package com.axway.apim.config;

import com.axway.apim.api.API;
import com.axway.apim.api.model.AuthType;
import com.axway.apim.api.model.AuthenticationProfile;
import com.axway.apim.api.model.CaCert;
import com.axway.apim.api.model.CorsProfile;
import com.axway.apim.api.model.DeviceType;
import com.axway.apim.api.model.InboundProfile;
import com.axway.apim.api.model.TagMap;
import com.axway.apim.cli.APIMCLIServiceProvider;
import com.axway.apim.cli.CLIServiceMethod;
import com.axway.apim.config.model.APISecurity;
import com.axway.apim.config.model.GenerateTemplateParameters;
import com.axway.apim.lib.StandardExportParams;
import com.axway.apim.lib.error.AppException;
import com.axway.apim.lib.error.ErrorCode;
import com.axway.apim.lib.utils.URLParser;
import com.axway.apim.lib.utils.Utils;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.servers.Server;
import io.swagger.v3.oas.models.tags.Tag;
import io.swagger.v3.parser.OpenAPIV3Parser;
import io.swagger.v3.parser.core.models.AuthorizationValue;
import io.swagger.v3.parser.core.models.ParseOptions;
import io.swagger.v3.parser.core.models.SwaggerParseResult;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/axway/apim/config/GenerateTemplate.class */
public class GenerateTemplate implements APIMCLIServiceProvider {
    private static final Logger LOG = LoggerFactory.getLogger(GenerateTemplate.class);
    public static final String DEFAULT = "_default";

    public String getName() {
        return "Generate Config file template from Open API";
    }

    public String getVersion() {
        return GenerateTemplate.class.getPackage().getImplementationVersion();
    }

    public String getGroupId() {
        return "template";
    }

    public String getGroupDescription() {
        return "Generate APIM CLI Config file template from Open API";
    }

    @CLIServiceMethod(name = "generate", description = "Generate APIM CLI Config file template from Open API")
    public static int generate(String[] strArr) {
        System.setProperty("TRUST_ALL", "true");
        HttpsURLConnection.setDefaultHostnameVerifier((str, sSLSession) -> {
            return true;
        });
        LOG.info("Generating APIM CLI configuration file");
        try {
            GenerateTemplateParameters generateTemplateParameters = (GenerateTemplateParameters) GenerateTemplateCLIOptions.create(strArr).getParams();
            try {
                APIConfig generateTemplate = new GenerateTemplate().generateTemplate(generateTemplateParameters);
                FileWriter fileWriter = new FileWriter(generateTemplateParameters.getConfig());
                try {
                    ObjectMapper objectMapper = generateTemplateParameters.getOutputFormat().equals(StandardExportParams.OutputFormat.yaml) ? new ObjectMapper(new YAMLFactory()) : new ObjectMapper();
                    objectMapper.setFilterProvider(new SimpleFilterProvider().setDefaultFilter(SimpleBeanPropertyFilter.serializeAllExcept(new String[]{"useForInbound", "useForOutbound"})));
                    objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
                    objectMapper.setSerializationInclusion(JsonInclude.Include.NON_EMPTY);
                    objectMapper.writeValue(fileWriter, (JsonNode) objectMapper.convertValue(generateTemplate, JsonNode.class));
                    LOG.info("Writing APIM CLI configuration file to : {}", generateTemplateParameters.getConfig());
                    fileWriter.close();
                    return 0;
                } finally {
                }
            } catch (IOException | KeyManagementException | NoSuchAlgorithmException | CertificateEncodingException e) {
                LOG.error("Error in processing :", e);
                if (!(e instanceof AppException)) {
                    return 1;
                }
                AppException appException = e;
                LOG.error("{} : Error code {}", appException.getError().getDescription(), Integer.valueOf(appException.getError().getCode()));
                return appException.getError().getCode();
            }
        } catch (AppException e2) {
            LOG.error("Error", e2);
            return e2.getError().getCode();
        }
    }

    public APIConfig generateTemplate(GenerateTemplateParameters generateTemplateParameters) throws IOException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
        String str;
        String str2;
        ArrayList arrayList = new ArrayList();
        ParseOptions parseOptions = new ParseOptions();
        parseOptions.setResolve(true);
        URLParser uRLParser = new URLParser(generateTemplateParameters.getApiDefinition());
        String uri = uRLParser.getUri();
        String username = uRLParser.getUsername();
        String password = uRLParser.getPassword();
        if (username != null && password != null) {
            arrayList.add(new AuthorizationValue("Authorization", Base64.getEncoder().encodeToString((username + ":" + password).getBytes()), "header"));
        }
        SwaggerParseResult readLocation = new OpenAPIV3Parser().readLocation(uri, arrayList, parseOptions);
        List messages = readLocation.getMessages();
        if (messages.size() > 0) {
            throw new AppException(messages.toString(), ErrorCode.UNSUPPORTED_API_SPECIFICATION);
        }
        OpenAPI openAPI = readLocation.getOpenAPI();
        Info info = openAPI.getInfo();
        List servers = openAPI.getServers();
        if (servers == null || servers.size() == 0) {
            throw new AppException("servers element is not found", ErrorCode.UNSUPPORTED_API_SPECIFICATION);
        }
        String url = ((Server) servers.get(0)).getUrl();
        if (url.startsWith("http")) {
            URL url2 = new URL(url);
            str = url2.getPath();
            String protocol = url2.getProtocol();
            String host = url2.getHost();
            int port = url2.getPort();
            str2 = port == -1 ? String.format("%s://%s", protocol, host) : String.format("%s://%s:%d", protocol, host, Integer.valueOf(port));
        } else {
            str = url;
            str2 = "https://localhost";
        }
        List<Tag> tags = openAPI.getTags();
        TagMap tagMap = new TagMap();
        for (Tag tag : tags) {
            tagMap.put(tag.getName(), new String[]{tag.getName()});
        }
        API api = new API();
        api.setState("published");
        api.setBackendResourcePath(str2);
        api.setPath(str);
        api.setName(info.getTitle());
        api.setVersion(info.getVersion());
        api.setTags(tagMap);
        api.setDescriptionType("original");
        CorsProfile corsProfile = new CorsProfile();
        corsProfile.setName("Custom CORS");
        corsProfile.setIsDefault(false);
        corsProfile.setSupportCredentials(true);
        corsProfile.setOrigins(new String[]{"*"});
        corsProfile.setAllowedHeaders(new String[]{"Authorization", "x-requested-with", "Bearer"});
        corsProfile.setExposedHeaders(new String[]{"Via", "X-CorrelationID"});
        corsProfile.setMaxAgeSeconds("0");
        CorsProfile corsProfile2 = new CorsProfile();
        corsProfile2.setName("_default");
        corsProfile2.setIsDefault(true);
        corsProfile2.setOrigins(new String[]{"*"});
        corsProfile2.setAllowedHeaders(new String[0]);
        corsProfile2.setExposedHeaders(new String[]{"X-CorrelationID"});
        corsProfile2.setMaxAgeSeconds("0");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(corsProfile2);
        arrayList2.add(corsProfile);
        api.setCorsProfiles(arrayList2);
        HashMap hashMap = new HashMap();
        InboundProfile inboundProfile = new InboundProfile();
        inboundProfile.setCorsProfile("Custom CORS");
        inboundProfile.setSecurityProfile("_default");
        inboundProfile.setMonitorAPI(true);
        inboundProfile.setMonitorSubject("authentication.subject.id");
        inboundProfile.setQueryStringPassThrough(false);
        hashMap.put("_default", inboundProfile);
        api.setInboundProfiles(hashMap);
        Map<String, Object> addInboundSecurityToAPI = addInboundSecurityToAPI(generateTemplateParameters.getFrontendAuthType());
        addOutboundSecurityToAPI(api, generateTemplateParameters.getBackendAuthType());
        return new APIConfig(api, uri.startsWith("https") ? downloadCertificatesAndContent(api, generateTemplateParameters.getConfig(), uri) : uri.startsWith("http") ? downloadContent(generateTemplateParameters.getConfig(), uri) : generateTemplateParameters.getApiDefinition(), addInboundSecurityToAPI);
    }

    private void addOutboundSecurityToAPI(API api, String str) throws AppException {
        AuthType authType = null;
        try {
            authType = AuthType.valueOf(str);
        } catch (IllegalArgumentException e) {
            LOG.error("Invalid backend auth type", e);
        }
        if (authType == null) {
            AuthType[] values = AuthType.values();
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                AuthType authType2 = values[i];
                String name = authType2.name();
                String[] alternativeNames = authType2.getAlternativeNames();
                if (name.equals(str)) {
                    authType = authType2;
                    break;
                }
                int length2 = alternativeNames.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length2) {
                        break;
                    }
                    if (alternativeNames[i2].equals(str)) {
                        authType = authType2;
                        break;
                    }
                    i2++;
                }
                i++;
            }
        }
        if (authType == null) {
            throw new AppException("backendAuthType : " + str + "  is invalid", ErrorCode.INVALID_PARAMETER);
        }
        ArrayList arrayList = new ArrayList();
        AuthenticationProfile authenticationProfile = new AuthenticationProfile();
        authenticationProfile.setName("_default");
        authenticationProfile.setType(authType);
        authenticationProfile.setIsDefault(true);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (authType.equals(AuthType.apiKey)) {
            linkedHashMap.put("apiKey", "4249823490238490");
            linkedHashMap.put("apiKeyField", "KeyId");
            linkedHashMap.put("httpLocation", "QUERYSTRING_PARAMETER");
        } else if (authType.equals(AuthType.http_basic) || authType.equals(AuthType.http_digest)) {
            linkedHashMap.put("username", "user1");
            linkedHashMap.put("password", "password1");
        } else if (authType.equals(AuthType.oauth)) {
            linkedHashMap.put("providerProfile", "<Name-of-configured-OAuth-Profile>");
            linkedHashMap.put("ownerId", "${authentication.subject.id}");
        } else if (authType.equals(AuthType.ssl)) {
            linkedHashMap.put("source", "file");
            linkedHashMap.put("certFile", "../certificates/clientcert.pfx");
            linkedHashMap.put("password", Utils.getEncryptedPassword());
            linkedHashMap.put("trustAll", true);
        }
        authenticationProfile.setParameters(linkedHashMap);
        arrayList.add(authenticationProfile);
        api.setAuthenticationProfiles(arrayList);
    }

    private Map<String, Object> addInboundSecurityToAPI(String str) throws AppException {
        DeviceType deviceType = null;
        try {
            deviceType = DeviceType.valueOf(str);
        } catch (IllegalArgumentException e) {
            LOG.error("Invalid Frontend AuthType", e);
        }
        if (deviceType == null) {
            DeviceType[] values = DeviceType.values();
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                DeviceType deviceType2 = values[i];
                String name = deviceType2.name();
                String[] alternativeNames = deviceType2.getAlternativeNames();
                if (name.equals(str)) {
                    deviceType = deviceType2;
                    break;
                }
                int length2 = alternativeNames.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length2) {
                        break;
                    }
                    if (alternativeNames[i2].equals(str)) {
                        deviceType = deviceType2;
                        break;
                    }
                    i2++;
                }
                i++;
            }
        }
        if (deviceType == null) {
            throw new AppException("frontendAuthType : " + str + "  is invalid", ErrorCode.INVALID_PARAMETER);
        }
        APISecurity aPISecurity = new APISecurity();
        aPISecurity.setType(deviceType.toString());
        aPISecurity.setName(deviceType.getName());
        HashMap hashMap = new HashMap();
        if (deviceType.equals(DeviceType.apiKey)) {
            hashMap.put("apiKeyFieldName", "KeyId");
            hashMap.put("takeFrom", "HEADER");
            hashMap.put("removeCredentialsOnSuccess", "true");
        } else if (deviceType.equals(DeviceType.oauth)) {
            hashMap.put("tokenStore", "OAuth Access Token Store");
            hashMap.put("scopes", "resource.WRITE, resource.READ");
            setupOauthProperties(hashMap);
        } else if (deviceType.equals(DeviceType.oauthExternal)) {
            hashMap.put("tokenStore", "Tokeninfo policy 1");
            hashMap.put("useClientRegistry", true);
            hashMap.put("subjectSelector", "${oauth.token.client_id}");
            setupOauthProperties(hashMap);
        } else if (deviceType.equals(DeviceType.authPolicy)) {
            hashMap.put("authenticationPolicy", "Custom authentication policy");
            hashMap.put("useClientRegistry", true);
            hashMap.put("subjectSelector", "authentication.subject.id");
            hashMap.put("descriptionType", "original");
            hashMap.put("descriptionUrl", "");
            hashMap.put("descriptionMarkdown", "");
            hashMap.put("description", "");
        }
        aPISecurity.setProperties(hashMap);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("name", "_default");
        linkedHashMap.put("isDefault", true);
        ArrayList arrayList = new ArrayList();
        arrayList.add(aPISecurity);
        linkedHashMap.put("devices", arrayList);
        return linkedHashMap;
    }

    private void setupOauthProperties(Map<String, Object> map) {
        map.put("accessTokenLocation", "HEADER");
        map.put("authorizationHeaderPrefix", "Bearer");
        map.put("accessTokenLocationQueryString", "");
        map.put("scopesMustMatch", "Any");
        map.put("scopes", "resource.WRITE, resource.READ");
        map.put("removeCredentialsOnSuccess", true);
        map.put("implicitGrantEnabled", true);
        map.put("implicitGrantLoginEndpointUrl", "https://localhost:8089/api/oauth/authorize");
        map.put("implicitGrantLoginTokenName", "access_token");
        map.put("authCodeGrantTypeEnabled", true);
        map.put("authCodeGrantTypeRequestEndpointUrl", "https://localhost:8089/api/oauth/authorize");
        map.put("authCodeGrantTypeRequestClientIdName", "client_id");
        map.put("authCodeGrantTypeRequestSecretName", "client_secret");
        map.put("authCodeGrantTypeTokenEndpointUrl", "https://localhost:8089/api/oauth/token");
        map.put("authCodeGrantTypeTokenEndpointTokenName", "access_code");
    }

    public String writeAPISpecification(String str, String str2, InputStream inputStream) throws IOException {
        try {
            String name = new File(new URL(str).getPath()).getName();
            String iOUtils = IOUtils.toString(inputStream, "UTF-8");
            File file = new File(str2);
            if (file.getParent() != null) {
                name = file.toPath().getParent().toString() + File.separator + name;
            }
            LOG.info("Writing API specification to : {}", name);
            FileWriter fileWriter = new FileWriter(name);
            try {
                fileWriter.write(iOUtils);
                fileWriter.flush();
                fileWriter.close();
                return name;
            } finally {
            }
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    public String downloadContent(String str, String str2) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str2).openConnection();
        int responseCode = httpURLConnection.getResponseCode();
        String str3 = null;
        LOG.debug("Response Code : {}", Integer.valueOf(responseCode));
        if (responseCode == 200) {
            str3 = writeAPISpecification(str2, str, httpURLConnection.getInputStream());
        }
        return str3;
    }

    public String downloadCertificatesAndContent(API api, String str, String str2) throws IOException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.axway.apim.config.GenerateTemplate.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) {
            }
        }};
        File file = new File(str);
        String parent = file.getParent();
        Base64.Encoder mimeEncoder = Base64.getMimeEncoder(64, System.getProperty("line.separator").getBytes());
        URL url = new URL(str2);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.connect();
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : serverCertificates) {
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (x509Certificate.getBasicConstraints() != -1 || arrayList.size() <= 1) {
                    CaCert caCert = new CaCert();
                    byte[] bytes = ("-----BEGIN CERTIFICATE-----\n" + new String(mimeEncoder.encode(x509Certificate.getEncoded())) + "\n-----END CERTIFICATE-----").getBytes();
                    String createCertFileName = createCertFileName(x509Certificate);
                    if (parent != null) {
                        createCertFileName = file.toPath().getParent().toString() + File.separator + createCertFileName;
                    }
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(createCertFileName);
                        try {
                            fileOutputStream.write(bytes);
                            fileOutputStream.close();
                            caCert.setCertFile(createCertFileName);
                            caCert.setInbound("false");
                            caCert.setOutbound("true");
                            arrayList.add(caCert);
                        } finally {
                        }
                    } catch (IOException e) {
                        throw new AppException("Can't write file", ErrorCode.UNXPECTED_ERROR, e);
                    }
                }
            }
        }
        int responseCode = httpsURLConnection.getResponseCode();
        LOG.debug("Response Code : {}", Integer.valueOf(responseCode));
        String writeAPISpecification = responseCode == 200 ? writeAPISpecification(str2, str, httpsURLConnection.getInputStream()) : null;
        api.setCaCerts(arrayList);
        return writeAPISpecification;
    }

    public String createCertFileName(X509Certificate x509Certificate) {
        String replace;
        String str = null;
        String[] split = x509Certificate.getSubjectDN().getName().split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str2 = split[i];
            if (str2.trim().startsWith("CN=")) {
                str = str2.trim().substring(3);
                break;
            }
            i++;
        }
        if (str == null) {
            LOG.warn("No CN");
            replace = "UnknownCertificate_" + UUID.randomUUID();
            LOG.warn("Created a random filename: {}", replace);
        } else {
            replace = str.replace(" ", "").replace("*", "");
            if (replace.startsWith(".")) {
                replace = replace.replaceFirst("\\.", "");
            }
        }
        return replace + ".crt";
    }
}
