package org.mule.modules.oauth2.provider.processor;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.tuple.Pair;
import org.mule.api.MuleEvent;
import org.mule.api.MuleException;
import org.mule.api.MuleRuntimeException;
import org.mule.api.security.Authentication;
import org.mule.api.security.Credentials;
import org.mule.modules.oauth2.provider.Constants;
import org.mule.modules.oauth2.provider.OAuth2Exception;
import org.mule.modules.oauth2.provider.Utils;
import org.mule.modules.oauth2.provider.client.Client;
import org.mule.modules.oauth2.provider.client.NoSuchClientException;
import org.mule.modules.oauth2.provider.config.Configuration;
import org.mule.modules.oauth2.provider.processor.RequestProcessingException;
import org.mule.modules.oauth2.provider.ratelimit.RateLimitExceededException;
import org.mule.modules.oauth2.provider.ratelimit.RateLimiter;
import org.mule.modules.oauth2.provider.token.InvalidGrantException;
import org.mule.processor.AbstractInterceptingMessageProcessor;
import org.mule.security.DefaultMuleAuthentication;
import org.mule.security.MuleCredentials;
import org.mule.util.ExceptionUtils;

/* loaded from: input_file:mule/lib/mule/mule-module-security-oauth2-provider-1.5.0.jar:org/mule/modules/oauth2/provider/processor/AbstractHttpRequestMessageProcessor.class */
public abstract class AbstractHttpRequestMessageProcessor extends AbstractInterceptingMessageProcessor {
    protected Configuration configuration;

    public AbstractHttpRequestMessageProcessor(Configuration configuration) {
        this.configuration = configuration;
    }

    @Override // org.mule.api.processor.MessageProcessor
    public final MuleEvent process(MuleEvent muleEvent) throws MuleException {
        try {
            return processNext(processRequest(muleEvent));
        } catch (RequestProcessingException e) {
            return handleException(e, muleEvent);
        } catch (Exception e2) {
            return handleException(convertToRequestProcessingException(e2), muleEvent);
        }
    }

    protected abstract MuleEvent processRequest(MuleEvent muleEvent) throws OAuth2Exception;

    private RequestProcessingException convertToRequestProcessingException(Exception exc) {
        if (exc instanceof InvalidGrantException) {
            return new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_GRANT, exc.getMessage());
        }
        if (exc instanceof NoSuchClientException) {
            return new RequestProcessingException(RequestProcessingException.ErrorType.UNAUTHORIZED_CLIENT, exc.getMessage());
        }
        if (exc instanceof RateLimitExceededException) {
            return new RequestProcessingException(RequestProcessingException.ErrorType.RATE_LIMIT_EXCEEDED);
        }
        Throwable th = (Throwable) ExceptionUtils.getDeepestOccurenceOfType(exc, RequestProcessingException.class);
        if (th != null) {
            return (RequestProcessingException) th;
        }
        Throwable th2 = (Throwable) ExceptionUtils.getDeepestOccurenceOfType(exc, IllegalArgumentException.class);
        return th2 != null ? new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REQUEST, th2.getMessage()) : new RequestProcessingException(RequestProcessingException.ErrorType.SERVER_ERROR, exc);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MuleEvent handleException(RequestProcessingException requestProcessingException, MuleEvent muleEvent) {
        if (requestProcessingException.getErrorType() == RequestProcessingException.ErrorType.SERVER_ERROR) {
            this.logger.error("Unexpected exception while handling: " + muleEvent, requestProcessingException);
            muleEvent.getMessage().setOutboundProperty("http.status", 500);
            muleEvent.getMessage().setPayload(buildResponsePayload(muleEvent.getEncoding(), "error", RequestProcessingException.ErrorType.SERVER_ERROR.getErrorCode()));
            return muleEvent;
        }
        if (requestProcessingException.getErrorType() == RequestProcessingException.ErrorType.RATE_LIMIT_EXCEEDED) {
            muleEvent.getMessage().setOutboundProperty("http.status", 429);
            muleEvent.getMessage().setPayload(null);
            return muleEvent;
        }
        String[] strArr = {"error", requestProcessingException.getErrorType().getErrorCode(), Constants.ERROR_DESCRIPTION_PARAMETER, requestProcessingException.getMessage()};
        String parameterFromBodyOrQuery = getParameterFromBodyOrQuery(muleEvent, "redirect_uri");
        boolean z = false;
        if (isRedirectingForError(requestProcessingException.getErrorType(), parameterFromBodyOrQuery)) {
            try {
                setRedirectResponse(muleEvent, buildRedirectUri(parameterFromBodyOrQuery, muleEvent, strArr));
                z = true;
            } catch (RequestProcessingException e) {
            }
        }
        if (!z) {
            muleEvent.getMessage().setOutboundProperty("http.status", 400);
            muleEvent.getMessage().setPayload(buildResponsePayload(muleEvent.getEncoding(), strArr));
        }
        return muleEvent;
    }

    protected boolean isRedirectingForError(RequestProcessingException.ErrorType errorType, String str) {
        return errorType.isDoRedirect() && StringUtils.isNotBlank(str);
    }

    protected Object buildResponsePayload(String str, String... strArr) {
        return buildEncodedParameters(str, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setRedirectResponse(MuleEvent muleEvent, String str) {
        muleEvent.getMessage().setOutboundProperty("http.status", 302);
        muleEvent.getMessage().setOutboundProperty("Content-Type", "application/x-www-form-urlencoded");
        muleEvent.getMessage().setOutboundProperty("Location", str);
        muleEvent.getMessage().setPayload(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String buildRedirectUri(String str, MuleEvent muleEvent, String... strArr) throws RequestProcessingException {
        boolean z = getSupportedResponseTypeOrFail(muleEvent) == Constants.ResponseType.TOKEN;
        String optionalParameter = getOptionalParameter(muleEvent, "state");
        return StringUtils.isNotBlank(optionalParameter) ? buildRedirectUri(str, muleEvent.getEncoding(), z, (String[]) ArrayUtils.addAll(strArr, new String[]{"state", optionalParameter})) : buildRedirectUri(str, muleEvent.getEncoding(), z, strArr);
    }

    private String buildRedirectUri(String str, String str2, boolean z, String... strArr) throws RequestProcessingException {
        String buildEncodedParameters = buildEncodedParameters(str2, strArr);
        URI newURI = newURI(str);
        String stripFragment = stripFragment(newURI);
        if (StringUtils.isBlank(buildEncodedParameters)) {
            return stripFragment;
        }
        return stripFragment + (z ? "#" : hasQuery(newURI) ? "&" : "?") + buildEncodedParameters;
    }

    private boolean hasQuery(URI uri) {
        return StringUtils.isNotBlank(uri.getQuery());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> keyValuePairsToMap(Object... objArr) {
        Validate.isTrue(objArr.length % 2 == 0, "need an even number of (param name, param value) string pairs");
        HashMap hashMap = new HashMap();
        for (int i = 0; i < objArr.length; i += 2) {
            Object obj = objArr[i + 1];
            if (obj != null) {
                hashMap.put((String) objArr[i], obj);
            }
        }
        return hashMap;
    }

    private String buildEncodedParameters(String str, String... strArr) {
        Validate.isTrue(strArr.length % 2 == 0, "need an even number of (param name, param value) string pairs");
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i += 2) {
            String str2 = strArr[i];
            String str3 = strArr[i + 1];
            if (StringUtils.isNotBlank(str3)) {
                if (sb.length() > 0) {
                    sb.append('&');
                }
                sb.append(str2).append('=').append(urlEncode(str3, str));
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getMandatoryParameterOrFail(MuleEvent muleEvent, String str) throws RequestProcessingException {
        String optionalParameter = getOptionalParameter(muleEvent, str);
        if (!StringUtils.isBlank(optionalParameter)) {
            return optionalParameter;
        }
        RequestProcessingException.ErrorType findByParameterName = RequestProcessingException.ErrorType.findByParameterName(str);
        if (findByParameterName == null) {
            findByParameterName = RequestProcessingException.ErrorType.INVALID_REQUEST;
        }
        throw new RequestProcessingException(findByParameterName, "Missing mandatory parameter: " + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getOptionalParameter(MuleEvent muleEvent, String str) {
        String parameterFromBodyOrQuery = getParameterFromBodyOrQuery(muleEvent, str);
        if (StringUtils.isBlank(parameterFromBodyOrQuery)) {
            return null;
        }
        return urlDecode(parameterFromBodyOrQuery, muleEvent.getEncoding());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Constants.ResponseType getSupportedResponseTypeOrFail(MuleEvent muleEvent) throws RequestProcessingException {
        String mandatoryParameterOrFail = getMandatoryParameterOrFail(muleEvent, Constants.RESPONSE_TYPE_PARAMETER);
        try {
            Constants.ResponseType valueOfIgnoreCase = Constants.ResponseType.valueOfIgnoreCase(mandatoryParameterOrFail);
            if (this.configuration.isAuthorizationResponseTypeSupported(valueOfIgnoreCase)) {
                return valueOfIgnoreCase;
            }
            throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_RESPONSE_TYPE, buildUnsupportedResponseTypeErrorMessage(mandatoryParameterOrFail));
        } catch (IllegalArgumentException e) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_RESPONSE_TYPE, buildUnsupportedResponseTypeErrorMessage(mandatoryParameterOrFail));
        }
    }

    private String buildUnsupportedResponseTypeErrorMessage(String str) {
        return "Response type '" + str + "' is not supported";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Constants.RequestGrantType getSupportedRequestGrantTypeOrFail(MuleEvent muleEvent) throws RequestProcessingException {
        String mandatoryParameterOrFail = getMandatoryParameterOrFail(muleEvent, "grant_type");
        try {
            Constants.RequestGrantType valueOfIgnoreCase = Constants.RequestGrantType.valueOfIgnoreCase(mandatoryParameterOrFail);
            if (this.configuration.isRequestGrantTypeSupported(valueOfIgnoreCase)) {
                return valueOfIgnoreCase;
            }
            throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_GRANT_TYPE, buildUnsupportedRequestGrantTypeErrorMessage(mandatoryParameterOrFail));
        } catch (IllegalArgumentException e) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.UNSUPPORTED_GRANT_TYPE, buildUnsupportedRequestGrantTypeErrorMessage(mandatoryParameterOrFail));
        }
    }

    private String buildUnsupportedRequestGrantTypeErrorMessage(String str) {
        return "Grant type '" + str + "' is not supported";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Client getKnownClientOrFail(MuleEvent muleEvent) throws OAuth2Exception {
        String username = extractClientCredentials(muleEvent).getUsername();
        if (StringUtils.isBlank(username)) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_CLIENT_ID);
        }
        return this.configuration.getClientStore().getClientById(username);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getValidRedirectionUriOrFail(Client client, MuleEvent muleEvent) throws RequestProcessingException {
        String mandatoryParameterOrFail = getMandatoryParameterOrFail(muleEvent, "redirect_uri");
        if (client.isValidRedirectUri(mandatoryParameterOrFail)) {
            return mandatoryParameterOrFail;
        }
        throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REDIRECTION_URI);
    }

    private String getParameterFromBodyOrQuery(MuleEvent muleEvent, String str) {
        Object inboundProperty;
        String str2 = null;
        Object payload = muleEvent.getMessage().getPayload();
        if (payload instanceof Map) {
            str2 = getSingleParameterValue(((Map) payload).get(str));
        }
        if (StringUtils.isBlank(str2)) {
            str2 = getSingleParameterValue(muleEvent.getMessage().getInboundProperty(str));
        }
        if (StringUtils.isBlank(str2) && (inboundProperty = muleEvent.getMessage().getInboundProperty("http.query.params")) != null && (inboundProperty instanceof Map)) {
            str2 = (String) ((Map) inboundProperty).get(str);
        }
        return StringUtils.stripToNull(str2);
    }

    private String getSingleParameterValue(Object obj) {
        if (obj == null) {
            return null;
        }
        return obj instanceof String ? (String) obj : obj instanceof List ? StringUtils.join((Collection) new HashSet((List) obj), ' ') : obj.getClass().isArray() ? StringUtils.join((Collection) new HashSet(Arrays.asList((Object[]) obj)), ' ') : obj.toString();
    }

    private String urlEncode(String str, String str2) {
        try {
            return URLEncoder.encode(str, str2);
        } catch (UnsupportedEncodingException e) {
            throw new MuleRuntimeException(e);
        }
    }

    private String urlDecode(String str, String str2) {
        try {
            return URLDecoder.decode(str, str2);
        } catch (UnsupportedEncodingException e) {
            throw new MuleRuntimeException(e);
        }
    }

    private URI newURI(String str) throws RequestProcessingException {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REDIRECTION_URI, e.getMessage());
        }
    }

    private String stripFragment(URI uri) {
        String fragment = uri.getFragment();
        return StringUtils.isNotBlank(fragment) ? StringUtils.substringBefore(uri.toString(), "#" + fragment) : uri.toString();
    }

    protected Credentials extractResourceOwnerCredentials(MuleEvent muleEvent) throws RequestProcessingException {
        return new MuleCredentials(getMandatoryParameterOrFail(muleEvent, "username"), StringUtils.stripToEmpty(getOptionalParameter(muleEvent, "password")).toCharArray());
    }

    protected Credentials extractClientCredentials(MuleEvent muleEvent) throws RequestProcessingException {
        String optionalParameter = getOptionalParameter(muleEvent, "client_id");
        String stripToEmpty = StringUtils.stripToEmpty(getOptionalParameter(muleEvent, "client_secret"));
        String optionalParameter2 = getOptionalParameter(muleEvent, "Authorization");
        if (StringUtils.isBlank(optionalParameter) && StringUtils.isBlank(optionalParameter2)) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REQUEST, "No client identification nor authentication found");
        }
        if (StringUtils.isNotBlank(stripToEmpty) && StringUtils.isNotBlank(optionalParameter2)) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REQUEST, "Multiple client authentications found");
        }
        if (StringUtils.isBlank(optionalParameter2)) {
            return new ClientSecretCredentials(optionalParameter, stripToEmpty.toCharArray());
        }
        Pair<String, String> basicAuthUsernamePassword = getBasicAuthUsernamePassword(muleEvent);
        String left = basicAuthUsernamePassword.getLeft();
        String right = basicAuthUsernamePassword.getRight();
        if (StringUtils.isBlank(left)) {
            throw new RequestProcessingException(RequestProcessingException.ErrorType.INVALID_REQUEST, "Invalid 'Authorization' header");
        }
        return new MuleCredentials(left, right.toCharArray());
    }

    private Pair<String, String> getBasicAuthUsernamePassword(MuleEvent muleEvent) {
        String extractCredentialsFromAuthorizationHeader = Utils.extractCredentialsFromAuthorizationHeader(getOptionalParameter(muleEvent, "Authorization"), "Basic", muleEvent.getEncoding());
        return Pair.of(Utils.urlDecode(StringUtils.substringBefore(extractCredentialsFromAuthorizationHeader, ":")), StringUtils.stripToEmpty(Utils.urlDecode(StringUtils.substringAfter(extractCredentialsFromAuthorizationHeader, ":"))));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getEffectiveScopes(MuleEvent muleEvent, Client client) throws RequestProcessingException {
        List<String> list = Utils.tokenize(getOptionalParameter(muleEvent, "scope"));
        List<String> scopes = client.getScopes();
        if (scopes.isEmpty() && !this.configuration.getDefaultScopes().isEmpty()) {
            scopes = this.configuration.getDefaultScopes();
        }
        return Utils.computeEffectiveScopeOrFail(list, scopes, this.configuration.getSupportedScopes());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<Boolean, Authentication> validateResourceOwnerCredentials(Client client, MuleEvent muleEvent) throws OAuth2Exception {
        Authentication authentication = null;
        Credentials extractResourceOwnerCredentials = extractResourceOwnerCredentials(muleEvent);
        this.configuration.getRateLimiter().checkOperationAuthorized(RateLimiter.Operation.RESOURCE_OWNER_LOGIN, extractResourceOwnerCredentials.getUsername());
        try {
            authentication = this.configuration.getResourceOwnerSecurityProvider().authenticate(new DefaultMuleAuthentication(extractResourceOwnerCredentials));
        } catch (Exception e) {
            this.logger.warn("Failed to validate client credentials for client ID: " + client.getClientId() + " and username: " + extractResourceOwnerCredentials.getUsername(), e);
        }
        boolean z = authentication != null && authentication.isAuthenticated();
        this.configuration.getRateLimiter().recordOperationOutcome(RateLimiter.Operation.RESOURCE_OWNER_LOGIN, extractResourceOwnerCredentials.getUsername(), z ? RateLimiter.Outcome.SUCCESS : RateLimiter.Outcome.FAILURE);
        return Pair.of(Boolean.valueOf(z), authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateClientCredentials(Client client, MuleEvent muleEvent) throws RequestProcessingException {
        Credentials extractClientCredentials = extractClientCredentials(muleEvent);
        if (extractClientCredentials instanceof ClientSecretCredentials) {
            return client.isAuthenticatedBy((ClientSecretCredentials) extractClientCredentials);
        }
        if (this.configuration.getClientSecurityProvider() == null) {
            this.logger.warn("Client ID: " + client.getClientId() + " failed to present a secret and no security provider is configured to validate its credentials");
            return false;
        }
        MuleCredentials muleCredentials = new MuleCredentials(StringUtils.isNotBlank(client.getPrincipal()) ? client.getPrincipal() : extractClientCredentials.getUsername(), extractClientCredentials.getPassword());
        try {
            return this.configuration.getClientSecurityProvider().authenticate(new DefaultMuleAuthentication(muleCredentials, muleEvent)).isAuthenticated();
        } catch (Exception e) {
            this.logger.warn("Failed to validate client credentials for client ID: " + client.getClientId() + " and principal: " + muleCredentials.getUsername(), e);
            return false;
        }
    }
}
