package org.wso2.carbon.apimgt.gateway.handlers.throttling;

import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.TimeZone;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.PolicyEngine;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.Mediator;
import org.apache.synapse.MessageContext;
import org.apache.synapse.commons.throttle.core.AccessInformation;
import org.apache.synapse.commons.throttle.core.RoleBasedAccessRateController;
import org.apache.synapse.commons.throttle.core.Throttle;
import org.apache.synapse.commons.throttle.core.ThrottleContext;
import org.apache.synapse.commons.throttle.core.ThrottleException;
import org.apache.synapse.commons.throttle.core.ThrottleFactory;
import org.apache.synapse.commons.throttle.core.factory.ThrottleContextFactory;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.synapse.transport.passthru.util.RelayUtils;
import org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.gateway.throttling.publisher.ThrottleDataPublisher;
import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils;
import org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.metrics.manager.Level;
import org.wso2.carbon.metrics.manager.MetricManager;
import org.wso2.carbon.metrics.manager.Timer;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/throttling/ThrottleHandler.class */
public class ThrottleHandler extends AbstractHandler implements ManagedLifecycle {
    private static final String HEADER_X_FORWARDED_FOR = "X-FORWARDED-FOR";
    private volatile Throttle throttle;
    private static final String THROTTLE_MAIN = "THROTTLE_MAIN";
    private static final String INIT_SPIKE_ARREST = "INIT_SPIKE_ARREST";
    private static final String CEP_THROTTLE = "CEP_THROTTLE";
    private static final String HANDLE_THROTTLE_OUT = "HANDLE_THROTTLE_OUT";
    private static final String RESOURCE_THROTTLE = "RESOURCE_THROTTLE";
    private static final String BLOCKED_TEST = "BLOCKED_TEST";
    private String id;
    private String sandboxMaxCount;
    private String productionMaxCount;
    private RoleBasedAccessRateController roleBasedAccessController;
    private static final Log log = LogFactory.getLog(ThrottleHandler.class);
    private static volatile ThrottleDataPublisher throttleDataPublisher = null;
    private String policyKeyApplication = null;
    private String policyKeyResource = null;
    private String policyKey = null;
    private String sandboxUnitTime = "1000";
    private String productionUnitTime = "1000";

    public ThrottleHandler() {
        if (log.isDebugEnabled()) {
            log.debug("Throttle Handler initialized");
        }
        this.roleBasedAccessController = new RoleBasedAccessRateController();
        if (throttleDataPublisher == null) {
            synchronized (this) {
                throttleDataPublisher = new ThrottleDataPublisher();
            }
        }
    }

    private boolean doRoleBasedAccessThrottlingWithCEP(MessageContext messageContext, ConfigurationContext configurationContext, AuthenticationContext authenticationContext) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        String str = "";
        String str2 = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str3 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String str4 = str2 != null ? str2 : "";
        String str5 = str3 != null ? str3 : "";
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String applicationId = authenticationContext.getApplicationId();
        if (authenticationContext != null) {
            String username = authenticationContext.getUsername();
            if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isBlockingConditionsPresent()) {
                String str6 = tenantDomain + ":" + getClientIp(messageContext);
                str = authenticationContext.getSubscriber() + ":" + authenticationContext.getApplicationName();
                Timer.Context start = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), BLOCKED_TEST})).start();
                z5 = ServiceReferenceHolder.getInstance().getThrottleDataHolder().isRequestBlocked(str4, str, username, str6);
                start.stop();
            }
            if (z5) {
                String str7 = "Request blocked as it violates defined blocking conditions, for API: " + str4 + " ,application:" + str + " ,user:" + username;
                if (log.isDebugEnabled()) {
                    log.debug(str7);
                }
                messageContext.setProperty(APIThrottleConstants.BLOCKED_REASON, str7);
                messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.REQUEST_BLOCKED);
                z = true;
            } else {
                String subscriberTenantDomain = authenticationContext.getSubscriberTenantDomain();
                String str8 = applicationId + ":" + username;
                String str9 = str4 + ":" + str5;
                boolean isStopOnQuotaReach = authenticationContext.isStopOnQuotaReach();
                VerbInfoDTO verbInfoDTO = (VerbInfoDTO) messageContext.getProperty("VERB_INFO");
                String applicationTier = authenticationContext.getApplicationTier();
                String tier = authenticationContext.getTier();
                String requestKey = verbInfoDTO.getRequestKey();
                String apiTier = authenticationContext.getApiTier();
                String throttling = verbInfoDTO.getThrottling();
                if (!StringUtils.isEmpty(apiTier) && !"Unlimited".equalsIgnoreCase(apiTier)) {
                    requestKey = str9;
                    z6 = true;
                }
                if (verbInfoDTO == null) {
                    log.warn("Error while getting throttling information for resource and http verb");
                    return false;
                }
                if (!"Unlimited".equalsIgnoreCase(verbInfoDTO.getThrottling()) || z6) {
                    if ("userLevel".equalsIgnoreCase(verbInfoDTO.getApplicableLevel())) {
                        requestKey = requestKey + "_" + username;
                        z7 = true;
                    }
                    verbInfoDTO.getThrottlingConditions();
                    ConditionGroupDTO[] conditionGroups = verbInfoDTO.getConditionGroups();
                    Timer.Context start2 = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), RESOURCE_THROTTLE})).start();
                    if (conditionGroups == null || conditionGroups.length <= 0) {
                        log.warn("Unable to find throttling information for resource and http verb. Throttling will not apply");
                    } else if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isAPIThrottled(requestKey)) {
                        if (log.isDebugEnabled()) {
                            log.debug("Evaluating Conditional Groups");
                        }
                        Iterator<ConditionGroupDTO> it = ThrottleConditionEvaluator.getInstance().getApplicableConditions(messageContext, authenticationContext, conditionGroups).iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            String str10 = requestKey + it.next().getConditionGroupId();
                            if (log.isDebugEnabled()) {
                                log.debug("Checking condition : " + str10);
                            }
                            if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isThrottled(str10)) {
                                if (z6) {
                                    z = true;
                                    z4 = true;
                                } else {
                                    z = true;
                                    z2 = true;
                                }
                                messageContext.setProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIMESTAMP, Long.valueOf(ServiceReferenceHolder.getInstance().getThrottleDataHolder().getThrottleNextAccessTimestamp(str10)));
                            }
                        }
                    }
                    start2.stop();
                } else if (log.isDebugEnabled()) {
                    log.debug("Resource level throttling set as unlimited and request will pass resource level");
                }
                if (z4) {
                    if (log.isDebugEnabled()) {
                        log.debug("Request throttled at api level for throttle key" + str9);
                        if (z7) {
                            log.debug("Request has throttled out in the user level for the throttle key" + str9);
                        }
                    }
                    messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.API_LIMIT_EXCEEDED);
                } else {
                    Timer.Context start3 = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), RESOURCE_THROTTLE})).start();
                    if (z2) {
                        if (log.isDebugEnabled()) {
                            log.debug("Request throttled at resource level for throttle key" + verbInfoDTO.getRequestKey());
                        }
                        messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.RESOURCE_LIMIT_EXCEEDED);
                    } else {
                        String str11 = authenticationContext.getApplicationId() + ":" + str4 + ":" + str5;
                        boolean isThrottled = ServiceReferenceHolder.getInstance().getThrottleDataHolder().isThrottled(str11);
                        if (!isThrottled && authenticationContext.getSpikeArrestLimit() > 0) {
                            z3 = isSubscriptionLevelSpike(messageContext, str11);
                        }
                        if (isThrottled || z3) {
                            if (isStopOnQuotaReach) {
                                if (log.isDebugEnabled()) {
                                    log.debug("Request throttled at subscription level for throttle key" + str11);
                                }
                                if (!z3) {
                                    messageContext.setProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIMESTAMP, Long.valueOf(ServiceReferenceHolder.getInstance().getThrottleDataHolder().getThrottleNextAccessTimestamp(str11)));
                                    messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.API_LIMIT_EXCEEDED);
                                    messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.SUBSCRIPTION_LIMIT_EXCEEDED);
                                }
                                z = true;
                            } else {
                                if (messageContext.getProperty("isThrottleOutIgnored") == null) {
                                    messageContext.setProperty("isThrottleOutIgnored", Boolean.TRUE);
                                }
                                z = false;
                                if (log.isDebugEnabled()) {
                                    log.debug("Request throttled at subscription level for throttle key" + str11 + ". But subscription policy " + tier + " allows to continue to serve requests");
                                }
                            }
                        } else if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isThrottled(str8)) {
                            if (log.isDebugEnabled()) {
                                log.debug("Request throttled at application level for throttle key" + str8);
                            }
                            messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.APPLICATION_LIMIT_EXCEEDED);
                            messageContext.setProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIMESTAMP, Long.valueOf(ServiceReferenceHolder.getInstance().getThrottleDataHolder().getThrottleNextAccessTimestamp(str8)));
                            z = true;
                        } else if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isKeyTemplatesPresent() && validateCustomPolicy(username, str8, str11, str9, str11, str4, str5, subscriberTenantDomain, tenantDomain, applicationId, ServiceReferenceHolder.getInstance().getThrottleDataHolder().getKeyTemplateMap(), messageContext)) {
                            if (log.isDebugEnabled()) {
                                log.debug("Request throttled at custom throttling");
                            }
                            messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.CUSTOM_POLICY_LIMIT_EXCEED);
                            z = true;
                        } else if (isHardLimitThrottled(messageContext, authenticationContext, str4, str5)) {
                            z = true;
                        } else {
                            throttleDataPublisher.publishNonThrottledEvent(str8, applicationTier, str9, apiTier, str11, tier, requestKey, throttling, username, str4, str5, subscriberTenantDomain, tenantDomain, applicationId, messageContext, authenticationContext);
                        }
                    }
                    start3.stop();
                }
            }
        }
        return z;
    }

    public boolean handleRequest(MessageContext messageContext) {
        Timer.Context start = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), THROTTLE_MAIN})).start();
        long currentTimeMillis = System.currentTimeMillis();
        try {
            boolean doThrottle = doThrottle(messageContext);
            messageContext.setProperty(APIMgtGatewayConstants.THROTTLING_LATENCY, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            start.stop();
            return doThrottle;
        } catch (Throwable th) {
            messageContext.setProperty(APIMgtGatewayConstants.THROTTLING_LATENCY, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            start.stop();
            throw th;
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;
    }

    private boolean doThrottle(MessageContext messageContext) {
        ConfigurationContext configurationContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getConfigurationContext();
        AuthenticationContext authenticationContext = APISecurityUtils.getAuthenticationContext(messageContext);
        if (authenticationContext != null && authenticationContext.getSpikeArrestLimit() > 0) {
            Timer.Context start = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), INIT_SPIKE_ARREST})).start();
            initThrottleForSubscriptionLevelSpikeArrest(messageContext, authenticationContext);
            start.stop();
        }
        boolean z = false;
        if (!messageContext.isResponse()) {
            Timer.Context start2 = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), CEP_THROTTLE})).start();
            z = doRoleBasedAccessThrottlingWithCEP(messageContext, configurationContext, authenticationContext);
            start2.stop();
        }
        if (!z) {
            return true;
        }
        Timer.Context start3 = MetricManager.timer(Level.INFO, MetricManager.name("org.wso2.am", new String[]{getClass().getSimpleName(), HANDLE_THROTTLE_OUT})).start();
        handleThrottleOut(messageContext);
        start3.stop();
        return false;
    }

    private OMElement getFaultPayload(int i, String str, String str2, String str3) {
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMNamespace createOMNamespace = oMFactory.createOMNamespace(APIThrottleConstants.API_THROTTLE_NS, APIThrottleConstants.API_THROTTLE_NS_PREFIX);
        OMElement createOMElement = oMFactory.createOMElement("fault", createOMNamespace);
        OMElement createOMElement2 = oMFactory.createOMElement("code", createOMNamespace);
        createOMElement2.setText(String.valueOf(i));
        OMElement createOMElement3 = oMFactory.createOMElement("message", createOMNamespace);
        createOMElement3.setText(str);
        OMElement createOMElement4 = oMFactory.createOMElement("description", createOMNamespace);
        createOMElement4.setText(str2);
        createOMElement.addChild(createOMElement2);
        createOMElement.addChild(createOMElement3);
        createOMElement.addChild(createOMElement4);
        if (!StringUtils.isEmpty(str3)) {
            OMElement createOMElement5 = oMFactory.createOMElement("nextAccessTime", createOMNamespace);
            createOMElement5.setText(str3);
            createOMElement.addChild(createOMElement5);
        }
        return createOMElement;
    }

    private void handleThrottleOut(MessageContext messageContext) {
        int i;
        String str;
        int i2;
        String str2;
        String str3 = "";
        if (APIThrottleConstants.HARD_LIMIT_EXCEEDED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900801;
            str = "API Limit Reached";
            str2 = "API not accepting requests";
            i2 = 503;
        } else if (APIThrottleConstants.REQUEST_BLOCKED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900805;
            str = "Message blocked";
            i2 = 403;
            str2 = "You have been blocked from accessing the resource";
        } else if (APIThrottleConstants.API_LIMIT_EXCEEDED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900800;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        } else if (APIThrottleConstants.RESOURCE_LIMIT_EXCEEDED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900802;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        } else if (APIThrottleConstants.CUSTOM_POLICY_LIMIT_EXCEED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900806;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        } else if (APIThrottleConstants.SUBSCRIPTION_LIMIT_EXCEEDED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900804;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        } else if (APIThrottleConstants.SUBSCRIPTON_BURST_LIMIT_EXCEEDED.equals(messageContext.getProperty(APIThrottleConstants.THROTTLED_OUT_REASON))) {
            i = 900807;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        } else {
            i = 900803;
            str = "Message throttled out";
            i2 = 429;
            str2 = "You have exceeded your quota";
            str3 = getNextAccessTimeString(messageContext);
        }
        messageContext.setProperty("ERROR_CODE", Integer.valueOf(i));
        messageContext.setProperty("ERROR_MESSAGE", str);
        Mediator sequence = messageContext.getSequence(APIThrottleConstants.API_THROTTLE_OUT_HANDLER);
        if (sequence == null || sequence.mediate(messageContext)) {
            org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
            axis2MessageContext.setProperty("message.builder.invoked", Boolean.TRUE);
            try {
                RelayUtils.consumeAndDiscardMessage(axis2MessageContext);
            } catch (AxisFault e) {
                log.error("Error occurred while consuming and discarding the message", e);
            }
            if (messageContext.isDoingPOX() || messageContext.isDoingGET()) {
                Utils.setFaultPayload(messageContext, getFaultPayload(i, str, str2, str3));
            } else {
                if (!StringUtils.isEmpty(str3)) {
                    str2 = str2 + str2 + " .You can access API after " + str3;
                }
                Utils.setSOAPFault(messageContext, "Server", str, str2);
            }
            Utils.sendFault(messageContext, i2);
        }
    }

    public void setId(String str) {
        this.id = str;
    }

    public String getId() {
        return this.id;
    }

    public void setPolicyKey(String str) {
        this.policyKey = str;
    }

    public String gePolicyKey() {
        return this.policyKey;
    }

    public void setPolicyKeyApplication(String str) {
        this.policyKeyApplication = str;
    }

    public String gePolicyKeyApplication() {
        return this.policyKeyApplication;
    }

    public void setPolicyKeyResource(String str) {
        this.policyKeyResource = str;
    }

    public String gePolicyKeyResource() {
        return this.policyKeyResource;
    }

    private String getClientIp(MessageContext messageContext) {
        String str;
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String str2 = (String) ((Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS")).get(HEADER_X_FORWARDED_FOR);
        if (StringUtils.isEmpty(str2)) {
            str = (String) axis2MessageContext.getProperty("REMOTE_ADDR");
        } else {
            str = str2;
            int indexOf = str2.indexOf(44);
            if (indexOf > -1) {
                str = str.substring(0, indexOf);
            }
        }
        return str;
    }

    private OMElement createSpikeArrestSubscriptionLevelPolicy(String str, int i, int i2) {
        OMElement oMElement = null;
        StringBuilder sb = new StringBuilder(APIThrottleConstants.WS_THROTTLE_POLICY_HEADER);
        if (i != 0 && i2 != 0) {
            sb.append(createPolicyForRole(str, Integer.toString(i2), Integer.toString(i)));
        }
        sb.append(APIThrottleConstants.WS_THROTTLE_POLICY_BOTTOM);
        try {
            oMElement = AXIOMUtil.stringToOM(sb.toString());
        } catch (XMLStreamException e) {
            log.error("Error occurred while creating policy file for Hard Throttling.", e);
        }
        return oMElement;
    }

    private void initThrottleForSubscriptionLevelSpikeArrest(MessageContext messageContext, AuthenticationContext authenticationContext) {
        OMElement createSpikeArrestSubscriptionLevelPolicy;
        this.policyKey = authenticationContext.getTier();
        String str = authenticationContext.getApplicationId() + ":" + ((String) messageContext.getProperty("REST_API_CONTEXT")) + ":" + ((String) messageContext.getProperty("SYNAPSE_REST_API_VERSION"));
        int spikeArrestLimit = authenticationContext.getSpikeArrestLimit();
        if (spikeArrestLimit != 0) {
            int i = APIThrottleConstants.MIN.equalsIgnoreCase(authenticationContext.getSpikeArrestUnit()) ? 60000 : 1000;
            try {
                synchronized (this) {
                    if (this.throttle == null) {
                        OMElement createSpikeArrestSubscriptionLevelPolicy2 = createSpikeArrestSubscriptionLevelPolicy(str, spikeArrestLimit, i);
                        if (createSpikeArrestSubscriptionLevelPolicy2 != null) {
                            this.throttle = ThrottleFactory.createMediatorThrottle(PolicyEngine.getPolicy(createSpikeArrestSubscriptionLevelPolicy2));
                        }
                    } else if (this.throttle.getThrottleContext(str) == null && (createSpikeArrestSubscriptionLevelPolicy = createSpikeArrestSubscriptionLevelPolicy(str, spikeArrestLimit, i)) != null) {
                        this.throttle.addThrottleContext(str, ThrottleContextFactory.createThrottleContext(2, ThrottleFactory.createMediatorThrottle(PolicyEngine.getPolicy(createSpikeArrestSubscriptionLevelPolicy)).getThrottleConfiguration("key_of_role_based_throttle")));
                    }
                }
            } catch (ThrottleException e) {
                log.error("Error while initializing throttling object for subscription level spike arrest policy" + e.getMessage());
            }
        }
    }

    private void initThrottleForHardLimitThrottling() {
        OMElement createHardThrottlingPolicy = createHardThrottlingPolicy();
        if (createHardThrottlingPolicy != null) {
            try {
                Throttle createMediatorThrottle = ThrottleFactory.createMediatorThrottle(PolicyEngine.getPolicy(createHardThrottlingPolicy));
                ThrottleContext createThrottleContext = ThrottleContextFactory.createThrottleContext(2, createMediatorThrottle.getThrottleConfiguration("key_of_role_based_throttle"));
                createMediatorThrottle.addThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION, createThrottleContext);
                if (this.throttle != null) {
                    this.throttle.addThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION, createThrottleContext);
                } else {
                    this.throttle = createMediatorThrottle;
                }
            } catch (ThrottleException e) {
                log.error("Error occurred while creating policy file for Hard Throttling.", e);
            }
        }
    }

    public boolean isSubscriptionLevelSpike(MessageContext messageContext, String str) {
        ThrottleContext throttleContext = this.throttle.getThrottleContext(str);
        try {
            AuthenticationContext authenticationContext = APISecurityUtils.getAuthenticationContext(messageContext);
            if (throttleContext == null || authenticationContext.getKeyType() == null) {
                return false;
            }
            if (GatewayUtils.isClusteringEnabled()) {
                throttleContext.setConfigurationContext(((Axis2MessageContext) messageContext).getAxis2MessageContext().getConfigurationContext());
            }
            throttleContext.setThrottleId(this.id + APIThrottleConstants.SUBSCRIPTION_BURST_LIMIT);
            AccessInformation canAccess = this.roleBasedAccessController.canAccess(throttleContext, str, str);
            if (log.isDebugEnabled()) {
                log.debug("Throttle by subscription level burst limit " + str);
                log.debug("Allowed = " + (canAccess != null ? Boolean.valueOf(canAccess.isAccessAllowed()) : "false"));
            }
            if (canAccess == null || canAccess.isAccessAllowed()) {
                return false;
            }
            messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.SUBSCRIPTON_BURST_LIMIT_EXCEEDED);
            log.debug("Subscription level burst control limit exceeded for key " + str);
            return true;
        } catch (ThrottleException e) {
            log.warn("Exception occurred while performing role based throttling", e);
            messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.HARD_LIMIT_EXCEEDED);
            return false;
        }
    }

    public boolean validateCustomPolicy(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10, Map<String, String> map, MessageContext messageContext) {
        if (map == null || map.size() <= 0) {
            return false;
        }
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            String replaceAll = it.next().replaceAll("\\$resourceKey", str3).replaceAll("\\$userId", str).replaceAll("\\$apiContext", str6).replaceAll("\\$apiVersion", str7).replaceAll("\\$appTenant", str8).replaceAll("\\$apiTenant", str9).replaceAll("\\$appId", str10);
            if (ServiceReferenceHolder.getInstance().getThrottleDataHolder().isThrottled(replaceAll)) {
                messageContext.setProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIMESTAMP, Long.valueOf(ServiceReferenceHolder.getInstance().getThrottleDataHolder().getThrottleNextAccessTimestamp(replaceAll)));
                return true;
            }
        }
        return false;
    }

    private OMElement createHardThrottlingPolicy() {
        if (StringUtils.isEmpty(this.productionMaxCount) && StringUtils.isEmpty(this.sandboxMaxCount)) {
            return null;
        }
        OMElement oMElement = null;
        StringBuilder sb = new StringBuilder(APIThrottleConstants.WS_THROTTLE_POLICY_HEADER);
        if (this.productionMaxCount != null && this.productionUnitTime != null) {
            sb.append(createPolicyForRole(APIThrottleConstants.PRODUCTION_HARD_LIMIT, this.productionUnitTime, this.productionMaxCount));
        }
        if (this.sandboxMaxCount != null && this.sandboxUnitTime != null) {
            sb.append(createPolicyForRole(APIThrottleConstants.SANDBOX_HARD_LIMIT, this.sandboxUnitTime, this.sandboxMaxCount));
        }
        sb.append(APIThrottleConstants.WS_THROTTLE_POLICY_BOTTOM);
        try {
            oMElement = AXIOMUtil.stringToOM(sb.toString());
        } catch (XMLStreamException e) {
            log.error("Error occurred while creating policy file for Hard Throttling.", e);
        }
        return oMElement;
    }

    private String createPolicyForRole(String str, String str2, String str3) {
        return "<wsp:Policy>\n     <throttle:ID throttle:type=\"ROLE\">" + str + "</throttle:ID>\n            <wsp:Policy>\n                <throttle:Control>\n                    <wsp:Policy>\n                        <throttle:MaximumCount>" + str3 + "</throttle:MaximumCount>\n                        <throttle:UnitTime>" + str2 + "</throttle:UnitTime>\n                    </wsp:Policy>\n                </throttle:Control>\n            </wsp:Policy>\n </wsp:Policy>\n";
    }

    private boolean isHardLimitThrottled(MessageContext messageContext, AuthenticationContext authenticationContext, String str, String str2) {
        boolean z = false;
        if (StringUtils.isNotEmpty(this.sandboxMaxCount) || StringUtils.isNotEmpty(this.productionMaxCount)) {
            ThrottleContext throttleContext = this.throttle.getThrottleContext(APIThrottleConstants.HARD_THROTTLING_CONFIGURATION);
            try {
                ConfigurationContext configurationContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext().getConfigurationContext();
                String str3 = str != null ? str : "";
                String str4 = str2 != null ? str2 : "";
                if (throttleContext != null && authenticationContext.getKeyType() != null) {
                    String str5 = str3 + ':' + str4 + ':' + authenticationContext.getKeyType();
                    AccessInformation accessInformation = null;
                    if (GatewayUtils.isClusteringEnabled()) {
                        throttleContext.setConfigurationContext(configurationContext);
                    }
                    if ("PRODUCTION".equals(authenticationContext.getKeyType())) {
                        throttleContext.setThrottleId(this.id + APIThrottleConstants.PRODUCTION_HARD_LIMIT);
                        accessInformation = this.roleBasedAccessController.canAccess(throttleContext, str5, APIThrottleConstants.PRODUCTION_HARD_LIMIT);
                    } else if ("SANDBOX".equals(authenticationContext.getKeyType())) {
                        throttleContext.setThrottleId(this.id + APIThrottleConstants.SANDBOX_HARD_LIMIT);
                        accessInformation = this.roleBasedAccessController.canAccess(throttleContext, str5, APIThrottleConstants.SANDBOX_HARD_LIMIT);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Throttle by hard limit " + str5);
                        log.debug("Allowed = " + (accessInformation != null ? Boolean.valueOf(accessInformation.isAccessAllowed()) : "false"));
                    }
                    if (accessInformation != null && !accessInformation.isAccessAllowed()) {
                        messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.HARD_LIMIT_EXCEEDED);
                        log.info("Hard Throttling limit exceeded.");
                        z = true;
                    }
                }
            } catch (ThrottleException e) {
                log.warn("Exception occurred while performing role based throttling", e);
                messageContext.setProperty(APIThrottleConstants.THROTTLED_OUT_REASON, APIThrottleConstants.HARD_LIMIT_EXCEEDED);
                z = true;
            }
        }
        return z;
    }

    public String getSandboxMaxCount() {
        return this.sandboxMaxCount;
    }

    public void setSandboxMaxCount(String str) {
        this.sandboxMaxCount = str;
    }

    public String getProductionMaxCount() {
        return this.productionMaxCount;
    }

    public void setProductionMaxCount(String str) {
        this.productionMaxCount = str;
    }

    public String getSandboxUnitTime() {
        return this.sandboxUnitTime;
    }

    public void setSandboxUnitTime(String str) {
        this.sandboxUnitTime = str;
    }

    public String getProductionUnitTime() {
        return this.productionUnitTime;
    }

    public void setProductionUnitTime(String str) {
        this.productionUnitTime = str;
    }

    public void init(SynapseEnvironment synapseEnvironment) {
        initThrottleForHardLimitThrottling();
    }

    private String getNextAccessTimeString(MessageContext messageContext) {
        Object property = messageContext.getProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIMESTAMP);
        if (property == null) {
            return null;
        }
        long longValue = ((Long) property).longValue();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MMM-dd HH:mm:ssZ");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone(APIThrottleConstants.UTC));
        String str = simpleDateFormat.format(new Date(longValue)) + " " + APIThrottleConstants.UTC;
        messageContext.setProperty(APIThrottleConstants.THROTTLED_NEXT_ACCESS_TIME, str);
        return str;
    }

    public void destroy() {
    }
}
