package org.wso2.carbon.apimgt.importexport;

import java.io.File;
import java.io.InputStream;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.multipart.Multipart;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.importexport.utils.APIExportUtil;
import org.wso2.carbon.apimgt.importexport.utils.APIImportUtil;
import org.wso2.carbon.apimgt.importexport.utils.ArchiveGeneratorUtil;
import org.wso2.carbon.apimgt.importexport.utils.AuthenticationContext;
import org.wso2.carbon.apimgt.importexport.utils.AuthenticatorUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

@Path("/")
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/importexport/APIService.class */
public class APIService {
    private static final Log log = LogFactory.getLog(APIService.class);

    @GET
    @Produces({"application/zip"})
    @Path("/export-api")
    public Response exportAPI(@QueryParam("name") String str, @QueryParam("version") String str2, @QueryParam("provider") String str3, @Context HttpHeaders httpHeaders) {
        if (str == null || str2 == null || str3 == null) {
            log.error("Invalid API Information ");
            return Response.status(Response.Status.BAD_REQUEST).entity("Invalid API Information").type("application/json").build();
        }
        log.info("Retrieving API for API-Id : " + str + "-" + str2 + "-" + str3);
        boolean z = false;
        try {
            try {
                Response authorizeUser = AuthenticatorUtil.authorizeUser(httpHeaders);
                if (Response.Status.OK.getStatusCode() != authorizeUser.getStatus()) {
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return authorizeUser;
                }
                AuthenticationContext authenticationContext = (AuthenticationContext) authorizeUser.getEntity();
                String domainAwareUsername = authenticationContext.getDomainAwareUsername();
                String tenantDomain = authenticationContext.getTenantDomain();
                if (!"carbon.super".equalsIgnoreCase(tenantDomain)) {
                    domainAwareUsername = domainAwareUsername + "@" + tenantDomain;
                }
                String tenantDomain2 = MultitenantUtils.getTenantDomain(str3);
                String tenantDomain3 = MultitenantUtils.getTenantDomain(domainAwareUsername);
                boolean z2 = Boolean.getBoolean(APIImportExportConstants.MIGRATION_MODE);
                if (z2) {
                    if (APIExportUtil.isCrossTenantAccessPermissionsViolated(tenantDomain2, domainAwareUsername).booleanValue()) {
                        String str4 = "Not authorized to export API :\"" + str + "-" + str2 + "-" + str3;
                        log.error(str4 + ". Reason: Cross Tenant API access is not allowed. Both the facts; setting 'migrationMode=true' system property set at APIM Server startup and the requester being a super tenant admin, should be satisfied for this to be allowed");
                        Response build = Response.status(Response.Status.FORBIDDEN).entity(str4).type("application/json").build();
                        if (0 != 0) {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                        return build;
                    }
                } else if (!tenantDomain2.equals(tenantDomain3)) {
                    log.error("Not authorized to export API :" + str + "-" + str2 + "-" + str3);
                    Response build2 = Response.status(Response.Status.FORBIDDEN).entity("Not authorized to export API :" + str + "-" + str2 + "-" + str3).type("application/json").build();
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return build2;
                }
                APIIdentifier aPIIdentifier = new APIIdentifier(APIUtil.replaceEmailDomain(str3), str, str2);
                File file = new File(System.getProperty(APIImportExportConstants.TEMP_DIR) + (File.separator + RandomStringUtils.randomAlphanumeric(5) + File.separator));
                APIExportUtil.createDirectory(file.getPath());
                String file2 = file.toString();
                APIExportUtil.setArchiveBasePath(file2);
                if (z2) {
                    if (!"carbon.super".equals(tenantDomain2)) {
                        PrivilegedCarbonContext.startTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain2, true);
                        z = true;
                    }
                } else if (tenantDomain3 != null && !"carbon.super".equals(tenantDomain3)) {
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain3, true);
                    z = true;
                }
                Response retrieveApiToExport = APIExportUtil.retrieveApiToExport(aPIIdentifier, domainAwareUsername);
                if (Response.Status.OK.getStatusCode() != retrieveApiToExport.getStatus()) {
                    if (z) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return retrieveApiToExport;
                }
                ArchiveGeneratorUtil.archiveDirectory(file2);
                log.info("API" + str + "-" + str2 + " exported successfully");
                File file3 = new File(file2 + ".zip");
                Response.ResponseBuilder ok = Response.ok(file3);
                ok.header("Content-Disposition", "attachment; filename=\"" + file3.getName() + "\"");
                Response build3 = ok.build();
                if (z) {
                    PrivilegedCarbonContext.endTenantFlow();
                }
                return build3;
            } catch (APIExportException e) {
                log.error("APIExportException occurred while exporting ", e);
                Response build4 = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).type("application/json").build();
                if (0 != 0) {
                    PrivilegedCarbonContext.endTenantFlow();
                }
                return build4;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                PrivilegedCarbonContext.endTenantFlow();
            }
            throw th;
        }
    }

    @Path("/import-api")
    @Consumes({"multipart/form-data"})
    @POST
    @Produces({"application/json"})
    public Response importAPI(@Multipart("file") InputStream inputStream, @QueryParam("preserveProvider") String str, @Context HttpHeaders httpHeaders) {
        boolean z = true;
        boolean z2 = false;
        if (APIImportExportConstants.STATUS_FALSE.equalsIgnoreCase(str)) {
            z = false;
        }
        try {
            try {
                Response authorizeUser = AuthenticatorUtil.authorizeUser(httpHeaders);
                if (Response.Status.OK.getStatusCode() != authorizeUser.getStatus()) {
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return authorizeUser;
                }
                AuthenticationContext authenticationContext = (AuthenticationContext) authorizeUser.getEntity();
                String tenantDomain = MultitenantUtils.getTenantDomain(authenticationContext.getUsername());
                String domainAwareUsername = authenticationContext.getDomainAwareUsername();
                if (!tenantDomain.equals("carbon.super")) {
                    domainAwareUsername = domainAwareUsername + "@" + tenantDomain;
                }
                APIImportUtil.initializeProvider(domainAwareUsername);
                String property = System.getProperty(APIImportExportConstants.TEMP_DIR);
                String str2 = File.separator + RandomStringUtils.randomAlphanumeric(5) + File.separator;
                File file = new File(property + str2);
                if (!file.mkdirs()) {
                    Response build = Response.serverError().entity("Failed to create temporary directory.\n").build();
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return build;
                }
                String str3 = property + str2;
                APIImportUtil.transferFile(inputStream, APIImportExportConstants.UPLOAD_FILE_NAME, str3);
                try {
                    String extractArchive = APIImportUtil.extractArchive(new File(str3 + APIImportExportConstants.UPLOAD_FILE_NAME), str3);
                    if (tenantDomain != null && !"carbon.super".equals(tenantDomain)) {
                        PrivilegedCarbonContext.startTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                        z2 = true;
                    }
                    APIImportUtil.importAPI(str3 + extractArchive, domainAwareUsername, z);
                    file.deleteOnExit();
                    Response build2 = Response.status(Response.Status.CREATED).entity("API imported successfully.\n").build();
                    if (z2) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return build2;
                } catch (APIImportException e) {
                    Response build3 = Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return build3;
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    PrivilegedCarbonContext.endTenantFlow();
                }
                throw th;
            }
        } catch (APIExportException e2) {
            Response build4 = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Error in initializing API provider.\n").build();
            if (0 != 0) {
                PrivilegedCarbonContext.endTenantFlow();
            }
            return build4;
        } catch (APIImportException e3) {
            Response build5 = Response.serverError().entity(e3.getMessage()).build();
            if (0 != 0) {
                PrivilegedCarbonContext.endTenantFlow();
            }
            return build5;
        }
    }

    @Path("/{apiID}")
    @Consumes({"multipart/form-data"})
    @Produces({"application/json"})
    @PUT
    public Response updateAPI(@Multipart("file") InputStream inputStream, @PathParam("apiID") String str, @QueryParam("preserveProvider") String str2, @Context HttpHeaders httpHeaders) {
        boolean z = false;
        boolean z2 = true;
        if (APIImportExportConstants.STATUS_FALSE.equalsIgnoreCase(str2)) {
            z2 = false;
        }
        try {
            try {
                try {
                    Response authorizeUser = AuthenticatorUtil.authorizeUser(httpHeaders);
                    if (Response.Status.OK.getStatusCode() != authorizeUser.getStatus()) {
                        if (0 != 0) {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                        return authorizeUser;
                    }
                    AuthenticationContext authenticationContext = (AuthenticationContext) authorizeUser.getEntity();
                    String tenantDomain = MultitenantUtils.getTenantDomain(authenticationContext.getUsername());
                    String domainAwareUsername = authenticationContext.getDomainAwareUsername();
                    if (!"carbon.super".equals(tenantDomain)) {
                        domainAwareUsername = domainAwareUsername + "@" + tenantDomain;
                    }
                    APIImportUtil.initializeProvider(domainAwareUsername);
                    String property = System.getProperty(APIImportExportConstants.TEMP_DIR);
                    String str3 = File.separator + RandomStringUtils.randomAlphanumeric(5) + File.separator;
                    File file = new File(property + str3);
                    if (!file.mkdirs()) {
                        Response build = Response.serverError().entity("Failed to create temporary directory.").build();
                        if (0 != 0) {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                        return build;
                    }
                    String str4 = property + str3;
                    APIImportUtil.transferFile(inputStream, APIImportExportConstants.UPLOAD_FILE_NAME, str4);
                    try {
                        String extractArchive = APIImportUtil.extractArchive(new File(str4 + APIImportExportConstants.UPLOAD_FILE_NAME), str4);
                        if (!"carbon.super".equals(tenantDomain)) {
                            PrivilegedCarbonContext.startTenantFlow();
                            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                            z = true;
                        }
                        APIImportUtil.updateAPI(str, str4 + extractArchive, domainAwareUsername, z2);
                        file.deleteOnExit();
                        Response build2 = Response.status(Response.Status.CREATED).entity("API updated successfully.").build();
                        if (z) {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                        return build2;
                    } catch (APIImportException e) {
                        Response build3 = Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
                        if (0 != 0) {
                            PrivilegedCarbonContext.endTenantFlow();
                        }
                        return build3;
                    }
                } catch (APIImportException e2) {
                    log.error(e2.getMessage(), e2);
                    Response build4 = Response.serverError().entity(e2.getMessage()).build();
                    if (0 != 0) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                    return build4;
                }
            } catch (APIExportException e3) {
                log.error(e3.getMessage(), e3);
                Response build5 = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Error in initializing API provider.").build();
                if (0 != 0) {
                    PrivilegedCarbonContext.endTenantFlow();
                }
                return build5;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                PrivilegedCarbonContext.endTenantFlow();
            }
            throw th;
        }
    }
}
