package org.wso2.micro.gateway.enforcer.util;

import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import javax.net.ssl.SSLContext;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo;
import org.wso2.micro.gateway.enforcer.api.RequestContext;
import org.wso2.micro.gateway.enforcer.config.ConfigHolder;
import org.wso2.micro.gateway.enforcer.constants.APIConstants;
import org.wso2.micro.gateway.enforcer.constants.APISecurityConstants;
import org.wso2.micro.gateway.enforcer.dto.APIKeyValidationInfoDTO;
import org.wso2.micro.gateway.enforcer.exception.APISecurityException;
import org.wso2.micro.gateway.enforcer.exception.MGWException;
import org.wso2.micro.gateway.enforcer.security.AuthenticationContext;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/util/FilterUtils.class */
public class FilterUtils {
    private static final Logger log = LogManager.getLogger((Class<?>) FilterUtils.class);
    public static final String HOST_NAME_VERIFIER = "httpclient.hostnameVerifier";
    public static final String STRICT = "Strict";
    public static final String ALLOW_ALL = "AllowAll";

    public static String getMaskedToken(String str) {
        return str.length() >= 10 ? "XXXXX" + str.substring(str.length() - 10) : "XXXXX" + str.substring(str.length() / 2);
    }

    public static HttpClient getHttpClient(String str) {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = null;
        try {
            poolingHttpClientConnectionManager = getPoolingHttpClientConnectionManager(str);
        } catch (MGWException e) {
            log.error("Error while getting http client connection manager", (Throwable) e);
        }
        poolingHttpClientConnectionManager.setMaxTotal(Integer.parseInt("100"));
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(Integer.parseInt("10"));
        return HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).setDefaultRequestConfig(RequestConfig.custom().build()).build();
    }

    private static PoolingHttpClientConnectionManager getPoolingHttpClientConnectionManager(String str) throws MGWException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        if (APIConstants.HTTPS_PROTOCOL.equals(str)) {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register(APIConstants.HTTPS_PROTOCOL, createSocketFactory()).build());
        } else {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        }
        return poolingHttpClientConnectionManager;
    }

    private static SSLConnectionSocketFactory createSocketFactory() throws MGWException {
        try {
            SSLContext build = SSLContexts.custom().loadTrustMaterial(ConfigHolder.getInstance().getTrustStore()).build();
            String property = System.getProperty(HOST_NAME_VERIFIER);
            return new SSLConnectionSocketFactory(build, ALLOW_ALL.equalsIgnoreCase(property) ? SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : STRICT.equalsIgnoreCase(property) ? SSLSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        } catch (KeyManagementException e) {
            handleException("Failed to initialize sslContext ", e);
            return null;
        } catch (KeyStoreException e2) {
            handleException("Failed to read from Key Store", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            handleException("Failed to initialize sslContext. ", e3);
            return null;
        }
    }

    public static void handleException(String str, Throwable th) throws MGWException {
        log.error(str, th);
        throw new MGWException(str, th);
    }

    public static String getTenantDomainFromRequestURL(String str) {
        String str2 = null;
        if (str.contains("/t/")) {
            int indexOf = str.indexOf("/t/");
            int indexOf2 = str.indexOf("/", indexOf + 3);
            str2 = indexOf2 != -1 ? str.substring(indexOf + 3, indexOf2) : str.substring(indexOf + 3);
        }
        return str2;
    }

    public static AuthenticationContext generateAuthenticationContext(RequestContext requestContext, String str, JWTValidationInfo jWTValidationInfo, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str2, boolean z) {
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        authenticationContext.setAuthenticated(true);
        authenticationContext.setApiKey(str);
        authenticationContext.setUsername(jWTValidationInfo.getUser());
        if (aPIKeyValidationInfoDTO != null) {
            authenticationContext.setApiTier(aPIKeyValidationInfoDTO.getApiTier());
            authenticationContext.setKeyType(aPIKeyValidationInfoDTO.getType());
            authenticationContext.setApplicationId(aPIKeyValidationInfoDTO.getApplicationId());
            authenticationContext.setApplicationName(aPIKeyValidationInfoDTO.getApplicationName());
            authenticationContext.setApplicationTier(aPIKeyValidationInfoDTO.getApplicationTier());
            authenticationContext.setSubscriber(aPIKeyValidationInfoDTO.getSubscriber());
            authenticationContext.setTier(aPIKeyValidationInfoDTO.getTier());
            authenticationContext.setSubscriberTenantDomain(aPIKeyValidationInfoDTO.getSubscriberTenantDomain());
            authenticationContext.setApiName(aPIKeyValidationInfoDTO.getApiName());
            authenticationContext.setApiPublisher(aPIKeyValidationInfoDTO.getApiPublisher());
            authenticationContext.setStopOnQuotaReach(aPIKeyValidationInfoDTO.isStopOnQuotaReach());
            authenticationContext.setSpikeArrestLimit(aPIKeyValidationInfoDTO.getSpikeArrestLimit());
            authenticationContext.setSpikeArrestUnit(aPIKeyValidationInfoDTO.getSpikeArrestUnit());
            authenticationContext.setConsumerKey(aPIKeyValidationInfoDTO.getConsumerKey());
            authenticationContext.setIsContentAware(aPIKeyValidationInfoDTO.isContentAware());
        }
        if (z) {
            authenticationContext.setConsumerKey(jWTValidationInfo.getConsumerKey());
        }
        if (StringUtils.isNotEmpty(str2)) {
            authenticationContext.setCallerToken(str2);
        }
        return authenticationContext;
    }

    public static long ipToLong(String str) {
        long j = 0;
        String[] split = str.split("\\.");
        for (int i = 3; i >= 0; i--) {
            j |= Long.parseLong(split[3 - i]) << (i * 8);
        }
        return j;
    }

    public static BigInteger ipToBigInteger(String str) {
        try {
            return new BigInteger(1, InetAddress.getByName(str).getAddress());
        } catch (UnknownHostException e) {
            log.error("Error while parsing host IP " + str, (Throwable) e);
            return BigInteger.ZERO;
        }
    }

    public static JWTInfoDto generateJWTInfoDto(JSONObject jSONObject, JWTValidationInfo jWTValidationInfo, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, RequestContext requestContext) {
        JWTInfoDto jWTInfoDto = new JWTInfoDto();
        jWTInfoDto.setJwtValidationInfo(jWTValidationInfo);
        String basePath = requestContext.getMathedAPI().getAPIConfig().getBasePath();
        String version = requestContext.getMathedAPI().getAPIConfig().getVersion();
        jWTInfoDto.setApicontext(basePath);
        jWTInfoDto.setVersion(version);
        constructJWTContent(jSONObject, aPIKeyValidationInfoDTO, jWTInfoDto);
        return jWTInfoDto;
    }

    private static void constructJWTContent(JSONObject jSONObject, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, JWTInfoDto jWTInfoDto) {
        if (aPIKeyValidationInfoDTO != null) {
            jWTInfoDto.setApplicationid(aPIKeyValidationInfoDTO.getApplicationId());
            jWTInfoDto.setApplicationname(aPIKeyValidationInfoDTO.getApplicationName());
            jWTInfoDto.setApplicationtier(aPIKeyValidationInfoDTO.getApplicationTier());
            jWTInfoDto.setKeytype(aPIKeyValidationInfoDTO.getType());
            jWTInfoDto.setSubscriber(aPIKeyValidationInfoDTO.getSubscriber());
            jWTInfoDto.setSubscriptionTier(aPIKeyValidationInfoDTO.getTier());
            jWTInfoDto.setApiName(aPIKeyValidationInfoDTO.getApiName());
            jWTInfoDto.setEndusertenantid(0);
            jWTInfoDto.setApplicationuuid(aPIKeyValidationInfoDTO.getApplicationUUID());
            jWTInfoDto.setAppAttributes(aPIKeyValidationInfoDTO.getAppAttributes());
            return;
        }
        if (jSONObject != null) {
            jWTInfoDto.setApiName(jSONObject.getAsString("name"));
            String asString = jSONObject.getAsString("subscriptionTier");
            jSONObject.getAsString("subscriberTenantDomain");
            jWTInfoDto.setSubscriptionTier(asString);
            jWTInfoDto.setEndusertenantid(0);
            Map<String, Object> claims = jWTInfoDto.getJwtValidationInfo().getClaims();
            if (claims.get("application") != null) {
                JSONObject jSONObject2 = (JSONObject) claims.get("application");
                jWTInfoDto.setApplicationid(String.valueOf(jSONObject2.getAsNumber("id")));
                jWTInfoDto.setApplicationname(jSONObject2.getAsString("name"));
                jWTInfoDto.setApplicationtier(jSONObject2.getAsString("tier"));
                jWTInfoDto.setSubscriber(jSONObject2.getAsString("owner"));
            }
        }
    }

    public static void setErrorToContext(RequestContext requestContext, APISecurityException aPISecurityException) {
        Map<String, Object> properties = requestContext.getProperties();
        if (!properties.containsKey(APIConstants.MessageFormat.STATUS_CODE)) {
            requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(aPISecurityException.getStatusCode()));
        }
        if (!properties.containsKey(APIConstants.MessageFormat.ERROR_CODE)) {
            requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_CODE, Integer.valueOf(aPISecurityException.getErrorCode()));
        }
        if (!properties.containsKey(APIConstants.MessageFormat.ERROR_MESSAGE)) {
            requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, APISecurityConstants.getAuthenticationFailureMessage(aPISecurityException.getErrorCode()));
        }
        if (properties.containsKey(APIConstants.MessageFormat.ERROR_DESCRIPTION)) {
            return;
        }
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, APISecurityConstants.getFailureMessageDetailDescription(aPISecurityException.getErrorCode(), aPISecurityException.getMessage()));
    }

    public static void setUnauthenticatedErrorToContext(RequestContext requestContext) {
        requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(APIConstants.StatusCodes.UNAUTHENTICATED.getCode()));
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_CODE, 900901);
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, APISecurityConstants.getAuthenticationFailureMessage(900901));
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_DESCRIPTION);
    }

    public static void setThrottleErrorToContext(RequestContext requestContext, int i, String str, String str2) {
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_CODE, Integer.valueOf(i));
        requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(APIConstants.StatusCodes.THROTTLED.getCode()));
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, str);
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, str2);
    }
}
