package org.wso2.carbon.apimgt.rest.api.util.utils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIConsumer;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.SubscribedAPI;
import org.wso2.carbon.apimgt.api.model.Tier;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.apimgt.rest.api.util-6.4.217.jar:org/wso2/carbon/apimgt/rest/api/util/utils/RestAPIStoreUtils.class */
public class RestAPIStoreUtils {
    private static final Log log = LogFactory.getLog(RestAPIStoreUtils.class);
    private static boolean isStoreCacheEnabled;

    public static boolean isUserAccessAllowedForApplication(Application application) {
        String loggedInUserGroupId;
        if (application == null) {
            return false;
        }
        String groupId = application.getGroupId();
        if (application.getSubscriber() != null && isUserOwnerOfApplication(application)) {
            return true;
        }
        if (StringUtils.isEmpty(groupId) || (loggedInUserGroupId = RestApiUtil.getLoggedInUserGroupId()) == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(groupId.split(",")));
        for (String str : loggedInUserGroupId.split(",")) {
            if (arrayList.contains(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isUserOwnerOfApplication(Application application) {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        if (application.getSubscriber().getName().equals(loggedInUsername)) {
            return true;
        }
        if (!application.getSubscriber().getName().toLowerCase().equals(loggedInUsername.toLowerCase())) {
            return false;
        }
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("APIStore.CompareCaseInsensitively");
        return StringUtils.isNotEmpty(firstProperty) && Boolean.valueOf(firstProperty).booleanValue();
    }

    public static boolean isUserAccessAllowedForSubscription(SubscribedAPI subscribedAPI) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        Application application = subscribedAPI.getApplication();
        APIIdentifier apiId = subscribedAPI.getApiId();
        if (apiId == null || application == null) {
            return false;
        }
        try {
            return isUserAccessAllowedForAPI(apiId) && isUserAccessAllowedForApplication(application);
        } catch (APIManagementException e) {
            throw new APIManagementException("Failed to retrieve the API " + apiId.toString() + " to check user " + loggedInUsername + " has access to the subscription " + subscribedAPI.getUUID(), e);
        }
    }

    public static boolean isUserAccessAllowedForAPIByUUID(String str, String str2) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        try {
            RestApiUtil.getLoggedInUserConsumer().getLightweightAPIByUUID(str, str2);
            return true;
        } catch (APIManagementException e) {
            if (!RestApiUtil.isDueToAuthorizationFailure(e)) {
                throw new APIManagementException("Failed to retrieve the API " + str + " to check user " + loggedInUsername + " has access to the API", e);
            }
            log.info("user " + loggedInUsername + " failed to access the API " + str + " due to an authorization failure");
            return false;
        }
    }

    public static boolean isUserAccessAllowedForAPI(APIIdentifier aPIIdentifier) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        try {
            RestApiUtil.getLoggedInUserConsumer().getLightweightAPI(aPIIdentifier);
            return true;
        } catch (APIManagementException e) {
            if (!RestApiUtil.isDueToAuthorizationFailure(e)) {
                throw new APIManagementException("Failed to retrieve the API " + aPIIdentifier + " to check user " + loggedInUsername + " has access to the API", e);
            }
            log.info("user " + loggedInUsername + " failed to access the API " + aPIIdentifier + " due to an authorization failure");
            return false;
        }
    }

    public static void checkSubscriptionAllowed(APIIdentifier aPIIdentifier, String str) throws APIManagementException {
        String subscriptionAvailableTenants;
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(aPIIdentifier.getProviderName()));
        APIConsumer aPIConsumer = APIManagerFactory.getInstance().getAPIConsumer(loggedInUsername);
        API api = aPIConsumer.getAPI(aPIIdentifier);
        String apiSecurity = api.getApiSecurity();
        if (apiSecurity != null && !apiSecurity.contains("oauth2")) {
            throw new APIMgtAuthorizationFailedException("Subscription is not allowed for API " + aPIIdentifier.toString() + ". To access the API, please use the client certificate");
        }
        Set<Tier> availableTiers = api.getAvailableTiers();
        boolean z = false;
        if (loggedInUserTenantDomain.equals(tenantDomain)) {
            z = true;
        } else {
            String subscriptionAvailability = api.getSubscriptionAvailability();
            if ("all_tenants".equals(subscriptionAvailability)) {
                z = true;
            } else if ("specific_tenants".equals(subscriptionAvailability) && (subscriptionAvailableTenants = api.getSubscriptionAvailableTenants()) != null) {
                String[] split = subscriptionAvailableTenants.split(",");
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = split[i];
                    if (str2 != null && loggedInUserTenantDomain.equals(str2.trim())) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
        }
        if (!z) {
            throw new APIMgtAuthorizationFailedException("Subscription is not allowed for " + loggedInUserTenantDomain);
        }
        boolean z2 = false;
        ArrayList arrayList = new ArrayList();
        for (Tier tier : availableTiers) {
            if (tier.getName() != null && tier.getName().equals(str)) {
                z2 = true;
            }
            arrayList.add(tier.getName());
        }
        if (!z2) {
            throw new APIMgtAuthorizationFailedException("Tier " + str + " is not allowed for API " + aPIIdentifier.getApiName() + RestApiConstants.API_ID_DELIMITER + aPIIdentifier.getVersion() + ". Only " + Arrays.toString(arrayList.toArray()) + " Tiers are allowed.");
        }
        if (aPIConsumer.isTierDeneid(str)) {
            throw new APIMgtAuthorizationFailedException("Tier " + str + " is not allowed for user " + loggedInUsername);
        }
    }

    public static APIIdentifier getAPIIdentifierFromUUID(String str, String str2) throws APIManagementException {
        return RestApiUtil.getLoggedInUserConsumer().getLightweightAPIByUUID(str, str2).getId();
    }

    static {
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("CacheConfigurations.EnableScopeCache");
        isStoreCacheEnabled = firstProperty != null && Boolean.parseBoolean(firstProperty);
    }
}
