package org.wso2.micro.gateway.enforcer.security;

import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.wso2.micro.gateway.enforcer.Filter;
import org.wso2.micro.gateway.enforcer.api.RequestContext;
import org.wso2.micro.gateway.enforcer.api.config.APIConfig;
import org.wso2.micro.gateway.enforcer.constants.APIConstants;
import org.wso2.micro.gateway.enforcer.constants.AdapterConstants;
import org.wso2.micro.gateway.enforcer.exception.APISecurityException;
import org.wso2.micro.gateway.enforcer.security.jwt.JWTAuthenticator;
import org.wso2.micro.gateway.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/security/AuthFilter.class */
public class AuthFilter implements Filter {
    private List<Authenticator> authenticators = new ArrayList();

    @Override // org.wso2.micro.gateway.enforcer.Filter
    public void init(APIConfig aPIConfig) {
        this.authenticators.add(new JWTAuthenticator());
    }

    @Override // org.wso2.micro.gateway.enforcer.Filter
    public boolean handleRequest(RequestContext requestContext) {
        try {
            for (Authenticator authenticator : this.authenticators) {
                if (authenticator.canAuthenticate(requestContext)) {
                    AuthenticationContext authenticate = authenticator.authenticate(requestContext);
                    if (authenticate.isAuthenticated()) {
                        updateClusterHeaderAndCheckEnv(requestContext, authenticate);
                        return true;
                    }
                }
            }
            FilterUtils.setUnauthenticatedErrorToContext(requestContext);
            return false;
        } catch (APISecurityException e) {
            FilterUtils.setErrorToContext(requestContext, e);
            return false;
        }
    }

    private void updateClusterHeaderAndCheckEnv(RequestContext requestContext, AuthenticationContext authenticationContext) throws APISecurityException {
        String keyType = authenticationContext.getKeyType();
        if (StringUtils.isEmpty(authenticationContext.getKeyType())) {
            keyType = APIConstants.API_KEY_TYPE_PRODUCTION;
        }
        if (!requestContext.isClusterHeaderEnabled()) {
            if (keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_PRODUCTION) && StringUtils.isEmpty(requestContext.getProdClusterHeader())) {
                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900901, "Production key offered to the API with no production endpoint");
            }
            if (keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_SANDBOX) && StringUtils.isEmpty(requestContext.getSandClusterHeader())) {
                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900901, "Sandbox key offered to the API with no sandbox endpoint");
            }
            return;
        }
        if (keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_PRODUCTION)) {
            requestContext.addResponseHeaders(AdapterConstants.CLUSTER_HEADER, requestContext.getProdClusterHeader());
            return;
        }
        if (keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_SANDBOX)) {
            requestContext.addResponseHeaders(AdapterConstants.CLUSTER_HEADER, requestContext.getSandClusterHeader());
        } else {
            if (keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_PRODUCTION)) {
                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900901, "Production key offered to the API with no production endpoint");
            }
            if (!keyType.equalsIgnoreCase(APIConstants.API_KEY_TYPE_SANDBOX)) {
                throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900901, "Invalid key type.");
            }
            throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900901, "Sandbox key offered to the API with no sandbox endpoint");
        }
    }
}
