package org.wso2.carbon.apimgt.rest.api.publisher.impl;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIProvider;
import org.wso2.carbon.apimgt.api.FaultGatewaysException;
import org.wso2.carbon.apimgt.api.dto.CertificateInformationDTO;
import org.wso2.carbon.apimgt.api.dto.ClientCertificateDTO;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.impl.certificatemgt.ResponseCode;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.impl.utils.CertificateMgtUtils;
import org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService;
import org.wso2.carbon.apimgt.rest.api.publisher.dto.APIListPaginationDTO;
import org.wso2.carbon.apimgt.rest.api.publisher.dto.ClientCertMetadataDTO;
import org.wso2.carbon.apimgt.rest.api.publisher.dto.ClientCertificatesDTO;
import org.wso2.carbon.apimgt.rest.api.publisher.utils.CertificateRestApiUtils;
import org.wso2.carbon.apimgt.rest.api.publisher.utils.mappings.CertificateMappingUtil;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/publisher/impl/ClientCertificatesApiServiceImpl.class */
public class ClientCertificatesApiServiceImpl extends ClientCertificatesApiService {
    private static final Log log = LogFactory.getLog(ClientCertificatesApiServiceImpl.class);
    private CertificateMgtUtils certificateMgtUtils = CertificateMgtUtils.getInstance();

    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesAliasContentGet(String str) {
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        String str2 = str + ".crt";
        try {
            ClientCertificateDTO preValidateClientCertificate = preValidateClientCertificate(str);
            if (preValidateClientCertificate == null) {
                return null;
            }
            Response.ResponseBuilder entity = Response.ok().entity(CertificateRestApiUtils.getDecodedCertificate(preValidateClientCertificate.getCertificate()));
            entity.header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + str2 + "\"");
            entity.header(HttpHeaders.CONTENT_TYPE, "application/octet-stream");
            return entity.build();
        } catch (APIManagementException e) {
            RestApiUtil.handleInternalServerError("Error while retrieving the client certificate with alias " + str + " for the tenant " + loggedInUserTenantDomain, e, log);
            return null;
        }
    }

    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesAliasDelete(String str) {
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        try {
            ClientCertificateDTO preValidateClientCertificate = preValidateClientCertificate(str);
            APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
            if (loggedInUserProvider.deleteClientCertificate(RestApiUtil.getLoggedInUsername(), preValidateClientCertificate.getApiIdentifier(), str) == ResponseCode.SUCCESS.getResponseCode()) {
                loggedInUserProvider.updateAPI(loggedInUserProvider.getAPI(preValidateClientCertificate.getApiIdentifier()));
                if (log.isDebugEnabled()) {
                    log.debug(String.format("The client certificate which belongs to tenant : %s represented by the alias : %s is deleted successfully", loggedInUserTenantDomain, str));
                }
                return Response.ok().entity("The certificate for alias '" + str + "' deleted successfully.").build();
            }
            if (log.isDebugEnabled()) {
                log.debug(String.format("Failed to delete the client certificate which belongs to tenant : %s represented by the alias : %s.", loggedInUserTenantDomain, str));
            }
            RestApiUtil.handleInternalServerError("Error while deleting the client certificate for alias '" + str + "'.", log);
            return null;
        } catch (FaultGatewaysException e) {
            RestApiUtil.handleInternalServerError("Error while publishing the certificate change to gateways for the alias " + str, e, log);
            return null;
        } catch (APIManagementException e2) {
            RestApiUtil.handleInternalServerError("Error while deleting the client certificate with alias " + str + " for the tenant " + loggedInUserTenantDomain, e2, log);
            return null;
        }
    }

    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesAliasGet(String str) {
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        try {
            CertificateInformationDTO certificateInfo = this.certificateMgtUtils.getCertificateInfo(preValidateClientCertificate(str).getCertificate());
            if (certificateInfo != null) {
                return Response.ok().entity(CertificateMappingUtil.fromCertificateInformationToDTO(certificateInfo)).build();
            }
            RestApiUtil.handleResourceNotFoundError("Certificate is empty for alias " + str, log);
            return null;
        } catch (APIManagementException e) {
            RestApiUtil.handleInternalServerError("Error while retrieving the client certificate with alias " + str + " for the tenant " + loggedInUserTenantDomain, e, log);
            return null;
        }
    }

    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesAliasPut(String str, InputStream inputStream, Attachment attachment, String str2) {
        try {
            String str3 = null;
            APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
            int tenantId = APIUtil.getTenantId(RestApiUtil.getLoggedInUsername());
            ClientCertificateDTO preValidateClientCertificate = preValidateClientCertificate(str);
            if (attachment != null && StringUtils.isNotBlank(attachment.getContentDisposition().getParameter("filename"))) {
                str3 = CertificateRestApiUtils.generateEncodedCertificate(inputStream);
            }
            if (StringUtils.isEmpty(str3) && StringUtils.isEmpty(str2)) {
                return Response.ok().entity("Client Certificate is not updated for alias " + str).build();
            }
            int updateClientCertificate = loggedInUserProvider.updateClientCertificate(str3, str, preValidateClientCertificate.getApiIdentifier(), str2, tenantId);
            if (ResponseCode.SUCCESS.getResponseCode() == updateClientCertificate) {
                API api = loggedInUserProvider.getAPI(preValidateClientCertificate.getApiIdentifier());
                loggedInUserProvider.updateAPI(api);
                ClientCertMetadataDTO clientCertMetadataDTO = new ClientCertMetadataDTO();
                clientCertMetadataDTO.setAlias(str);
                clientCertMetadataDTO.setApiId(api.getUUID());
                clientCertMetadataDTO.setTier(preValidateClientCertificate.getTierName());
                return Response.ok(new URI("/clientCertificates?alias=" + str)).entity(clientCertMetadataDTO).build();
            }
            if (ResponseCode.INTERNAL_SERVER_ERROR.getResponseCode() == updateClientCertificate) {
                RestApiUtil.handleInternalServerError("Error while updating the client certificate for the alias " + str + " due to an internal server error", log);
            } else if (ResponseCode.CERTIFICATE_NOT_FOUND.getResponseCode() == updateClientCertificate) {
                RestApiUtil.handleResourceNotFoundError("", log);
            } else if (ResponseCode.CERTIFICATE_EXPIRED.getResponseCode() == updateClientCertificate) {
                RestApiUtil.handleBadRequest("Error while updating the client certificate for the alias " + str + " Certificate Expired.", log);
            }
            return null;
        } catch (URISyntaxException e) {
            RestApiUtil.handleInternalServerError("Error while generating the resource location URI for alias '" + str + "'", e, log);
            return null;
        } catch (FaultGatewaysException e2) {
            RestApiUtil.handleInternalServerError("Error while publishing the certificate change to gateways for the alias " + str, e2, log);
            return null;
        } catch (IOException e3) {
            RestApiUtil.handleInternalServerError("Error while encoding client certificate for the alias " + str, e3, log);
            return null;
        } catch (APIManagementException e4) {
            RestApiUtil.handleInternalServerError("Error while updating the client certificate for the alias " + str + " due to an internal server error", e4, log);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v37, types: [java.util.List] */
    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesGet(Integer num, Integer num2, String str, String str2) {
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : 25);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : 0);
        ArrayList arrayList = new ArrayList();
        int tenantId = APIUtil.getTenantId(RestApiUtil.getLoggedInUsername());
        String buildQueryString = CertificateRestApiUtils.buildQueryString("alias", str, "apiId", str2);
        try {
            APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
            if (!loggedInUserProvider.isClientCertificateBasedAuthenticationConfigured()) {
                RestApiUtil.handleBadRequest("The client certificate based authentication is not configured for this server", log);
            }
            int clientCertificateCount = loggedInUserProvider.getClientCertificateCount(tenantId);
            if (clientCertificateCount > 0) {
                APIIdentifier aPIIdentifier = null;
                if (StringUtils.isNotEmpty(str2)) {
                    aPIIdentifier = loggedInUserProvider.getAPIbyUUID(str2, RestApiUtil.getLoggedInUserTenantDomain()).getId();
                }
                arrayList = loggedInUserProvider.searchClientCertificates(tenantId, str, aPIIdentifier);
            }
            ClientCertificatesDTO paginatedClientCertificates = CertificateRestApiUtils.getPaginatedClientCertificates(arrayList, valueOf.intValue(), valueOf2.intValue(), buildQueryString);
            APIListPaginationDTO aPIListPaginationDTO = new APIListPaginationDTO();
            aPIListPaginationDTO.setLimit(valueOf);
            aPIListPaginationDTO.setOffset(valueOf2);
            aPIListPaginationDTO.setTotal(Integer.valueOf(clientCertificateCount));
            paginatedClientCertificates.setPagination(aPIListPaginationDTO);
            return Response.status(Response.Status.OK).entity(paginatedClientCertificates).build();
        } catch (APIManagementException e) {
            RestApiUtil.handleInternalServerError("Error while retrieving the client certificates.", e, log);
            return null;
        }
    }

    @Override // org.wso2.carbon.apimgt.rest.api.publisher.ClientCertificatesApiService
    public Response clientCertificatesPost(InputStream inputStream, Attachment attachment, String str, String str2, String str3) {
        try {
            APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
            String parameter = attachment.getContentDisposition().getParameter("filename");
            if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
                RestApiUtil.handleBadRequest("The alias and/ or apiId should not be empty", log);
            }
            if (StringUtils.isBlank(parameter)) {
                RestApiUtil.handleBadRequest("Certificate addition failed. Proper Certificate file should be provided", log);
            }
            if (!loggedInUserProvider.isClientCertificateBasedAuthenticationConfigured()) {
                RestApiUtil.handleBadRequest("The client certificate based authentication is not configured for this server", log);
            }
            API aPIbyUUID = loggedInUserProvider.getAPIbyUUID(str2, RestApiUtil.getLoggedInUserTenantDomain());
            int addClientCertificate = loggedInUserProvider.addClientCertificate(RestApiUtil.getLoggedInUsername(), aPIbyUUID.getId(), CertificateRestApiUtils.generateEncodedCertificate(inputStream), str, str3);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Add certificate operation response code : %d", Integer.valueOf(addClientCertificate)));
            }
            if (ResponseCode.SUCCESS.getResponseCode() == addClientCertificate) {
                loggedInUserProvider.updateAPI(aPIbyUUID);
                ClientCertMetadataDTO clientCertMetadataDTO = new ClientCertMetadataDTO();
                clientCertMetadataDTO.setAlias(str);
                clientCertMetadataDTO.setApiId(str2);
                clientCertMetadataDTO.setTier(str3);
                return Response.created(new URI("/clientCertificates?alias=" + str)).entity(clientCertMetadataDTO).build();
            }
            if (ResponseCode.INTERNAL_SERVER_ERROR.getResponseCode() == addClientCertificate) {
                RestApiUtil.handleInternalServerError("Internal server error while adding the client certificate to API " + str2, log);
            } else if (ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE.getResponseCode() == addClientCertificate) {
                RestApiUtil.handleResourceAlreadyExistsError("The alias '" + str + "' already exists in the trust store.", log);
            } else if (ResponseCode.CERTIFICATE_EXPIRED.getResponseCode() == addClientCertificate) {
                RestApiUtil.handleBadRequest("Error while adding the certificate to the API " + str2 + ". Certificate Expired.", log);
            }
            return null;
        } catch (FaultGatewaysException e) {
            RestApiUtil.handleInternalServerError("Error while publishing the certificate change to gateways for the alias " + str, e, log);
            return null;
        } catch (IOException e2) {
            RestApiUtil.handleInternalServerError("IOException while generating the encoded certificate for the API " + str2, e2, log);
            return null;
        } catch (URISyntaxException e3) {
            RestApiUtil.handleInternalServerError("Error while generating the resource location URI for alias '" + str + "'", e3, log);
            return null;
        } catch (APIManagementException e4) {
            RestApiUtil.handleInternalServerError("APIManagement exception while adding the certificate to the API " + str2 + " due to an internal server error", e4, log);
            return null;
        }
    }

    private ClientCertificateDTO preValidateClientCertificate(String str) throws APIManagementException {
        int tenantIdFromTenantDomain = APIUtil.getTenantIdFromTenantDomain(RestApiUtil.getLoggedInUserTenantDomain());
        if (StringUtils.isEmpty(str)) {
            RestApiUtil.handleBadRequest("The alias cannot be empty", log);
        }
        APIProvider loggedInUserProvider = RestApiUtil.getLoggedInUserProvider();
        if (!loggedInUserProvider.isClientCertificateBasedAuthenticationConfigured()) {
            RestApiUtil.handleBadRequest("The client certificate based authentication is not configured for this server", log);
        }
        ClientCertificateDTO clientCertificate = loggedInUserProvider.getClientCertificate(tenantIdFromTenantDomain, str);
        if (clientCertificate == null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Could not find a client certificate in truststore which belongs to tenant : %d and with alias : %s. Hence the operation is terminated.", Integer.valueOf(tenantIdFromTenantDomain), str));
            }
            RestApiUtil.handleResourceNotFoundError("Certificate for alias '" + str + "' is not found.", log);
        }
        return clientCertificate;
    }
}
