package org.wso2.carbon.auth.rest.api.authenticators.interceptors;

import java.lang.reflect.Method;
import java.util.Locale;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.rest.api.authenticators.RestAPIConstants;
import org.wso2.carbon.auth.rest.api.authenticators.api.RESTAPIAuthenticator;
import org.wso2.carbon.auth.rest.api.authenticators.dto.ErrorDTO;
import org.wso2.carbon.auth.rest.api.authenticators.dto.RestAPIInfo;
import org.wso2.carbon.auth.rest.api.authenticators.exceptions.ErrorHandler;
import org.wso2.carbon.auth.rest.api.authenticators.exceptions.ExceptionCodes;
import org.wso2.carbon.auth.rest.api.authenticators.exceptions.RestAPIAuthSecurityException;
import org.wso2.carbon.auth.rest.api.authenticators.internal.ServiceReferenceHolder;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.Response;
import org.wso2.msf4j.interceptor.RequestInterceptor;

/* loaded from: input_file:org/wso2/carbon/auth/rest/api/authenticators/interceptors/RESTAPISecurityInterceptor.class */
public class RESTAPISecurityInterceptor implements RequestInterceptor {
    private static final Logger log = LoggerFactory.getLogger(RESTAPISecurityInterceptor.class);

    public boolean interceptRequest(Request request, Response response) {
        Method method = (Method) request.getProperty("method");
        String lowerCase = request.getUri().toLowerCase(Locale.ENGLISH);
        RestAPIInfo electedRestApiInfo = RestApiUtil.getElectedRestApiInfo(request);
        if (lowerCase.contains("swagger.yaml")) {
            if (electedRestApiInfo != null) {
                response.setStatus(Response.Status.OK.getStatusCode()).setEntity(electedRestApiInfo.getYaml()).setMediaType("text/x-yaml").send();
                return false;
            }
            ErrorDTO internalServerErrorDTO = RestApiUtil.getInternalServerErrorDTO();
            log.error("Couldn't find the swagger");
            response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(internalServerErrorDTO).send();
            return false;
        }
        if (electedRestApiInfo == null) {
            return true;
        }
        try {
            try {
                if (ServiceReferenceHolder.getInstance().getSecurityConfiguration().getAuthenticator().get(electedRestApiInfo.getBasePath()) == null) {
                    return true;
                }
                String authenticationType = getAuthenticationType(request);
                Map<String, String> map = ServiceReferenceHolder.getInstance().getSecurityConfiguration().getAuthenticator().get(electedRestApiInfo.getBasePath());
                if (StringUtils.isNotEmpty(authenticationType)) {
                    String str = map.get(authenticationType);
                    if (str != null && !((RESTAPIAuthenticator) Class.forName(str).newInstance()).authenticate(request, response, method)) {
                        return handleSecurityError(ExceptionCodes.AUTHENTICATION_FAILURE, response, authenticationType);
                    }
                    return true;
                }
                if (map == null || map.size() <= 0) {
                    return true;
                }
                if (map.size() != 1) {
                    return handleSecurityError(ExceptionCodes.AUTHENTICATION_FAILURE, response, map.keySet().iterator().next());
                }
                if (((RESTAPIAuthenticator) Class.forName(map.values().iterator().next()).newInstance()).authenticate(request, response, method)) {
                    return true;
                }
                return handleSecurityError(ExceptionCodes.AUTHENTICATION_FAILURE, response, authenticationType);
            } catch (RestAPIAuthSecurityException e) {
                log.error(e.getMessage() + " Requested Path: " + request.getUri());
                response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(RestApiUtil.getInternalServerErrorDTO()).send();
                return false;
            }
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e2) {
            log.error("Error while loading RestAPIAuthenticator", e2);
            response.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).setEntity(RestApiUtil.getInternalServerErrorDTO()).send();
            return false;
        }
    }

    private boolean handleSecurityError(ErrorHandler errorHandler, org.wso2.msf4j.Response response, String str) {
        ErrorDTO errorDTO = RestApiUtil.getErrorDTO(errorHandler);
        response.setStatus(errorHandler.getHttpStatusCode());
        response.setHeader("WWW-Authenticate", str);
        response.setEntity(errorDTO);
        response.setMediaType("application/json");
        response.send();
        return false;
    }

    private String getAuthenticationType(Request request) {
        String header = request.getHeader(RestAPIConstants.AUTHORIZATION);
        if (!StringUtils.isNotEmpty(header)) {
            return null;
        }
        if (header.contains(RestAPIConstants.AUTH_TYPE_BASIC)) {
            return RestAPIConstants.AUTH_TYPE_BASIC;
        }
        if (header.contains("Bearer")) {
            return RestAPIConstants.AUTH_TYPE_OAUTH2;
        }
        return null;
    }
}
