package org.wso2.choreo.connect.enforcer.interceptor.opa;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.ServiceLoader;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.choreo.connect.enforcer.commons.logging.ErrorDetails;
import org.wso2.choreo.connect.enforcer.commons.logging.LoggingConstants;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.commons.opa.OPAConstants;
import org.wso2.choreo.connect.enforcer.commons.opa.OPARequestGenerator;
import org.wso2.choreo.connect.enforcer.commons.opa.OPASecurityException;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.APISecurityConstants;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/interceptor/opa/OPAClient.class */
public class OPAClient {
    private static final String DEFAULT_REQUEST_GENERATOR_CLASS = "org.wso2.choreo.connect.enforcer.commons.model.RequestContext.OPADefaultRequestGenerator";
    private final OPARequestGenerator defaultRequestGenerator = new OPADefaultRequestGenerator();
    private final Map<String, OPARequestGenerator> requestGeneratorMap = new HashMap();
    private static final Logger log = LogManager.getLogger(OPAClient.class);
    private static final OPAClient opaClient = new OPAClient();

    private OPAClient() {
    }

    public static void init() {
        getInstance().loadRequestGenerators();
    }

    public static OPAClient getInstance() {
        return opaClient;
    }

    public boolean validateRequest(RequestContext requestContext, Map<String, String> map) throws OPASecurityException {
        String str = map.get("requestGenerator");
        OPARequestGenerator oPARequestGenerator = this.requestGeneratorMap.get(str);
        if (oPARequestGenerator == null) {
            log.error("OPA Request Generator Implementation is not found in the classPath under the provided name: {} {}", str, ErrorDetails.errorLog(LoggingConstants.Severity.MINOR, 6103));
            throw new OPASecurityException(APIConstants.StatusCodes.INTERNAL_SERVER_ERROR.getCode(), APISecurityConstants.OPA_REQUEST_FAILURE);
        }
        String str2 = map.get("serverURL");
        String str3 = map.get("accessKey");
        String str4 = map.get("policy");
        String str5 = map.get("rule");
        HashMap hashMap = new HashMap();
        hashMap.put(OPAConstants.AdditionalParameters.ADDITIONAL_PROPERTIES, map.get(OPAConstants.AdditionalParameters.ADDITIONAL_PROPERTIES));
        hashMap.put(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN, map.get(OPAConstants.AdditionalParameters.SEND_ACCESS_TOKEN));
        HashMap hashMap2 = new HashMap();
        FilterUtils.putToMapIfNotNull(hashMap2, FilterUtils.HTTPClientOptions.MAX_OPEN_CONNECTIONS, map.get("maxOpenConnections"));
        FilterUtils.putToMapIfNotNull(hashMap2, FilterUtils.HTTPClientOptions.MAX_PER_ROUTE, map.get("maxPerRoute"));
        FilterUtils.putToMapIfNotNull(hashMap2, FilterUtils.HTTPClientOptions.CONNECT_TIMEOUT, map.get("connectionTimeout"));
        String removeEnd = StringUtils.removeEnd(str2, "/");
        return oPARequestGenerator.handleResponse(str4, str5, callOPAServer(StringUtils.isNotEmpty(str5) ? String.format("%s/%s/%s", removeEnd, str4, str5) : String.format("%s/%s", removeEnd, str4), oPARequestGenerator.generateRequest(str4, str5, hashMap, requestContext), str3, hashMap2), hashMap, requestContext);
    }

    private void loadRequestGenerators() {
        Iterator it = ServiceLoader.load(OPARequestGenerator.class).iterator();
        while (it.hasNext()) {
            OPARequestGenerator oPARequestGenerator = (OPARequestGenerator) it.next();
            this.requestGeneratorMap.put(oPARequestGenerator.getClass().getName(), oPARequestGenerator);
        }
        this.requestGeneratorMap.put("", this.defaultRequestGenerator);
        this.requestGeneratorMap.put(null, this.defaultRequestGenerator);
        this.requestGeneratorMap.put(DEFAULT_REQUEST_GENERATOR_CLASS, this.defaultRequestGenerator);
    }

    private static String callOPAServer(String str, String str2, String str3, Map<String, String> map) throws OPASecurityException {
        try {
            URL url = new URL(str);
            CloseableHttpClient closeableHttpClient = (CloseableHttpClient) FilterUtils.getHttpClient(url.getProtocol(), ConfigHolder.getInstance().getOpaKeyStore(), map);
            try {
                HttpPost httpPost = new HttpPost(str);
                httpPost.setEntity(new ByteArrayEntity(str2.getBytes(Charset.defaultCharset())));
                httpPost.setHeader("content-type", "application/json");
                if (StringUtils.isNotEmpty(str3)) {
                    httpPost.setHeader("Authorization", "Bearer " + str3);
                }
                CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
                try {
                    int statusCode = execute.getStatusLine().getStatusCode();
                    if (statusCode != 200) {
                        log.error("Unexpected HTTP response code responded by the OPA server, HTTP code: {} {}", Integer.valueOf(statusCode), ErrorDetails.errorLog(LoggingConstants.Severity.MINOR, 6106));
                        throw new OPASecurityException(APIConstants.StatusCodes.INTERNAL_SERVER_ERROR.getCode(), APISecurityConstants.OPA_REQUEST_FAILURE);
                    }
                    InputStream content = execute.getEntity().getContent();
                    try {
                        String iOUtils = IOUtils.toString(content, Charset.defaultCharset());
                        if (content != null) {
                            content.close();
                        }
                        if (execute != null) {
                            execute.close();
                        }
                        if (closeableHttpClient != null) {
                            closeableHttpClient.close();
                        }
                        return iOUtils;
                    } catch (Throwable th) {
                        if (content != null) {
                            try {
                                content.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (Throwable th5) {
                if (closeableHttpClient != null) {
                    try {
                        closeableHttpClient.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                }
                throw th5;
            }
        } catch (IOException e) {
            log.error("Error calling the OPA server with server endpoint: {} {} {}", str, ErrorDetails.errorLog(LoggingConstants.Severity.MINOR, 6104), e.getMessage());
            throw new OPASecurityException(APIConstants.StatusCodes.INTERNAL_SERVER_ERROR.getCode(), APISecurityConstants.OPA_REQUEST_FAILURE, e);
        }
    }
}
