package io.camunda.connector.runtime.inbound.webhook;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.connector.api.inbound.InboundConnectorContext;
import io.camunda.connector.api.inbound.InboundConnectorProperties;
import io.camunda.connector.api.inbound.InboundConnectorResult;
import io.camunda.connector.runtime.inbound.registry.InboundConnectorRegistry;
import io.camunda.connector.runtime.inbound.signature.HMACAlgoCustomerChoice;
import io.camunda.connector.runtime.inbound.signature.HMACSignatureValidator;
import io.camunda.connector.runtime.inbound.signature.HMACSwitchCustomerChoice;
import io.camunda.connector.runtime.util.feel.FeelEngineWrapper;
import io.camunda.zeebe.client.ZeebeClient;
import io.camunda.zeebe.spring.client.metrics.MetricsRecorder;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;

@ConditionalOnProperty({"camunda.connector.webhook.enabled"})
@RestController
/* loaded from: input_file:io/camunda/connector/runtime/inbound/webhook/InboundWebhookRestController.class */
public class InboundWebhookRestController {
    private static final Logger LOG = LoggerFactory.getLogger(InboundWebhookRestController.class);
    private final InboundConnectorRegistry registry;
    private final InboundConnectorContext connectorContext;
    private final ZeebeClient zeebeClient;
    private final FeelEngineWrapper feelEngine;
    private final ObjectMapper jsonMapper;
    private final MetricsRecorder metricsRecorder;

    @Autowired
    public InboundWebhookRestController(InboundConnectorRegistry inboundConnectorRegistry, InboundConnectorContext inboundConnectorContext, ZeebeClient zeebeClient, FeelEngineWrapper feelEngineWrapper, ObjectMapper objectMapper, MetricsRecorder metricsRecorder) {
        this.registry = inboundConnectorRegistry;
        this.connectorContext = inboundConnectorContext;
        this.zeebeClient = zeebeClient;
        this.feelEngine = feelEngineWrapper;
        this.jsonMapper = objectMapper;
        this.metricsRecorder = metricsRecorder;
    }

    @PostMapping({"/inbound/{context}"})
    public ResponseEntity<WebhookResponse> inbound(@PathVariable String str, @RequestBody byte[] bArr, @RequestHeader Map<String, String> map) throws IOException {
        LOG.debug("Received inbound hook on {}", str);
        if (!this.registry.containsContextPath(str)) {
            throw new ResponseStatusException(HttpStatus.NOT_FOUND, "No webhook found for context: " + str);
        }
        this.metricsRecorder.increase("camunda.connector.inbound.invocations", "activated", InboundConnectorProperties.TYPE_WEBHOOK);
        Map map2 = (Map) this.jsonMapper.readValue(bArr, Map.class);
        HashMap hashMap = new HashMap();
        hashMap.put("body", map2);
        hashMap.put("headers", map);
        Map<String, Object> singletonMap = Collections.singletonMap("request", hashMap);
        WebhookResponse webhookResponse = new WebhookResponse();
        for (WebhookConnectorProperties webhookConnectorProperties : this.registry.getWebhookConnectorByContextPath(str)) {
            this.connectorContext.replaceSecrets(webhookConnectorProperties);
            try {
                if (!isValidHmac(webhookConnectorProperties, bArr, map)) {
                    LOG.debug("HMAC validation failed {} :: {}", str, singletonMap);
                    webhookResponse.addUnauthorizedConnector(webhookConnectorProperties);
                } else if (activationConditionTriggered(webhookConnectorProperties, singletonMap)) {
                    InboundConnectorResult correlate = this.connectorContext.correlate(webhookConnectorProperties.getCorrelationPoint(), extractVariables(webhookConnectorProperties, singletonMap));
                    LOG.debug("Webhook {} created process instance {}", webhookConnectorProperties, correlate);
                    webhookResponse.addExecutedConnector(webhookConnectorProperties, correlate);
                } else {
                    LOG.debug("Should not activate {} :: {}", str, singletonMap);
                    webhookResponse.addUnactivatedConnector(webhookConnectorProperties);
                }
            } catch (Exception e) {
                LOG.error("Webhook {} failed to create process instance", webhookConnectorProperties, e);
                this.metricsRecorder.increase("camunda.connector.inbound.invocations", "failed", InboundConnectorProperties.TYPE_WEBHOOK);
                webhookResponse.addException(webhookConnectorProperties, e);
            }
        }
        this.metricsRecorder.increase("camunda.connector.inbound.invocations", "completed", InboundConnectorProperties.TYPE_WEBHOOK);
        return ResponseEntity.status(HttpStatus.OK).body(webhookResponse);
    }

    private boolean isValidHmac(WebhookConnectorProperties webhookConnectorProperties, byte[] bArr, Map<String, String> map) throws NoSuchAlgorithmException, InvalidKeyException {
        if (HMACSwitchCustomerChoice.disabled.name().equals(webhookConnectorProperties.getShouldValidateHmac())) {
            return true;
        }
        return new HMACSignatureValidator(bArr, map, webhookConnectorProperties.getHmacHeader(), webhookConnectorProperties.getHmacSecret(), HMACAlgoCustomerChoice.valueOf(webhookConnectorProperties.getHmacAlgorithm())).isRequestValid();
    }

    private Map<String, Object> extractVariables(WebhookConnectorProperties webhookConnectorProperties, Map<String, Object> map) {
        String variableMapping = webhookConnectorProperties.getVariableMapping();
        return variableMapping == null ? map : (Map) this.feelEngine.evaluate(variableMapping, map);
    }

    private boolean activationConditionTriggered(WebhookConnectorProperties webhookConnectorProperties, Map<String, Object> map) {
        String activationCondition = webhookConnectorProperties.getActivationCondition();
        if (activationCondition == null || activationCondition.trim().length() == 0) {
            return true;
        }
        return Boolean.TRUE.equals(this.feelEngine.evaluate(activationCondition, map));
    }
}
