package io.integon;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.mediators.AbstractMediator;

/* loaded from: input_file:io/integon/JwtAuthMediator.class */
public class JwtAuthMediator extends AbstractMediator {
    private static final Log log = LogFactory.getLog(JwtAuthMediator.class);
    private String jwtToken;
    private String jwksEndpoint;
    private String jwksEnvVariable;
    private String iatClaim;
    private String issClaim;
    private String subClaim;
    private String audClaim;
    private String jtiClaim;
    private String jwksTimeout;
    private String jwksRefreshTime;
    private long cachedTimeValidator = 0;
    private long cachedTimeValidatorReset = 86400000;
    private JWTValidator validator = null;

    public boolean mediate(MessageContext messageContext) {
        try {
            applyProperties(messageContext);
        } catch (Exception e) {
            handleException(e.getMessage(), messageContext);
        }
        if (this.validator == null || this.cachedTimeValidator + this.cachedTimeValidatorReset < System.currentTimeMillis()) {
            this.validator = new JWTValidator();
            this.cachedTimeValidator = System.currentTimeMillis();
        }
        if (this.jwtToken.trim().startsWith("Bearer")) {
            this.jwtToken = this.jwtToken.substring(7);
            if (this.jwtToken == null || this.jwtToken.isEmpty()) {
                log.debug("JWT token not found in the message");
                handleException("JWT token not found in the message", messageContext);
            }
        } else {
            log.debug("Invalid JWT format: " + this.jwtToken);
            handleException("Invalid JWT format", messageContext);
        }
        if (this.jwksEnvVariable != null && CommonUtils.containsUrl(System.getenv().get(this.jwksEnvVariable))) {
            this.jwksEndpoint = System.getenv().get(this.jwksEnvVariable);
            log.debug("JWKS endpoint from Env Variable " + this.jwksEnvVariable + ": " + this.jwksEndpoint);
        } else if (this.jwksEndpoint == null || this.jwksEndpoint.isEmpty()) {
            log.debug("JWKS endpoint not found in the message context or environment variable");
            handleException("JWKS endpoint not found", messageContext);
        }
        this.validator.setCacheTimeouts(this.jwksTimeout, this.jwksRefreshTime);
        try {
            log.debug("isValidJWT: " + this.validator.validateToken(this.jwtToken, this.jwksEndpoint));
        } catch (Exception e2) {
            handleException(e2.getMessage(), messageContext);
        }
        try {
            if (this.validator.isTokenExpired(this.jwtToken)) {
                handleException("JWT token is expired", messageContext);
            }
        } catch (Exception e3) {
            handleException(e3.getMessage(), messageContext);
        }
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("iat", this.iatClaim);
        hashMap.put("iss", this.issClaim);
        hashMap.put("sub", this.subClaim);
        hashMap.put("aud", this.audClaim);
        hashMap.put("jti", this.jtiClaim);
        log.debug("JWT claims Map set: " + hashMap);
        boolean z = true;
        Iterator<String> it = hashMap.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next() != null) {
                z = false;
                break;
            }
        }
        if (!z) {
            try {
                this.validator.areClaimsValid(this.jwtToken, hashMap);
            } catch (Exception e4) {
                handleException(e4.getMessage(), messageContext);
            }
        }
        log.debug("JWT validation successful");
        return true;
    }

    private void applyProperties(MessageContext messageContext) throws Exception {
        clearProperties();
        this.jwtToken = (String) messageContext.getProperty("jwtToken");
        if (this.jwtToken == null || this.jwtToken.isEmpty()) {
            throw new Exception("JWT not found in the message");
        }
        this.jwksEndpoint = (String) messageContext.getProperty("jwksEndpoint");
        this.jwksEnvVariable = (String) messageContext.getProperty("jwksEnvVariable");
        if ((this.jwksEndpoint == null || this.jwksEndpoint.isEmpty()) && (this.jwksEnvVariable == null || this.jwksEnvVariable.isEmpty())) {
            throw new Exception("JWKS endpoint not found in the message");
        }
        this.iatClaim = (String) messageContext.getProperty("iatClaim");
        if (this.iatClaim != null && this.iatClaim.isEmpty()) {
            this.iatClaim = null;
        }
        this.issClaim = (String) messageContext.getProperty("issClaim");
        if (this.issClaim != null && this.issClaim.isEmpty()) {
            this.issClaim = null;
        }
        this.subClaim = (String) messageContext.getProperty("subClaim");
        if (this.subClaim != null && this.subClaim.isEmpty()) {
            this.subClaim = null;
        }
        this.audClaim = (String) messageContext.getProperty("audClaim");
        if (this.audClaim != null && this.audClaim.isEmpty()) {
            this.audClaim = null;
        }
        this.jtiClaim = (String) messageContext.getProperty("jtiClaim");
        if (this.jtiClaim != null && this.jtiClaim.isEmpty()) {
            this.jtiClaim = null;
        }
        this.jwksTimeout = (String) messageContext.getProperty("jwksTimeout");
        this.jwksRefreshTime = (String) messageContext.getProperty("jwksRefreshTime");
        log.debug("Properties set");
    }

    private void clearProperties() {
        this.jwtToken = null;
        this.jwksEndpoint = null;
        this.jwksEnvVariable = null;
        this.iatClaim = null;
        this.issClaim = null;
        this.subClaim = null;
        this.audClaim = null;
        this.jtiClaim = null;
        this.jwksTimeout = null;
        this.jwksRefreshTime = null;
        log.debug("Properties cleared");
    }

    protected void handleException(String str, MessageContext messageContext) {
        CommonUtils.setJsonEnvelopMessageContext(messageContext, str);
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        ((Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).clear();
        messageContext.setProperty("ERROR_MESSAGE", str);
        messageContext.setProperty("ERROR_CODE", "401");
        axis2MessageContext.setProperty("NO_ENTITY_BODY", Boolean.FALSE);
        axis2MessageContext.setProperty("messageType", "application/json");
        axis2MessageContext.setProperty("ContentType", "application/json");
        throw new SynapseException(str);
    }
}
