package org.wso2.choreo.connect.enforcer.security;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.choreo.connect.enforcer.commons.exception.APISecurityException;
import org.wso2.choreo.connect.enforcer.commons.logging.ErrorDetails;
import org.wso2.choreo.connect.enforcer.commons.model.ResourceConfig;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.GeneralErrorCodeConstants;
import org.wso2.choreo.connect.enforcer.dto.APIKeyValidationInfoDTO;
import org.wso2.choreo.connect.enforcer.models.API;
import org.wso2.choreo.connect.enforcer.models.ApiPolicy;
import org.wso2.choreo.connect.enforcer.models.Application;
import org.wso2.choreo.connect.enforcer.models.ApplicationKeyMapping;
import org.wso2.choreo.connect.enforcer.models.ApplicationPolicy;
import org.wso2.choreo.connect.enforcer.models.Subscription;
import org.wso2.choreo.connect.enforcer.models.SubscriptionPolicy;
import org.wso2.choreo.connect.enforcer.models.URLMapping;
import org.wso2.choreo.connect.enforcer.subscription.SubscriptionDataHolder;
import org.wso2.choreo.connect.enforcer.subscription.SubscriptionDataStore;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/security/KeyValidator.class */
public class KeyValidator {
    private static final Logger log = LogManager.getLogger(KeyValidator.class);

    public static boolean validateScopes(TokenValidationContext tokenValidationContext) throws APISecurityException {
        if (tokenValidationContext.isCacheHit()) {
            return true;
        }
        APIKeyValidationInfoDTO validationInfoDTO = tokenValidationContext.getValidationInfoDTO();
        if (validationInfoDTO == null) {
            log.error("Error while validating scopes. Key validation information has not been set.", ErrorDetails.errorLog("Minor", 6603));
            throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), 900900, "Error while validating scopes. Key validation information has not been set");
        }
        Set<String> scopes = validationInfoDTO.getScopes();
        StringBuilder sb = new StringBuilder();
        if (scopes != null && !scopes.isEmpty()) {
            String[] strArr = (String[]) scopes.toArray(new String[scopes.size()]);
            if (log.isDebugEnabled() && strArr != null) {
                for (String str : strArr) {
                    sb.append(str);
                    sb.append(",");
                }
                sb.deleteCharAt(sb.length() - 1);
            }
        }
        boolean z = true;
        String str2 = "";
        Iterator<ResourceConfig> it = tokenValidationContext.getMatchingResourceConfigs().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourceConfig next = it.next();
            boolean z2 = false;
            boolean z3 = false;
            String path = next.getPath();
            if (next.getSecuritySchemas().entrySet().size() > 0) {
                Iterator it2 = next.getSecuritySchemas().entrySet().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Map.Entry entry = (Map.Entry) it2.next();
                    if (entry.getValue() != null && ((List) entry.getValue()).size() > 0) {
                        z2 = true;
                        Iterator it3 = ((List) entry.getValue()).iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            if (scopes.contains((String) it3.next())) {
                                z3 = true;
                                break;
                            }
                        }
                    }
                }
            }
            if (z2 && !z3) {
                z = false;
                str2 = path;
                break;
            }
        }
        if (z) {
            return true;
        }
        validationInfoDTO.setAuthorized(false);
        validationInfoDTO.setValidationStatus(900910);
        throw new APISecurityException(APIConstants.StatusCodes.UNAUTHORIZED.getCode(), 900910, "User is NOT authorized to access the Resource: " + str2 + ". Scope validation failed.");
    }

    public static APIKeyValidationInfoDTO validateSubscription(String str, String str2, String str3, String str4, String str5) {
        log.debug("Before validating subscriptions");
        log.debug("Validation Info : { uuid : {}, context : {}, version : {}, consumerKey : {} }", str, str2, str3, str4);
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(str2);
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        API api = null;
        ApplicationKeyMapping applicationKeyMapping = null;
        Application application = null;
        Subscription subscription = null;
        SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomainFromRequestURL);
        if (tenantSubscriptionStore != null) {
            api = tenantSubscriptionStore.getApiByContextAndVersion(str);
            if (api != null) {
                applicationKeyMapping = tenantSubscriptionStore.getKeyMappingByKeyAndKeyManager(str4, str5);
                if (applicationKeyMapping != null) {
                    application = tenantSubscriptionStore.getApplicationById(applicationKeyMapping.getApplicationUUID());
                    if (application != null) {
                        subscription = tenantSubscriptionStore.getSubscriptionById(application.getUUID(), api.getApiUUID());
                        if (subscription != null) {
                            log.debug("All information is retrieved from the inmemory data store.");
                        } else {
                            log.info("Valid subscription not found for oauth access token. application: {} app_UUID: {} API_name: {} API_UUID : {}", application.getName(), application.getUUID(), api.getApiName(), api.getApiUUID());
                        }
                    } else {
                        log.info("Application not found in the data store for uuid " + applicationKeyMapping.getApplicationUUID());
                    }
                } else {
                    log.info("Application key mapping not found in the data store for id consumerKey " + str4);
                }
            } else {
                log.info("API not found in the data store for API UUID :" + str);
            }
        } else {
            log.error("Subscription data store is null for tenant domain " + tenantDomainFromRequestURL);
        }
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
        if (api != null && application != null && applicationKeyMapping != null && subscription != null) {
            validate(aPIKeyValidationInfoDTO, tenantSubscriptionStore, api, applicationKeyMapping.getKeyType(), application, subscription);
        }
        if (!aPIKeyValidationInfoDTO.isAuthorized() && aPIKeyValidationInfoDTO.getValidationStatus() == 0) {
            aPIKeyValidationInfoDTO.setValidationStatus(900908);
        }
        log.debug("After validating subscriptions");
        return aPIKeyValidationInfoDTO;
    }

    public static APIKeyValidationInfoDTO validateSubscription(String str, String str2, JWTClaimsSet jWTClaimsSet) {
        log.debug("Before validating subscriptions with API key. API_uuid: {}, context: {}", str, str2);
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(str2);
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        API api = null;
        Application application = null;
        Subscription subscription = null;
        SubscriptionDataStore tenantSubscriptionStore = SubscriptionDataHolder.getInstance().getTenantSubscriptionStore(tenantDomainFromRequestURL);
        if (tenantSubscriptionStore != null) {
            api = tenantSubscriptionStore.getApiByContextAndVersion(str);
            if (api != null) {
                JSONObject jSONObject = (JSONObject) jWTClaimsSet.getClaim("application");
                String asString = jSONObject.getAsString(APIConstants.JwtTokenConstants.APPLICATION_UUID);
                if (jSONObject.isEmpty() || asString.isEmpty()) {
                    log.info("Application claim not found in jwt for uuid");
                } else {
                    application = tenantSubscriptionStore.getApplicationById(asString);
                    if (application != null) {
                        subscription = tenantSubscriptionStore.getSubscriptionById(application.getUUID(), api.getApiUUID());
                        if (subscription != null) {
                            log.debug("All information is retrieved from the in memory data store.");
                        } else {
                            log.info("Valid subscription not found for API key. application: {} app_UUID: {} API_name: {} API_UUID : {}", application.getName(), application.getUUID(), api.getApiName(), api.getApiUUID());
                        }
                    } else {
                        log.info("Application not found in the data store for uuid {}", asString);
                    }
                }
            } else {
                log.info("API not found in the data store for API UUID :" + str);
            }
        } else {
            log.error("Subscription data store is null for tenant domain " + tenantDomainFromRequestURL);
        }
        String str3 = (String) jWTClaimsSet.getClaim(APIConstants.JwtTokenConstants.KEY_TYPE);
        if (str3 == null) {
            str3 = APIConstants.API_KEY_TYPE_PRODUCTION;
        }
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
        if (api != null && application != null && subscription != null) {
            validate(aPIKeyValidationInfoDTO, tenantSubscriptionStore, api, str3, application, subscription);
        }
        if (!aPIKeyValidationInfoDTO.isAuthorized() && aPIKeyValidationInfoDTO.getValidationStatus() == 0) {
            aPIKeyValidationInfoDTO.setValidationStatus(900908);
        }
        log.debug("After validating subscriptions with API key.");
        return aPIKeyValidationInfoDTO;
    }

    private static void validate(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, SubscriptionDataStore subscriptionDataStore, API api, String str, Application application, Subscription subscription) {
        String subscriptionState = subscription.getSubscriptionState();
        if ("BLOCKED".equals(subscriptionState)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900907);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return;
        }
        if (APIConstants.SubscriptionStatus.ON_HOLD.equals(subscriptionState) || APIConstants.SubscriptionStatus.REJECTED.equals(subscriptionState)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900909);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return;
        }
        if (APIConstants.SubscriptionStatus.PROD_ONLY_BLOCKED.equals(subscriptionState) && !APIConstants.API_KEY_TYPE_SANDBOX.equals(str)) {
            aPIKeyValidationInfoDTO.setValidationStatus(900907);
            aPIKeyValidationInfoDTO.setType(str);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return;
        }
        if ("BLOCKED".equals(api.getLcState())) {
            aPIKeyValidationInfoDTO.setValidationStatus(GeneralErrorCodeConstants.API_BLOCKED_CODE);
            aPIKeyValidationInfoDTO.setAuthorized(false);
            return;
        }
        aPIKeyValidationInfoDTO.setTier(subscription.getPolicyId());
        aPIKeyValidationInfoDTO.setSubscriber(application.getSubName());
        aPIKeyValidationInfoDTO.setApplicationId(application.getId().intValue());
        aPIKeyValidationInfoDTO.setApplicationUUID(application.getUUID());
        aPIKeyValidationInfoDTO.setApiName(api.getApiName());
        aPIKeyValidationInfoDTO.setApiVersion(api.getApiVersion());
        aPIKeyValidationInfoDTO.setApiPublisher(api.getApiProvider());
        aPIKeyValidationInfoDTO.setApplicationName(application.getName());
        aPIKeyValidationInfoDTO.setApplicationTier(application.getPolicy());
        aPIKeyValidationInfoDTO.setApplicationUUID(application.getUUID());
        aPIKeyValidationInfoDTO.setAppAttributes(application.getAttributes());
        aPIKeyValidationInfoDTO.setApiUUID(api.getApiUUID());
        aPIKeyValidationInfoDTO.setType(str);
        aPIKeyValidationInfoDTO.setSubscriberTenantDomain(application.getTenantDomain());
        api.getApiTier();
        ApplicationPolicy applicationPolicyByName = subscriptionDataStore.getApplicationPolicyByName(application.getPolicy());
        SubscriptionPolicy subscriptionPolicyByName = subscriptionDataStore.getSubscriptionPolicyByName(subscription.getPolicyId());
        ApiPolicy apiPolicyByName = subscriptionDataStore.getApiPolicyByName(api.getApiTier());
        boolean z = false;
        if (applicationPolicyByName.isContentAware() || subscriptionPolicyByName.isContentAware() || (apiPolicyByName != null && apiPolicyByName.isContentAware())) {
            z = true;
        }
        aPIKeyValidationInfoDTO.setContentAware(z);
        int i = 0;
        if (subscriptionPolicyByName.getRateLimitCount() > 0) {
            i = subscriptionPolicyByName.getRateLimitCount();
        }
        String str2 = null;
        if (subscriptionPolicyByName.getRateLimitTimeUnit() != null) {
            str2 = subscriptionPolicyByName.getRateLimitTimeUnit();
        }
        boolean isStopOnQuotaReach = subscriptionPolicyByName.isStopOnQuotaReach();
        int i2 = 0;
        if (subscriptionPolicyByName.getGraphQLMaxDepth() > 0) {
            i2 = subscriptionPolicyByName.getGraphQLMaxDepth();
        }
        int i3 = 0;
        if (subscriptionPolicyByName.getGraphQLMaxComplexity() > 0) {
            i3 = subscriptionPolicyByName.getGraphQLMaxComplexity();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("api_level_throttling_key");
        aPIKeyValidationInfoDTO.setSpikeArrestLimit(i);
        aPIKeyValidationInfoDTO.setSpikeArrestUnit(str2);
        aPIKeyValidationInfoDTO.setStopOnQuotaReach(isStopOnQuotaReach);
        aPIKeyValidationInfoDTO.setGraphQLMaxDepth(i2);
        aPIKeyValidationInfoDTO.setGraphQLMaxComplexity(i3);
        aPIKeyValidationInfoDTO.setThrottlingDataList(arrayList);
        aPIKeyValidationInfoDTO.setAuthorized(true);
    }

    private boolean isResourcePathMatching(String str, URLMapping uRLMapping) {
        String trim = str.trim();
        String trim2 = uRLMapping.getUrlPattern().trim();
        if (trim.equalsIgnoreCase(trim2)) {
            return true;
        }
        if (trim.length() + 1 == trim2.length() && trim2.endsWith("/")) {
            return trim.equalsIgnoreCase(trim2.substring(0, trim2.length() - 1));
        }
        return false;
    }
}
