package org.wso2.carbon.apimgt.rest.api.publisher.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIProvider;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.api.model.Documentation;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.publisher.dto.APIDTO;
import org.wso2.carbon.apimgt.rest.api.publisher.dto.TierDTO;
import org.wso2.carbon.apimgt.rest.api.publisher.utils.mappings.APIMappingUtil;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.exception.BadRequestException;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/publisher/utils/RestApiPublisherUtils.class */
public class RestApiPublisherUtils {
    private static final Log log = LogFactory.getLog(RestApiPublisherUtils.class);

    public static void checkUserAccessAllowedForAPI(String str) throws APIManagementException {
        APIMappingUtil.getAPIIdentifierFromApiIdOrUUID(str, RestApiUtil.getLoggedInUserTenantDomain());
    }

    public static void attachFileToDocument(String str, Documentation documentation, InputStream inputStream, Attachment attachment) throws APIManagementException {
        APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        String id = documentation.getId();
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(10);
        File file = new File(System.getProperty(RestApiConstants.JAVA_IO_TMPDIR) + File.separator + RestApiConstants.DOC_UPLOAD_TMPDIR + File.separator + randomAlphanumeric);
        if (!file.mkdirs()) {
            RestApiUtil.handleInternalServerError("Failed to add content to the document " + id, log);
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                String parameter = attachment.getContentDisposition().getParameter(RestApiConstants.CONTENT_DISPOSITION_FILENAME);
                if (StringUtils.isBlank(parameter)) {
                    parameter = RestApiConstants.DOC_NAME_DEFAULT + randomAlphanumeric;
                    log.warn("Couldn't find the name of the uploaded file for the document " + id + ". Using name '" + parameter + "'");
                }
                APIIdentifier aPIIdentifierFromApiIdOrUUID = APIMappingUtil.getAPIIdentifierFromApiIdOrUUID(str, loggedInUserTenantDomain);
                RestApiUtil.transferFile(inputStream, parameter, file.getAbsolutePath());
                fileInputStream = new FileInputStream(file.getAbsolutePath() + File.separator + parameter);
                String header = attachment.getHeader("Content-Type");
                loggedInUserProvider.addFileToDocumentation(aPIIdentifierFromApiIdOrUUID, documentation, parameter, fileInputStream, header == null ? "application/octet-stream" : header);
                loggedInUserProvider.updateDocumentation(aPIIdentifierFromApiIdOrUUID, documentation);
                file.deleteOnExit();
                IOUtils.closeQuietly(fileInputStream);
            } catch (FileNotFoundException e) {
                RestApiUtil.handleInternalServerError("Unable to read the file from path ", e, log);
                IOUtils.closeQuietly(fileInputStream);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    public static void validateTierLevels(String str) throws BadRequestException {
        try {
            TierDTO.TierLevelEnum.valueOf(str);
        } catch (IllegalArgumentException e) {
            RestApiUtil.handleResourceNotFoundError("tierLevel should be one of " + Arrays.toString(TierDTO.TierLevelEnum.values()), e, log);
        }
    }

    public static boolean isValidWSAPI(APIDTO apidto) throws JSONException {
        boolean z;
        boolean z2 = false;
        if (apidto.getEndpointConfig() != null) {
            JSONObject jSONObject = new JSONObject(new JSONTokener(apidto.getEndpointConfig()));
            try {
                String string = jSONObject.getJSONObject(RestApiConstants.PRODUCTION_ENDPOINTS).getString("url");
                String string2 = jSONObject.getJSONObject(RestApiConstants.SANDBOX_ENDPOINTS).getString("url");
                z2 = string.startsWith("ws://") || string.startsWith("wss://");
                if (z2) {
                    if (!string2.startsWith("ws://")) {
                        if (!string2.startsWith("wss://")) {
                            z = false;
                            z2 = z;
                        }
                    }
                    z = true;
                    z2 = z;
                }
            } catch (JSONException e) {
                RestApiUtil.handleBadRequest("Error in endpoint configurations. Web Socket APIs do not accept array of endpoints.", log);
            }
        }
        return z2;
    }

    public static String validateUserRoles(List<String> list) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        String[] roleNames = APIUtil.getRoleNames(loggedInUsername);
        boolean z = false;
        String[] strArr = null;
        if (APIUtil.hasPermission(loggedInUsername, "/permission/admin/manage/apim_admin")) {
            z = true;
        } else {
            strArr = APIUtil.getListOfRoles(loggedInUsername);
        }
        if (list == null || list.isEmpty()) {
            return "";
        }
        if (roleNames == null && strArr == null) {
            return "Invalid user roles found";
        }
        for (String str : list) {
            if (!z && strArr != null && APIUtil.compareRoleList(strArr, str)) {
                z = true;
            }
            if (roleNames != null && !APIUtil.compareRoleList(roleNames, str)) {
                return "Invalid user roles found in accessControlRole list";
            }
        }
        return z ? "" : "This user does not have at least one role specified in API access control.";
    }

    public static String validateAdditionalProperties(Map<String, String> map) {
        if (map == null) {
            return "";
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String trim = entry.getKey().trim();
            String value = entry.getValue();
            if (trim.contains(" ")) {
                return "Property names should not contain space character. Property '" + trim + "' contains space in it.";
            }
            if (Arrays.asList(APIConstants.API_SEARCH_PREFIXES).contains(trim.toLowerCase())) {
                return "Property '" + trim + "' conflicts with the reserved keywords. Reserved keywords are [" + Arrays.toString(APIConstants.API_SEARCH_PREFIXES) + "]";
            }
            if (trim.length() > 80) {
                return "Property name can have maximum of 80 characters. Property '" + trim + "' + contains " + trim.length() + "characters";
            }
            if (value.length() > 900) {
                return "Property value can have maximum of 900 characters. Property '" + trim + "' + contains a value with " + value.length() + "characters";
            }
        }
        return "";
    }
}
