package org.wso2.micro.gateway.enforcer.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.micro.gateway.enforcer.api.config.ResourceConfig;
import org.wso2.micro.gateway.enforcer.constants.APIConstants;
import org.wso2.micro.gateway.enforcer.dto.APIKeyValidationInfoDTO;
import org.wso2.micro.gateway.enforcer.exception.MGWException;
import org.wso2.micro.gateway.enforcer.models.API;
import org.wso2.micro.gateway.enforcer.models.ApiPolicy;
import org.wso2.micro.gateway.enforcer.models.Application;
import org.wso2.micro.gateway.enforcer.models.ApplicationKeyMapping;
import org.wso2.micro.gateway.enforcer.models.ApplicationPolicy;
import org.wso2.micro.gateway.enforcer.models.Subscription;
import org.wso2.micro.gateway.enforcer.models.SubscriptionPolicy;
import org.wso2.micro.gateway.enforcer.models.URLMapping;
import org.wso2.micro.gateway.enforcer.subscription.SubscriptionDataHolder;
import org.wso2.micro.gateway.enforcer.subscription.SubscriptionDataStore;
import org.wso2.micro.gateway.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/security/KeyValidator.class */
public class KeyValidator {
    private static final Logger log = LogManager.getLogger((Class<?>) KeyValidator.class);

    public APIKeyValidationInfoDTO validateSubscription(String str, String str2, String str3, String str4) {
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
        try {
            if (log.isDebugEnabled()) {
                log.debug("Before validating subscriptions");
                log.debug("Validation Info : { context : " + str + " , version : " + str2 + " , consumerKey : " + str3 + " }");
            }
            validateSubscriptionDetails(str, str2, str3, str4, aPIKeyValidationInfoDTO);
            if (log.isDebugEnabled()) {
                log.debug("After validating subscriptions");
            }
        } catch (MGWException e) {
            log.error("Error Occurred while validating subscription.", (Throwable) e);
        }
        return aPIKeyValidationInfoDTO;
    }

    public boolean validateScopes(TokenValidationContext tokenValidationContext) throws MGWException {
        if (tokenValidationContext.isCacheHit()) {
            return true;
        }
        APIKeyValidationInfoDTO validationInfoDTO = tokenValidationContext.getValidationInfoDTO();
        if (validationInfoDTO == null) {
            throw new MGWException("Key Validation information not set");
        }
        Set<String> scopes = validationInfoDTO.getScopes();
        StringBuilder sb = new StringBuilder();
        if (scopes != null && !scopes.isEmpty()) {
            String[] strArr = (String[]) scopes.toArray(new String[scopes.size()]);
            if (log.isDebugEnabled() && strArr != null) {
                for (String str : strArr) {
                    sb.append(str);
                    sb.append(",");
                }
                sb.deleteCharAt(sb.length() - 1);
                log.debug("Scopes allowed for token : " + tokenValidationContext.getAccessToken() + " : " + sb.toString());
            }
        }
        ResourceConfig matchingResourceConfig = tokenValidationContext.getMatchingResourceConfig();
        boolean z = false;
        if (matchingResourceConfig.getSecuritySchemas().entrySet().size() > 0) {
            for (Map.Entry<String, List<String>> entry : matchingResourceConfig.getSecuritySchemas().entrySet()) {
                boolean z2 = false;
                if (entry.getValue() != null && entry.getValue().size() > 0) {
                    z = false;
                    Iterator<String> it = entry.getValue().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (scopes.contains(it.next())) {
                            z = true;
                            z2 = true;
                            break;
                        }
                    }
                } else {
                    z = true;
                }
                if (z2) {
                    break;
                }
            }
        } else {
            z = true;
        }
        if (!z) {
            validationInfoDTO.setAuthorized(false);
            validationInfoDTO.setValidationStatus(900910);
        }
        return z;
    }

    private boolean validateSubscriptionDetails(String str, String str2, String str3, String str4, APIKeyValidationInfoDTO aPIKeyValidationInfoDTO) throws MGWException {
        boolean z = false;
        if (FilterUtils.getTenantDomainFromRequestURL(str) == null) {
        }
        if (str2 != null && str2.startsWith(APIConstants.DEFAULT_VERSION_PREFIX)) {
            z = true;
            str2 = str2.split(APIConstants.DEFAULT_VERSION_PREFIX)[1];
        }
        validateSubscriptionDetails(aPIKeyValidationInfoDTO, str, str2, str3, str4, z);
        return aPIKeyValidationInfoDTO.isAuthorized();
    }

    private APIKeyValidationInfoDTO validateSubscriptionDetails(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str, String str2, String str3, String str4, boolean z) {
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(str);
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        API api = null;
        ApplicationKeyMapping applicationKeyMapping = null;
        Application application = null;
        Subscription subscription = null;
        SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomainFromRequestURL);
        if (tenantSubscriptionStore != null) {
            api = tenantSubscriptionStore.getApiByContextAndVersion(str, str2);
            if (api != null) {
                applicationKeyMapping = tenantSubscriptionStore.getKeyMappingByKeyAndKeyManager(str3, str4);
                if (applicationKeyMapping != null) {
                    application = tenantSubscriptionStore.getApplicationById(applicationKeyMapping.getApplicationId());
                    if (application != null) {
                        subscription = tenantSubscriptionStore.getSubscriptionById(application.getId().intValue(), api.getApiId());
                        if (subscription != null) {
                            if (log.isDebugEnabled()) {
                                log.debug("All information is retrieved from the inmemory data store.");
                            }
                        } else if (log.isDebugEnabled()) {
                            log.debug("Valid subscription not found for appId " + application.getId() + " and apiId " + api.getApiId());
                        }
                    } else if (log.isDebugEnabled()) {
                        log.debug("Application not found in the datastore for id " + applicationKeyMapping.getApplicationId());
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Application keymapping not found in the datastore for id consumerKey " + str3);
                }
            } else if (log.isDebugEnabled()) {
                log.debug("API not found in the datastore for " + str + ":" + str2);
            }
        } else {
            log.error("Subscription datastore is null for tenant domain " + tenantDomainFromRequestURL);
        }
        if (api != null && application != null && applicationKeyMapping != null && subscription != null) {
            validate(aPIKeyValidationInfoDTO, tenantDomainFromRequestURL, -1234, tenantSubscriptionStore, api, applicationKeyMapping, application, subscription, str4);
        } else if (!aPIKeyValidationInfoDTO.isAuthorized() && aPIKeyValidationInfoDTO.getValidationStatus() == 0) {
            aPIKeyValidationInfoDTO.setValidationStatus(900908);
        }
        return aPIKeyValidationInfoDTO;
    }

    private APIKeyValidationInfoDTO validate(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str, int i, SubscriptionDataStore subscriptionDataStore, API api, ApplicationKeyMapping applicationKeyMapping, Application application, Subscription subscription, String str2) {
        String subscriptionState = subscription.getSubscriptionState();
        String keyType = applicationKeyMapping.getKeyType();
        if (APIConstants.SubscriptionStatus.BLOCKED.equals(subscriptionState)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900907);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return aPIKeyValidationInfoDTO;
        }
        if (APIConstants.SubscriptionStatus.ON_HOLD.equals(subscriptionState) || APIConstants.SubscriptionStatus.REJECTED.equals(subscriptionState)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900909);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return aPIKeyValidationInfoDTO;
        }
        if (APIConstants.SubscriptionStatus.PROD_ONLY_BLOCKED.equals(subscriptionState) && !APIConstants.API_KEY_TYPE_SANDBOX.equals(keyType)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900907);
            aPIKeyValidationInfoDTO.setType(keyType);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return aPIKeyValidationInfoDTO;
        }
        aPIKeyValidationInfoDTO.setTier(subscription.getPolicyId());
        aPIKeyValidationInfoDTO.setSubscriber(application.getSubName());
        aPIKeyValidationInfoDTO.setApplicationId(application.getId().toString());
        aPIKeyValidationInfoDTO.setApiName(api.getApiName());
        aPIKeyValidationInfoDTO.setApiVersion(api.getApiVersion());
        aPIKeyValidationInfoDTO.setApiPublisher(api.getApiProvider());
        aPIKeyValidationInfoDTO.setApplicationName(application.getName());
        aPIKeyValidationInfoDTO.setApplicationTier(application.getPolicy());
        aPIKeyValidationInfoDTO.setApplicationUUID(application.getUUID());
        aPIKeyValidationInfoDTO.setAppAttributes(application.getAttributes());
        aPIKeyValidationInfoDTO.setType(keyType);
        String apiTier = api.getApiTier();
        ApplicationPolicy applicationPolicyByName = subscriptionDataStore.getApplicationPolicyByName(application.getPolicy(), i);
        SubscriptionPolicy subscriptionPolicyByName = subscriptionDataStore.getSubscriptionPolicyByName(subscription.getPolicyId(), i);
        ApiPolicy apiPolicyByName = subscriptionDataStore.getApiPolicyByName(api.getApiTier(), i);
        boolean z = false;
        if (applicationPolicyByName.isContentAware() || subscriptionPolicyByName.isContentAware() || (apiPolicyByName != null && apiPolicyByName.isContentAware())) {
            z = true;
        }
        aPIKeyValidationInfoDTO.setContentAware(z);
        int i2 = 0;
        if (subscriptionPolicyByName.getRateLimitCount() > 0) {
            i2 = subscriptionPolicyByName.getRateLimitCount();
        }
        String str3 = null;
        if (subscriptionPolicyByName.getRateLimitTimeUnit() != null) {
            str3 = subscriptionPolicyByName.getRateLimitTimeUnit();
        }
        boolean isStopOnQuotaReach = subscriptionPolicyByName.isStopOnQuotaReach();
        int i3 = 0;
        if (subscriptionPolicyByName.getGraphQLMaxDepth() > 0) {
            i3 = subscriptionPolicyByName.getGraphQLMaxDepth();
        }
        int i4 = 0;
        if (subscriptionPolicyByName.getGraphQLMaxComplexity() > 0) {
            i4 = subscriptionPolicyByName.getGraphQLMaxComplexity();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("api_level_throttling_key");
        aPIKeyValidationInfoDTO.setSpikeArrestLimit(i2);
        aPIKeyValidationInfoDTO.setSpikeArrestUnit(str3);
        aPIKeyValidationInfoDTO.setStopOnQuotaReach(isStopOnQuotaReach);
        aPIKeyValidationInfoDTO.setSubscriberTenantDomain("carbon.super");
        aPIKeyValidationInfoDTO.setGraphQLMaxDepth(i3);
        aPIKeyValidationInfoDTO.setGraphQLMaxComplexity(i4);
        if (apiTier != null && apiTier.trim().length() > 0) {
            aPIKeyValidationInfoDTO.setApiTier(apiTier);
        }
        aPIKeyValidationInfoDTO.setThrottlingDataList(arrayList);
        aPIKeyValidationInfoDTO.setAuthorized(true);
        return aPIKeyValidationInfoDTO;
    }

    private boolean isResourcePathMatching(String str, URLMapping uRLMapping) {
        String trim = str.trim();
        String trim2 = uRLMapping.getUrlPattern().trim();
        if (trim.equalsIgnoreCase(trim2)) {
            return true;
        }
        if (trim.length() + 1 == trim2.length() && trim2.endsWith("/")) {
            return trim.equalsIgnoreCase(trim2.substring(0, trim2.length() - 1));
        }
        return false;
    }
}
