package org.wso2.choreo.connect.enforcer.grpc;

import com.google.protobuf.Struct;
import com.google.protobuf.Value;
import com.google.rpc.Status;
import io.envoyproxy.envoy.config.core.v3.HeaderValue;
import io.envoyproxy.envoy.config.core.v3.HeaderValueOption;
import io.envoyproxy.envoy.service.auth.v3.AuthorizationGrpc;
import io.envoyproxy.envoy.service.auth.v3.CheckRequest;
import io.envoyproxy.envoy.service.auth.v3.CheckResponse;
import io.envoyproxy.envoy.service.auth.v3.DeniedHttpResponse;
import io.envoyproxy.envoy.service.auth.v3.OkHttpResponse;
import io.envoyproxy.envoy.type.v3.HttpStatus;
import io.grpc.stub.StreamObserver;
import io.opentelemetry.context.Scope;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.log4j.spi.LocationInfo;
import org.apache.logging.log4j.ThreadContext;
import org.json.JSONObject;
import org.wso2.choreo.connect.enforcer.api.ResponseObject;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.HttpConstants;
import org.wso2.choreo.connect.enforcer.metrics.MetricsManager;
import org.wso2.choreo.connect.enforcer.server.HttpRequestHandler;
import org.wso2.choreo.connect.enforcer.tracing.TracingConstants;
import org.wso2.choreo.connect.enforcer.tracing.TracingContextHolder;
import org.wso2.choreo.connect.enforcer.tracing.TracingSpan;
import org.wso2.choreo.connect.enforcer.tracing.Utils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/grpc/ExtAuthService.class */
public class ExtAuthService extends AuthorizationGrpc.AuthorizationImplBase {
    private HttpRequestHandler requestHandler = new HttpRequestHandler();

    @Override // io.envoyproxy.envoy.service.auth.v3.AuthorizationGrpc.AuthorizationImplBase
    public void check(CheckRequest checkRequest, StreamObserver<CheckResponse> streamObserver) {
        TracingSpan tracingSpan = null;
        Scope scope = null;
        long currentTimeMillis = System.currentTimeMillis();
        try {
            String headersOrDefault = checkRequest.getAttributes().getRequest().getHttp().getHeadersOrDefault(HttpConstants.X_REQUEST_ID_HEADER, checkRequest.getAttributes().getRequest().getHttp().getId());
            if (Utils.tracingEnabled()) {
                tracingSpan = Utils.startSpan(TracingConstants.EXT_AUTH_SERVICE_SPAN, TracingContextHolder.getInstance().getContext(), Utils.getGlobalTracer());
                scope = tracingSpan.getSpan().makeCurrent();
                Utils.setTag(tracingSpan, "traceId", headersOrDefault);
            }
            ThreadContext.put("traceId", headersOrDefault);
            streamObserver.onNext(buildResponse(checkRequest, this.requestHandler.process(checkRequest)));
            streamObserver.onCompleted();
            ThreadContext.remove("traceId");
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            if (MetricsManager.isMetricsEnabled()) {
                MetricsManager.getInstance().trackMetric("enforcerLatency", System.currentTimeMillis() - currentTimeMillis);
            }
        } catch (Throwable th) {
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            if (MetricsManager.isMetricsEnabled()) {
                MetricsManager.getInstance().trackMetric("enforcerLatency", System.currentTimeMillis() - currentTimeMillis);
            }
            throw th;
        }
    }

    private CheckResponse buildResponse(CheckRequest checkRequest, ResponseObject responseObject) {
        DeniedHttpResponse.Builder newBuilder = DeniedHttpResponse.newBuilder();
        CheckResponse.Builder newBuilder2 = CheckResponse.newBuilder();
        String id = checkRequest.getAttributes().getRequest().getHttp().getId();
        if (!responseObject.isDirectResponse()) {
            OkHttpResponse.Builder newBuilder3 = OkHttpResponse.newBuilder();
            if (responseObject.getQueryParamsToRemove().size() > 0 || responseObject.getQueryParamsToAdd().size() > 0 || responseObject.isRemoveAllQueryParams()) {
                newBuilder3.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey(":path").setValue(constructQueryParamString(responseObject.isRemoveAllQueryParams(), responseObject.getRequestPath(), responseObject.getQueryParamMap(), responseObject.getQueryParamsToRemove(), responseObject.getQueryParamsToAdd())).build()).build());
            }
            if (responseObject.getHeaderMap() != null) {
                responseObject.getHeaderMap().forEach((str, str2) -> {
                    newBuilder3.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey(str).setValue(str2).build()).build());
                });
            }
            newBuilder3.addAllHeadersToRemove(responseObject.getRemoveHeaderMap());
            Struct.Builder newBuilder4 = Struct.newBuilder();
            if (responseObject.getMetaDataMap() != null) {
                responseObject.getMetaDataMap().forEach((str3, str4) -> {
                    newBuilder4.putFields(str3, Value.newBuilder().setStringValue(str4).build());
                });
            }
            newBuilder3.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey(APIConstants.API_TRACE_KEY).setValue(id).build()).build());
            return CheckResponse.newBuilder().setStatus(Status.newBuilder().setCode(0).build()).setOkResponse(newBuilder3.build()).setDynamicMetadata(newBuilder4.build()).build();
        }
        if (responseObject.getHeaderMap() != null) {
            responseObject.getHeaderMap().forEach((str5, str6) -> {
                newBuilder.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey(str5).setValue(str6).build()).build());
            });
        }
        newBuilder.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey(APIConstants.API_TRACE_KEY).setValue(id).build()));
        newBuilder.setStatus(HttpStatus.newBuilder().setCodeValue(responseObject.getStatusCode()).build());
        if (responseObject.getResponsePayload() != null) {
            newBuilder.setBody(responseObject.getResponsePayload());
        }
        if (responseObject.getErrorCode() != null) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", responseObject.getErrorCode());
            jSONObject.put(APIConstants.MessageFormat.ERROR_MESSAGE, responseObject.getErrorMessage());
            jSONObject.put(APIConstants.MessageFormat.ERROR_DESCRIPTION, responseObject.getErrorDescription());
            newBuilder.setBody(jSONObject.toString());
            newBuilder.addHeaders(HeaderValueOption.newBuilder().setHeader(HeaderValue.newBuilder().setKey("Content-type").setValue("application/json").build()).build());
        }
        Struct.Builder newBuilder5 = Struct.newBuilder();
        if (responseObject.getMetaDataMap() != null) {
            responseObject.getMetaDataMap().forEach((str7, str8) -> {
                newBuilder5.putFields(str7, Value.newBuilder().setStringValue(str8).build());
            });
        }
        newBuilder5.putFields("correlationID", Value.newBuilder().setStringValue(responseObject.getCorrelationID()).build());
        return newBuilder2.setDynamicMetadata(newBuilder5.build()).setDeniedResponse(newBuilder.build()).setStatus(Status.newBuilder().setCode(getDirectResponseCode(responseObject.getStatusCode()))).build();
    }

    private int getDirectResponseCode(int i) {
        switch (i) {
            case 401:
                return 16;
            case 403:
                return 7;
            case 409:
                return 8;
            default:
                return 13;
        }
    }

    private String constructQueryParamString(boolean z, String str, Map<String, String> map, List<String> list, Map<String, String> map2) {
        if (!z && list.size() == 0 && map2.size() == 0) {
            return str;
        }
        HashMap hashMap = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        hashMap.putAll(map2);
        StringBuilder sb = new StringBuilder(str.split("\\?")[0]);
        int i = 0;
        if (!z && hashMap.size() > 0) {
            for (String str2 : hashMap.keySet()) {
                if (!list.contains(str2)) {
                    if (i == 0) {
                        sb.append(LocationInfo.NA);
                    } else {
                        sb.append("&");
                    }
                    sb.append(str2);
                    if (hashMap.get(str2) != null) {
                        sb.append(APIConstants.JwtTokenConstants.PARAM_VALUE_SEPARATOR).append((String) hashMap.get(str2));
                    }
                    i++;
                }
            }
        }
        return sb.toString();
    }
}
