package net.baobabservices.dev.apiman.plugins.keycloak.jwt.policy;

import io.apiman.gateway.engine.beans.ApiRequest;
import io.apiman.gateway.engine.beans.ApiResponse;
import io.apiman.gateway.engine.beans.PolicyFailure;
import io.apiman.gateway.engine.beans.PolicyFailureType;
import io.apiman.gateway.engine.beans.exceptions.ConfigurationParseException;
import io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent;
import io.apiman.gateway.engine.policy.IPolicy;
import io.apiman.gateway.engine.policy.IPolicyChain;
import io.apiman.gateway.engine.policy.IPolicyContext;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import java.util.Optional;
import jwt.auth.impl.providers.keycloak.SigningKeyResolver;
import org.apache.http.HttpStatus;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:WEB-INF/classes/net/baobabservices/dev/apiman/plugins/keycloak/jwt/policy/KeycloakJWTPolicy.class */
public class KeycloakJWTPolicy implements IPolicy {
    private static final String AUTHORIZATION_KEY = "Authorization";
    private static final String ACCESS_TOKEN_QUERY_KEY = "access_token";
    private static final String BEARER = "bearer ";
    private static final int AUTH_NO_TRANSPORT_SECURITY = 12003;
    private static final int AUTH_VERIFICATION_ERROR = 12004;
    private static final int AUTH_NOT_PROVIDED = 12005;
    private static final int AUTH_JWT_EXPIRED = 12006;
    private static final int AUTH_JWT_MALFORMED = 12007;
    private static final int AUTH_JWT_SIGNATURE_EXCEPTION = 12008;
    private static final int AUTH_JWT_CLAIM_FAILURE = 12009;
    private static final int AUTH_JWT_PREMATURE = 12010;
    private static final int AUTH_JWT_UNSUPPORTED_JWT = 12011;
    private static final SigningKeyResolver resolver = new SigningKeyResolver();
    private static final Logger logger = LogManager.getLogger((Class<?>) KeycloakJWTPolicy.class);

    public static void LogError(String str, Throwable th) {
        logger.error(str, th);
    }

    public static void LogInfo(String str) {
        logger.info(str);
    }

    public Object parseConfiguration(String str) throws ConfigurationParseException {
        return null;
    }

    public void apply(ApiRequest apiRequest, IPolicyContext iPolicyContext, Object obj, IPolicyChain<ApiRequest> iPolicyChain) {
        String str = (String) Optional.ofNullable(apiRequest.getHeaders().get("Authorization")).filter(str2 -> {
            return str2.toLowerCase().startsWith(BEARER);
        }).map(str3 -> {
            return str3.substring(BEARER.length());
        }).orElse(apiRequest.getQueryParams().get(ACCESS_TOKEN_QUERY_KEY));
        if (str == null || !authenticateToken(str, apiRequest.getUrl())) {
            iPolicyChain.doFailure(createAuthenticationPolicyFailure(iPolicyContext, AUTH_VERIFICATION_ERROR, "Request Not Authenticated"));
        } else {
            iPolicyChain.doApply(apiRequest);
        }
    }

    public boolean authenticateToken(String str, String str2) {
        boolean z = false;
        try {
            getJWT(str);
            z = true;
        } catch (Exception e) {
            LogInfo("Exception authenticating  " + str2);
            LogError("An error occurs: ", e);
        }
        return z;
    }

    public void apply(ApiResponse apiResponse, IPolicyContext iPolicyContext, Object obj, IPolicyChain<ApiResponse> iPolicyChain) {
        iPolicyChain.doApply(apiResponse);
    }

    private PolicyFailure createAuthenticationPolicyFailure(IPolicyContext iPolicyContext, int i, String str) {
        PolicyFailure createFailure = getFailureFactory(iPolicyContext).createFailure(PolicyFailureType.Authentication, i, str);
        createFailure.setResponseCode(HttpStatus.SC_UNAUTHORIZED);
        return createFailure;
    }

    private IPolicyFailureFactoryComponent getFailureFactory(IPolicyContext iPolicyContext) {
        return iPolicyContext.getComponent(IPolicyFailureFactoryComponent.class);
    }

    public Jws<Claims> getJWT(String str) {
        return Jwts.parser().setSigningKeyResolver(resolver).parseClaimsJws(str);
    }
}
