package org.wso2.carbon.apimgt.gateway.handlers.security.oauth;

import java.util.Map;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext;
import org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/oauth/OAuthAuthenticator.class */
public class OAuthAuthenticator implements Authenticator {
    protected APIKeyValidator keyValidator;
    private String securityHeader = "Authorization";
    private String consumerKeyHeaderSegment = "Bearer";
    private String oauthHeaderSplitter = ",";
    private String consumerKeySegmentDelimiter = " ";
    private String securityContextHeader;

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void init(SynapseEnvironment synapseEnvironment) {
        this.keyValidator = new APIKeyValidator(synapseEnvironment.getSynapseConfiguration().getAxisConfiguration());
        initOAuthParams();
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void destroy() {
        this.keyValidator.cleanup();
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public boolean authenticate(MessageContext messageContext) throws APISecurityException {
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        String str = null;
        if (map != null) {
            str = extractCustomerKeyFromAuthHeader(map);
        }
        String str2 = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str3 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String str4 = (String) messageContext.getProperty("REST_FULL_REQUEST_PATH");
        String substring = str4.substring((str2 + str3).length() + 1, str4.length());
        if (substring.equals("")) {
            substring = substring + "/";
        }
        String resourceAuthenticationScheme = this.keyValidator.getResourceAuthenticationScheme(str2, str3, substring, (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD"));
        if ("None".equals(resourceAuthenticationScheme)) {
            String str5 = (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("REMOTE_ADDR");
            AuthenticationContext authenticationContext = new AuthenticationContext();
            authenticationContext.setAuthenticated(true);
            authenticationContext.setTier("Unauthenticated");
            authenticationContext.setApiKey(str5);
            authenticationContext.setKeyType("PRODUCTION");
            authenticationContext.setUsername(null);
            authenticationContext.setCallerToken(null);
            authenticationContext.setApplicationName(null);
            APISecurityUtils.setAuthenticationContext(messageContext, authenticationContext, this.securityContextHeader);
            return true;
        }
        if (str == null || str2 == null || str3 == null) {
            throw new APISecurityException(APISecurityConstants.API_AUTH_MISSING_CREDENTIALS, "Required OAuth credentials not provided");
        }
        APIKeyValidationInfoDTO keyValidationInfo = this.keyValidator.getKeyValidationInfo(str2, str, str3, resourceAuthenticationScheme);
        messageContext.setProperty("APPLICATION_NAME", keyValidationInfo.getApplicationName());
        messageContext.setProperty("END_USER_NAME", keyValidationInfo.getEndUserName());
        if (!keyValidationInfo.isAuthorized()) {
            throw new APISecurityException(keyValidationInfo.getValidationStatus(), "Access failure for API: " + str2 + ", version: " + str3 + " with key: " + str);
        }
        AuthenticationContext authenticationContext2 = new AuthenticationContext();
        authenticationContext2.setAuthenticated(true);
        authenticationContext2.setTier(keyValidationInfo.getTier());
        authenticationContext2.setApiKey(str);
        authenticationContext2.setKeyType(keyValidationInfo.getType());
        authenticationContext2.setUsername(keyValidationInfo.getSubscriber());
        authenticationContext2.setCallerToken(keyValidationInfo.getEndUserToken());
        authenticationContext2.setApplicationId(keyValidationInfo.getApplicationId());
        authenticationContext2.setApplicationName(keyValidationInfo.getApplicationName());
        authenticationContext2.setApplicationTier(keyValidationInfo.getApplicationTier());
        APISecurityUtils.setAuthenticationContext(messageContext, authenticationContext2, this.securityContextHeader);
        return true;
    }

    public String extractCustomerKeyFromAuthHeader(Map map) {
        String str = (String) map.remove(this.securityHeader);
        if (str == null) {
            return null;
        }
        if (str.startsWith("OAuth ") || str.startsWith("oauth ")) {
            str = str.substring(str.indexOf("o"));
        }
        String[] split = str.split(this.oauthHeaderSplitter);
        if (split == null) {
            return null;
        }
        for (String str2 : split) {
            String[] split2 = str2.split(this.consumerKeySegmentDelimiter);
            if (split2 != null && split2.length > 1) {
                int i = 0;
                boolean z = false;
                for (String str3 : split2) {
                    if (!"".equals(str3.trim())) {
                        if (this.consumerKeyHeaderSegment.equals(split2[i].trim())) {
                            z = true;
                        } else if (z) {
                            return removeLeadingAndTrailing(split2[i].trim());
                        }
                    }
                    i++;
                }
            }
        }
        return null;
    }

    private String removeLeadingAndTrailing(String str) {
        String str2 = str;
        if (str.startsWith("\"") || str.endsWith("\"")) {
            str2 = str.replace("\"", "");
        }
        return str2.trim();
    }

    protected void initOAuthParams() {
        APIManagerConfiguration aPIManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration();
        String firstProperty = aPIManagerConfiguration.getFirstProperty(APISecurityConstants.API_SECURITY_OAUTH_HEADER);
        if (firstProperty != null) {
            this.securityHeader = firstProperty;
        }
        String firstProperty2 = aPIManagerConfiguration.getFirstProperty(APISecurityConstants.API_SECURITY_CONSUMER_KEY_HEADER_SEGMENT);
        if (firstProperty2 != null) {
            this.consumerKeyHeaderSegment = firstProperty2;
        }
        String firstProperty3 = aPIManagerConfiguration.getFirstProperty(APISecurityConstants.API_SECURITY_OAUTH_HEADER_SPLITTER);
        if (firstProperty3 != null) {
            this.oauthHeaderSplitter = firstProperty3;
        }
        String firstProperty4 = aPIManagerConfiguration.getFirstProperty(APISecurityConstants.API_SECURITY_CONSUMER_KEY_SEGMENT_DELIMITER);
        if (firstProperty4 != null) {
            this.consumerKeySegmentDelimiter = firstProperty4;
        }
        String firstProperty5 = aPIManagerConfiguration.getFirstProperty(APISecurityConstants.API_SECURITY_CONTEXT_HEADER);
        if (firstProperty5 != null) {
            this.securityContextHeader = firstProperty5;
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public String getChallengeString() {
        return "OAuth2 realm=\"WSO2 API Manager\"";
    }
}
