package io.camunda.connector.inbound;

import io.camunda.connector.api.annotation.InboundConnector;
import io.camunda.connector.api.inbound.Activity;
import io.camunda.connector.api.inbound.Health;
import io.camunda.connector.api.inbound.InboundConnectorContext;
import io.camunda.connector.api.inbound.Severity;
import io.camunda.connector.api.inbound.webhook.MappedHttpRequest;
import io.camunda.connector.api.inbound.webhook.VerifiableWebhook;
import io.camunda.connector.api.inbound.webhook.WebhookConnectorException;
import io.camunda.connector.api.inbound.webhook.WebhookConnectorExecutable;
import io.camunda.connector.api.inbound.webhook.WebhookProcessingPayload;
import io.camunda.connector.api.inbound.webhook.WebhookResult;
import io.camunda.connector.inbound.authorization.AuthorizationResult;
import io.camunda.connector.inbound.authorization.WebhookAuthorizationHandler;
import io.camunda.connector.inbound.model.WebhookConnectorProperties;
import io.camunda.connector.inbound.model.WebhookProcessingResultImpl;
import io.camunda.connector.inbound.signature.HMACAlgoCustomerChoice;
import io.camunda.connector.inbound.signature.HMACSignatureValidator;
import io.camunda.connector.inbound.signature.HMACSwitchCustomerChoice;
import io.camunda.connector.inbound.signature.strategy.HMACEncodingStrategyFactory;
import io.camunda.connector.inbound.utils.HttpMethods;
import io.camunda.connector.inbound.utils.HttpWebhookUtil;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InboundConnector(name = "Webhook", type = "io.camunda:webhook:1")
/* loaded from: input_file:io/camunda/connector/inbound/HttpWebhookExecutable.class */
public class HttpWebhookExecutable implements WebhookConnectorExecutable, VerifiableWebhook {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HttpWebhookExecutable.class);
    private WebhookConnectorProperties props;
    private WebhookAuthorizationHandler<?> authChecker;
    private InboundConnectorContext context;

    public WebhookResult triggerWebhook(WebhookProcessingPayload webhookProcessingPayload) throws NoSuchAlgorithmException, InvalidKeyException, IOException {
        LOGGER.trace("Triggered webhook with context " + this.props.context() + " and payload " + String.valueOf(webhookProcessingPayload));
        this.context.log(Activity.level(Severity.INFO).tag(webhookProcessingPayload.method()).message("Url: " + webhookProcessingPayload.requestURL()));
        if (!HttpMethods.any.name().equalsIgnoreCase(this.props.method()) && !webhookProcessingPayload.method().equalsIgnoreCase(this.props.method())) {
            throw new WebhookConnectorException(HttpResponseStatus.METHOD_NOT_ALLOWED.code(), "Method " + webhookProcessingPayload.method() + " not supported");
        }
        WebhookProcessingResultImpl webhookProcessingResultImpl = new WebhookProcessingResultImpl();
        if (!webhookSignatureIsValid(webhookProcessingPayload)) {
            throw new WebhookConnectorException.WebhookSecurityException(HttpResponseStatus.UNAUTHORIZED.code(), WebhookConnectorException.WebhookSecurityException.Reason.INVALID_SIGNATURE, "HMAC signature check didn't pass");
        }
        AuthorizationResult checkAuthorization = this.authChecker.checkAuthorization(webhookProcessingPayload);
        if (checkAuthorization instanceof AuthorizationResult.Failure) {
            throw ((AuthorizationResult.Failure) checkAuthorization).toException();
        }
        webhookProcessingResultImpl.setRequest(new MappedHttpRequest(HttpWebhookUtil.transformRawBodyToMap(webhookProcessingPayload.rawBody(), HttpWebhookUtil.extractContentType(webhookProcessingPayload.headers())), webhookProcessingPayload.headers(), webhookProcessingPayload.params()));
        if (this.props.responseBodyExpression() != null) {
            webhookProcessingResultImpl.setResponseBodyExpression(this.props.responseBodyExpression());
        }
        return webhookProcessingResultImpl;
    }

    private boolean webhookSignatureIsValid(WebhookProcessingPayload webhookProcessingPayload) throws NoSuchAlgorithmException, InvalidKeyException, IOException {
        if (shouldValidateHmac()) {
            return validateHmacSignature(HMACEncodingStrategyFactory.getStrategy(this.props.hmacScopes(), webhookProcessingPayload.method()).getBytesToSign(webhookProcessingPayload), webhookProcessingPayload);
        }
        return true;
    }

    private boolean shouldValidateHmac() {
        return HMACSwitchCustomerChoice.enabled.name().equals((String) Optional.ofNullable(this.props.shouldValidateHmac()).orElse(HMACSwitchCustomerChoice.disabled.name()));
    }

    private boolean validateHmacSignature(byte[] bArr, WebhookProcessingPayload webhookProcessingPayload) throws NoSuchAlgorithmException, InvalidKeyException, IOException {
        return new HMACSignatureValidator(bArr, webhookProcessingPayload.headers(), this.props.hmacHeader(), this.props.hmacSecret(), HMACAlgoCustomerChoice.valueOf(this.props.hmacAlgorithm())).isRequestValid();
    }

    public void activate(InboundConnectorContext inboundConnectorContext) {
        this.context = inboundConnectorContext;
        this.props = new WebhookConnectorProperties((WebhookConnectorProperties.WebhookConnectorPropertiesWrapper) inboundConnectorContext.bindProperties(WebhookConnectorProperties.WebhookConnectorPropertiesWrapper.class));
        inboundConnectorContext.reportHealth(Health.up());
        this.authChecker = WebhookAuthorizationHandler.getHandlerForAuth(this.props.auth());
    }

    public void deactivate() {
    }

    public VerifiableWebhook.WebhookHttpVerificationResult verify(WebhookProcessingPayload webhookProcessingPayload) {
        VerifiableWebhook.WebhookHttpVerificationResult webhookHttpVerificationResult = null;
        if (this.props.verificationExpression() != null) {
            webhookHttpVerificationResult = this.props.verificationExpression().apply(Map.of("request", Map.of("body", HttpWebhookUtil.transformRawBodyToMap(webhookProcessingPayload.rawBody(), HttpWebhookUtil.extractContentType(webhookProcessingPayload.headers())), "headers", webhookProcessingPayload.headers(), "params", webhookProcessingPayload.params())));
        }
        return webhookHttpVerificationResult;
    }
}
