package org.wso2.carbon.apimgt.rest.api.dcr.web.impl;

import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.KeyManager;
import org.wso2.carbon.apimgt.api.model.OAuthAppRequest;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService;
import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.FaultResponse;
import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.RegistrationProfile;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;

@Produces({"application/json"})
@Consumes({"application/json"})
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/dcr/web/impl/RegistrationServiceImpl.class */
public class RegistrationServiceImpl implements RegistrationService {
    private static final Log log = LogFactory.getLog(RegistrationServiceImpl.class);

    @Override // org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService
    @POST
    public Response register(RegistrationProfile registrationProfile) {
        Response build;
        try {
            KeyManager keyManagerInstance = KeyManagerHolder.getKeyManagerInstance();
            OAuthAppRequest oAuthAppRequest = new OAuthAppRequest();
            OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
            String owner = registrationProfile.getOwner();
            String loggedInUsername = RestApiUtil.getLoggedInUsername();
            if (loggedInUsername == null || !loggedInUsername.equals(owner)) {
                build = Response.status(Response.Status.BAD_REQUEST).entity(RestApiUtil.getErrorDTO(RestApiConstants.STATUS_BAD_REQUEST_MESSAGE_DEFAULT, 400L, "Logged in user '" + loggedInUsername + "' and application owner '" + owner + "' should be same.")).build();
            } else {
                if (!isUserAccessAllowed(loggedInUsername)) {
                    log.error("User " + loggedInUsername + " does not have any of subscribe/create/publish privileges to create an OAuth app");
                    return Response.status(Response.Status.FORBIDDEN).entity(RestApiUtil.getErrorDTO(RestApiConstants.STATUS_FORBIDDEN_MESSAGE_DEFAULT, 403L, "You do not have enough privileges to create an OAuth app")).build();
                }
                oAuthApplicationInfo.setClientName(registrationProfile.getClientName());
                oAuthApplicationInfo.setCallBackURL(registrationProfile.getCallbackUrl());
                oAuthApplicationInfo.addParameter("username", owner);
                oAuthApplicationInfo.setClientId("");
                oAuthApplicationInfo.setClientSecret("");
                oAuthApplicationInfo.setIsSaasApplication(registrationProfile.isSaasApp());
                oAuthAppRequest.setOAuthApplicationInfo(oAuthApplicationInfo);
                OAuthApplicationInfo createApplication = keyManagerInstance.createApplication(oAuthAppRequest);
                if (createApplication != null) {
                    createApplication.removeParameter("tokenScope");
                    return Response.status(Response.Status.CREATED).entity(createApplication).build();
                }
                String str = "OAuth app '" + registrationProfile.getClientName() + "' creation failed. Dynamic Client Registration Service not available.";
                log.error(str);
                build = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(RestApiUtil.getErrorDTO(RestApiConstants.STATUS_BAD_REQUEST_MESSAGE_DEFAULT, 500L, str)).build();
            }
        } catch (APIManagementException e) {
            String str2 = "Error occurred while registering client '" + registrationProfile.getClientName() + "'";
            build = Response.status(Response.Status.BAD_REQUEST).entity(RestApiUtil.getErrorDTO(RestApiConstants.STATUS_BAD_REQUEST_MESSAGE_DEFAULT, 400L, str2)).build();
            log.error(str2, e);
        }
        return build;
    }

    @Override // org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService
    @DELETE
    public Response unRegister(@QueryParam("applicationName") String str, @QueryParam("userId") String str2, @QueryParam("consumerKey") String str3) {
        Response build;
        try {
            build = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Dynamic Client Registration Service's resource deletion not implemented.").build();
        } catch (Exception e) {
            String str4 = "Error occurred while un-registering client '" + str + "'";
            log.error(str4, e);
            build = Response.serverError().entity(new FaultResponse(RegistrationService.ErrorCode.INVALID_CLIENT_METADATA, str4)).build();
        }
        return build;
    }

    private boolean isUserAccessAllowed(String str) {
        try {
            log.debug("checking 'subscribe' permission for user " + str);
            APIUtil.checkPermission(str, "/permission/admin/manage/api/subscribe");
            return true;
        } catch (APIManagementException e) {
            log.debug("user " + str + " does not have subscriber permission", e);
            try {
                log.debug("checking 'api publish' permission for user " + str);
                APIUtil.checkPermission(str, "/permission/admin/manage/api/publish");
                return true;
            } catch (APIManagementException e2) {
                log.debug("user " + str + " does not have 'api publish' permission", e2);
                try {
                    log.debug("checking 'api create' permission for user " + str);
                    APIUtil.checkPermission(str, "/permission/admin/manage/api/create");
                    return true;
                } catch (APIManagementException e3) {
                    log.debug("user " + str + " does not have 'api create' permission", e3);
                    return false;
                }
            }
        }
    }
}
