package org.wso2.choreo.connect.enforcer.security.jwt;

import io.opentelemetry.context.Scope;
import java.util.Iterator;
import org.apache.logging.log4j.ThreadContext;
import org.wso2.choreo.connect.enforcer.commons.exception.APISecurityException;
import org.wso2.choreo.connect.enforcer.commons.model.AuthenticationContext;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.commons.model.ResourceConfig;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.GeneralErrorCodeConstants;
import org.wso2.choreo.connect.enforcer.models.API;
import org.wso2.choreo.connect.enforcer.security.Authenticator;
import org.wso2.choreo.connect.enforcer.subscription.SubscriptionDataHolder;
import org.wso2.choreo.connect.enforcer.tracing.TracingConstants;
import org.wso2.choreo.connect.enforcer.tracing.TracingSpan;
import org.wso2.choreo.connect.enforcer.tracing.Utils;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/security/jwt/UnsecuredAPIAuthenticator.class */
public class UnsecuredAPIAuthenticator implements Authenticator {
    @Override // org.wso2.choreo.connect.enforcer.security.Authenticator
    public boolean canAuthenticate(RequestContext requestContext) {
        Iterator<ResourceConfig> it = requestContext.getMatchedResourcePaths().iterator();
        while (it.hasNext()) {
            if (!isDisableSecurity(it.next())) {
                return false;
            }
        }
        return true;
    }

    @Override // org.wso2.choreo.connect.enforcer.security.Authenticator
    public AuthenticationContext authenticate(RequestContext requestContext) throws APISecurityException {
        TracingSpan tracingSpan = null;
        Scope scope = null;
        try {
            if (Utils.tracingEnabled()) {
                tracingSpan = Utils.startSpan(TracingConstants.UNSECURED_API_AUTHENTICATOR_SPAN, Utils.getGlobalTracer());
                scope = tracingSpan.getSpan().makeCurrent();
                Utils.setTag(tracingSpan, "traceId", ThreadContext.get("traceId"));
            }
            API apiByContextAndVersion = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(FilterUtils.getTenantDomainFromRequestURL(requestContext.getMatchedAPI().getBasePath())).getApiByContextAndVersion(requestContext.getMatchedAPI().getUuid());
            if (apiByContextAndVersion != null && "BLOCKED".equals(apiByContextAndVersion.getLcState())) {
                FilterUtils.setErrorToContext(requestContext, GeneralErrorCodeConstants.API_BLOCKED_CODE, APIConstants.StatusCodes.SERVICE_UNAVAILABLE.getCode(), GeneralErrorCodeConstants.API_BLOCKED_MESSAGE, GeneralErrorCodeConstants.API_BLOCKED_DESCRIPTION);
                throw new APISecurityException(APIConstants.StatusCodes.SERVICE_UNAVAILABLE.getCode(), GeneralErrorCodeConstants.API_BLOCKED_CODE, GeneralErrorCodeConstants.API_BLOCKED_MESSAGE);
            }
            AuthenticationContext generateAuthenticationContextForUnsecured = FilterUtils.generateAuthenticationContextForUnsecured(requestContext);
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            return generateAuthenticationContextForUnsecured;
        } catch (Throwable th) {
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(null);
            }
            throw th;
        }
    }

    @Override // org.wso2.choreo.connect.enforcer.security.Authenticator
    public String getChallengeString() {
        return "";
    }

    @Override // org.wso2.choreo.connect.enforcer.security.Authenticator
    public String getName() {
        return "Unsecured";
    }

    @Override // org.wso2.choreo.connect.enforcer.security.Authenticator
    public int getPriority() {
        return -20;
    }

    private boolean isDisableSecurity(ResourceConfig resourceConfig) {
        return resourceConfig.isDisableSecurity();
    }
}
