package com.predic8.membrane.core.graphql;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.ImmutableMap;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.graphql.model.ExecutableDefinition;
import com.predic8.membrane.core.graphql.model.ExecutableDocument;
import com.predic8.membrane.core.graphql.model.Field;
import com.predic8.membrane.core.graphql.model.FragmentDefinition;
import com.predic8.membrane.core.graphql.model.FragmentSpread;
import com.predic8.membrane.core.graphql.model.InlineFragment;
import com.predic8.membrane.core.graphql.model.OperationDefinition;
import com.predic8.membrane.core.graphql.model.Selection;
import com.predic8.membrane.core.http.HeaderField;
import com.predic8.membrane.core.http.HeaderName;
import com.predic8.membrane.core.http.MimeType;
import com.predic8.membrane.core.util.URLParamUtil;
import jakarta.mail.internet.ContentType;
import jakarta.mail.internet.ParseException;
import java.io.ByteArrayInputStream;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.8.1.jar:com/predic8/membrane/core/graphql/GraphQLoverHttpValidator.class */
public class GraphQLoverHttpValidator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) GraphQLoverHttpValidator.class);
    public static final String EXTENSIONS = "extensions";
    public static final String VARIABLES = "variables";
    public static final String MUTATION = "mutation";
    public static final String QUERY = "query";
    public static final String OPERATION_NAME = "operationName";
    private final GraphQLParser graphQLParser = new GraphQLParser();
    private final ObjectMapper om = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true).configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true);
    private final boolean allowExtensions;
    private final List<String> allowedMethods;
    private final int maxRecursion;
    private final int maxDepth;
    private final int maxMutations;
    private final Router router;

    public GraphQLoverHttpValidator(boolean z, List<String> list, int i, int i2, int i3, Router router) {
        this.allowExtensions = z;
        this.allowedMethods = list;
        this.maxRecursion = i;
        this.maxDepth = i2;
        this.maxMutations = i3;
        this.router = router;
    }

    public void validate(Exchange exchange) throws GraphQLOverHttpValidationException {
        if (!this.allowedMethods.contains(exchange.getRequest().getMethod())) {
            throw new GraphQLOverHttpValidationException(405, "Invalid method.");
        }
        Map<String, Object> data = getData(exchange);
        checkExtensions(data);
        checkVariables(data);
        checkExtension(data);
        ExecutableDocument executableDocument = getExecutableDocument(getQuery(data));
        checkMutations(executableDocument);
        validate(executableDocument);
        checkThatGetIsUsedOnlyForQueries(exchange, executableDocument);
        checkDepthOrRecursion(executableDocument, getOperationName(data));
    }

    private void checkThatGetIsUsedOnlyForQueries(Exchange exchange, ExecutableDocument executableDocument) {
        if (exchange.getRequest().isGETRequest() && executableDocument.getOperationDefinitions().stream().anyMatch(operationDefinition -> {
            return (operationDefinition.getOperationType() == null || "query".equals(operationDefinition.getOperationType().getOperation())) ? false : true;
        })) {
            throw new GraphQLOverHttpValidationException(405, "'GET' may only be used for GraphQL 'query's.");
        }
    }

    @NotNull
    private static Predicate<ExecutableDefinition> isOperationDefinition() {
        return executableDefinition -> {
            return executableDefinition instanceof OperationDefinition;
        };
    }

    private void checkMutations(ExecutableDocument executableDocument) {
        if (countMutations(executableDocument.getExecutableDefinitions()) > this.maxMutations) {
            throw new GraphQLOverHttpValidationException("Too many mutations defined in document.");
        }
    }

    private void checkExtensions(Map<String, Object> map) {
        if (!this.allowExtensions && map.containsKey(EXTENSIONS) && map.get(EXTENSIONS) != null) {
            throw new GraphQLOverHttpValidationException("GraphQL 'extensions' are forbidden.");
        }
    }

    @NotNull
    private Map<String, Object> getData(Exchange exchange) {
        if (exchange.getRequest().isGETRequest()) {
            return getData(getRawQuery(exchange));
        }
        if (exchange.getRequest().isPOSTRequest()) {
            return getDataPost(exchange, getRawQuery(exchange));
        }
        throw new IllegalStateException("Should never get here");
    }

    private void checkDepthOrRecursion(ExecutableDocument executableDocument, Object obj) {
        String depthOrRecursionError = getDepthOrRecursionError(executableDocument, getOperationDefinition(obj, executableDocument));
        if (depthOrRecursionError != null) {
            throw new GraphQLOverHttpValidationException(depthOrRecursionError);
        }
    }

    @Nullable
    private static Object getOperationName(Map map) {
        Object obj = map.get(OPERATION_NAME);
        if (obj == null || (obj instanceof String)) {
            return obj;
        }
        throw new GraphQLOverHttpValidationException("Expected 'operationName' to be a String.");
    }

    private static void checkVariables(Map map) {
        Object obj = map.get(VARIABLES);
        if (obj != null && !(obj instanceof Map)) {
            throw new GraphQLOverHttpValidationException("Expected 'variables' to be a JSON Object.");
        }
    }

    private static void validate(ExecutableDocument executableDocument) {
        List<String> validate = new GraphQLValidator().validate(executableDocument);
        if (validate != null && !validate.isEmpty()) {
            throw new GraphQLOverHttpValidationException(validate.get(0));
        }
    }

    private static OperationDefinition getOperationDefinition(Object obj, ExecutableDocument executableDocument) {
        if (obj == null || obj.equals("")) {
            List<OperationDefinition> operationDefinitions = executableDocument.getOperationDefinitions();
            if (operationDefinitions.isEmpty()) {
                throw new GraphQLOverHttpValidationException("Could not find an OperationDefinition in the GraphQL document.");
            }
            return operationDefinitions.get(0);
        }
        List<OperationDefinition> operationDefinitionsByName = executableDocument.getOperationDefinitionsByName(obj);
        if (operationDefinitionsByName.isEmpty()) {
            throw new GraphQLOverHttpValidationException("The operation named by 'operationName' could not be found.");
        }
        if (operationDefinitionsByName.size() > 1) {
            throw new GraphQLOverHttpValidationException("Multiple OperationDefinitions with the same name in the GraphQL document.");
        }
        return operationDefinitionsByName.get(0);
    }

    private ExecutableDocument getExecutableDocument(String str) {
        try {
            return this.graphQLParser.parseRequest(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            log.debug("Error parsing GraphQL request", (Throwable) e);
            throw new GraphQLOverHttpValidationException(422, "Error parsing GraphQL request.");
        }
    }

    private static void checkExtension(Map map) {
        Object obj = map.get(EXTENSIONS);
        if (obj != null && !(obj instanceof Map)) {
            throw new GraphQLOverHttpValidationException("Expected 'extensions' to be a JSON Object.");
        }
    }

    @NotNull
    private static String getQuery(Map map) {
        Object obj = map.get("query");
        if (obj == null) {
            throw new GraphQLOverHttpValidationException("Parameter 'query' is missing.");
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        throw new GraphQLOverHttpValidationException("Expected 'query' to be of type 'String'.");
    }

    @NotNull
    private Map<String, Object> getDataPost(Exchange exchange, String str) {
        if (str != null) {
            Map<String, String> parseQueryString = URLParamUtil.parseQueryString(str, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR);
            for (String str2 : new String[]{"query", OPERATION_NAME, VARIABLES, EXTENSIONS}) {
                if (parseQueryString.containsKey(str2)) {
                    throw new GraphQLOverHttpValidationException("'" + str2 + "' is not allowed as query parameter while using POST.");
                }
            }
        }
        ContentType contentType2 = getContentType2(exchange);
        if (contentType2.match(MimeType.APPLICATION_GRAPHQL)) {
            return ImmutableMap.of("query", exchange.getRequest().getBodyAsStringDecoded());
        }
        if (!contentType2.match("application/json")) {
            throw new GraphQLOverHttpValidationException("Expected 'Content-Type: application/json' or 'Content-Type: application/graphql'.");
        }
        String parameter = contentType2.getParameter("charset");
        if (parameter != null && !"utf-8".equalsIgnoreCase(parameter)) {
            throw new GraphQLOverHttpValidationException("Invalid charset in 'Content-Type': Expected 'utf-8'.");
        }
        try {
            return (Map) this.om.readValue(exchange.getRequest().getBodyAsStreamDecoded(), Map.class);
        } catch (Exception e) {
            throw new GraphQLOverHttpValidationException("Error decoding JSON object.");
        }
    }

    @NotNull
    private static ContentType getContentType2(Exchange exchange) {
        List<HeaderField> values = exchange.getRequest().getHeader().getValues(new HeaderName("Content-Type"));
        if (values.isEmpty()) {
            throw new GraphQLOverHttpValidationException("No 'Content-Type' found.");
        }
        if (values.size() > 1) {
            throw new GraphQLOverHttpValidationException("Found multiple 'Content-Type' headers.");
        }
        return getContentType(values);
    }

    @NotNull
    private static ContentType getContentType(List<HeaderField> list) {
        try {
            return new ContentType(list.get(0).getValue());
        } catch (ParseException e) {
            throw new GraphQLOverHttpValidationException("Could not parse 'Content-Type' header.");
        }
    }

    private String getRawQuery(Exchange exchange) {
        try {
            return this.router.getUriFactory().create(exchange.getRequest().getUri()).getRawQuery();
        } catch (URISyntaxException e) {
            throw new GraphQLOverHttpValidationException(400, "Invalid request URI.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    private Map<String, Object> getData(String str) {
        if (str == null) {
            throw new GraphQLOverHttpValidationException("No query parameters found.");
        }
        try {
            Map<String, String> parseQueryString = URLParamUtil.parseQueryString(str, URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR);
            try {
                if (parseQueryString.containsKey(VARIABLES)) {
                    parseQueryString.put(VARIABLES, this.om.readValue((String) parseQueryString.get(VARIABLES), Map.class));
                }
                if (parseQueryString.containsKey(EXTENSIONS)) {
                    parseQueryString.put(EXTENSIONS, this.om.readValue((String) parseQueryString.get(EXTENSIONS), Map.class));
                }
                return parseQueryString;
            } catch (JsonProcessingException e) {
                throw new GraphQLOverHttpValidationException(422, "Error parsing variables or extensions from request JSON.");
            }
        } catch (Exception e2) {
            throw new GraphQLOverHttpValidationException("Error decoding query string.");
        }
    }

    public static int countMutations(List<ExecutableDefinition> list) {
        return (int) getMutationOperations(list).map((v0) -> {
            return v0.getSelections();
        }).mapToLong((v0) -> {
            return v0.size();
        }).sum();
    }

    @NotNull
    private static Stream<OperationDefinition> getMutationOperations(List<ExecutableDefinition> list) {
        return list.stream().filter(isOperationDefinition()).map(executableDefinition -> {
            return (OperationDefinition) executableDefinition;
        }).filter(operationDefinition -> {
            return operationDefinition.getOperationType() != null;
        }).filter(GraphQLoverHttpValidator::isMutation);
    }

    private static boolean isMutation(OperationDefinition operationDefinition) {
        return operationDefinition.getOperationType().getOperation().equals("mutation");
    }

    private String getDepthOrRecursionError(ExecutableDocument executableDocument, OperationDefinition operationDefinition) {
        return checkSelections(executableDocument, operationDefinition, operationDefinition.getSelections(), new ArrayList(), new HashSet<>());
    }

    private String checkSelections(ExecutableDocument executableDocument, OperationDefinition operationDefinition, List<Selection> list, List<String> list2, HashSet<String> hashSet) {
        if (list == null) {
            return null;
        }
        Iterator<Selection> it = list.iterator();
        if (!it.hasNext()) {
            return null;
        }
        Selection next = it.next();
        if (next != null) {
            return next instanceof Field ? checkField((Field) next, executableDocument, operationDefinition, list2, hashSet) : next instanceof FragmentSpread ? checkFragmentSpread((FragmentSpread) next, executableDocument, operationDefinition, list2, hashSet) : next instanceof InlineFragment ? checkSelections(executableDocument, operationDefinition, ((InlineFragment) next).getSelections(), list2, hashSet) : checkUnhandled(next);
        }
        log.error("Selection is null.");
        return "See server log.";
    }

    private String checkUnhandled(Selection selection) {
        log.error("Unhandled class: " + selection.getClass().getName());
        return "See server log.";
    }

    private String checkFragmentSpread(FragmentSpread fragmentSpread, ExecutableDocument executableDocument, OperationDefinition operationDefinition, List<String> list, HashSet<String> hashSet) {
        String fragmentName = fragmentSpread.getFragmentName();
        Optional findAny = executableDocument.getExecutableDefinitions().stream().filter(executableDefinition -> {
            return executableDefinition instanceof FragmentDefinition;
        }).map(executableDefinition2 -> {
            return (FragmentDefinition) executableDefinition2;
        }).filter(fragmentDefinition -> {
            return fragmentName.equals(fragmentDefinition.getName());
        }).findAny();
        if (findAny.isEmpty()) {
            return "Did not find fragment '" + fragmentName + "'.";
        }
        if (!hashSet.add(fragmentName)) {
            return "Fragment spreads form cycle ('" + fragmentName + "').";
        }
        String checkSelections = checkSelections(executableDocument, operationDefinition, ((FragmentDefinition) findAny.get()).getSelections(), list, hashSet);
        if (checkSelections != null) {
            return checkSelections;
        }
        hashSet.remove(fragmentName);
        return null;
    }

    private String checkField(Field field, ExecutableDocument executableDocument, OperationDefinition operationDefinition, List<String> list, HashSet<String> hashSet) {
        String name = field.getName();
        list.add(name);
        if (list.size() > this.maxDepth) {
            return "Max depth exceeded.";
        }
        if (list.stream().filter(str -> {
            return str.equals(name);
        }).count() > this.maxRecursion) {
            return "Max recursion exceeded.";
        }
        String checkSelections = checkSelections(executableDocument, operationDefinition, field.getSelections(), list, hashSet);
        if (checkSelections != null) {
            return checkSelections;
        }
        list.remove(list.size() - 1);
        return null;
    }
}
