package org.wso2.choreo.connect.enforcer.util;

import com.nimbusds.jwt.JWTClaimsSet;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.carbon.apimgt.common.gateway.constants.JWTConstants;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo;
import org.wso2.choreo.connect.enforcer.commons.exception.APISecurityException;
import org.wso2.choreo.connect.enforcer.commons.exception.EnforcerException;
import org.wso2.choreo.connect.enforcer.commons.logging.ErrorDetails;
import org.wso2.choreo.connect.enforcer.commons.logging.LoggingConstants;
import org.wso2.choreo.connect.enforcer.commons.model.AuthenticationContext;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.commons.model.SecuritySchemaConfig;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.dto.AuthHeaderDto;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.APISecurityConstants;
import org.wso2.choreo.connect.enforcer.dto.APIKeyValidationInfoDTO;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/util/FilterUtils.class */
public class FilterUtils {
    public static final String HOST_NAME_VERIFIER = "httpclient.hostnameVerifier";
    public static final String STRICT = "Strict";
    public static final String ALLOW_ALL = "AllowAll";
    private static final Logger log = LogManager.getLogger(FilterUtils.class);
    public static final List<String> SKIPPED_FAULT_CODES = new ArrayList(Arrays.asList("700700"));

    /* loaded from: input_file:org/wso2/choreo/connect/enforcer/util/FilterUtils$HTTPClientOptions.class */
    public static class HTTPClientOptions {
        public static final String CONNECT_TIMEOUT = "CONNECT_TIMEOUT";
        public static final String SOCKET_TIMEOUT = "SOCKET_TIMEOUT";
        public static final String MAX_OPEN_CONNECTIONS = "MAX_OPEN_CONNECTIONS";
        public static final String MAX_PER_ROUTE = "MAX_PER_ROUTE";
    }

    public static String getMaskedToken(String str) {
        return str.length() >= 10 ? "XXXXX" + str.substring(str.length() - 10) : "XXXXX" + str.substring(str.length() / 2);
    }

    public static HttpClient getHttpClient(String str) {
        return getHttpClient(str, null, null);
    }

    public static HttpClient getHttpClient(String str, KeyStore keyStore, Map<String, String> map) {
        if (map == null) {
            map = Collections.emptyMap();
        }
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = null;
        try {
            poolingHttpClientConnectionManager = getPoolingHttpClientConnectionManager(str, keyStore);
            poolingHttpClientConnectionManager.setMaxTotal(Integer.parseInt(map.getOrDefault(HTTPClientOptions.MAX_OPEN_CONNECTIONS, "100")));
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(Integer.parseInt(map.getOrDefault(HTTPClientOptions.MAX_PER_ROUTE, "10")));
        } catch (EnforcerException e) {
            log.error("Error while getting http client connection manager", e);
        }
        RequestConfig.Builder custom = RequestConfig.custom();
        if (map.containsKey(HTTPClientOptions.CONNECT_TIMEOUT)) {
            custom.setConnectTimeout(Integer.parseInt(map.get(HTTPClientOptions.CONNECT_TIMEOUT)));
        }
        if (map.containsKey(HTTPClientOptions.SOCKET_TIMEOUT)) {
            custom.setSocketTimeout(Integer.parseInt(map.get(HTTPClientOptions.SOCKET_TIMEOUT)));
        }
        return HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).setDefaultRequestConfig(custom.build()).build();
    }

    public static KeyStore createClientKeyStore(String str, String str2) {
        try {
            Certificate certificateFromFile = TLSUtils.getCertificateFromFile(str);
            PrivateKey privateKey = JWTUtils.getPrivateKey(str2);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("client-keys", privateKey, null, new Certificate[]{certificateFromFile});
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | EnforcerException e) {
            log.error("Error creating client KeyStore by loading cert and key from file", ErrorDetails.errorLog(LoggingConstants.Severity.MAJOR, 7100), e);
            return null;
        }
    }

    private static PoolingHttpClientConnectionManager getPoolingHttpClientConnectionManager(String str, KeyStore keyStore) throws EnforcerException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        if ("https".equals(str)) {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register("https", createSocketFactory(keyStore)).build());
        } else {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        }
        return poolingHttpClientConnectionManager;
    }

    private static SSLConnectionSocketFactory createSocketFactory(KeyStore keyStore) throws EnforcerException {
        try {
            SSLContextBuilder loadTrustMaterial = SSLContexts.custom().loadTrustMaterial(ConfigHolder.getInstance().getTrustStore());
            if (keyStore != null) {
                loadTrustMaterial.loadKeyMaterial(keyStore, null);
            }
            SSLContext build = loadTrustMaterial.build();
            String property = System.getProperty(HOST_NAME_VERIFIER);
            return new SSLConnectionSocketFactory(build, ALLOW_ALL.equalsIgnoreCase(property) ? SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : STRICT.equalsIgnoreCase(property) ? SSLSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        } catch (KeyManagementException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            handleException("Failed to initialize sslContext ", e);
            return null;
        } catch (KeyStoreException e2) {
            handleException("Failed to read from Key Store", e2);
            return null;
        }
    }

    public static void handleException(String str, Throwable th) throws EnforcerException {
        log.error(str, th);
        throw new EnforcerException(str, th);
    }

    public static String getTenantDomainFromRequestURL(String str) {
        String str2 = null;
        if (str.contains("/t/")) {
            int indexOf = str.indexOf("/t/");
            int indexOf2 = str.indexOf("/", indexOf + 3);
            str2 = indexOf2 != -1 ? str.substring(indexOf + 3, indexOf2) : str.substring(indexOf + 3);
        }
        return str2;
    }

    public static AuthenticationContext generateAuthenticationContextForUnsecured(RequestContext requestContext) {
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        String clientIp = requestContext.getClientIp();
        authenticationContext.setAuthenticated(true);
        authenticationContext.setTier(APIConstants.UNAUTHENTICATED_TIER);
        authenticationContext.setApiKey(clientIp);
        if (StringUtils.isEmpty(requestContext.getProdClusterHeader())) {
            authenticationContext.setKeyType(APIConstants.API_KEY_TYPE_SANDBOX);
        } else {
            authenticationContext.setKeyType(APIConstants.API_KEY_TYPE_PRODUCTION);
        }
        authenticationContext.setUsername("anonymous");
        authenticationContext.setApplicationUUID(clientIp);
        authenticationContext.setApplicationName(null);
        authenticationContext.setApplicationTier("Unlimited");
        authenticationContext.setSubscriber("anonymous");
        authenticationContext.setApiName(requestContext.getMatchedAPI().getName());
        authenticationContext.setStopOnQuotaReach(true);
        authenticationContext.setConsumerKey(null);
        authenticationContext.setCallerToken(null);
        String uuid = requestContext.getMatchedAPI().getUuid();
        if (!StringUtils.isEmpty(uuid)) {
            authenticationContext.setApiUUID(uuid);
        }
        return authenticationContext;
    }

    public static AuthenticationContext generateAuthenticationContext(RequestContext requestContext, String str, JWTValidationInfo jWTValidationInfo, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str2, String str3, boolean z) {
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        authenticationContext.setAuthenticated(true);
        authenticationContext.setApiKey(str);
        authenticationContext.setUsername(jWTValidationInfo.getUser());
        if (aPIKeyValidationInfoDTO != null) {
            authenticationContext.setKeyType(aPIKeyValidationInfoDTO.getType());
            authenticationContext.setApplicationId(aPIKeyValidationInfoDTO.getApplicationId());
            authenticationContext.setApplicationUUID(aPIKeyValidationInfoDTO.getApplicationUUID());
            authenticationContext.setApplicationName(aPIKeyValidationInfoDTO.getApplicationName());
            authenticationContext.setApplicationTier(aPIKeyValidationInfoDTO.getApplicationTier());
            authenticationContext.setSubscriber(aPIKeyValidationInfoDTO.getSubscriber());
            authenticationContext.setTier(aPIKeyValidationInfoDTO.getTier());
            authenticationContext.setSubscriberTenantDomain(aPIKeyValidationInfoDTO.getSubscriberTenantDomain());
            authenticationContext.setApiName(aPIKeyValidationInfoDTO.getApiName());
            authenticationContext.setApiVersion(aPIKeyValidationInfoDTO.getApiVersion());
            authenticationContext.setApiPublisher(aPIKeyValidationInfoDTO.getApiPublisher());
            authenticationContext.setStopOnQuotaReach(aPIKeyValidationInfoDTO.isStopOnQuotaReach());
            authenticationContext.setSpikeArrestLimit(aPIKeyValidationInfoDTO.getSpikeArrestLimit());
            authenticationContext.setSpikeArrestUnit(aPIKeyValidationInfoDTO.getSpikeArrestUnit());
            authenticationContext.setConsumerKey(aPIKeyValidationInfoDTO.getConsumerKey());
            authenticationContext.setIsContentAware(aPIKeyValidationInfoDTO.isContentAware());
            authenticationContext.setApiUUID(aPIKeyValidationInfoDTO.getApiUUID());
            authenticationContext.setRawToken(str3);
        }
        if (z) {
            authenticationContext.setConsumerKey(jWTValidationInfo.getConsumerKey());
        }
        if (StringUtils.isNotEmpty(str2)) {
            authenticationContext.setCallerToken(str2);
        }
        return authenticationContext;
    }

    public static long ipToLong(String str) {
        long j = 0;
        String[] split = str.split("\\.");
        for (int i = 3; i >= 0; i--) {
            j |= Long.parseLong(split[3 - i]) << (i * 8);
        }
        return j;
    }

    public static BigInteger ipToBigInteger(String str) {
        try {
            return new BigInteger(1, InetAddress.getByName(str).getAddress());
        } catch (UnknownHostException e) {
            log.error("Error while parsing host IP " + str, e);
            return BigInteger.ZERO;
        }
    }

    public static AuthenticationContext generateAuthenticationContext(String str, JWTClaimsSet jWTClaimsSet, JSONObject jSONObject, String str2, String str3) throws ParseException {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.setAuthenticated(true);
        authenticationContext.setApiKey(str);
        authenticationContext.setRawToken(str3);
        authenticationContext.setUsername(jWTClaimsSet.getSubject());
        if (jWTClaimsSet.getClaim(APIConstants.JwtTokenConstants.KEY_TYPE) != null) {
            authenticationContext.setKeyType(jWTClaimsSet.getStringClaim(APIConstants.JwtTokenConstants.KEY_TYPE));
        } else {
            authenticationContext.setKeyType(APIConstants.API_KEY_TYPE_PRODUCTION);
        }
        if (jSONObject != null) {
            authenticationContext.setTier("Unlimited");
            authenticationContext.setApiName(jSONObject.getAsString("name"));
            authenticationContext.setApiPublisher(jSONObject.getAsString(APIConstants.JwtTokenConstants.API_PUBLISHER));
        }
        if (!StringUtils.isEmpty(str2)) {
            authenticationContext.setApiUUID(str2);
        }
        authenticationContext.setApplicationName(APIConstants.JwtTokenConstants.INTERNAL_KEY_APP_NAME);
        authenticationContext.setApplicationUUID(UUID.nameUUIDFromBytes(APIConstants.JwtTokenConstants.INTERNAL_KEY_APP_NAME.getBytes(StandardCharsets.UTF_8)).toString());
        authenticationContext.setApplicationTier("Unlimited");
        authenticationContext.setSubscriber(APIConstants.JwtTokenConstants.INTERNAL_KEY_APP_NAME);
        return authenticationContext;
    }

    public static JWTInfoDto generateJWTInfoDto(JSONObject jSONObject, JWTValidationInfo jWTValidationInfo, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, RequestContext requestContext) {
        JWTInfoDto jWTInfoDto = new JWTInfoDto();
        jWTInfoDto.setJwtValidationInfo(jWTValidationInfo);
        String basePath = requestContext.getMatchedAPI().getBasePath();
        String version = requestContext.getMatchedAPI().getVersion();
        jWTInfoDto.setApiContext(basePath);
        jWTInfoDto.setVersion(version);
        constructJWTContent(jSONObject, aPIKeyValidationInfoDTO, jWTInfoDto);
        return jWTInfoDto;
    }

    private static void constructJWTContent(JSONObject jSONObject, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, JWTInfoDto jWTInfoDto) {
        Map<String, Object> claimsFromJWTValidationInfo = getClaimsFromJWTValidationInfo(jWTInfoDto);
        if (claimsFromJWTValidationInfo != null) {
            if (claimsFromJWTValidationInfo.get(JWTConstants.SUB) != null) {
                jWTInfoDto.setSub((String) claimsFromJWTValidationInfo.get(JWTConstants.SUB));
            }
            if (claimsFromJWTValidationInfo.get(JWTConstants.ORGANIZATIONS) != null) {
                JSONArray jSONArray = (JSONArray) claimsFromJWTValidationInfo.get(JWTConstants.ORGANIZATIONS);
                String[] strArr = new String[jSONArray.size()];
                for (int i = 0; i < jSONArray.size(); i++) {
                    strArr[i] = jSONArray.get(i).toString();
                }
                jWTInfoDto.setOrganizations(strArr);
            }
        }
        if (aPIKeyValidationInfoDTO != null) {
            jWTInfoDto.setApplicationId(aPIKeyValidationInfoDTO.getApplicationUUID());
            jWTInfoDto.setApplicationName(aPIKeyValidationInfoDTO.getApplicationName());
            jWTInfoDto.setApplicationTier(aPIKeyValidationInfoDTO.getApplicationTier());
            jWTInfoDto.setKeyType(aPIKeyValidationInfoDTO.getType());
            jWTInfoDto.setSubscriber(aPIKeyValidationInfoDTO.getSubscriber());
            jWTInfoDto.setSubscriptionTier(aPIKeyValidationInfoDTO.getTier());
            jWTInfoDto.setApiName(aPIKeyValidationInfoDTO.getApiName());
            jWTInfoDto.setEndUserTenantId(0);
            jWTInfoDto.setApplicationUUId(aPIKeyValidationInfoDTO.getApplicationUUID());
            jWTInfoDto.setAppAttributes(aPIKeyValidationInfoDTO.getAppAttributes());
            return;
        }
        if (jSONObject != null) {
            jWTInfoDto.setApiName(jSONObject.getAsString("name"));
            String asString = jSONObject.getAsString("subscriptionTier");
            jSONObject.getAsString("subscriberTenantDomain");
            jWTInfoDto.setSubscriptionTier(asString);
            jWTInfoDto.setEndUserTenantId(0);
            if (claimsFromJWTValidationInfo == null || claimsFromJWTValidationInfo.get("application") == null) {
                return;
            }
            JSONObject jSONObject2 = (JSONObject) claimsFromJWTValidationInfo.get("application");
            jWTInfoDto.setApplicationId(String.valueOf(jSONObject2.getAsNumber("id")));
            jWTInfoDto.setApplicationName(jSONObject2.getAsString("name"));
            jWTInfoDto.setApplicationTier(jSONObject2.getAsString("tier"));
            jWTInfoDto.setSubscriber(jSONObject2.getAsString("owner"));
        }
    }

    private static Map<String, Object> getClaimsFromJWTValidationInfo(JWTInfoDto jWTInfoDto) {
        if (jWTInfoDto.getJwtValidationInfo() != null) {
            return jWTInfoDto.getJwtValidationInfo().getClaims();
        }
        return null;
    }

    public static void setErrorToContext(RequestContext requestContext, APISecurityException aPISecurityException) {
        Map<String, Object> properties = requestContext.getProperties();
        if (!properties.containsKey(APIConstants.MessageFormat.STATUS_CODE)) {
            requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(aPISecurityException.getStatusCode()));
        }
        if (!properties.containsKey("code")) {
            requestContext.getProperties().put("code", Integer.valueOf(aPISecurityException.getErrorCode()));
        }
        if (!properties.containsKey(APIConstants.MessageFormat.ERROR_MESSAGE)) {
            requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, APISecurityConstants.getAuthenticationFailureMessage(aPISecurityException.getErrorCode()));
        }
        if (properties.containsKey(APIConstants.MessageFormat.ERROR_DESCRIPTION)) {
            return;
        }
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, APISecurityConstants.getFailureMessageDetailDescription(aPISecurityException.getErrorCode(), aPISecurityException.getMessage()));
    }

    public static void setErrorToContext(RequestContext requestContext, int i, int i2, String str, String str2) {
        Map<String, Object> properties = requestContext.getProperties();
        properties.putIfAbsent(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(i2));
        properties.putIfAbsent("code", Integer.valueOf(i));
        properties.putIfAbsent(APIConstants.MessageFormat.ERROR_MESSAGE, str);
        properties.putIfAbsent(APIConstants.MessageFormat.ERROR_DESCRIPTION, APISecurityConstants.getFailureMessageDetailDescription(i, str2));
    }

    public static void setUnauthenticatedErrorToContext(RequestContext requestContext) {
        requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(APIConstants.StatusCodes.UNAUTHENTICATED.getCode()));
        requestContext.getProperties().put("code", 900901);
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, APISecurityConstants.getAuthenticationFailureMessage(900901));
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_DESCRIPTION);
    }

    public static void setThrottleErrorToContext(RequestContext requestContext, int i, String str, String str2) {
        requestContext.getProperties().put("code", Integer.valueOf(i));
        if (900805 == i) {
            requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(APIConstants.StatusCodes.UNAUTHORIZED.getCode()));
        } else {
            requestContext.getProperties().put(APIConstants.MessageFormat.STATUS_CODE, Integer.valueOf(APIConstants.StatusCodes.THROTTLED.getCode()));
        }
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_MESSAGE, str);
        requestContext.getProperties().put(APIConstants.MessageFormat.ERROR_DESCRIPTION, str2);
    }

    public static <T> Map<String, T> generateMap(Collection<T> collection) {
        if (collection == null) {
            return new HashMap();
        }
        HashMap hashMap = new HashMap();
        for (T t : collection) {
            hashMap.put(t.toString(), t);
        }
        return hashMap;
    }

    public static String buildUsernameWithTenant(String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            str2 = "carbon.super";
        }
        return !StringUtils.contains(str, str2) ? str + "@" + str2 : str;
    }

    public static String getClientIp(Map<String, String> map, String str) {
        String str2 = str;
        String str3 = map.get(APIConstants.X_FORWARDED_FOR);
        if (!StringUtils.isEmpty(str3)) {
            str2 = str3;
            int indexOf = str3.indexOf(44);
            if (indexOf > -1) {
                str2 = str2.substring(0, indexOf);
            }
        }
        return str2;
    }

    public static String getAuthHeaderName(RequestContext requestContext) {
        AuthHeaderDto authHeader = ConfigHolder.getInstance().getConfig().getAuthHeader();
        String authHeader2 = requestContext.getMatchedAPI().getAuthHeader();
        if (StringUtils.isEmpty(authHeader2)) {
            authHeader2 = authHeader.getAuthorizationHeader();
        }
        if (StringUtils.isEmpty(authHeader2)) {
            authHeader2 = "Authorization";
        }
        return authHeader2.toLowerCase();
    }

    public static List<String> getAPIKeyDefinitionNames(Map<String, SecuritySchemaConfig> map) {
        ArrayList arrayList = new ArrayList();
        for (SecuritySchemaConfig securitySchemaConfig : map.values()) {
            if (securitySchemaConfig.getType().equalsIgnoreCase("apiKey")) {
                arrayList.add(securitySchemaConfig.getDefinitionName());
            }
        }
        return arrayList;
    }

    public static boolean isSkippedAnalyticsFaultEvent(String str) {
        return SKIPPED_FAULT_CODES.contains(str);
    }

    public static long getTimeStampSkewInSeconds() {
        return 5L;
    }

    public static <K, V> void putToMapIfNotNull(Map<K, V> map, K k, V v) {
        if (v != null) {
            map.put(k, v);
        }
    }
}
