package org.apache.knox.gateway.securequery;

import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.codec.binary.Base64;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.security.EncryptionResult;
import org.apache.knox.gateway.services.security.impl.ConfigurableEncryptor;
import org.apache.knox.gateway.util.urltemplate.Builder;
import org.apache.knox.gateway.util.urltemplate.Query;

/* loaded from: input_file:org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.class */
public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> {
    private static SecureQueryMessages log = (SecureQueryMessages) MessagesFactory.get(SecureQueryMessages.class);
    private static final String ENCRYPTED_PARAMETER_NAME = "_";
    private ConfigurableEncryptor encryptor = null;

    public String getType() {
        return "decrypt-query";
    }

    public void initialize(UrlRewriteEnvironment urlRewriteEnvironment, SecureQueryDecryptDescriptor secureQueryDecryptDescriptor) throws Exception {
        this.encryptor = new ConfigurableEncryptor("encryptQueryString");
        this.encryptor.init((GatewayConfig) urlRewriteEnvironment.getAttribute("org.apache.knox.gateway.config"));
    }

    public UrlRewriteStepStatus process(UrlRewriteContext urlRewriteContext) throws Exception {
        Builder builder = new Builder(urlRewriteContext.getCurrentUrl());
        Map<String, Query> query = builder.getQuery();
        return getUrlRewriteStepStatus(urlRewriteContext, builder, query, query.remove(ENCRYPTED_PARAMETER_NAME), UrlRewriteStepStatus.FAILURE);
    }

    private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext urlRewriteContext, Builder builder, Map<String, Query> map, Query query, UrlRewriteStepStatus urlRewriteStepStatus) throws UnsupportedEncodingException {
        if (query != null) {
            urlRewriteStepStatus = getUrlRewriteStepStatus(urlRewriteContext, builder, map, urlRewriteStepStatus, decode(query.getFirstValue().getPattern()));
        }
        return urlRewriteStepStatus;
    }

    private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext urlRewriteContext, Builder builder, Map<String, Query> map, UrlRewriteStepStatus urlRewriteStepStatus, String str) {
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "&");
            while (stringTokenizer.hasMoreTokens()) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
                if (stringTokenizer2.hasMoreTokens()) {
                    String nextToken = stringTokenizer2.nextToken();
                    if (stringTokenizer2.hasMoreTokens()) {
                        String nextToken2 = stringTokenizer2.nextToken();
                        map.remove(nextToken);
                        builder.addQuery(nextToken, "", nextToken2, true);
                    } else {
                        builder.addQuery(nextToken, "", (String) null, true);
                    }
                }
            }
            urlRewriteContext.setCurrentUrl(builder.build());
            urlRewriteContext.getParameters().resolve("gateway.name");
            urlRewriteStepStatus = UrlRewriteStepStatus.SUCCESS;
        }
        return urlRewriteStepStatus;
    }

    public void destroy() {
    }

    String decode(String str) throws UnsupportedEncodingException {
        EncryptionResult fromByteArray = EncryptionResult.fromByteArray(Base64.decodeBase64(str));
        byte[] bArr = null;
        try {
            bArr = this.encryptor.decrypt(fromByteArray.salt, fromByteArray.iv, fromByteArray.cipher);
        } catch (Exception e) {
            log.unableToDecryptValue(e);
        }
        if (bArr != null) {
            return new String(bArr, StandardCharsets.UTF_8);
        }
        return null;
    }
}
