package io.gravitee.gateway.security.apikey;

import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.security.core.AuthenticationContext;
import io.gravitee.gateway.security.core.AuthenticationHandler;
import io.gravitee.gateway.security.core.AuthenticationPolicy;
import io.gravitee.reporter.api.http.SecurityType;
import io.gravitee.repository.exceptions.TechnicalException;
import io.gravitee.repository.management.api.ApiKeyRepository;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:io/gravitee/gateway/security/apikey/ApiKeyAuthenticationHandler.class */
public class ApiKeyAuthenticationHandler implements AuthenticationHandler, InitializingBean {
    static final String API_KEY_POLICY = "api-key";
    private static final String APIKEY_CONTEXT_ATTRIBUTE = "apikey";
    private static final List<AuthenticationPolicy> POLICIES = Collections.singletonList(() -> {
        return API_KEY_POLICY;
    });

    @Autowired
    private ApplicationContext applicationContext;
    private ApiKeyRepository apiKeyRepository;
    private final Logger logger = LoggerFactory.getLogger(ApiKeyAuthenticationHandler.class);

    @Value("${policy.api-key.header:X-Gravitee-Api-Key}")
    private String apiKeyHeader = "X-Gravitee-Api-Key";

    @Value("${policy.api-key.param:api-key}")
    private String apiKeyQueryParameter = API_KEY_POLICY;

    public void afterPropertiesSet() {
        this.apiKeyRepository = (ApiKeyRepository) this.applicationContext.getBean(ApiKeyRepository.class);
    }

    public boolean canHandle(AuthenticationContext authenticationContext) {
        String readApiKey = readApiKey(authenticationContext.request());
        if (readApiKey == null) {
            return false;
        }
        if (this.apiKeyRepository == null || authenticationContext.get(APIKEY_CONTEXT_ATTRIBUTE) != null) {
            return true;
        }
        try {
            Optional findById = this.apiKeyRepository.findById(readApiKey);
            if (findById.isPresent()) {
                authenticationContext.request().metrics().setSecurityType(SecurityType.API_KEY);
                authenticationContext.request().metrics().setSecurityToken(readApiKey);
            }
            authenticationContext.set(APIKEY_CONTEXT_ATTRIBUTE, findById);
            return true;
        } catch (TechnicalException e) {
            return true;
        }
    }

    public String name() {
        return "api_key";
    }

    public int order() {
        return 500;
    }

    public List<AuthenticationPolicy> handle(ExecutionContext executionContext) {
        return POLICIES;
    }

    private String readApiKey(Request request) {
        this.logger.debug("Looking for an API Key from request header: {}", this.apiKeyHeader);
        String first = request.headers().getFirst(this.apiKeyHeader);
        if (first == null || first.isEmpty()) {
            this.logger.debug("Looking for an API Key from request query parameter: {}", this.apiKeyQueryParameter);
            first = (String) request.parameters().getFirst(this.apiKeyQueryParameter);
        }
        return first;
    }
}
