package org.wso2.carbon.apimgt.keymgt.handlers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
import org.wso2.carbon.apimgt.api.model.KeyManager;
import org.wso2.carbon.apimgt.api.model.subscription.URLMapping;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.KeyManagerDto;
import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.APIKeyMgtException;
import org.wso2.carbon.apimgt.keymgt.MethodStats;
import org.wso2.carbon.apimgt.keymgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.keymgt.SubscriptionDataHolder;
import org.wso2.carbon.apimgt.keymgt.model.entity.API;
import org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/DefaultKeyValidationHandler.class */
public class DefaultKeyValidationHandler extends AbstractKeyValidationHandler {
    private static final Log log;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/DefaultKeyValidationHandler$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(DefaultKeyValidationHandler.validateToken_aroundBody0((DefaultKeyValidationHandler) objArr2[0], (TokenValidationContext) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/DefaultKeyValidationHandler$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(DefaultKeyValidationHandler.validateScopes_aroundBody2((DefaultKeyValidationHandler) objArr2[0], (TokenValidationContext) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/DefaultKeyValidationHandler$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(DefaultKeyValidationHandler.isResourcePathMatching_aroundBody4((DefaultKeyValidationHandler) objArr2[0], (String) objArr2[1], (URLMapping) objArr2[2], (JoinPoint) objArr2[3]));
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(DefaultKeyValidationHandler.class);
    }

    public DefaultKeyValidationHandler() {
        log.info(String.valueOf(getClass().getName()) + " Initialised");
    }

    @Override // org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler
    public boolean validateToken(TokenValidationContext tokenValidationContext) throws APIKeyMgtException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, tokenValidationContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, tokenValidationContext, makeJP}).linkClosureAndJoinPoint(69648))) : validateToken_aroundBody0(this, tokenValidationContext, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler
    public boolean validateScopes(TokenValidationContext tokenValidationContext) throws APIKeyMgtException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, tokenValidationContext);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, tokenValidationContext, makeJP}).linkClosureAndJoinPoint(69648))) : validateScopes_aroundBody2(this, tokenValidationContext, makeJP);
    }

    private boolean isResourcePathMatching(String str, URLMapping uRLMapping) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str, uRLMapping);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, str, uRLMapping, makeJP}).linkClosureAndJoinPoint(69648))) : isResourcePathMatching_aroundBody4(this, str, uRLMapping, makeJP);
    }

    static final boolean validateToken_aroundBody0(DefaultKeyValidationHandler defaultKeyValidationHandler, TokenValidationContext tokenValidationContext, JoinPoint joinPoint) {
        KeyManagerDto keyManagerDto;
        if (tokenValidationContext.isCacheHit()) {
            APIKeyValidationInfoDTO validationInfoDTO = tokenValidationContext.getValidationInfoDTO();
            if (!APIUtil.isAccessTokenExpired(validationInfoDTO)) {
                return true;
            }
            validationInfoDTO.setAuthorized(false);
            validationInfoDTO.setValidationStatus(900901);
            log.debug("Token " + tokenValidationContext.getAccessToken() + " expired.");
            return false;
        }
        AccessTokenInfo accessTokenInfo = null;
        try {
            String str = null;
            if (StringUtils.isNotEmpty(tokenValidationContext.getTenantDomain())) {
                Map tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tokenValidationContext.getTenantDomain());
                KeyManager keyManager = null;
                if (tenantKeyManagers.values().size() == 1) {
                    Map.Entry entry = (Map.Entry) tenantKeyManagers.entrySet().iterator().next();
                    if (entry != null && (keyManagerDto = (KeyManagerDto) entry.getValue()) != null && (tokenValidationContext.getKeyManagers().contains("all") || tokenValidationContext.getKeyManagers().contains(keyManagerDto.getName()))) {
                        keyManager = keyManagerDto.getKeyManager();
                        str = (String) entry.getKey();
                    }
                } else if (tenantKeyManagers.values().size() > 1) {
                    if (!tokenValidationContext.getKeyManagers().contains("all")) {
                        Iterator<String> it = tokenValidationContext.getKeyManagers().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            String next = it.next();
                            KeyManagerDto keyManagerDto2 = (KeyManagerDto) tenantKeyManagers.get(next);
                            if (keyManagerDto2 != null && keyManagerDto2.getKeyManager() != null && keyManagerDto2.getKeyManager().canHandleToken(tokenValidationContext.getAccessToken())) {
                                keyManager = keyManagerDto2.getKeyManager();
                                str = next;
                                break;
                            }
                        }
                    } else {
                        Iterator it2 = tenantKeyManagers.entrySet().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            Map.Entry entry2 = (Map.Entry) it2.next();
                            if (((KeyManagerDto) entry2.getValue()).getKeyManager() != null && ((KeyManagerDto) entry2.getValue()).getKeyManager().canHandleToken(tokenValidationContext.getAccessToken())) {
                                keyManager = ((KeyManagerDto) entry2.getValue()).getKeyManager();
                                str = (String) entry2.getKey();
                                break;
                            }
                        }
                    }
                }
                if (keyManager == null) {
                    APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
                    tokenValidationContext.setValidationInfoDTO(aPIKeyValidationInfoDTO);
                    aPIKeyValidationInfoDTO.setValidationStatus(900912);
                    return false;
                }
                accessTokenInfo = keyManager.getTokenMetaData(tokenValidationContext.getAccessToken());
            }
            if (accessTokenInfo == null) {
                return false;
            }
            tokenValidationContext.setTokenInfo(accessTokenInfo);
            APIKeyValidationInfoDTO aPIKeyValidationInfoDTO2 = new APIKeyValidationInfoDTO();
            tokenValidationContext.setValidationInfoDTO(aPIKeyValidationInfoDTO2);
            if (!accessTokenInfo.isTokenValid()) {
                aPIKeyValidationInfoDTO2.setAuthorized(false);
                if (accessTokenInfo.getErrorcode() > 0) {
                    aPIKeyValidationInfoDTO2.setValidationStatus(accessTokenInfo.getErrorcode());
                    return false;
                }
                aPIKeyValidationInfoDTO2.setValidationStatus(900900);
                return false;
            }
            aPIKeyValidationInfoDTO2.setKeyManager(str);
            aPIKeyValidationInfoDTO2.setAuthorized(accessTokenInfo.isTokenValid());
            aPIKeyValidationInfoDTO2.setEndUserName(accessTokenInfo.getEndUserName());
            aPIKeyValidationInfoDTO2.setConsumerKey(accessTokenInfo.getConsumerKey());
            aPIKeyValidationInfoDTO2.setIssuedTime(accessTokenInfo.getIssuedTime());
            aPIKeyValidationInfoDTO2.setValidityPeriod(accessTokenInfo.getValidityPeriod());
            if (accessTokenInfo.getScopes() != null) {
                aPIKeyValidationInfoDTO2.setScopes(new HashSet(Arrays.asList(accessTokenInfo.getScopes())));
            }
            return accessTokenInfo.isTokenValid();
        } catch (APIManagementException e) {
            log.error("Error while obtaining Token Metadata from Authorization Server", e);
            throw new APIKeyMgtException("Error while obtaining Token Metadata from Authorization Server");
        }
    }

    static final boolean validateScopes_aroundBody2(DefaultKeyValidationHandler defaultKeyValidationHandler, TokenValidationContext tokenValidationContext, JoinPoint joinPoint) {
        if (tokenValidationContext.isCacheHit()) {
            return true;
        }
        APIKeyValidationInfoDTO validationInfoDTO = tokenValidationContext.getValidationInfoDTO();
        if (validationInfoDTO == null) {
            throw new APIKeyMgtException("Key Validation information not set");
        }
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String httpVerb = tokenValidationContext.getHttpVerb();
        Set scopes = validationInfoDTO.getScopes();
        StringBuilder sb = new StringBuilder();
        if (scopes != null && !scopes.isEmpty()) {
            String[] strArr = (String[]) scopes.toArray(new String[scopes.size()]);
            if (log.isDebugEnabled() && strArr != null) {
                for (String str : strArr) {
                    sb.append(str);
                    sb.append(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER);
                }
                sb.deleteCharAt(sb.length() - 1);
                log.debug("Scopes allowed for token : " + tokenValidationContext.getAccessToken() + " : " + sb.toString());
            }
        }
        ArrayList<String> arrayList = new ArrayList(Arrays.asList(tokenValidationContext.getMatchingResource().split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)));
        API apiByContextAndVersion = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomain).getApiByContextAndVersion(tokenValidationContext.getContext(), tokenValidationContext.getVersion());
        boolean z = false;
        if (apiByContextAndVersion != null) {
            for (String str2 : arrayList) {
                URLMapping uRLMapping = null;
                Iterator<URLMapping> it = apiByContextAndVersion.getResources().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    URLMapping next = it.next();
                    if (httpVerb.equals(next.getHttpMethod()) && defaultKeyValidationHandler.isResourcePathMatching(str2, next)) {
                        uRLMapping = next;
                        break;
                    }
                }
                if (uRLMapping != null) {
                    if (uRLMapping.getScopes().size() != 0) {
                        boolean z2 = false;
                        Iterator it2 = uRLMapping.getScopes().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            if (scopes.contains((String) it2.next())) {
                                z = true;
                                z2 = true;
                                break;
                            }
                        }
                        if (!z2 && uRLMapping.getScopes().size() > 0) {
                            break;
                        }
                    } else {
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            validationInfoDTO.setAuthorized(false);
            validationInfoDTO.setValidationStatus(900910);
        }
        return z;
    }

    static final boolean isResourcePathMatching_aroundBody4(DefaultKeyValidationHandler defaultKeyValidationHandler, String str, URLMapping uRLMapping, JoinPoint joinPoint) {
        String trim = str.trim();
        String trim2 = uRLMapping.getUrlPattern().trim();
        if (trim.equalsIgnoreCase(trim2)) {
            return true;
        }
        if (trim.length() + 1 == trim2.length() && trim2.endsWith("/")) {
            return trim.equalsIgnoreCase(trim2.substring(0, trim2.length() - 1));
        }
        return false;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("DefaultKeyValidationHandler.java", DefaultKeyValidationHandler.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "validateToken", "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler", "org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext", "validationContext", "org.wso2.carbon.apimgt.keymgt.APIKeyMgtException", "boolean"), 57);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "validateScopes", "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler", "org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext", "validationContext", "org.wso2.carbon.apimgt.keymgt.APIKeyMgtException", "boolean"), 172);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "isResourcePathMatching", "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler", "java.lang.String:org.wso2.carbon.apimgt.api.model.subscription.URLMapping", "resourceString:urlMapping", "", "boolean"), 248);
    }
}
