.APPLICATION_JSON);
        axis2MessageContext.setProperty("ContentType", ThreatProtectorConstants.APPLICATION_JSON);
        axis2MessageContext.removeProperty("NO_ENTITY_BODY");
        return true;
    }

    private InvokeResult invokeLambda(String str) {
        AWSLambda aWSLambda;
        try {
            if (StringUtils.isEmpty(this.accessKey) && StringUtils.isEmpty(this.secretKey)) {
                if (log.isDebugEnabled()) {
                    log.debug("Using temporary credentials supplied by the IAM role attached to AWS instance");
                }
                if (StringUtils.isEmpty(this.roleArn) && StringUtils.isEmpty(this.roleSessionName) && StringUtils.isEmpty(this.roleRegion)) {
                    aWSLambda = (AWSLambda) AWSLambdaClientBuilder.standard().withCredentials(DefaultAWSCredentialsProviderChain.getInstance()).build();
                } else {
                    if (!StringUtils.isNotEmpty(this.roleArn) || !StringUtils.isNotEmpty(this.roleSessionName) || !StringUtils.isNotEmpty(this.roleRegion)) {
                        log.error("Missing AWS STS configurations");
                        return null;
                    }
                    Credentials sessionCredentials = getSessionCredentials(DefaultAWSCredentialsProviderChain.getInstance(), this.roleArn, this.roleSessionName, "");
                    aWSLambda = (AWSLambda) AWSLambdaClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()))).withRegion(this.roleRegion).build();
                }
            } else {
                if (!StringUtils.isNotEmpty(this.accessKey) || !StringUtils.isNotEmpty(this.secretKey) || !StringUtils.isNotEmpty(this.region)) {
                    log.error("Missing AWS Credentials");
                    return null;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Using user given stored credentials");
                }
                BasicAWSCredentials basicAWSCredentials = new BasicAWSCredentials(this.accessKey, this.secretKey);
                if (StringUtils.isEmpty(this.roleArn) && StringUtils.isEmpty(this.roleSessionName) && StringUtils.isEmpty(this.roleRegion)) {
                    aWSLambda = (AWSLambda) AWSLambdaClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicAWSCredentials)).withRegion(this.region).build();
                } else {
                    if (!StringUtils.isNotEmpty(this.roleArn) || !StringUtils.isNotEmpty(this.roleSessionName) || !StringUtils.isNotEmpty(this.roleRegion)) {
                        log.error("Missing AWS STS configurations");
                        return null;
                    }
                    Credentials sessionCredentials2 = getSessionCredentials(new AWSStaticCredentialsProvider(basicAWSCredentials), this.roleArn, this.roleSessionName, this.region);
                    aWSLambda = (AWSLambda) AWSLambdaClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(sessionCredentials2.getAccessKeyId(), sessionCredentials2.getSecretAccessKey(), sessionCredentials2.getSessionToken()))).withRegion(this.roleRegion).build();
                }
            }
            if (this.resourceTimeout < 1000 || this.resourceTimeout > 900000) {
                setResourceTimeout(50000);
            }
            return aWSLambda.invoke(new InvokeRequest().withFunctionName(this.resourceName).withPayload(str).withInvocationType(InvocationType.RequestResponse).withSdkClientExecutionTimeout(this.resourceTimeout));
        } catch (SdkClientException e) {
            log.error("Error while invoking the lambda function", e);
            return null;
        }
    }

    private Credentials getSessionCredentials(AWSCredentialsProvider aWSCredentialsProvider, String str, String str2, String str3) {
        Credentials credentials = null;
        if (ServiceReferenceHolder.getInstance().isRedisEnabled()) {
            Object object = new RedisCacheUtils(ServiceReferenceHolder.getInstance().getRedisPool()).getObject(str2, Credentials.class);
            if (object != null) {
                credentials = (Credentials) object;
            }
        } else {
            credentials = CredentialsCache.getInstance().getCredentialsMap().get(str2);
        }
        if (credentials != null && credentials.getExpiration().getTime() - System.currentTimeMillis() > 1000) {
            return credentials;
        }
        Credentials credentials2 = (StringUtils.isEmpty(str3) ? (AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSCredentialsProvider).build() : (AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSCredentialsProvider).withRegion(str3).build()).assumeRole(new AssumeRoleRequest().withRoleArn(str).withRoleSessionName(str2)).getCredentials();
        if (ServiceReferenceHolder.getInstance().isRedisEnabled()) {
            new RedisCacheUtils(ServiceReferenceHolder.getInstance().getRedisPool()).addObject(str2, credentials2);
        } else {
            CredentialsCache.getInstance().getCredentialsMap().put(str2, credentials2);
        }
        return credentials2;
    }

    public String getType() {
        return null;
    }

    public void setTraceState(int i) {
    }

    public int getTraceState() {
        return 0;
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public String getRegion() {
        return this.region;
    }

    public String getRoleArn() {
        return this.roleArn;
    }

    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    public String getRoleRegion() {
        return this.roleRegion;
    }

    public String getResourceName() {
        return this.resourceName;
    }

    public int getResourceTimeout() {
        return this.resourceTimeout;
    }

    public void setAccessKey(String str) {
        this.accessKey = str;
    }

    public void setSecretKey(String str) {
        this.secretKey = str;
    }

    public void setRegion(String str) {
        this.region = str;
    }

    public void setRoleArn(String str) {
        this.roleArn = str;
    }

    public void setRoleSessionName(String str) {
        this.roleSessionName = str;
    }

    public void setRoleRegion(String str) {
        this.roleRegion = str;
    }

    public void setResourceName(String str) {
        this.resourceName = str;
    }

    public void setResourceTimeout(int i) {
        this.resourceTimeout = i;
    }
}
