package io.gravitee.policy.v3.apikey;

import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.Response;
import io.gravitee.gateway.api.service.ApiKey;
import io.gravitee.gateway.api.service.ApiKeyService;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequest;
import io.gravitee.policy.apikey.configuration.ApiKeyPolicyConfiguration;
import java.util.Date;
import java.util.Optional;
import org.springframework.core.env.Environment;

/* loaded from: input_file:io/gravitee/policy/v3/apikey/ApiKeyPolicyV3.class */
public class ApiKeyPolicyV3 {
    static final String ATTR_API_KEY = "gravitee.attribute.api-key";
    protected static final String API_KEY_MISSING_KEY = "API_KEY_MISSING";
    protected static final String API_KEY_INVALID_KEY = "API_KEY_INVALID";
    protected static final String API_KEY_UNAUTHORIZED_MESSAGE = "Unauthorized";
    private final ApiKeyPolicyConfiguration apiKeyPolicyConfiguration;
    static String API_KEY_HEADER;
    static String API_KEY_QUERY_PARAMETER;
    static final String API_KEY_HEADER_PROPERTY = "policy.api-key.header";
    static final String API_KEY_QUERY_PARAMETER_PROPERTY = "policy.api-key.param";
    static final String DEFAULT_API_KEY_QUERY_PARAMETER = "api-key";
    static final String DEFAULT_API_KEY_HEADER_PARAMETER = "X-Gravitee-Api-Key";

    public ApiKeyPolicyV3(ApiKeyPolicyConfiguration apiKeyPolicyConfiguration) {
        this.apiKeyPolicyConfiguration = apiKeyPolicyConfiguration;
    }

    @OnRequest
    public void onRequest(Request request, Response response, ExecutionContext executionContext, PolicyChain policyChain) {
        String lookForApiKey = lookForApiKey(executionContext, request);
        if (lookForApiKey == null || lookForApiKey.isEmpty()) {
            policyChain.failWith(PolicyResult.failure(API_KEY_MISSING_KEY, 401, API_KEY_UNAUTHORIZED_MESSAGE));
            return;
        }
        Optional byApiAndKey = ((ApiKeyService) executionContext.getComponent(ApiKeyService.class)).getByApiAndKey((String) executionContext.getAttribute("gravitee.attribute.api"), lookForApiKey);
        if (!byApiAndKey.isPresent()) {
            policyChain.failWith(PolicyResult.failure(API_KEY_INVALID_KEY, 401, API_KEY_UNAUTHORIZED_MESSAGE));
            return;
        }
        ApiKey apiKey = (ApiKey) byApiAndKey.get();
        executionContext.setAttribute("gravitee.attribute.application", apiKey.getApplication());
        executionContext.setAttribute("gravitee.attribute.user-id", apiKey.getSubscription());
        executionContext.setAttribute("gravitee.attribute.plan", apiKey.getPlan());
        executionContext.setAttribute(ATTR_API_KEY, apiKey.getKey());
        if (apiKey.isRevoked() || !(apiKey.getExpireAt() == null || apiKey.getExpireAt().after(new Date(request.timestamp())))) {
            policyChain.failWith(PolicyResult.failure(API_KEY_INVALID_KEY, 401, API_KEY_UNAUTHORIZED_MESSAGE));
        } else {
            policyChain.doNext(request, response);
        }
    }

    private String lookForApiKey(ExecutionContext executionContext, Request request) {
        if (API_KEY_HEADER == null) {
            Environment environment = (Environment) executionContext.getComponent(Environment.class);
            API_KEY_HEADER = environment.getProperty(API_KEY_HEADER_PROPERTY, DEFAULT_API_KEY_HEADER_PARAMETER);
            API_KEY_QUERY_PARAMETER = environment.getProperty(API_KEY_QUERY_PARAMETER_PROPERTY, DEFAULT_API_KEY_QUERY_PARAMETER);
        }
        String first = request.headers().getFirst(API_KEY_HEADER);
        if (this.apiKeyPolicyConfiguration == null || !this.apiKeyPolicyConfiguration.isPropagateApiKey()) {
            request.headers().remove(API_KEY_HEADER);
        }
        if (first == null || first.isEmpty()) {
            first = (String) request.parameters().getFirst(API_KEY_QUERY_PARAMETER);
            if (this.apiKeyPolicyConfiguration == null || !this.apiKeyPolicyConfiguration.isPropagateApiKey()) {
                request.parameters().remove(API_KEY_QUERY_PARAMETER);
            }
        }
        return first;
    }
}
