package org.wso2.carbon.apimgt.rest.api.util.authenticators;

import java.util.HashMap;
import java.util.Set;
import javax.cache.Cache;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.message.Message;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.OAuthTokenInfo;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.api.model.URITemplate;
import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
import org.wso2.carbon.apimgt.rest.api.util.MethodStats;
import org.wso2.carbon.apimgt.rest.api.util.MethodTimeLogger;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.uri.template.URITemplateException;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/authenticators/AbstractOAuthAuthenticator.class */
public abstract class AbstractOAuthAuthenticator {
    Log log = LogFactory.getLog(AbstractOAuthAuthenticator.class);
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/authenticators/AbstractOAuthAuthenticator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return AbstractOAuthAuthenticator.getRESTAPITokenCache_aroundBody0((AbstractOAuthAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/authenticators/AbstractOAuthAuthenticator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return AbstractOAuthAuthenticator.getRESTAPIInvalidTokenCache_aroundBody2((AbstractOAuthAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/authenticators/AbstractOAuthAuthenticator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(AbstractOAuthAuthenticator.validateScopes_aroundBody4((AbstractOAuthAuthenticator) objArr2[0], (Message) objArr2[1], (OAuthTokenInfo) objArr2[2], (JoinPoint) objArr2[3]));
        }
    }

    public abstract boolean authenticate(Message message) throws APIManagementException;

    public Cache getRESTAPITokenCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getRESTAPITokenCache_aroundBody0(this, makeJP);
    }

    public Cache getRESTAPIInvalidTokenCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getRESTAPIInvalidTokenCache_aroundBody2(this, makeJP);
    }

    @MethodStats
    public boolean validateScopes(Message message, OAuthTokenInfo oAuthTokenInfo) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, message, oAuthTokenInfo);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || MethodTimeLogger.isConfigEnabled()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, message, oAuthTokenInfo, makeJP}).linkClosureAndJoinPoint(69648))) : validateScopes_aroundBody4(this, message, oAuthTokenInfo, makeJP);
    }

    static {
        ajc$preClinit();
    }

    static final Cache getRESTAPITokenCache_aroundBody0(AbstractOAuthAuthenticator abstractOAuthAuthenticator, JoinPoint joinPoint) {
        return CacheProvider.getRESTAPITokenCache();
    }

    static final Cache getRESTAPIInvalidTokenCache_aroundBody2(AbstractOAuthAuthenticator abstractOAuthAuthenticator, JoinPoint joinPoint) {
        return CacheProvider.getRESTAPIInvalidTokenCache();
    }

    static final boolean validateScopes_aroundBody4(AbstractOAuthAuthenticator abstractOAuthAuthenticator, Message message, OAuthTokenInfo oAuthTokenInfo, JoinPoint joinPoint) {
        String str = (String) message.get(Message.BASE_PATH);
        String str2 = (String) message.get("org.apache.cxf.request.uri");
        String str3 = (String) message.get("org.apache.cxf.request.method");
        String substring = str2.substring(str.length() - 1);
        String[] scopes = oAuthTokenInfo.getScopes();
        Set<URITemplate> uRITemplatesForBasePath = RestApiUtil.getURITemplatesForBasePath(String.valueOf(str) + ((String) message.get("API_VERSION")));
        if (uRITemplatesForBasePath.isEmpty()) {
            if (!abstractOAuthAuthenticator.log.isDebugEnabled()) {
                return true;
            }
            abstractOAuthAuthenticator.log.debug("No matching scopes found for request with path: " + str + ". Skipping scope validation.");
            return true;
        }
        for (Object obj : uRITemplatesForBasePath.toArray()) {
            org.wso2.uri.template.URITemplate uRITemplate = null;
            HashMap hashMap = new HashMap();
            String uriTemplate = ((URITemplate) obj).getUriTemplate();
            try {
                uRITemplate = new org.wso2.uri.template.URITemplate(uriTemplate);
            } catch (URITemplateException e) {
                abstractOAuthAuthenticator.log.error("Error while creating URI Template object to validate request. Template pattern: " + uriTemplate, e);
            }
            if (uRITemplate != null && uRITemplate.matches(substring, hashMap) && scopes != null && str3 != null && str3.equalsIgnoreCase(((URITemplate) obj).getHTTPVerb())) {
                for (String str4 : scopes) {
                    Scope scope = ((URITemplate) obj).getScope();
                    if (scope != null) {
                        if (str4.equalsIgnoreCase(scope.getKey())) {
                            if (!abstractOAuthAuthenticator.log.isDebugEnabled()) {
                                return true;
                            }
                            abstractOAuthAuthenticator.log.debug("Scope validation successful for access token: " + message.get("maskedToken") + " with scope: " + scope.getKey() + " for resource path: " + str2 + " and verb " + str3);
                            return true;
                        }
                    } else {
                        if (((URITemplate) obj).retrieveAllScopes().isEmpty()) {
                            if (!abstractOAuthAuthenticator.log.isDebugEnabled()) {
                                return true;
                            }
                            abstractOAuthAuthenticator.log.debug("Scope not defined in swagger for matching resource " + substring + " and verb " + str3 + " . So consider as anonymous permission and let request to continue.");
                            return true;
                        }
                        for (Scope scope2 : ((URITemplate) obj).retrieveAllScopes()) {
                            if (str4.equalsIgnoreCase(scope2.getKey())) {
                                if (!abstractOAuthAuthenticator.log.isDebugEnabled()) {
                                    return true;
                                }
                                abstractOAuthAuthenticator.log.debug("Scope validation successful for access token: " + message.get("maskedToken") + " with scope: " + scope2.getKey() + " for resource path: " + str2 + " and verb " + str3);
                                return true;
                            }
                        }
                    }
                }
            }
        }
        return false;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("AbstractOAuthAuthenticator.java", AbstractOAuthAuthenticator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getRESTAPITokenCache", "org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator", "", "", "", "javax.cache.Cache"), 55);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getRESTAPIInvalidTokenCache", "org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator", "", "", "", "javax.cache.Cache"), 62);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "validateScopes", "org.wso2.carbon.apimgt.rest.api.util.authenticators.AbstractOAuthAuthenticator", "org.apache.cxf.message.Message:org.wso2.carbon.apimgt.api.OAuthTokenInfo", "message:tokenInfo", "", "boolean"), 73);
    }
}
