package io.gravitee.policy.apikey;

import io.gravitee.gateway.api.service.ApiKey;
import io.gravitee.gateway.api.service.ApiKeyService;
import io.gravitee.gateway.reactive.api.ExecutionFailure;
import io.gravitee.gateway.reactive.api.context.HttpExecutionContext;
import io.gravitee.gateway.reactive.api.context.HttpRequest;
import io.gravitee.gateway.reactive.api.policy.SecurityPolicy;
import io.gravitee.gateway.reactive.api.policy.SecurityToken;
import io.gravitee.policy.apikey.configuration.ApiKeyPolicyConfiguration;
import io.gravitee.policy.v3.apikey.ApiKeyPolicyV3;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import java.util.Date;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/policy/apikey/ApiKeyPolicy.class */
public class ApiKeyPolicy extends ApiKeyPolicyV3 implements SecurityPolicy {
    static final String ATTR_API_KEY = "gravitee.attribute.api-key";
    static final String ATTR_INTERNAL_API_KEY = "api-key";
    static final String API_KEY_HEADER_PROPERTY = "policy.api-key.header";
    static final String API_KEY_QUERY_PARAMETER_PROPERTY = "policy.api-key.param";
    static final String DEFAULT_API_KEY_QUERY_PARAMETER = "api-key";
    static final String DEFAULT_API_KEY_HEADER_PARAMETER = "X-Gravitee-Api-Key";
    private static final Logger log = LoggerFactory.getLogger(ApiKeyPolicy.class);
    static String API_KEY_HEADER;
    static String API_KEY_QUERY_PARAMETER;
    private final boolean propagateApiKey;

    public ApiKeyPolicy(ApiKeyPolicyConfiguration apiKeyPolicyConfiguration) {
        super(apiKeyPolicyConfiguration);
        this.propagateApiKey = apiKeyPolicyConfiguration != null && apiKeyPolicyConfiguration.isPropagateApiKey();
    }

    public String id() {
        return "api-key";
    }

    public Maybe<SecurityToken> extractSecurityToken(HttpExecutionContext httpExecutionContext) {
        Optional<String> extractApiKey = extractApiKey(httpExecutionContext);
        if (!extractApiKey.isPresent()) {
            return Maybe.empty();
        }
        String str = extractApiKey.get();
        if (str.isBlank()) {
            return Maybe.just(SecurityToken.invalid(SecurityToken.TokenType.API_KEY));
        }
        httpExecutionContext.setInternalAttribute("api-key", str);
        return Maybe.just(SecurityToken.forApiKey(str));
    }

    public boolean requireSubscription() {
        return true;
    }

    public int order() {
        return 500;
    }

    public Completable onRequest(HttpExecutionContext httpExecutionContext) {
        return handleSecurity(httpExecutionContext);
    }

    private Completable handleSecurity(HttpExecutionContext httpExecutionContext) {
        return Completable.defer(() -> {
            Optional<String> extractApiKey;
            try {
                extractApiKey = extractApiKey(httpExecutionContext);
            } catch (Throwable th) {
                log.warn("An exception occurred when trying to verify apikey.", th);
            }
            if (extractApiKey.isEmpty()) {
                return interrupt401(httpExecutionContext, "API_KEY_MISSING");
            }
            Optional byApiAndKey = ((ApiKeyService) httpExecutionContext.getComponent(ApiKeyService.class)).getByApiAndKey((String) httpExecutionContext.getAttribute("gravitee.attribute.api"), extractApiKey.get());
            if (byApiAndKey.isPresent()) {
                ApiKey apiKey = (ApiKey) byApiAndKey.get();
                httpExecutionContext.setAttribute("gravitee.attribute.application", apiKey.getApplication());
                httpExecutionContext.setAttribute("gravitee.attribute.user-id", apiKey.getSubscription());
                httpExecutionContext.setAttribute("gravitee.attribute.plan", apiKey.getPlan());
                httpExecutionContext.setAttribute(ATTR_API_KEY, apiKey.getKey());
                if (isApiKeyValid(httpExecutionContext, apiKey)) {
                    return Completable.complete();
                }
            }
            return interrupt401(httpExecutionContext, "API_KEY_INVALID");
        }).doOnTerminate(() -> {
            cleanupApiKey(httpExecutionContext);
        });
    }

    private boolean isApiKeyValid(HttpExecutionContext httpExecutionContext, ApiKey apiKey) {
        return !apiKey.isRevoked() && (apiKey.getExpireAt() == null || apiKey.getExpireAt().after(new Date(httpExecutionContext.request().timestamp())));
    }

    private Completable interrupt401(HttpExecutionContext httpExecutionContext, String str) {
        return httpExecutionContext.interruptWith(new ExecutionFailure(401).key(str).message("Unauthorized"));
    }

    private Optional<String> extractApiKey(HttpExecutionContext httpExecutionContext) {
        String str = (String) httpExecutionContext.getInternalAttribute("api-key");
        if (str != null) {
            return Optional.of(str);
        }
        HttpRequest request = httpExecutionContext.request();
        if (request.headers().contains(API_KEY_HEADER)) {
            str = request.headers().get(API_KEY_HEADER);
            if (str == null) {
                str = "";
            }
        }
        if (str == null && request.parameters().containsKey(API_KEY_QUERY_PARAMETER)) {
            str = (String) request.parameters().getFirst(API_KEY_QUERY_PARAMETER);
            if (str == null) {
                str = "";
            }
        }
        return Optional.ofNullable(str);
    }

    private void cleanupApiKey(HttpExecutionContext httpExecutionContext) {
        if (!this.propagateApiKey) {
            httpExecutionContext.request().headers().remove(API_KEY_HEADER);
            httpExecutionContext.request().parameters().remove(API_KEY_QUERY_PARAMETER);
        }
        httpExecutionContext.removeInternalAttribute("api-key");
    }
}
