package org.wso2.carbon.apimgt.rest.api.store.utils;

import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.cache.Caching;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import org.wso2.carbon.apimgt.api.APIConsumer;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.Documentation;
import org.wso2.carbon.apimgt.api.model.Scope;
import org.wso2.carbon.apimgt.api.model.SubscribedAPI;
import org.wso2.carbon.apimgt.api.model.Subscriber;
import org.wso2.carbon.apimgt.api.model.Tier;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationScopeDTO;
import org.wso2.carbon.apimgt.rest.api.store.dto.ScopeListDTO;
import org.wso2.carbon.apimgt.rest.api.store.utils.mappings.APIMappingUtil;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/rest/api/store/utils/RestAPIStoreUtils.class */
public class RestAPIStoreUtils {
    private static final Log log = LogFactory.getLog(RestAPIStoreUtils.class);
    private static boolean isStoreCacheEnabled;

    public static boolean isUserAccessAllowedForApplication(Application application) {
        String loggedInUserGroupId;
        if (application == null) {
            return false;
        }
        String groupId = application.getGroupId();
        if (application.getSubscriber() != null && isUserOwnerOfApplication(application)) {
            return true;
        }
        if (StringUtils.isEmpty(groupId) || (loggedInUserGroupId = RestApiUtil.getLoggedInUserGroupId()) == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(groupId.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)));
        for (String str : loggedInUserGroupId.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            if (arrayList.contains(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isUserOwnerOfApplication(Application application) {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        if (application.getSubscriber().getName().equals(loggedInUsername)) {
            return true;
        }
        if (!application.getSubscriber().getName().toLowerCase().equals(loggedInUsername.toLowerCase())) {
            return false;
        }
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("APIStore.CompareCaseInsensitively");
        return StringUtils.isNotEmpty(firstProperty) && Boolean.valueOf(firstProperty).booleanValue();
    }

    public static boolean isUserAccessAllowedForSubscription(SubscribedAPI subscribedAPI) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        Application application = subscribedAPI.getApplication();
        APIIdentifier apiId = subscribedAPI.getApiId();
        if (apiId == null || application == null) {
            return false;
        }
        try {
            return isUserAccessAllowedForAPI(apiId) && isUserAccessAllowedForApplication(application);
        } catch (APIManagementException e) {
            throw new APIManagementException("Failed to retrieve the API " + apiId.toString() + " to check user " + loggedInUsername + " has access to the subscription " + subscribedAPI.getUUID(), e);
        }
    }

    public static boolean isUserAccessAllowedForAPI(String str, String str2) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        try {
            APIMappingUtil.getAPIIdentifierFromApiIdOrUUID(str, str2);
            return true;
        } catch (APIManagementException | UnsupportedEncodingException e) {
            if (!RestApiUtil.isDueToAuthorizationFailure(e)) {
                throw new APIManagementException("Failed to retrieve the API " + str + " to check user " + loggedInUsername + " has access to the API", e);
            }
            log.info("user " + loggedInUsername + " failed to access the API " + str + " due to an authorization failure");
            return false;
        }
    }

    public static boolean isUserAccessAllowedForAPI(APIIdentifier aPIIdentifier) throws APIManagementException {
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        try {
            RestApiUtil.getLoggedInUserConsumer().getLightweightAPI(aPIIdentifier);
            return true;
        } catch (APIManagementException e) {
            if (!RestApiUtil.isDueToAuthorizationFailure(e)) {
                throw new APIManagementException("Failed to retrieve the API " + aPIIdentifier + " to check user " + loggedInUsername + " has access to the API", e);
            }
            log.info("user " + loggedInUsername + " failed to access the API " + aPIIdentifier + " due to an authorization failure");
            return false;
        }
    }

    public static void checkSubscriptionAllowed(APIIdentifier aPIIdentifier, String str) throws APIManagementException {
        String subscriptionAvailableTenants;
        String loggedInUsername = RestApiUtil.getLoggedInUsername();
        String loggedInUserTenantDomain = RestApiUtil.getLoggedInUserTenantDomain();
        String tenantDomain = MultitenantUtils.getTenantDomain(APIUtil.replaceEmailDomainBack(aPIIdentifier.getProviderName()));
        APIConsumer aPIConsumer = APIManagerFactory.getInstance().getAPIConsumer(loggedInUsername);
        API api = aPIConsumer.getAPI(aPIIdentifier);
        String apiSecurity = api.getApiSecurity();
        if (apiSecurity != null && !apiSecurity.contains("oauth2")) {
            throw new APIMgtAuthorizationFailedException("Subscription is not allowed for API " + aPIIdentifier.toString() + ". To access the API, please use the client certificate");
        }
        Set<Tier> availableTiers = api.getAvailableTiers();
        boolean z = false;
        if (loggedInUserTenantDomain.equals(tenantDomain)) {
            z = true;
        } else {
            String subscriptionAvailability = api.getSubscriptionAvailability();
            if ("all_tenants".equals(subscriptionAvailability)) {
                z = true;
            } else if ("specific_tenants".equals(subscriptionAvailability) && (subscriptionAvailableTenants = api.getSubscriptionAvailableTenants()) != null) {
                String[] split = subscriptionAvailableTenants.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = split[i];
                    if (str2 != null && loggedInUserTenantDomain.equals(str2.trim())) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
        }
        if (!z) {
            throw new APIMgtAuthorizationFailedException("Subscription is not allowed for " + loggedInUserTenantDomain);
        }
        boolean z2 = false;
        ArrayList arrayList = new ArrayList();
        for (Tier tier : availableTiers) {
            if (tier.getName() != null && tier.getName().equals(str)) {
                z2 = true;
            }
            arrayList.add(tier.getName());
        }
        if (!z2) {
            throw new APIMgtAuthorizationFailedException("Tier " + str + " is not allowed for API " + aPIIdentifier.getApiName() + RestApiConstants.API_ID_DELIMITER + aPIIdentifier.getVersion() + ". Only " + Arrays.toString(arrayList.toArray()) + " Tiers are allowed.");
        }
        if (aPIConsumer.isTierDeneid(str)) {
            throw new APIMgtAuthorizationFailedException("Tier " + str + " is not allowed for user " + loggedInUsername);
        }
    }

    public static String removeXMediationScriptsFromSwagger(String str) {
        Matcher matcher = Pattern.compile(StringArrayPropertyEditor.DEFAULT_SEPARATOR + "\"x-mediation-script\":\".*?(?<!\\\\)\"").matcher(str);
        while (matcher.find()) {
            str = str.replace(matcher.group(), "");
        }
        Matcher matcher2 = Pattern.compile("\"x-mediation-script\":\".*?(?<!\\\\)\"" + StringArrayPropertyEditor.DEFAULT_SEPARATOR).matcher(str);
        while (matcher2.find()) {
            str = str.replace(matcher2.group(), "");
        }
        return str;
    }

    public static String getLastUpdatedTimeByApplicationId(String str) {
        try {
            Application applicationByUUID = APIManagerFactory.getInstance().getAPIConsumer(RestApiUtil.getLoggedInUsername()).getApplicationByUUID(str);
            String lastUpdatedTime = applicationByUUID.getLastUpdatedTime();
            return lastUpdatedTime != null ? lastUpdatedTime : applicationByUUID.getCreatedTime();
        } catch (APIManagementException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while retrieving resource timestamps due to " + e.getMessage(), e);
            }
            RestApiUtil.handleInternalServerError("Error while getting application with id " + str, e, log);
            return null;
        }
    }

    public static String getLastUpdatedTimeBySubscriptionId(String str) {
        try {
            SubscribedAPI subscriptionByUUID = RestApiUtil.getConsumer(RestApiUtil.getLoggedInUsername()).getSubscriptionByUUID(str);
            if (subscriptionByUUID == null) {
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_SUBSCRIPTION, str, log);
            } else {
                if (isUserAccessAllowedForSubscription(subscriptionByUUID)) {
                    String updatedTime = subscriptionByUUID.getUpdatedTime();
                    return updatedTime != null ? updatedTime : subscriptionByUUID.getCreatedTime();
                }
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_SUBSCRIPTION, str, log);
            }
            return null;
        } catch (APIManagementException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while retrieving resource timestamps due to " + e.getMessage(), e);
            }
            RestApiUtil.handleInternalServerError("Error while getting subscription with id " + str, e, log);
            return null;
        }
    }

    public static String apisApiIdGetLastUpdated(String str, String str2) {
        API api;
        String requestedTenantDomain = RestApiUtil.getRequestedTenantDomain(str2);
        try {
            APIConsumer loggedInUserConsumer = RestApiUtil.getLoggedInUserConsumer();
            if (!RestApiUtil.isTenantAvailable(requestedTenantDomain)) {
                RestApiUtil.handleBadRequest("Provided tenant domain '" + str2 + "' is invalid", log);
            }
            if (!RestApiUtil.isUUID(str) || loggedInUserConsumer == null) {
                api = loggedInUserConsumer != null ? loggedInUserConsumer.getAPI(APIMappingUtil.getAPIIdentifierFromApiId(str)) : null;
            } else {
                api = loggedInUserConsumer.getLightweightAPIByUUID(str, requestedTenantDomain);
            }
            if (api != null) {
                return api.getLastUpdated() != null ? String.valueOf(api.getLastUpdated().getTime()) : api.getCreatedTime();
            }
            return null;
        } catch (APIManagementException | UnsupportedEncodingException e) {
            if (RestApiUtil.isDueToAuthorizationFailure(e)) {
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, str, e, log);
                return null;
            }
            if (RestApiUtil.isDueToResourceNotFound(e)) {
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, str, e, log);
                return null;
            }
            RestApiUtil.handleInternalServerError("Error while retrieving API : " + str, e, log);
            return null;
        } catch (UserStoreException e2) {
            RestApiUtil.handleInternalServerError("Error while checking availability of tenant " + requestedTenantDomain, e2, log);
            return null;
        }
    }

    public static String apisApiIdSwaggerGetLastUpdated(String str, String str2) {
        String requestedTenantDomain = RestApiUtil.getRequestedTenantDomain(str);
        try {
            try {
                APIConsumer loggedInUserConsumer = RestApiUtil.getLoggedInUserConsumer();
                if (!RestApiUtil.isTenantAvailable(requestedTenantDomain)) {
                    RestApiUtil.handleBadRequest("Provided tenant domain '" + str + "' is invalid", log);
                }
                Map swaggerDefinitionTimeStamps = loggedInUserConsumer.getSwaggerDefinitionTimeStamps(APIMappingUtil.getAPIIdentifierFromApiIdOrUUID(str2, requestedTenantDomain));
                if (swaggerDefinitionTimeStamps == null) {
                    return null;
                }
                String str3 = (String) swaggerDefinitionTimeStamps.get("UPDATED_TIME");
                return str3 != null ? str3 : (String) swaggerDefinitionTimeStamps.get("CREATED_TIME");
            } catch (UserStoreException e) {
                RestApiUtil.handleInternalServerError("Error while checking availability of tenant " + requestedTenantDomain, e, log);
                return null;
            }
        } catch (APIManagementException | UnsupportedEncodingException e2) {
            if (RestApiUtil.isDueToAuthorizationFailure(e2)) {
                RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, str2, e2, log);
            } else if (RestApiUtil.isDueToResourceNotFound(e2)) {
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, str2, e2, log);
            } else {
                RestApiUtil.handleInternalServerError("Error while retrieving API : " + str2, e2, log);
            }
            log.error("Failed to fetch last updated time for the resource due to " + e2.getMessage(), e2);
            return null;
        }
    }

    public static String apisApiIdThumbnailGetLastUpdated(String str) {
        try {
            return RestApiUtil.getLoggedInUserConsumer().getThumbnailLastUpdatedTime(APIMappingUtil.getAPIIdentifierFromApiIdOrUUID(str, RestApiUtil.getLoggedInUserTenantDomain()));
        } catch (APIManagementException | UnsupportedEncodingException e) {
            if (RestApiUtil.isDueToResourceNotFound(e) || RestApiUtil.isDueToAuthorizationFailure(e)) {
                RestApiUtil.handleResourceNotFoundError(RestApiConstants.RESOURCE_API, str, e, log);
                return null;
            }
            RestApiUtil.handleInternalServerError("Error while retrieving thumbnail of API : " + str, e, log);
            return null;
        }
    }

    public static String apisApiIdDocumentIdGetLastUpdated(String str, String str2) {
        try {
            Documentation documentation = RestApiUtil.getConsumer(RestApiUtil.getLoggedInUsername()).getDocumentation(str, RestApiUtil.getRequestedTenantDomain(str2));
            Date lastUpdated = documentation.getLastUpdated();
            return lastUpdated == null ? String.valueOf(documentation.getCreatedDate().getTime()) : String.valueOf(lastUpdated.getTime());
        } catch (APIManagementException e) {
            if (log.isDebugEnabled()) {
                log.error("Error while getting lastUpdated Time for document id" + e.getMessage(), e);
            }
            RestApiUtil.handleInternalServerError("Error while getting lastUpdated Time for document id", e, log);
            return null;
        }
    }

    public static ScopeListDTO getScopesForApplication(String str, Application application, boolean z) throws APIManagementException {
        Set<Scope> scopesBySubscribedAPIs;
        String uuid = application.getUUID();
        String str2 = z ? "appSubscriptionFilteredScopeCache" : "appSubscriptionScopeCache";
        String str3 = z ? uuid + RestApiConstants.API_ID_DELIMITER + str : uuid;
        Set<Scope> valueFromCache = getValueFromCache(str2, str3);
        if (valueFromCache != null) {
            if (log.isDebugEnabled()) {
                log.debug("Scopes for the application " + uuid + " is found in the cache");
            }
            return convertScopeSetToScopeList(valueFromCache);
        }
        if (log.isDebugEnabled()) {
            log.debug("Scopes for the application " + uuid + " is not found in the cache, retrieving it from the database for the user " + str);
        }
        Subscriber subscriber = new Subscriber(str);
        APIConsumer consumer = RestApiUtil.getConsumer(str);
        ArrayList arrayList = new ArrayList();
        for (SubscribedAPI subscribedAPI : consumer.getSubscribedAPIs(subscriber, application.getName(), application.getGroupId())) {
            arrayList.add(subscribedAPI.getApiId());
            if (log.isDebugEnabled()) {
                log.debug("API " + subscribedAPI.getApiId() + " is subscribed to the the application " + uuid);
            }
        }
        if (!arrayList.isEmpty() && (scopesBySubscribedAPIs = consumer.getScopesBySubscribedAPIs(arrayList)) != null) {
            if (log.isDebugEnabled()) {
                log.debug("Number of un-filtered set of scopes retrieved for the application " + uuid + "is " + scopesBySubscribedAPIs.size());
            }
            valueFromCache = z ? getFilteredScopeList(scopesBySubscribedAPIs, str) : scopesBySubscribedAPIs;
            addToApplicationScopeCache(str2, str3, valueFromCache);
        }
        return convertScopeSetToScopeList(valueFromCache);
    }

    protected static ScopeListDTO convertScopeSetToScopeList(Set<Scope> set) {
        ScopeListDTO scopeListDTO = new ScopeListDTO();
        ArrayList arrayList = new ArrayList();
        if (set == null) {
            return null;
        }
        for (Scope scope : set) {
            ApplicationScopeDTO applicationScopeDTO = new ApplicationScopeDTO();
            applicationScopeDTO.setKey(scope.getKey());
            applicationScopeDTO.setName(scope.getName());
            applicationScopeDTO.setDescription(scope.getDescription());
            applicationScopeDTO.setRoles(scope.getRoles());
            arrayList.add(applicationScopeDTO);
        }
        scopeListDTO.setList(arrayList);
        return scopeListDTO;
    }

    protected static void addToApplicationScopeCache(String str, String str2, Set<Scope> set) {
        if (isStoreCacheEnabled) {
            if (log.isDebugEnabled()) {
                log.debug("Store cache is enabled, adding the scopes set for the key " + str2 + " to the cache '" + str + "'");
            }
            Caching.getCacheManager("API_MANAGER_CACHE").getCache(str).put(str2, set);
        }
    }

    protected static Set<Scope> getValueFromCache(String str, String str2) {
        if (!isStoreCacheEnabled) {
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("Store cache is enabled, retrieving the scopes set for the key " + str2 + " from the cache '" + str + "'");
        }
        return (Set) Caching.getCacheManager("API_MANAGER_CACHE").getCache(str).get(str2);
    }

    protected static Set<Scope> getFilteredScopeList(Set<Scope> set, String str) throws APIManagementException {
        String[] listOfRoles = APIUtil.getListOfRoles(str);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (log.isDebugEnabled()) {
            log.debug("Roles of the user " + str + " are " + Arrays.toString(listOfRoles));
        }
        List asList = listOfRoles != null ? Arrays.asList(listOfRoles) : null;
        for (Scope scope : set) {
            if (scope.getRoles() == null || scope.getRoles().isEmpty()) {
                linkedHashSet.add(scope);
            } else if (asList != null && !asList.isEmpty()) {
                ArrayList arrayList = new ArrayList(Arrays.asList(scope.getRoles().replaceAll("\\s+", "").split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)));
                arrayList.retainAll(asList);
                if (!arrayList.isEmpty()) {
                    linkedHashSet.add(scope);
                }
            }
        }
        return linkedHashSet;
    }

    static {
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("CacheConfigurations.EnableScopeCache");
        isStoreCacheEnabled = firstProperty != null && Boolean.parseBoolean(firstProperty);
    }
}
