package org.apache.synapse.endpoints.auth.oauth;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.util.UIDGenerator;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseConstants;
import org.apache.synapse.commons.resolvers.ResolverFactory;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.endpoints.OAuthConfiguredHTTPEndpoint;
import org.apache.synapse.endpoints.auth.AuthConstants;
import org.apache.synapse.endpoints.auth.AuthException;
import org.apache.synapse.mediators.Value;
import org.apache.synapse.util.xpath.SynapseJsonPath;
import org.apache.synapse.util.xpath.SynapseXPath;
import org.jaxen.JaxenException;

/* loaded from: input_file:WEB-INF/lib/synapse-core-4.0.0-wso2v44-SNAPSHOT.jar:org/apache/synapse/endpoints/auth/oauth/OAuthUtils.class */
public class OAuthUtils {
    private static final Log log = LogFactory.getLog(OAuthUtils.class);
    private static final Pattern EXPRESSION_PATTERN = Pattern.compile("(\\{[^\"<>}\\]]+})");

    public static OAuthHandler getSpecificOAuthHandler(OMElement oMElement) {
        OAuthHandler oAuthHandler = null;
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.AUTHORIZATION_CODE));
        OMElement firstChildWithName2 = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.CLIENT_CREDENTIALS));
        OMElement firstChildWithName3 = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.PASSWORD_CREDENTIALS));
        if (hasMultipleOAuthConfigs(firstChildWithName, firstChildWithName2, firstChildWithName3)) {
            log.error("Invalid OAuth configuration: Multiple OAuth configurations are defined");
            return null;
        }
        if (firstChildWithName != null) {
            oAuthHandler = getAuthorizationCodeHandler(firstChildWithName);
        } else if (firstChildWithName2 != null) {
            oAuthHandler = getClientCredentialsHandler(firstChildWithName2);
        } else if (firstChildWithName3 != null) {
            oAuthHandler = getPasswordCredentialsHandler(firstChildWithName3);
        }
        return oAuthHandler;
    }

    private static boolean hasMultipleOAuthConfigs(OMElement oMElement, OMElement oMElement2, OMElement oMElement3) {
        return oMElement != null ? (oMElement2 == null && oMElement3 == null) ? false : true : (oMElement2 == null || oMElement3 == null) ? false : true;
    }

    private static AuthorizationCodeHandler getAuthorizationCodeHandler(OMElement oMElement) {
        String childValue = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_ID);
        String childValue2 = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_SECRET);
        String childValue3 = getChildValue(oMElement, AuthConstants.OAUTH_REFRESH_TOKEN);
        String childValue4 = getChildValue(oMElement, AuthConstants.TOKEN_API_URL);
        String childValue5 = getChildValue(oMElement, AuthConstants.OAUTH_AUTHENTICATION_MODE);
        int oauthTimeouts = getOauthTimeouts(oMElement, "connectionTimeout");
        int oauthTimeouts2 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_CONNECTION_REQUEST_TIMEOUT);
        int oauthTimeouts3 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_SOCKET_TIMEOUT);
        if (childValue == null || childValue2 == null || childValue3 == null || childValue4 == null) {
            log.error("Invalid AuthorizationCode configuration");
            return null;
        }
        AuthorizationCodeHandler authorizationCodeHandler = new AuthorizationCodeHandler(childValue4, childValue, childValue2, childValue3, childValue5, oauthTimeouts, oauthTimeouts2, oauthTimeouts3);
        if (hasRequestParameters(oMElement)) {
            Map<String, String> requestParameters = getRequestParameters(oMElement);
            if (requestParameters == null) {
                return null;
            }
            authorizationCodeHandler.setRequestParameters(requestParameters);
        }
        if (hasCustomHeaders(oMElement)) {
            Map<String, String> customHeaders = getCustomHeaders(oMElement);
            if (customHeaders == null) {
                return null;
            }
            authorizationCodeHandler.setCustomHeaders(customHeaders);
        }
        return authorizationCodeHandler;
    }

    private static ClientCredentialsHandler getClientCredentialsHandler(OMElement oMElement) {
        String childValue = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_ID);
        String childValue2 = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_SECRET);
        String childValue3 = getChildValue(oMElement, AuthConstants.TOKEN_API_URL);
        String childValue4 = getChildValue(oMElement, AuthConstants.OAUTH_AUTHENTICATION_MODE);
        int oauthTimeouts = getOauthTimeouts(oMElement, "connectionTimeout");
        int oauthTimeouts2 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_CONNECTION_REQUEST_TIMEOUT);
        int oauthTimeouts3 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_SOCKET_TIMEOUT);
        if (childValue == null || childValue2 == null || childValue3 == null) {
            log.error("Invalid ClientCredentials configuration");
            return null;
        }
        ClientCredentialsHandler clientCredentialsHandler = new ClientCredentialsHandler(childValue3, childValue, childValue2, childValue4, oauthTimeouts, oauthTimeouts2, oauthTimeouts3);
        if (hasRequestParameters(oMElement)) {
            Map<String, String> requestParameters = getRequestParameters(oMElement);
            if (requestParameters == null) {
                return null;
            }
            clientCredentialsHandler.setRequestParameters(requestParameters);
        }
        if (hasCustomHeaders(oMElement)) {
            Map<String, String> customHeaders = getCustomHeaders(oMElement);
            if (customHeaders == null) {
                return null;
            }
            clientCredentialsHandler.setCustomHeaders(customHeaders);
        }
        return clientCredentialsHandler;
    }

    private static PasswordCredentialsHandler getPasswordCredentialsHandler(OMElement oMElement) {
        String childValue = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_ID);
        String childValue2 = getChildValue(oMElement, AuthConstants.OAUTH_CLIENT_SECRET);
        String childValue3 = getChildValue(oMElement, "username");
        String childValue4 = getChildValue(oMElement, "password");
        String childValue5 = getChildValue(oMElement, AuthConstants.TOKEN_API_URL);
        String childValue6 = getChildValue(oMElement, AuthConstants.OAUTH_AUTHENTICATION_MODE);
        int oauthTimeouts = getOauthTimeouts(oMElement, "connectionTimeout");
        int oauthTimeouts2 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_CONNECTION_REQUEST_TIMEOUT);
        int oauthTimeouts3 = getOauthTimeouts(oMElement, AuthConstants.OAUTH_SOCKET_TIMEOUT);
        if (childValue3 == null || childValue4 == null || childValue5 == null || childValue == null || childValue2 == null) {
            log.error("Invalid PasswordCredentials configuration");
            return null;
        }
        PasswordCredentialsHandler passwordCredentialsHandler = new PasswordCredentialsHandler(childValue5, childValue, childValue2, childValue3, childValue4, childValue6, oauthTimeouts, oauthTimeouts2, oauthTimeouts3);
        if (hasRequestParameters(oMElement)) {
            Map<String, String> requestParameters = getRequestParameters(oMElement);
            if (requestParameters == null) {
                return null;
            }
            passwordCredentialsHandler.setRequestParameters(requestParameters);
        }
        if (hasCustomHeaders(oMElement)) {
            Map<String, String> customHeaders = getCustomHeaders(oMElement);
            if (customHeaders == null) {
                return null;
            }
            passwordCredentialsHandler.setCustomHeaders(customHeaders);
        }
        return passwordCredentialsHandler;
    }

    private static Map<String, String> getRequestParameters(OMElement oMElement) {
        HashMap hashMap = new HashMap();
        Iterator childrenWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.REQUEST_PARAMETERS)).getChildrenWithName(new QName("http://ws.apache.org/ns/synapse", "parameter"));
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            String attributeValue = oMElement2.getAttributeValue(new QName("name"));
            String trim = oMElement2.getText().trim();
            if (StringUtils.isBlank(attributeValue) || StringUtils.isBlank(trim)) {
                log.error("Invalid Request Parameters in OAuth configuration");
                return null;
            }
            hashMap.put(attributeValue, ResolverFactory.getInstance().getResolver(trim).resolve());
        }
        return hashMap;
    }

    private static Map<String, String> getCustomHeaders(OMElement oMElement) {
        HashMap hashMap = new HashMap();
        Iterator childrenWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.CUSTOM_HEADERS)).getChildrenWithName(new QName("http://ws.apache.org/ns/synapse", "header"));
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            String attributeValue = oMElement2.getAttributeValue(new QName("name"));
            String trim = oMElement2.getText().trim();
            if (StringUtils.isBlank(attributeValue) || StringUtils.isBlank(trim)) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.error("Invalid custom header in OAuth configuration");
                return null;
            }
            hashMap.put(attributeValue, ResolverFactory.getInstance().getResolver(trim).resolve());
        }
        return hashMap;
    }

    private static boolean hasRequestParameters(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.REQUEST_PARAMETERS));
        return firstChildWithName != null && firstChildWithName.getChildrenWithName(new QName("http://ws.apache.org/ns/synapse", "parameter")).hasNext();
    }

    private static boolean hasCustomHeaders(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", AuthConstants.CUSTOM_HEADERS));
        return firstChildWithName != null && firstChildWithName.getChildrenWithName(new QName("http://ws.apache.org/ns/synapse", "header")).hasNext();
    }

    public static String getChildValue(OMElement oMElement, String str) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://ws.apache.org/ns/synapse", str));
        if (hasANonEmptyValue(firstChildWithName)) {
            return ResolverFactory.getInstance().getResolver(firstChildWithName.getText().trim()).resolve();
        }
        return null;
    }

    public static int getOauthTimeouts(OMElement oMElement, String str) {
        String childValue = getChildValue(oMElement, str);
        if (childValue == null) {
            return -1;
        }
        try {
            return Integer.parseInt(childValue);
        } catch (NumberFormatException e) {
            log.warn("Error while parsing the value of " + childValue + " as an integer. Using default timeout", e);
            return -1;
        }
    }

    private static boolean hasANonEmptyValue(OMElement oMElement) {
        return oMElement != null && StringUtils.isNotBlank(oMElement.getText());
    }

    public static String getRandomOAuthHandlerID() {
        return AuthConstants.OAUTH_PREFIX + UIDGenerator.generateUID();
    }

    public static boolean retryOnOAuthFailure(OAuthConfiguredHTTPEndpoint oAuthConfiguredHTTPEndpoint, MessageContext messageContext, MessageContext messageContext2) {
        Boolean bool = (Boolean) messageContext2.getProperty(AuthConstants.RETRIED_ON_OAUTH_FAILURE);
        if (bool != null && bool.booleanValue()) {
            messageContext.setProperty(AuthConstants.RETRIED_ON_OAUTH_FAILURE, false);
            return false;
        }
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        Object property = axis2MessageContext.getProperty("HTTP_SC");
        if (property == null) {
            return false;
        }
        try {
            return Integer.parseInt(axis2MessageContext.getProperty("HTTP_SC").toString()) == 401;
        } catch (NumberFormatException e) {
            log.warn("Unable to set the HTTP status code from the property HTTP_SC with value: " + property);
            return false;
        }
    }

    private static boolean isExpression(String str) {
        return EXPRESSION_PATTERN.matcher(str).find();
    }

    private static boolean isJSONPath(String str) {
        return str.startsWith("json-eval(");
    }

    private static String evaluateExpression(String str, MessageContext messageContext) throws AuthException {
        try {
            return (isJSONPath(str) ? new Value(new SynapseJsonPath(str.substring(10, str.length() - 1))) : new Value(new SynapseXPath(str))).evaluateValue(messageContext);
        } catch (JaxenException e) {
            throw new AuthException("Error while building the expression : " + str);
        }
    }

    public static String resolveExpression(String str, MessageContext messageContext) throws AuthException {
        return isExpression(str) ? evaluateExpression(str.substring(1, str.length() - 1), messageContext) : str;
    }

    public static void append401HTTPSC(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        Object property = axis2MessageContext.getProperty(HTTPConstants.NON_ERROR_HTTP_STATUS_CODES);
        if (property instanceof Set) {
            Set set = (Set) property;
            set.add(401);
            axis2MessageContext.setProperty(HTTPConstants.NON_ERROR_HTTP_STATUS_CODES, set);
        } else {
            if (!(property instanceof String)) {
                axis2MessageContext.setProperty(HTTPConstants.NON_ERROR_HTTP_STATUS_CODES, String.valueOf(401));
                return;
            }
            String trim = ((String) property).trim();
            if (trim.contains(String.valueOf(401))) {
                return;
            }
            if (!trim.endsWith(",")) {
                trim = trim + ",";
            }
            axis2MessageContext.setProperty(HTTPConstants.NON_ERROR_HTTP_STATUS_CODES, trim + String.valueOf(401));
        }
    }

    public static OMElement createOMElementWithValue(OMFactory oMFactory, String str, String str2) {
        OMElement createOMElement = oMFactory.createOMElement(str, SynapseConstants.SYNAPSE_OMNAMESPACE);
        createOMElement.setText(str2);
        return createOMElement;
    }

    public static OMElement createOMRequestParams(OMFactory oMFactory, Map<String, String> map) {
        OMElement createOMElement = oMFactory.createOMElement(AuthConstants.REQUEST_PARAMETERS, SynapseConstants.SYNAPSE_OMNAMESPACE);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            OMElement createOMElement2 = oMFactory.createOMElement("parameter", SynapseConstants.SYNAPSE_OMNAMESPACE);
            createOMElement2.addAttribute("name", entry.getKey(), null);
            createOMElement2.setText(entry.getValue());
            createOMElement.addChild(createOMElement2);
        }
        return createOMElement;
    }
}
