package org.wso2.carbon.apimgt.gateway.handlers.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.concurrent.TimeUnit;
import javax.cache.Cache;
import javax.cache.CacheConfiguration;
import javax.cache.Caching;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.API;
import org.apache.synapse.rest.RESTUtils;
import org.apache.synapse.rest.Resource;
import org.apache.synapse.rest.dispatch.RESTDispatcher;
import org.wso2.carbon.apimgt.api.model.URITemplate;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyDataStore;
import org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore;
import org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftAPIDataStore;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.dto.APIInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.ResourceInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/APIKeyValidator.class */
public class APIKeyValidator {
    private APIKeyDataStore dataStore;
    private boolean gatewayKeyCacheEnabled;
    private boolean isGatewayAPIResourceValidationEnabled;
    private static boolean isGatewayKeyCacheInitialized = false;
    protected Log log = LogFactory.getLog(getClass());

    public APIKeyValidator(AxisConfiguration axisConfiguration) {
        this.gatewayKeyCacheEnabled = true;
        this.isGatewayAPIResourceValidationEnabled = true;
        String keyValidatorClientType = APISecurityUtils.getKeyValidatorClientType();
        if ("WSClient".equals(keyValidatorClientType)) {
            this.dataStore = new WSAPIKeyDataStore();
        } else if ("ThriftClient".equals(keyValidatorClientType)) {
            this.dataStore = new ThriftAPIDataStore();
        }
        this.gatewayKeyCacheEnabled = isGatewayTokenCacheEnabled();
        this.isGatewayAPIResourceValidationEnabled = isAPIResourceValidationEnabled();
        getGatewayKeyCache();
        getResourceCache();
    }

    protected Cache getGatewayKeyCache() {
        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("CacheConfigurations.TokenCacheExpiry");
        if (isGatewayKeyCacheInitialized || firstProperty == null) {
            return Caching.getCacheManager("API_MANAGER_CACHE").getCache("gatewayKeyCache");
        }
        isGatewayKeyCacheInitialized = true;
        return Caching.getCacheManager("API_MANAGER_CACHE").createCacheBuilder("gatewayKeyCache").setExpiry(CacheConfiguration.ExpiryType.MODIFIED, new CacheConfiguration.Duration(TimeUnit.SECONDS, Long.parseLong(firstProperty))).setExpiry(CacheConfiguration.ExpiryType.ACCESSED, new CacheConfiguration.Duration(TimeUnit.SECONDS, Long.parseLong(firstProperty))).setStoreByValue(false).build();
    }

    protected Cache getGatewayTokenCache() {
        return Caching.getCacheManager("API_MANAGER_CACHE").getCache("GATEWAY_TOKEN_CACHE");
    }

    protected Cache getResourceCache() {
        return Caching.getCacheManager("API_MANAGER_CACHE").getCache("resourceCache");
    }

    public APIKeyValidationInfoDTO getKeyValidationInfo(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z) throws APISecurityException {
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO;
        String str8 = str3;
        if (z) {
            str8 = "_default_".concat(str8);
        }
        String accessTokenCacheKey = APIUtil.getAccessTokenCacheKey(str2, str, str8, str6, str7, str4);
        if (this.gatewayKeyCacheEnabled && ((String) getGatewayTokenCache().get(str2)) != null && (aPIKeyValidationInfoDTO = (APIKeyValidationInfoDTO) getGatewayKeyCache().get(accessTokenCacheKey)) != null) {
            if (APIUtil.isAccessTokenExpired(aPIKeyValidationInfoDTO)) {
                this.log.info("Invalid OAuth Token : Access Token " + str2 + " expired.");
                aPIKeyValidationInfoDTO.setAuthorized(false);
                getGatewayKeyCache().remove(accessTokenCacheKey);
                getGatewayTokenCache().remove(str2);
            }
            return aPIKeyValidationInfoDTO;
        }
        APIKeyValidationInfoDTO doGetKeyValidationInfo = doGetKeyValidationInfo(str, str8, str2, str4, str5, str6, str7);
        if (doGetKeyValidationInfo == null) {
            this.log.warn("API key validation service returns null object");
            throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, "API key validation service returns null object");
        }
        if (this.gatewayKeyCacheEnabled) {
            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            getGatewayTokenCache().put(str2, tenantDomain);
            getGatewayKeyCache().put(accessTokenCacheKey, doGetKeyValidationInfo);
            if (!"carbon.super".equals(tenantDomain)) {
                try {
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super", true);
                    getGatewayTokenCache().put(str2, tenantDomain);
                    PrivilegedCarbonContext.endTenantFlow();
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            }
        }
        return doGetKeyValidationInfo;
    }

    protected APIKeyValidationInfoDTO doGetKeyValidationInfo(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws APISecurityException {
        return this.dataStore.getAPIKeyData(str, str2, str3, str4, str5, str6, str7);
    }

    public void cleanup() {
        this.dataStore.cleanup();
    }

    public boolean isGatewayTokenCacheEnabled() {
        try {
            return Boolean.parseBoolean(ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("CacheConfigurations.EnableGatewayTokenCache"));
        } catch (Exception e) {
            this.log.error("Did not found valid API Validation Information cache configuration. Use default configuration" + e);
            return true;
        }
    }

    public boolean isAPIResourceValidationEnabled() {
        try {
            return Boolean.parseBoolean(ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("CacheConfigurations.EnableGatewayResourceCache"));
        } catch (Exception e) {
            this.log.error("Did not found valid API Resource Validation Information cache configuration. Use default configuration" + e);
            return true;
        }
    }

    public String getResourceAuthenticationScheme(MessageContext messageContext) throws APISecurityException {
        try {
            VerbInfoDTO findMatchingVerb = findMatchingVerb(messageContext);
            if (findMatchingVerb != null) {
                messageContext.setProperty("VERB_INFO", findMatchingVerb);
            }
            return findMatchingVerb != null ? findMatchingVerb.getAuthType() : "noMatchedAuthScheme";
        } catch (ResourceNotFoundException e) {
            this.log.error("Could not find matching resource for request", e);
            return "noMatchedAuthScheme";
        }
    }

    public VerbInfoDTO findMatchingVerb(MessageContext messageContext) throws ResourceNotFoundException, APISecurityException {
        String str = (String) messageContext.getProperty("API_RESOURCE_CACHE_KEY");
        if (str != null) {
            VerbInfoDTO verbInfoDTO = (VerbInfoDTO) getResourceCache().get(str);
            if (verbInfoDTO != null) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Found resource in Cache for key: ".concat(str));
                }
                return verbInfoDTO;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Resource not found in cache for key: ".concat(str));
            }
        }
        String str2 = (String) messageContext.getProperty("API_ELECTED_RESOURCE");
        String str3 = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str4 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String str5 = (String) messageContext.getProperty("REST_FULL_REQUEST_PATH");
        String str6 = (String) messageContext.getProperty("SYNAPSE_REST_API");
        String requestPath = Utils.getRequestPath(messageContext, str5, str3, str4);
        if ("".equals(requestPath)) {
            requestPath = "/";
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Setting REST_SUB_REQUEST_PATH in msg context: ".concat(requestPath));
        }
        messageContext.setProperty("REST_SUB_REQUEST_PATH", requestPath);
        String str7 = (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD");
        if (str2 == null) {
            API api = messageContext.getConfiguration().getAPI(str6);
            Resource resource = null;
            if (api != null) {
                Resource[] resources = api.getResources();
                HashSet hashSet = new HashSet();
                for (Resource resource2 : resources) {
                    if ("OPTIONS".equals(str7) || (resource2.getMethods() != null && Arrays.asList(resource2.getMethods()).contains(str7))) {
                        hashSet.add(resource2);
                    }
                }
                if (hashSet.size() > 0) {
                    Iterator it = RESTUtils.getDispatchers().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Resource findResource = ((RESTDispatcher) it.next()).findResource(messageContext, hashSet);
                        if (findResource != null && Arrays.asList(findResource.getMethods()).contains(str7)) {
                            resource = findResource;
                            break;
                        }
                    }
                }
            }
            if (resource == null) {
                String str8 = "Could not find matching resource for " + requestPath;
                this.log.error(str8);
                throw new ResourceNotFoundException(str8);
            }
            str2 = resource.getDispatcherHelper().getString();
            str = APIUtil.getResourceInfoDTOCacheKey(str3, str4, str2, str7);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Selected Resource: ".concat(str2));
            }
            messageContext.setProperty("API_ELECTED_RESOURCE", str2);
        }
        VerbInfoDTO verbInfoDTO2 = (VerbInfoDTO) getResourceCache().get(str);
        if (verbInfoDTO2 != null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Got Resource from cache for key: ".concat(str));
            }
            messageContext.setProperty("API_RESOURCE_CACHE_KEY", str);
            return verbInfoDTO2;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Cache miss for Resource for key: ".concat(str));
        }
        String aPIInfoDTOCacheKey = APIUtil.getAPIInfoDTOCacheKey(str3, str4);
        APIInfoDTO aPIInfoDTO = (APIInfoDTO) getResourceCache().get(aPIInfoDTOCacheKey);
        if (aPIInfoDTO == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Could not find API object in cache for key: ".concat(aPIInfoDTOCacheKey));
            }
            aPIInfoDTO = doGetAPIInfo(str3, str4);
            getResourceCache().put(aPIInfoDTOCacheKey, aPIInfoDTO);
        }
        if (aPIInfoDTO.getResources() == null) {
            return null;
        }
        for (ResourceInfoDTO resourceInfoDTO : aPIInfoDTO.getResources()) {
            if (str2.trim().equalsIgnoreCase(resourceInfoDTO.getUrlPattern().trim())) {
                for (VerbInfoDTO verbInfoDTO3 : resourceInfoDTO.getHttpVerbs()) {
                    if (verbInfoDTO3.getHttpVerb().equals(str7)) {
                        if (this.log.isDebugEnabled()) {
                            this.log.debug("Putting resource object in cache with key: ".concat(str));
                        }
                        verbInfoDTO3.setRequestKey(str);
                        getResourceCache().put(str, verbInfoDTO3);
                        messageContext.setProperty("API_RESOURCE_CACHE_KEY", str);
                        return verbInfoDTO3;
                    }
                }
            }
        }
        return null;
    }

    private APIInfoDTO doGetAPIInfo(String str, String str2) throws APISecurityException {
        APIInfoDTO aPIInfoDTO = new APIInfoDTO();
        ArrayList<URITemplate> allURITemplates = getAllURITemplates(str, str2);
        aPIInfoDTO.setApiName(str);
        aPIInfoDTO.setContext(str);
        aPIInfoDTO.setVersion(str2);
        aPIInfoDTO.setResources(new LinkedHashSet());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Iterator<URITemplate> it = allURITemplates.iterator();
        while (it.hasNext()) {
            URITemplate next = it.next();
            ResourceInfoDTO resourceInfoDTO = (ResourceInfoDTO) linkedHashMap.get(next.getUriTemplate());
            if (null == resourceInfoDTO) {
                resourceInfoDTO = new ResourceInfoDTO();
                resourceInfoDTO.setUrlPattern(next.getUriTemplate());
                resourceInfoDTO.setHttpVerbs(new LinkedHashSet());
                aPIInfoDTO.getResources().add(resourceInfoDTO);
                linkedHashMap.put(next.getUriTemplate(), resourceInfoDTO);
            }
            VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
            verbInfoDTO.setHttpVerb(next.getHTTPVerb());
            verbInfoDTO.setAuthType(next.getAuthType());
            verbInfoDTO.setThrottling(next.getThrottlingTier());
            verbInfoDTO.setThrottlingConditions(next.getThrottlingConditions());
            verbInfoDTO.setConditionGroups(next.getConditionGroups());
            verbInfoDTO.setApplicableLevel(next.getApplicableLevel());
            resourceInfoDTO.getHttpVerbs().add(verbInfoDTO);
        }
        return aPIInfoDTO;
    }

    public VerbInfoDTO getVerbInfoDTOFromAPIData(String str, String str2, String str3, String str4) throws APISecurityException {
        String str5 = str + ':' + str2;
        APIInfoDTO aPIInfoDTO = this.isGatewayAPIResourceValidationEnabled ? (APIInfoDTO) getResourceCache().get(str5) : null;
        if (aPIInfoDTO == null) {
            aPIInfoDTO = doGetAPIInfo(str, str2);
            getResourceCache().put(str5, aPIInfoDTO);
        }
        if ("/".equals(str3)) {
            String str6 = str + '/' + str2 + str3 + ':' + str4;
            VerbInfoDTO verbInfoDTO = this.isGatewayAPIResourceValidationEnabled ? (VerbInfoDTO) getResourceCache().get(str6) : null;
            if (verbInfoDTO != null) {
                verbInfoDTO.setRequestKey(str6);
                return verbInfoDTO;
            }
            if (aPIInfoDTO.getResources() != null) {
                for (ResourceInfoDTO resourceInfoDTO : aPIInfoDTO.getResources()) {
                    if ("/*".equals(resourceInfoDTO.getUrlPattern())) {
                        for (VerbInfoDTO verbInfoDTO2 : resourceInfoDTO.getHttpVerbs()) {
                            if (verbInfoDTO2.getHttpVerb().equals(str4)) {
                                getResourceCache().put(str6, verbInfoDTO2);
                                verbInfoDTO2.setRequestKey(str6);
                                return verbInfoDTO2;
                            }
                        }
                    }
                }
            }
        }
        String trimTrailingSlashes = RESTUtils.trimTrailingSlashes(str3);
        while (true) {
            String str7 = trimTrailingSlashes;
            if (str7.length() <= 1) {
                return null;
            }
            String str8 = str + '/' + str2 + str7 + ':' + str4;
            VerbInfoDTO verbInfoDTO3 = this.isGatewayAPIResourceValidationEnabled ? (VerbInfoDTO) getResourceCache().get(str8) : null;
            if (verbInfoDTO3 != null) {
                verbInfoDTO3.setRequestKey(str8);
                return verbInfoDTO3;
            }
            for (ResourceInfoDTO resourceInfoDTO2 : aPIInfoDTO.getResources()) {
                String urlPattern = resourceInfoDTO2.getUrlPattern();
                if (urlPattern.endsWith("/*")) {
                    urlPattern = urlPattern.substring(0, urlPattern.length() - 2);
                }
                if (str7.endsWith(RESTUtils.trimTrailingSlashes(urlPattern))) {
                    for (VerbInfoDTO verbInfoDTO4 : resourceInfoDTO2.getHttpVerbs()) {
                        if (verbInfoDTO4.getHttpVerb().equals(str4)) {
                            getResourceCache().put(str8, verbInfoDTO4);
                            verbInfoDTO4.setRequestKey(str8);
                            return verbInfoDTO4;
                        }
                    }
                }
            }
            int lastIndexOf = str7.lastIndexOf(47);
            trimTrailingSlashes = str7.substring(0, lastIndexOf <= 0 ? 0 : lastIndexOf);
        }
    }

    private ArrayList<URITemplate> getAllURITemplates(String str, String str2) throws APISecurityException {
        return this.dataStore.getAllURITemplates(str, str2);
    }
}
