package org.wso2.choreo.connect.enforcer.interceptor;

import io.grpc.netty.shaded.io.netty.handler.codec.http.HttpMethod;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import okhttp3.internal.http2.Header;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.choreo.connect.enforcer.commons.Filter;
import org.wso2.choreo.connect.enforcer.commons.logging.ErrorDetails;
import org.wso2.choreo.connect.enforcer.commons.logging.LoggingConstants;
import org.wso2.choreo.connect.enforcer.commons.model.Policy;
import org.wso2.choreo.connect.enforcer.commons.model.PolicyConfig;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.commons.opa.OPASecurityException;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.APISecurityConstants;
import org.wso2.choreo.connect.enforcer.constants.GeneralErrorCodeConstants;
import org.wso2.choreo.connect.enforcer.interceptor.opa.OPAClient;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/interceptor/MediationPolicyFilter.class */
public class MediationPolicyFilter implements Filter {
    private static final Logger log = LogManager.getLogger(MediationPolicyFilter.class);
    private static final String X_URI_MAPPING_PROPERTY = "x-uri-mapping";

    public MediationPolicyFilter() {
        OPAClient.init();
    }

    @Override // org.wso2.choreo.connect.enforcer.commons.Filter
    public boolean handleRequest(RequestContext requestContext) {
        PolicyConfig policyConfig = requestContext.getMatchedResourcePath().getPolicyConfig();
        if (policyConfig.getRequest() == null || policyConfig.getRequest().size() <= 0) {
            return true;
        }
        Iterator<Policy> it = policyConfig.getRequest().iterator();
        while (it.hasNext()) {
            if (!applyPolicy(requestContext, it.next())) {
                return false;
            }
        }
        return true;
    }

    private boolean applyPolicy(RequestContext requestContext, Policy policy) {
        String action = policy.getAction();
        boolean z = -1;
        switch (action.hashCode()) {
            case -1825338712:
                if (action.equals("REMOVE_HEADER")) {
                    z = 2;
                    break;
                }
                break;
            case -1783880018:
                if (action.equals("RENAME_HEADER")) {
                    z = true;
                    break;
                }
                break;
            case -1574109907:
                if (action.equals("REMOVE_QUERY")) {
                    z = 4;
                    break;
                }
                break;
            case -250520726:
                if (action.equals("ADD_QUERY")) {
                    z = 3;
                    break;
                }
                break;
            case 78464:
                if (action.equals("OPA")) {
                    z = 7;
                    break;
                }
                break;
            case 458472799:
                if (action.equals("REWRITE_RESOURCE_METHOD")) {
                    z = 6;
                    break;
                }
                break;
            case 1457544227:
                if (action.equals("REWRITE_RESOURCE_PATH")) {
                    z = 5;
                    break;
                }
                break;
            case 1616651562:
                if (action.equals("SET_HEADER")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                addOrModifyHeader(requestContext, policy.getParameters());
                return true;
            case true:
                renameHeader(requestContext, policy.getParameters());
                return true;
            case true:
                removeHeader(requestContext, policy.getParameters());
                return true;
            case true:
                addOrModifyQuery(requestContext, policy.getParameters());
                return true;
            case true:
                removeQuery(requestContext, policy.getParameters());
                return true;
            case true:
                removeAllQueries(requestContext, policy.getParameters());
                pathParamToQueryParamTransform(requestContext, policy.getParameters());
                return true;
            case true:
                modifyMethod(requestContext, policy.getParameters());
                return true;
            case true:
                return opaAuthValidation(requestContext, policy.getParameters());
            default:
                log.error("Operation policy action \"{}\" is not supported. Adapter has failed to validate the policy action", policy.getAction(), ErrorDetails.errorLog(LoggingConstants.Severity.MAJOR, 6100));
                FilterUtils.setErrorToContext(requestContext, GeneralErrorCodeConstants.MEDIATION_POLICY_ERROR_CODE, APIConstants.StatusCodes.INTERNAL_SERVER_ERROR.getCode(), "Internal Server Error", null);
                return false;
        }
    }

    private void addOrModifyHeader(RequestContext requestContext, Map<String, String> map) {
        requestContext.addOrModifyHeaders(map.get("headerName"), map.get("headerValue"));
    }

    private void renameHeader(RequestContext requestContext, Map<String, String> map) {
        String lowerCase = map.get("currentHeaderName").toLowerCase();
        String str = map.get("updatedHeaderName");
        if (requestContext.getHeaders().containsKey(lowerCase)) {
            String str2 = requestContext.getHeaders().get(lowerCase);
            requestContext.getRemoveHeaders().add(lowerCase);
            requestContext.addOrModifyHeaders(str, str2);
        }
    }

    private void removeHeader(RequestContext requestContext, Map<String, String> map) {
        requestContext.getRemoveHeaders().add(map.get("headerName"));
    }

    private void removeQuery(RequestContext requestContext, Map<String, String> map) {
        requestContext.getQueryParamsToRemove().add(map.get("queryParamName"));
    }

    private void removeAllQueries(RequestContext requestContext, Map<String, String> map) {
        requestContext.setRemoveAllQueryParams(!Boolean.parseBoolean(map.get("includeQueryParams")));
    }

    private void pathParamToQueryParamTransform(RequestContext requestContext, Map<String, String> map) {
        if (map.containsKey(X_URI_MAPPING_PROPERTY)) {
            String[] split = map.get(X_URI_MAPPING_PROPERTY).split("\\?");
            for (NameValuePair nameValuePair : URLEncodedUtils.parse(split.length > 1 ? split[1] : "", StandardCharsets.UTF_8)) {
                String value = nameValuePair.getValue();
                if (value.contains("{uri.var.")) {
                    Matcher matcher = Pattern.compile("\\{uri\\.var\\.(.*?)\\}").matcher(value);
                    while (matcher.find()) {
                        String trim = value.substring(matcher.start() + 9, matcher.end() - 1).trim();
                        if (requestContext.getPathParameters() != null && requestContext.getPathParameters().containsKey(trim)) {
                            requestContext.getQueryParamsToAdd().put(nameValuePair.getName(), requestContext.getPathParameters().get(trim));
                        }
                    }
                } else {
                    requestContext.getQueryParamsToAdd().put(nameValuePair.getName(), nameValuePair.getValue());
                }
            }
        }
    }

    private void addOrModifyQuery(RequestContext requestContext, Map<String, String> map) {
        requestContext.getQueryParamsToAdd().put(map.get("queryParamName"), map.get("queryParamValue"));
    }

    private void modifyMethod(RequestContext requestContext, Map<String, String> map) {
        String str = map.get("currentMethod");
        try {
            HttpMethod valueOf = HttpMethod.valueOf(map.get("updatedMethod"));
            if (str.equalsIgnoreCase(requestContext.getHeaders().get(Header.TARGET_METHOD_UTF8))) {
                requestContext.addOrModifyHeaders(Header.TARGET_METHOD_UTF8, valueOf.toString().toUpperCase());
            }
        } catch (IllegalArgumentException e) {
            log.error("Error while getting mediation policy rewrite method", e);
        }
    }

    private boolean opaAuthValidation(RequestContext requestContext, Map<String, String> map) {
        try {
            boolean validateRequest = OPAClient.getInstance().validateRequest(requestContext, map);
            if (!validateRequest) {
                log.error("OPA validation failed for the request: " + requestContext.getRequestPath(), ErrorDetails.errorLog(LoggingConstants.Severity.MINOR, 6101));
                FilterUtils.setErrorToContext(requestContext, APISecurityConstants.OPA_AUTH_FORBIDDEN, APIConstants.StatusCodes.UNAUTHORIZED.getCode(), APISecurityConstants.OPA_AUTH_FORBIDDEN_MESSAGE, null);
            }
            return validateRequest;
        } catch (OPASecurityException e) {
            log.error("Error while validating the OPA policy for the request: {}", requestContext.getRequestPath(), ErrorDetails.errorLog(LoggingConstants.Severity.MINOR, 6101), e);
            FilterUtils.setErrorToContext(requestContext, e);
            return false;
        }
    }
}
