package org.apache.synapse.mediators.opa;

import java.lang.reflect.InvocationTargetException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.mediators.AbstractMediator;

/* loaded from: input_file:WEB-INF/lib/synapse-extensions-4.0.0-wso2v12.jar:org/apache/synapse/mediators/opa/OPAMediator.class */
public class OPAMediator extends AbstractMediator implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(OPAMediator.class);
    private static final String defaultRequestGenerator = "org.apache.synapse.mediators.opa.OPASynapseRequestGenerator";
    private OPAClient opaClient;
    private String serverUrl = null;
    private String accessKey = null;
    private String policy = null;
    private String rule = null;
    private String requestGeneratorClassName = null;
    private Map<String, String> additionalParameters = new HashMap();
    private OPARequestGenerator requestGenerator = null;
    private String opaPolicyFailuretHandler = "_opa_policy_failure_handler_";

    @Override // org.apache.synapse.Mediator
    public boolean mediate(MessageContext messageContext) {
        try {
            String generateRequest = this.requestGenerator.generateRequest(this.policy, this.rule, this.additionalParameters, messageContext);
            String str = this.serverUrl + "/" + this.policy;
            if (this.rule != null) {
                str = str + "/" + this.rule;
            }
            String publish = this.opaClient.publish(str, generateRequest, this.accessKey);
            if (this.requestGenerator.handleResponse(this.policy, this.rule, publish, this.additionalParameters, messageContext)) {
                return true;
            }
            if (log.isDebugEnabled()) {
                log.debug("Access revoked for the API request by the OPA policy.OPA response " + publish);
            }
            log.warn("Access revoked for the API request by the OPA policy.");
            throw new OPASecurityException(OPASecurityException.ACCESS_REVOKED, OPASecurityException.ACCESS_REVOKED_MESSAGE);
        } catch (OPASecurityException e) {
            OPAUtils.handlePolicyFailure(messageContext, e, this.opaPolicyFailuretHandler);
            return false;
        }
    }

    private OPARequestGenerator getRequestGenerator(String str) throws OPASecurityException {
        if (str == null) {
            try {
                str = defaultRequestGenerator;
                if (log.isDebugEnabled()) {
                    log.debug("Request generator class not found. Default generator used.");
                }
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
                log.error("An error occurred while creating the request generator for " + str, e);
                throw new OPASecurityException(OPASecurityException.INTERNAL_ERROR, OPASecurityException.INTERNAL_ERROR_MESSAGE);
            }
        }
        return (OPARequestGenerator) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public void setServerUrl(String str) {
        this.serverUrl = str;
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public void setAccessKey(String str) {
        this.accessKey = str;
    }

    public String getRequestGeneratorClassName() {
        return this.requestGeneratorClassName;
    }

    public void setRequestGeneratorClassName(String str) {
        this.requestGeneratorClassName = str;
    }

    public String getPolicy() {
        return this.policy;
    }

    public void setPolicy(String str) {
        this.policy = str;
    }

    public String getRule() {
        return this.rule;
    }

    public void setRule(String str) {
        this.rule = str;
    }

    public Map<String, String> getAdditionalParameters() {
        return this.additionalParameters;
    }

    public void setAdditionalParameters(Map<String, String> map) {
        this.additionalParameters = map;
    }

    public void addAdditionalParameter(String str, String str2) {
        this.additionalParameters.put(str, str2);
    }

    @Override // org.apache.synapse.ManagedLifecycle
    public void init(SynapseEnvironment synapseEnvironment) {
        try {
            this.requestGenerator = getRequestGenerator(this.requestGeneratorClassName);
            this.opaClient = new OPAClient(this.serverUrl, this.additionalParameters);
            if (this.additionalParameters.get(OPAConstants.OPA_POLICY_FAILURE_HANDLER_PARAMETER) != null) {
                this.opaPolicyFailuretHandler = this.additionalParameters.get(OPAConstants.OPA_POLICY_FAILURE_HANDLER_PARAMETER);
            }
        } catch (OPASecurityException e) {
            throw new SynapseException("Error when initializing the OPA Mediator", e);
        }
    }

    @Override // org.apache.synapse.ManagedLifecycle
    public void destroy() {
    }
}
