package org.wso2.carbon.appmgt.gateway.handlers.throttling;

import java.io.IOException;
import java.util.Date;
import java.util.Map;
import java.util.TreeMap;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axis2.clustering.ClusteringAgent;
import org.apache.axis2.clustering.ClusteringFault;
import org.apache.axis2.clustering.state.Replicator;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.PolicyEngine;
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.commons.throttle.core.AccessInformation;
import org.apache.synapse.commons.throttle.core.AccessRateController;
import org.apache.synapse.commons.throttle.core.ConcurrentAccessController;
import org.apache.synapse.commons.throttle.core.RoleBasedAccessRateController;
import org.apache.synapse.commons.throttle.core.Throttle;
import org.apache.synapse.commons.throttle.core.ThrottleConfiguration;
import org.apache.synapse.commons.throttle.core.ThrottleContext;
import org.apache.synapse.commons.throttle.core.ThrottleException;
import org.apache.synapse.commons.throttle.core.ThrottleFactory;
import org.apache.synapse.config.Entry;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.synapse.transport.passthru.util.RelayUtils;
import org.wso2.carbon.appmgt.api.model.URITemplate;
import org.wso2.carbon.appmgt.gateway.handlers.Utils;
import org.wso2.carbon.appmgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.appmgt.gateway.handlers.security.authentication.AuthenticationContext;
import org.wso2.carbon.appmgt.gateway.utils.GatewayUtils;
import org.wso2.carbon.appmgt.impl.dto.VerbInfoDTO;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/appmgt/gateway/handlers/throttling/APIThrottleHandler.class */
public class APIThrottleHandler extends AbstractHandler {
    private static final Log log = LogFactory.getLog(APIThrottleHandler.class);
    private volatile Throttle throttle;
    private String key;
    private String id;
    private long version;
    private ConcurrentAccessController concurrentAccessController = null;
    private String policyKey = null;
    private boolean isClusteringEnable = false;
    private AccessRateController accessController = new AccessRateController();
    private RoleBasedAccessRateController roleBasedAccessController = new RoleBasedAccessRateController();
    private RoleBasedAccessRateController applicationRoleBasedAccessController = new RoleBasedAccessRateController();

    public boolean handleRequest(MessageContext messageContext) {
        return doThrottle(messageContext);
    }

    public boolean handleResponse(MessageContext messageContext) {
        return doThrottle(messageContext);
    }

    private boolean doThrottle(MessageContext messageContext) {
        ClusteringAgent clusteringAgent;
        boolean isResponse = messageContext.isResponse();
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        ConfigurationContext configurationContext = axis2MessageContext.getConfigurationContext();
        synchronized (this) {
            if (((this.throttle == null && !isResponse) || (isResponse && this.concurrentAccessController == null)) && (clusteringAgent = configurationContext.getAxisConfiguration().getClusteringAgent()) != null && clusteringAgent.getStateManager() != null) {
                this.isClusteringEnable = true;
            }
            if (isResponse) {
                this.concurrentAccessController = (ConcurrentAccessController) configurationContext.getProperty(this.key);
            } else {
                if (this.isClusteringEnable) {
                    this.concurrentAccessController = (ConcurrentAccessController) configurationContext.getProperty(this.key);
                }
                initThrottle(messageContext, configurationContext);
            }
        }
        boolean z = true;
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (!isResponse) {
            messageContext.setProperty("tenant.domain", tenantDomain);
        } else if (tenantDomain == null) {
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(String.valueOf(messageContext.getProperty("tenant.domain")), true);
        }
        URITemplate uRITemplate = (URITemplate) messageContext.getProperty("appm.gateway.matchedURITemplate");
        if (!uRITemplate.isSkipThrottling()) {
            z = doThrottleByConcurrency(isResponse);
            if (z && !isResponse && this.throttle != null) {
                z = throttleByAccessRate(axis2MessageContext, configurationContext) && doRoleBasedAccessThrottling(messageContext, configurationContext, uRITemplate);
                if (!z) {
                    handleThrottleOut(messageContext);
                    return false;
                }
            }
        }
        if (this.isClusteringEnable && this.concurrentAccessController != null && configurationContext != null) {
            try {
                Replicator.replicate(configurationContext);
            } catch (ClusteringFault e) {
                handleException("Error during the replicating  states ", e);
            }
        }
        if (z) {
            return true;
        }
        handleThrottleOut(messageContext);
        return false;
    }

    private void handleThrottleOut(MessageContext messageContext) {
        if (log.isDebugEnabled()) {
            logMessageDetails(messageContext);
        }
        messageContext.setProperty("ERROR_CODE", Integer.valueOf(APIThrottleConstants.THROTTLE_OUT_ERROR_CODE));
        messageContext.setProperty("ERROR_MESSAGE", "Message throttled out");
        Mediator sequence = messageContext.getSequence(APIThrottleConstants.API_THROTTLE_OUT_HANDLER);
        if (sequence == null || sequence.mediate(messageContext)) {
            org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
            try {
                RelayUtils.buildMessage(axis2MessageContext);
            } catch (XMLStreamException e) {
                log.error("Error While building message.", e);
            } catch (IOException e2) {
                log.error("Error While building message.", e2);
            }
            if (messageContext.isDoingPOX() || messageContext.isDoingGET()) {
                Utils.setFaultPayload(messageContext, getFaultPayload());
            } else {
                Utils.setSOAPFault(messageContext, "Server", "Message Throttled Out", "You have exceeded your quota");
            }
            if (Utils.isCORSEnabled()) {
                Map map = (Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS");
                map.put("Access-Control-Allow-Origin", Utils.getAllowedOrigin((String) map.get("Origin")));
                map.put("Access-Control-Allow-Methods", Utils.getAllowedMethods());
                map.put("Access-Control-Allow-Headers", Utils.getAllowedHeaders());
                axis2MessageContext.setProperty("TRANSPORT_HEADERS", map);
            }
            Utils.sendFault(messageContext, 503);
        }
    }

    private OMElement getFaultPayload() {
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMNamespace createOMNamespace = oMFactory.createOMNamespace(APIThrottleConstants.API_THROTTLE_NS, APIThrottleConstants.API_THROTTLE_NS_PREFIX);
        OMElement createOMElement = oMFactory.createOMElement("fault", createOMNamespace);
        OMElement createOMElement2 = oMFactory.createOMElement("code", createOMNamespace);
        createOMElement2.setText(String.valueOf(APIThrottleConstants.THROTTLE_OUT_ERROR_CODE));
        OMElement createOMElement3 = oMFactory.createOMElement("message", createOMNamespace);
        createOMElement3.setText("Message Throttled Out");
        OMElement createOMElement4 = oMFactory.createOMElement("description", createOMNamespace);
        createOMElement4.setText("You have exceeded your quota");
        createOMElement.addChild(createOMElement2);
        createOMElement.addChild(createOMElement3);
        createOMElement.addChild(createOMElement4);
        return createOMElement;
    }

    private VerbInfoDTO getVerbInfo(MessageContext messageContext, APPResourceManager aPPResourceManager) {
        String str = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str2 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String str3 = (String) messageContext.getProperty("REST_FULL_REQUEST_PATH");
        String substring = str3.substring((str + str2).length() + 1, str3.length());
        if (substring.length() < 1) {
            substring = APIThrottleConstants.URL_MAPPING_SEPERATOR;
        }
        try {
            VerbInfoDTO verbInfo = aPPResourceManager.getVerbInfo(str, str2, substring, (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD"));
            if (verbInfo != null) {
                return verbInfo;
            }
            return null;
        } catch (APISecurityException e) {
            log.error(e);
            return null;
        }
    }

    private boolean doThrottleByConcurrency(boolean z) {
        boolean z2 = true;
        if (this.concurrentAccessController != null) {
            int limit = this.concurrentAccessController.getLimit();
            if (log.isDebugEnabled()) {
                log.debug("Concurrent access controller for ID: " + this.id + " allows: " + limit + " concurrent accesses");
            }
            if (z) {
                int incrementAndGet = this.concurrentAccessController.incrementAndGet();
                if (log.isDebugEnabled()) {
                    log.debug("Concurrency Throttle : Connection returned :: " + incrementAndGet + " of available of " + limit + " connections");
                }
            } else {
                int andDecrement = this.concurrentAccessController.getAndDecrement();
                z2 = andDecrement > 0;
                if (log.isDebugEnabled()) {
                    log.debug("Concurrency Throttle: Access " + (z2 ? "allowed" : "denied") + " :: " + andDecrement + " of available of " + limit + " connections");
                }
            }
        }
        return z2;
    }

    private boolean throttleByAccessRate(org.apache.axis2.context.MessageContext messageContext, ConfigurationContext configurationContext) {
        ThrottleConfiguration throttleConfiguration;
        String configurationKeyOfCaller;
        ThrottleConfiguration throttleConfiguration2;
        String str = null;
        boolean z = true;
        String str2 = (String) ((TreeMap) messageContext.getProperty("TRANSPORT_HEADERS")).get("X-Forwarded-For");
        if (str2 == null) {
            str2 = (String) messageContext.getProperty("REMOTE_ADDR");
        } else if (str2.indexOf(",") > 0) {
            str2 = str2.substring(0, str2.indexOf(","));
        }
        String str3 = (String) messageContext.getPropertyNonReplicable("REMOTE_HOST");
        if (str3 != null) {
            if (log.isTraceEnabled()) {
                log.trace("The Domain Name of the caller is :" + str3);
            }
            ThrottleContext throttleContext = this.throttle.getThrottleContext("key_of_domain_based_throttle");
            if (throttleContext != null && (throttleConfiguration2 = throttleContext.getThrottleConfiguration()) != null) {
                str = throttleConfiguration2.getConfigurationKeyOfCaller(str3);
                if (str != null) {
                    throttleContext.setThrottleId(this.id);
                    try {
                        z = this.accessController.canAccess(throttleContext, str, 1).isAccessAllowed();
                        if (log.isDebugEnabled()) {
                            log.debug("Access " + (z ? "allowed" : "denied") + " for Domain Name : " + str3);
                        }
                        if (!z && this.concurrentAccessController != null) {
                            this.concurrentAccessController.incrementAndGet();
                            if (this.isClusteringEnable) {
                                configurationContext.setProperty(this.key, this.concurrentAccessController);
                            }
                        }
                    } catch (ThrottleException e) {
                        handleException("Error occurred during throttling", e);
                    }
                }
            }
        } else {
            log.debug("The Domain name of the caller cannot be found");
        }
        if (str == null) {
            if (str2 == null) {
                if (log.isDebugEnabled()) {
                    log.debug("The IP address of the caller cannot be found");
                }
                z = true;
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("The IP Address of the caller is :" + str2);
                }
                try {
                    ThrottleContext throttleContext2 = this.throttle.getThrottleContext("key_of_ip_based_throttle");
                    if (throttleContext2 != null && (throttleConfiguration = throttleContext2.getThrottleConfiguration()) != null && (configurationKeyOfCaller = throttleConfiguration.getConfigurationKeyOfCaller(str2)) != null) {
                        throttleContext2.setThrottleId(this.id);
                        z = this.accessController.canAccess(throttleContext2, configurationKeyOfCaller, 0).isAccessAllowed();
                        if (log.isDebugEnabled()) {
                            log.debug("Access " + (z ? "allowed" : "denied") + " for IP : " + str2);
                        }
                        if (!z && this.concurrentAccessController != null) {
                            this.concurrentAccessController.incrementAndGet();
                            if (this.isClusteringEnable) {
                                configurationContext.setProperty(this.key, this.concurrentAccessController);
                            }
                        }
                    }
                } catch (ThrottleException e2) {
                    handleException("Error occurred during throttling", e2);
                }
            }
        }
        return z;
    }

    private boolean doRoleBasedAccessThrottling(MessageContext messageContext, ConfigurationContext configurationContext, URITemplate uRITemplate) {
        if (this.throttle.getThrottleContext("key_of_role_based_throttle") != null) {
            ConcurrentAccessController concurrentAccessController = null;
            if (this.isClusteringEnable) {
                concurrentAccessController = (ConcurrentAccessController) configurationContext.getProperty(this.key);
            }
            if (!messageContext.isResponse()) {
                AuthenticationContext authenticationContext = GatewayUtils.getSession(messageContext).getAuthenticationContext();
                ThrottleContext throttleContext = this.throttle.getThrottleContext("key_of_role_based_throttle");
                if (throttleContext == null) {
                    log.warn("Unable to load throttle context");
                    return true;
                }
                if (throttleContext.getThrottleConfiguration() != null) {
                    AccessInformation accessInformation = null;
                    String str = null;
                    String throttlingTier = uRITemplate.getPolicyGroup().getThrottlingTier();
                    if (throttlingTier == null) {
                        log.warn(String.format("Unable to find throttling information for the requested resource '%s:%s'. Throttling will not apply.", uRITemplate.getHTTPVerb(), uRITemplate.getUriTemplate()));
                    } else {
                        str = throttlingTier;
                    }
                    String str2 = uRITemplate.getHTTPVerb() + uRITemplate.getUriTemplate() + "-" + authenticationContext.getSubject();
                    if (str != null) {
                        throttleContext.setThrottleId(this.id + "resource");
                        try {
                            if (!"Unlimited".equals(str) && (0 == 0 || accessInformation.isAccessAllowed())) {
                                accessInformation = this.roleBasedAccessController.canAccess(throttleContext, str2, throttlingTier);
                            }
                            if (accessInformation != null && !accessInformation.isAccessAllowed()) {
                                if (concurrentAccessController != null) {
                                    concurrentAccessController.incrementAndGet();
                                    if (this.isClusteringEnable) {
                                        configurationContext.setProperty(this.key, concurrentAccessController);
                                        try {
                                            Replicator.replicate(configurationContext, new String[]{this.key});
                                        } catch (ClusteringFault e) {
                                            log.error("Error during replicating states", e);
                                        }
                                    }
                                }
                                return false;
                            }
                        } catch (ThrottleException e2) {
                            log.warn("Exception occurred while performing resourcebased throttling", e2);
                            return false;
                        }
                    } else {
                        log.warn("Unable to find the throttle policy for role: " + str);
                    }
                }
            }
        }
        return true;
    }

    private void initThrottle(MessageContext messageContext, ConfigurationContext configurationContext) {
        if (this.policyKey == null) {
            throw new SynapseException("Throttle policy unspecified for the WebApp");
        }
        Entry entryDefinition = messageContext.getConfiguration().getEntryDefinition(this.policyKey);
        if (entryDefinition == null) {
            handleException("Cannot find throttling policy using key: " + this.policyKey);
            return;
        }
        Object obj = null;
        boolean z = false;
        if (entryDefinition.isDynamic()) {
            if (!entryDefinition.isCached() || entryDefinition.isExpired() || this.throttle == null) {
                obj = messageContext.getEntry(this.policyKey);
                if (this.version != entryDefinition.getVersion()) {
                    z = true;
                }
            }
        } else if (this.throttle == null) {
            obj = messageContext.getEntry(this.policyKey);
        }
        if (z || this.throttle == null) {
            if (obj == null || !(obj instanceof OMElement)) {
                handleException("Unable to load throttling policy using key: " + this.policyKey);
                return;
            }
            this.version = entryDefinition.getVersion();
            if (this.isClusteringEnable && this.concurrentAccessController != null && this.throttle != null) {
                this.concurrentAccessController = null;
            }
            try {
                this.throttle = ThrottleFactory.createMediatorThrottle(PolicyEngine.getPolicy((OMElement) obj));
                if (this.throttle != null && (this.concurrentAccessController == null || !this.isClusteringEnable)) {
                    this.concurrentAccessController = this.throttle.getConcurrentAccessController();
                    if (this.concurrentAccessController != null) {
                        configurationContext.setProperty(this.key, this.concurrentAccessController);
                    } else {
                        configurationContext.removeProperty(this.key);
                    }
                }
            } catch (ThrottleException e) {
                handleException("Error processing the throttling policy", e);
            }
        }
    }

    public void setId(String str) {
        this.id = str;
        this.key = "throttle_" + str + "_cac_key";
    }

    public String getId() {
        return this.id;
    }

    public void setPolicyKey(String str) {
        this.policyKey = str;
    }

    public String gePolicyKey() {
        return this.policyKey;
    }

    private void handleException(String str, Exception exc) {
        log.error(str, exc);
        throw new SynapseException(str, exc);
    }

    private void handleException(String str) {
        log.error(str);
        throw new SynapseException(str);
    }

    private void logMessageDetails(MessageContext messageContext) {
        String str = (String) messageContext.getProperty("APPLICATION_NAME");
        String str2 = (String) messageContext.getProperty("END_USER_NAME");
        new Date();
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String str3 = str != null ? " belonging to appName=" + str : "";
        if (str2 != null) {
            str3 = str3 + " userName=" + str2;
        }
        String messageId = axis2MessageContext.getOptions().getMessageId();
        if (messageId != null) {
            str3 = str3 + " transactionId=" + messageId;
        }
        try {
            String str4 = (String) ((TreeMap) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).get("User-Agent");
            if (str4 != null) {
                str3 = str3 + " with userAgent=" + str4;
            }
        } catch (Exception e) {
            log.debug("Error while getting User Agent for request");
        }
        Date date = new Date(Long.parseLong((String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("wso2statistics.request.received.time")));
        if (date != null) {
            str3 = str3 + " at requestTime=" + date;
        }
        String str5 = (String) ((TreeMap) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).get("X-Forwarded-For");
        if (str5 == null) {
            str5 = (String) axis2MessageContext.getProperty("REMOTE_ADDR");
        }
        if (str5 != null) {
            str3 = str3 + " from clientIP=" + str5;
        }
        log.debug("Message throttled out Details:" + str3);
    }
}
