package org.wso2.carbon.apimgt.handlers;

import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import javax.security.cert.CertificateEncodingException;
import javax.security.cert.X509Certificate;
import org.apache.axis2.description.HandlerDescription;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.wso2.carbon.apimgt.handlers.beans.Certificate;
import org.wso2.carbon.apimgt.handlers.beans.ValidationResponce;
import org.wso2.carbon.apimgt.handlers.config.IOTServerConfiguration;
import org.wso2.carbon.apimgt.handlers.invoker.RESTInvoker;
import org.wso2.carbon.apimgt.handlers.invoker.RESTResponse;
import org.wso2.carbon.apimgt.handlers.utils.AuthConstants;
import org.wso2.carbon.apimgt.handlers.utils.Utils;
import org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/apimgt/handlers/AuthenticationHandler.class */
public class AuthenticationHandler extends AbstractHandler {
    private static final Log log = LogFactory.getLog(AuthenticationHandler.class);
    private static HandlerDescription EMPTY_HANDLER_METADATA = new HandlerDescription("API Security Handler");
    private HandlerDescription handlerDesc;
    private RESTInvoker restInvoker;
    private static final String X_JWT_ASSERTION = "X-JWT-Assertion";
    private static final String JWTTOKEN = "JWTToken";
    private static final String AUTHORIZATION = "Authorization";
    private static final String BEARER = "Bearer ";
    private static final String CONTENT_TYPE = "Content-Type";
    private IOTServerConfiguration iotServerConfiguration;

    public AuthenticationHandler() {
        log.info("Engaging API Security Handler..........");
        this.restInvoker = new RESTInvoker();
        this.handlerDesc = EMPTY_HANDLER_METADATA;
        this.iotServerConfiguration = Utils.initConfig();
    }

    public boolean handleRequest(MessageContext messageContext) {
        RESTResponse invokePOST;
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String trim = messageContext.getTo().getAddress().trim();
        if (log.isDebugEnabled()) {
            log.debug("Authentication handler invoked by: " + trim);
        }
        Map map = (Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS");
        try {
            int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
            if (map.containsKey(AuthConstants.MDM_SIGNATURE)) {
                String str = ((String) map.get(AuthConstants.MDM_SIGNATURE)).toString();
                if (log.isDebugEnabled()) {
                    log.debug("Verify Cert:\n" + str);
                }
                URI uri = new URI(this.iotServerConfiguration.getVerificationEndpoint() + getDeviceType(messageContext.getTo().getAddress().trim()));
                Map<String, String> headers = setHeaders();
                Certificate certificate = new Certificate();
                certificate.setPem(str);
                certificate.setTenantId(tenantId);
                certificate.setSerial(AuthConstants.CALLBACK_URL);
                Gson gson = new Gson();
                invokePOST = this.restInvoker.invokePOST(uri, headers, null, null, gson.toJson(certificate));
                String content = invokePOST.getContent();
                if (log.isDebugEnabled()) {
                    log.debug("Verify response:" + invokePOST.getContent());
                    log.debug("Response String : " + content);
                }
                if (invokePOST.getHttpStatus() != 200 || !content.contains(JWTTOKEN)) {
                    return false;
                }
                map.put(X_JWT_ASSERTION, ((ValidationResponce) gson.fromJson(content, ValidationResponce.class)).getJWTToken());
            } else if (map.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
                String str2 = ((String) map.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)).toString();
                if (log.isDebugEnabled()) {
                    log.debug("Verify subject DN: " + str2);
                }
                URI uri2 = new URI(this.iotServerConfiguration.getVerificationEndpoint() + getDeviceType(messageContext.getTo().getAddress().trim()));
                Map<String, String> headers2 = setHeaders();
                Certificate certificate2 = new Certificate();
                certificate2.setPem(str2);
                certificate2.setTenantId(tenantId);
                certificate2.setSerial(AuthConstants.PROXY_MUTUAL_AUTH_HEADER);
                invokePOST = this.restInvoker.invokePOST(uri2, headers2, null, null, new Gson().toJson(certificate2));
                if (log.isDebugEnabled()) {
                    log.debug("Verify response:" + invokePOST.getContent());
                }
            } else if (map.containsKey(AuthConstants.MUTUAL_AUTH_HEADER)) {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) axis2MessageContext.getProperty(AuthConstants.CLIENT_CERTIFICATE);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509CertificateArr[0].getEncoded());
                java.security.cert.X509Certificate x509Certificate = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
                if (x509Certificate != null) {
                    map.put(AuthConstants.PROXY_MUTUAL_AUTH_HEADER, CertificateGenerator.getCommonName(x509Certificate));
                    return true;
                }
                invokePOST = null;
            } else {
                if (!map.containsKey(AuthConstants.ENCODED_PEM)) {
                    log.warn("Unauthorized request for api: " + trim);
                    return false;
                }
                String str3 = ((String) map.get(AuthConstants.ENCODED_PEM)).toString();
                if (log.isDebugEnabled()) {
                    log.debug("Verify Cert:\n" + str3);
                }
                URI uri3 = new URI(this.iotServerConfiguration.getVerificationEndpoint() + getDeviceType(messageContext.getTo().getAddress().trim()));
                Map<String, String> headers3 = setHeaders();
                Certificate certificate3 = new Certificate();
                certificate3.setPem(str3);
                certificate3.setTenantId(tenantId);
                certificate3.setSerial(AuthConstants.CALLBACK_URL);
                invokePOST = this.restInvoker.invokePOST(uri3, headers3, null, null, new Gson().toJson(certificate3));
                if (log.isDebugEnabled()) {
                    log.debug("Verify response:" + invokePOST.getContent());
                }
            }
            if (invokePOST != null && !invokePOST.getContent().contains("invalid")) {
                return true;
            }
            log.warn("Unauthorized request for api: " + trim);
            return false;
        } catch (IOException e) {
            log.error("Error while processing certificate.", e);
            return false;
        } catch (URISyntaxException e2) {
            log.error("Error while processing certificate.", e2);
            return false;
        } catch (CertificateException e3) {
            log.error("Certificate issue occurred when generating converting PEM to x509Certificate", e3);
            return false;
        } catch (CertificateEncodingException e4) {
            log.error("Error while attempting to encode certificate.", e4);
            return false;
        } catch (APIMCertificateMGTException e5) {
            log.error("Error while processing certificate.", e5);
            return false;
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;
    }

    private String getDeviceType(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "/");
        while (stringTokenizer.hasMoreElements()) {
            if (stringTokenizer.nextElement().equals("api")) {
                return (String) stringTokenizer.nextElement();
            }
        }
        return null;
    }

    private Map<String, String> setHeaders() throws APIMCertificateMGTException {
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", BEARER + Utils.getAccessToken(this.iotServerConfiguration));
        hashMap.put("Content-Type", AuthConstants.CONTENT_TYPE);
        return hashMap;
    }
}
