package io.gravitee.policy.apikey;

import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.Response;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequest;
import io.gravitee.policy.apikey.configuration.ApiKeyPolicyConfiguration;
import io.gravitee.repository.exceptions.TechnicalException;
import io.gravitee.repository.management.api.ApiKeyRepository;
import io.gravitee.repository.management.model.ApiKey;
import java.util.Date;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/policy/apikey/ApiKeyPolicy.class */
public class ApiKeyPolicy {
    private static final Logger LOGGER = LoggerFactory.getLogger(ApiKeyPolicy.class);
    static final String API_KEY_QUERY_PARAMETER = "api-key";
    private final ApiKeyPolicyConfiguration apiKeyPolicyConfiguration;

    public ApiKeyPolicy(ApiKeyPolicyConfiguration apiKeyPolicyConfiguration) {
        this.apiKeyPolicyConfiguration = apiKeyPolicyConfiguration;
    }

    @OnRequest
    public void onRequest(Request request, Response response, ExecutionContext executionContext, PolicyChain policyChain) {
        final String lookForApiKey = lookForApiKey(request);
        if (lookForApiKey == null || lookForApiKey.isEmpty()) {
            LOGGER.debug("No API Key has been specified for request {}. Returning 401 status code.", request.id());
            policyChain.failWith(new PolicyResult() { // from class: io.gravitee.policy.apikey.ApiKeyPolicy.1
                public boolean isFailure() {
                    return true;
                }

                public int httpStatusCode() {
                    return 401;
                }

                public String message() {
                    return "No API Key has been specified in headers (X-Gravitee-Api-Key) or query parameters (api-key).";
                }
            });
            return;
        }
        try {
            Optional retrieve = ((ApiKeyRepository) executionContext.getComponent(ApiKeyRepository.class)).retrieve(lookForApiKey);
            request.metrics().setApiKey(lookForApiKey);
            if (retrieve.isPresent()) {
                ApiKey apiKey = (ApiKey) retrieve.get();
                executionContext.setAttribute("gravitee.attribute.application", apiKey.getApplication());
                executionContext.setAttribute("gravitee.attribute.api-key", apiKey.getKey());
                request.metrics().setApplication(apiKey.getApplication());
                String str = (String) executionContext.getAttribute("gravitee.attribute.api");
                if (!apiKey.isRevoked() && apiKey.getApi().equalsIgnoreCase(str) && (apiKey.getExpiration() == null || apiKey.getExpiration().after(Date.from(request.timestamp())))) {
                    LOGGER.debug("API Key for request {} has been validated.", request.id());
                    policyChain.doNext(request, response);
                } else {
                    LOGGER.debug("API Key for request {} is invalid. Returning 403 status code.", request.id());
                    policyChain.failWith(new PolicyResult() { // from class: io.gravitee.policy.apikey.ApiKeyPolicy.2
                        public boolean isFailure() {
                            return true;
                        }

                        public int httpStatusCode() {
                            return 403;
                        }

                        public String message() {
                            return "API Key " + lookForApiKey + " is not valid or is expired / revoked.";
                        }
                    });
                }
            } else {
                LOGGER.debug("API Key for request {} is invalid. Returning 403 status code.", request.id());
                policyChain.failWith(new PolicyResult() { // from class: io.gravitee.policy.apikey.ApiKeyPolicy.3
                    public boolean isFailure() {
                        return true;
                    }

                    public int httpStatusCode() {
                        return 403;
                    }

                    public String message() {
                        return "API Key " + lookForApiKey + " is not valid or is expired / revoked.";
                    }
                });
            }
        } catch (TechnicalException e) {
            LOGGER.error("An unexpected error occurs while validation API Key. Returning 500 status code.", e);
            policyChain.failWith(new PolicyResult() { // from class: io.gravitee.policy.apikey.ApiKeyPolicy.4
                public boolean isFailure() {
                    return true;
                }

                public int httpStatusCode() {
                    return 500;
                }

                public String message() {
                    return "An unexpected error occurs while getting API Key from repository";
                }
            });
        }
    }

    private String lookForApiKey(Request request) {
        String first = request.headers().getFirst("X-Gravitee-Api-Key");
        LOGGER.debug("Looking for {} header from request {}", "X-Gravitee-Api-Key", request.id());
        if (first == null || first.isEmpty()) {
            LOGGER.debug("No '{}' header value for request {}. Fallback to query param. Returning 401 status code.", "X-Gravitee-Api-Key", request.id());
            first = (String) request.parameters().getOrDefault(API_KEY_QUERY_PARAMETER, null);
            LOGGER.debug("No '{}' parameter for request {}. Returning empty API Key", API_KEY_QUERY_PARAMETER, request.id());
        }
        if (!this.apiKeyPolicyConfiguration.isPropagateApiKey()) {
            request.headers().remove("X-Gravitee-Api-Key");
            request.parameters().remove(API_KEY_QUERY_PARAMETER);
        }
        return first;
    }
}
