package org.wso2.carbon.apimgt.gateway.handlers.security.apikey;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import io.swagger.v3.oas.models.OpenAPI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Map;
import java.util.TreeMap;
import javax.cache.Cache;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.util.xpath.SynapseXPath;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.jaxen.JaxenException;
import org.json.JSONException;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo;
import org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException;
import org.wso2.carbon.apimgt.common.gateway.jwtgenerator.AbstractAPIMgtGatewayJWTGenerator;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.MethodStats;
import org.wso2.carbon.apimgt.gateway.MethodTimeLogger;
import org.wso2.carbon.apimgt.gateway.dto.JWTTokenPayloadInfo;
import org.wso2.carbon.apimgt.gateway.handlers.analytics.Constants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationResponse;
import org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.gateway.jwt.RevokedJWTDataHolder;
import org.wso2.carbon.apimgt.gateway.threatprotection.utils.ThreatProtectorConstants;
import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils;
import org.wso2.carbon.apimgt.gateway.utils.OpenAPIUtils;
import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO;
import org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator.class */
public class ApiKeyAuthenticator implements Authenticator {
    private static final Log log;
    private static boolean gatewayApiKeyKeyCacheInit;
    private static boolean gatewayInvalidApiKeyCacheInit;
    private String securityParam;
    private String apiLevelPolicy;
    private boolean isMandatory;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;
    private static final JoinPoint.StaticPart ajc$tjp_7 = null;
    private static final JoinPoint.StaticPart ajc$tjp_8 = null;
    private static final JoinPoint.StaticPart ajc$tjp_9 = null;
    private static final JoinPoint.StaticPart ajc$tjp_10 = null;
    private static final JoinPoint.StaticPart ajc$tjp_11 = null;
    private static final JoinPoint.StaticPart ajc$tjp_12 = null;
    private static final JoinPoint.StaticPart ajc$tjp_13 = null;
    private static final JoinPoint.StaticPart ajc$tjp_14 = null;
    private static final JoinPoint.StaticPart ajc$tjp_15 = null;
    private static final JoinPoint.StaticPart ajc$tjp_16 = null;
    private static final JoinPoint.StaticPart ajc$tjp_17 = null;
    private static final JoinPoint.StaticPart ajc$tjp_18 = null;
    private Boolean jwtGenerationEnabled = null;
    private AbstractAPIMgtGatewayJWTGenerator apiMgtGatewayJWTGenerator = null;
    private JWTConfigurationDto jwtConfigurationDto = null;
    private Boolean isGatewayTokenCacheEnabled = null;
    private String contextHeader = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            ApiKeyAuthenticator.init_aroundBody0((ApiKeyAuthenticator) objArr2[0], (SynapseEnvironment) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.extractApiKey_aroundBody10((ApiKeyAuthenticator) objArr2[0], (MessageContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.removeApiKeyFromQueryParameters_aroundBody12((ApiKeyAuthenticator) objArr2[0], (String) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure15.class */
    public class AjcClosure15 extends AroundClosure {
        public AjcClosure15(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(ApiKeyAuthenticator.isJwtTokenExpired_aroundBody14((JWTClaimsSet) objArr2[0], (JoinPoint) objArr2[1]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure17.class */
    public class AjcClosure17 extends AroundClosure {
        public AjcClosure17(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getJwtValidationInfo_aroundBody16((ApiKeyAuthenticator) objArr2[0], (SignedJWTInfo) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure19.class */
    public class AjcClosure19 extends AroundClosure {
        public AjcClosure19(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.decode_aroundBody18((ApiKeyAuthenticator) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure21.class */
    public class AjcClosure21 extends AroundClosure {
        public AjcClosure21(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getContextHeader_aroundBody20((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure23.class */
    public class AjcClosure23 extends AroundClosure {
        public AjcClosure23(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            ApiKeyAuthenticator.setContextHeader_aroundBody22((ApiKeyAuthenticator) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure25.class */
    public class AjcClosure25 extends AroundClosure {
        public AjcClosure25(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getGatewayApiKeyCache_aroundBody24((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure27.class */
    public class AjcClosure27 extends AroundClosure {
        public AjcClosure27(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getInvalidGatewayApiKeyCache_aroundBody26((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure29.class */
    public class AjcClosure29 extends AroundClosure {
        public AjcClosure29(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getGatewayApiKeyDataCache_aroundBody28((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            ApiKeyAuthenticator.destroy_aroundBody2((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure31.class */
    public class AjcClosure31 extends AroundClosure {
        public AjcClosure31(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getApiLevelPolicy_aroundBody30((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure33.class */
    public class AjcClosure33 extends AroundClosure {
        public AjcClosure33(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getChallengeString_aroundBody32((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure35.class */
    public class AjcClosure35 extends AroundClosure {
        public AjcClosure35(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.getRequestOrigin_aroundBody34((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure37.class */
    public class AjcClosure37 extends AroundClosure {
        public AjcClosure37(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.intObject(ApiKeyAuthenticator.getPriority_aroundBody36((ApiKeyAuthenticator) objArr2[0], (JoinPoint) objArr2[1]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.authenticate_aroundBody4((ApiKeyAuthenticator) objArr2[0], (MessageContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            ApiKeyAuthenticator.validateAPIKeyRestrictions_aroundBody6((ApiKeyAuthenticator) objArr2[0], (JWTClaimsSet) objArr2[1], (MessageContext) objArr2[2], (JoinPoint) objArr2[3]);
            return null;
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return ApiKeyAuthenticator.generateAndRetrieveBackendJWTToken_aroundBody8((ApiKeyAuthenticator) objArr2[0], (String) objArr2[1], (JWTInfoDto) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(ApiKeyAuthenticator.class);
        gatewayApiKeyKeyCacheInit = false;
        gatewayInvalidApiKeyCacheInit = false;
    }

    public ApiKeyAuthenticator(String str, String str2, boolean z) {
        this.securityParam = str;
        this.apiLevelPolicy = str2;
        this.isMandatory = z;
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void init(SynapseEnvironment synapseEnvironment) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, synapseEnvironment);
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, synapseEnvironment, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            init_aroundBody0(this, synapseEnvironment, makeJP);
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public void destroy() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            destroy_aroundBody2(this, makeJP);
        }
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public AuthenticationResponse authenticate(MessageContext messageContext) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, messageContext);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (AuthenticationResponse) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, messageContext, makeJP}).linkClosureAndJoinPoint(69648)) : authenticate_aroundBody4(this, messageContext, makeJP);
    }

    private void validateAPIKeyRestrictions(JWTClaimsSet jWTClaimsSet, MessageContext messageContext) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, jWTClaimsSet, messageContext);
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, jWTClaimsSet, messageContext, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            validateAPIKeyRestrictions_aroundBody6(this, jWTClaimsSet, messageContext, makeJP);
        }
    }

    private String generateAndRetrieveBackendJWTToken(String str, JWTInfoDto jWTInfoDto) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, str, jWTInfoDto);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, str, jWTInfoDto, makeJP}).linkClosureAndJoinPoint(69648)) : generateAndRetrieveBackendJWTToken_aroundBody8(this, str, jWTInfoDto, makeJP);
    }

    private String extractApiKey(MessageContext messageContext) throws APISecurityException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, messageContext);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{this, messageContext, makeJP}).linkClosureAndJoinPoint(69648)) : extractApiKey_aroundBody10(this, messageContext, makeJP);
    }

    private String removeApiKeyFromQueryParameters(String str, String str2) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this, str, str2);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure13(new Object[]{this, str, str2, makeJP}).linkClosureAndJoinPoint(69648)) : removeApiKeyFromQueryParameters_aroundBody12(this, str, str2, makeJP);
    }

    private static boolean isJwtTokenExpired(JWTClaimsSet jWTClaimsSet) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_7, (Object) null, (Object) null, jWTClaimsSet);
        return (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure15(new Object[]{jWTClaimsSet, makeJP}).linkClosureAndJoinPoint(65536))) : isJwtTokenExpired_aroundBody14(jWTClaimsSet, makeJP);
    }

    private JWTValidationInfo getJwtValidationInfo(SignedJWTInfo signedJWTInfo) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_8, this, this, signedJWTInfo);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (JWTValidationInfo) MethodTimeLogger.aspectOf().log(new AjcClosure17(new Object[]{this, signedJWTInfo, makeJP}).linkClosureAndJoinPoint(69648)) : getJwtValidationInfo_aroundBody16(this, signedJWTInfo, makeJP);
    }

    private byte[] decode(String str) throws IllegalArgumentException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_9, this, this, str);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (byte[]) MethodTimeLogger.aspectOf().log(new AjcClosure19(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648)) : decode_aroundBody18(this, str, makeJP);
    }

    public String getContextHeader() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_10, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure21(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getContextHeader_aroundBody20(this, makeJP);
    }

    public void setContextHeader(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_11, this, this, str);
        if ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) {
            MethodTimeLogger.aspectOf().log(new AjcClosure23(new Object[]{this, str, makeJP}).linkClosureAndJoinPoint(69648));
        } else {
            setContextHeader_aroundBody22(this, str, makeJP);
        }
    }

    private Cache getGatewayApiKeyCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_12, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure25(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getGatewayApiKeyCache_aroundBody24(this, makeJP);
    }

    private Cache getInvalidGatewayApiKeyCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_13, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure27(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getInvalidGatewayApiKeyCache_aroundBody26(this, makeJP);
    }

    private Cache getGatewayApiKeyDataCache() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_14, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Cache) MethodTimeLogger.aspectOf().log(new AjcClosure29(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getGatewayApiKeyDataCache_aroundBody28(this, makeJP);
    }

    private String getApiLevelPolicy() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_15, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure31(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getApiLevelPolicy_aroundBody30(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public String getChallengeString() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_16, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure33(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getChallengeString_aroundBody32(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public String getRequestOrigin() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_17, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure35(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getRequestOrigin_aroundBody34(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator
    public int getPriority() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_18, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? Conversions.intValue(MethodTimeLogger.aspectOf().log(new AjcClosure37(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648))) : getPriority_aroundBody36(this, makeJP);
    }

    static final void init_aroundBody0(ApiKeyAuthenticator apiKeyAuthenticator, SynapseEnvironment synapseEnvironment, JoinPoint joinPoint) {
    }

    static final void destroy_aroundBody2(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
    }

    static final AuthenticationResponse authenticate_aroundBody4(ApiKeyAuthenticator apiKeyAuthenticator, MessageContext messageContext, JoinPoint joinPoint) {
        if (log.isDebugEnabled()) {
            log.info("ApiKey Authentication initialized");
        }
        try {
            String extractApiKey = apiKeyAuthenticator.extractApiKey(messageContext);
            JWTTokenPayloadInfo jWTTokenPayloadInfo = null;
            if (apiKeyAuthenticator.jwtConfigurationDto == null) {
                apiKeyAuthenticator.jwtConfigurationDto = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getJwtConfigurationDto();
            }
            if (apiKeyAuthenticator.jwtGenerationEnabled == null) {
                apiKeyAuthenticator.jwtGenerationEnabled = Boolean.valueOf(apiKeyAuthenticator.jwtConfigurationDto.isEnabled());
            }
            if (apiKeyAuthenticator.apiMgtGatewayJWTGenerator == null) {
                apiKeyAuthenticator.apiMgtGatewayJWTGenerator = ServiceReferenceHolder.getInstance().getApiMgtGatewayJWTGenerator().get(apiKeyAuthenticator.jwtConfigurationDto.getGatewayJWTGeneratorImpl());
            }
            String[] split = extractApiKey.split("\\.");
            if (split.length != 3) {
                log.error("Api Key does not have the format {header}.{payload}.{signature} ");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
            }
            SignedJWT parse = SignedJWT.parse(extractApiKey);
            JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
            JWSHeader header = parse.getHeader();
            String jwtid = jWTClaimsSet.getJWTID();
            if (!JOSEObjectType.JWT.equals(header.getType())) {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid Api Key token type. Api Key: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid Api Key token type.");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
            }
            if (!GatewayUtils.isAPIKey(jWTClaimsSet)) {
                log.error("Invalid Api Key. Internal Key Sent");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
            }
            if (header.getKeyID() == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid Api Key. Could not find alias in header. Api Key: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid Api Key. Could not find alias in header");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
            }
            String keyID = header.getKeyID();
            String str = (String) messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT);
            String str2 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
            String str3 = (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(ThreatProtectorConstants.HTTP_METHOD);
            String str4 = (String) messageContext.getProperty(APIMgtGatewayConstants.API_ELECTED_RESOURCE);
            OpenAPI openAPI = (OpenAPI) messageContext.getProperty(APIMgtGatewayConstants.OPEN_API_OBJECT);
            if (openAPI == null && !"GRAPHQL".equals(messageContext.getProperty("API_TYPE"))) {
                log.error("Swagger is missing in the gateway. Therefore, Api Key authentication cannot be performed.");
                return new AuthenticationResponse(false, apiKeyAuthenticator.isMandatory, true, APISecurityConstants.API_AUTH_MISSING_OPEN_API_DEF, APISecurityConstants.API_AUTH_MISSING_OPEN_API_DEF_ERROR_MESSAGE);
            }
            String resourceInfoDTOCacheKey = APIUtil.getResourceInfoDTOCacheKey(str, str2, str4, str3);
            VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
            verbInfoDTO.setHttpVerb(str3);
            verbInfoDTO.setAuthType("None");
            verbInfoDTO.setRequestKey(resourceInfoDTOCacheKey);
            verbInfoDTO.setThrottling(OpenAPIUtils.getResourceThrottlingTier(openAPI, messageContext));
            ArrayList arrayList = new ArrayList();
            arrayList.add(verbInfoDTO);
            messageContext.setProperty("VERB_INFO", arrayList);
            String accessTokenCacheKey = GatewayUtils.getAccessTokenCacheKey(jwtid, str, str2, str4, str3);
            String tenantDomain = GatewayUtils.getTenantDomain();
            boolean z = false;
            if (apiKeyAuthenticator.isGatewayTokenCacheEnabled == null) {
                apiKeyAuthenticator.isGatewayTokenCacheEnabled = Boolean.valueOf(GatewayUtils.isGatewayTokenCacheEnabled());
            }
            if (apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue()) {
                if (((String) apiKeyAuthenticator.getGatewayApiKeyCache().get(jwtid)) != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Api Key retrieved from the Api Key cache.");
                    }
                    if (apiKeyAuthenticator.getGatewayApiKeyDataCache().get(accessTokenCacheKey) != null) {
                        jWTTokenPayloadInfo = (JWTTokenPayloadInfo) apiKeyAuthenticator.getGatewayApiKeyDataCache().get(accessTokenCacheKey);
                        z = jWTTokenPayloadInfo.getRawPayload().equals(split[1]);
                    }
                } else {
                    if (apiKeyAuthenticator.getInvalidGatewayApiKeyCache().get(jwtid) != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Api Key retrieved from the invalid Api Key cache. Api Key: " + GatewayUtils.getMaskedToken(split[0]));
                        }
                        log.error("Invalid Api Key." + GatewayUtils.getMaskedToken(split[0]));
                        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
                    }
                    if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(jwtid)) {
                        if (log.isDebugEnabled()) {
                            log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
                        }
                        log.error("Invalid API Key. " + GatewayUtils.getMaskedToken(split[0]));
                        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid API Key");
                    }
                }
            } else if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(jwtid)) {
                if (log.isDebugEnabled()) {
                    log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(split[0]));
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
            }
            if (!z) {
                if (log.isDebugEnabled()) {
                    log.debug("Api Key not found in the cache.");
                }
                try {
                    parse = (SignedJWT) JWTParser.parse(extractApiKey);
                    jWTClaimsSet = parse.getJWTClaimsSet();
                    try {
                        z = GatewayUtils.verifyTokenSignature(parse, keyID);
                        if (apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue()) {
                            if (z) {
                                apiKeyAuthenticator.getGatewayApiKeyCache().put(jwtid, tenantDomain);
                            } else {
                                apiKeyAuthenticator.getInvalidGatewayApiKeyCache().put(jwtid, tenantDomain);
                            }
                            if (!"carbon.super".equals(tenantDomain)) {
                                try {
                                    PrivilegedCarbonContext.startTenantFlow();
                                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super", true);
                                    if (z) {
                                        apiKeyAuthenticator.getGatewayApiKeyCache().put(jwtid, tenantDomain);
                                    } else {
                                        apiKeyAuthenticator.getInvalidGatewayApiKeyCache().put(jwtid, tenantDomain);
                                    }
                                } finally {
                                    PrivilegedCarbonContext.endTenantFlow();
                                }
                            }
                        }
                    } catch (APISecurityException e) {
                        if (e.getErrorCode() == 900901) {
                            throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
                        }
                        throw e;
                    }
                } catch (IllegalArgumentException | ParseException | JSONException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Invalid Api Key. Api Key: " + GatewayUtils.getMaskedToken(split[0]), e2);
                    }
                    log.error("Invalid JWT token. Failed to decode the Api Key body.");
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE, e2);
                }
            }
            if (!z) {
                if (log.isDebugEnabled()) {
                    log.debug("Api Key signature verification failure. Api Key: " + GatewayUtils.getMaskedToken(split[0]));
                }
                log.error("Invalid Api Key. Signature verification failed.");
                throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
            }
            if (log.isDebugEnabled()) {
                log.debug("Api Key signature is verified.");
            }
            if (!apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue() || jWTTokenPayloadInfo == null) {
                if (log.isDebugEnabled()) {
                    log.debug("ApiKey payload not found in the cache.");
                }
                if (jWTClaimsSet == null) {
                    try {
                        parse = (SignedJWT) JWTParser.parse(extractApiKey);
                        jWTClaimsSet = parse.getJWTClaimsSet();
                    } catch (IllegalArgumentException | ParseException | JSONException e3) {
                        if (log.isDebugEnabled()) {
                            log.debug("Invalid ApiKey. ApiKey: " + GatewayUtils.getMaskedToken(split[0]));
                        }
                        log.error("Invalid Api Key. Failed to decode the Api Key body.");
                        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE, e3);
                    }
                }
                if (isJwtTokenExpired(jWTClaimsSet)) {
                    if (apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue()) {
                        apiKeyAuthenticator.getGatewayApiKeyCache().remove(jwtid);
                        apiKeyAuthenticator.getInvalidGatewayApiKeyCache().put(jwtid, tenantDomain);
                    }
                    log.error("Api Key is expired");
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
                }
                apiKeyAuthenticator.validateAPIKeyRestrictions(jWTClaimsSet, messageContext);
                if (apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue()) {
                    JWTTokenPayloadInfo jWTTokenPayloadInfo2 = new JWTTokenPayloadInfo();
                    jWTTokenPayloadInfo2.setPayload(jWTClaimsSet);
                    jWTTokenPayloadInfo2.setRawPayload(split[1]);
                    apiKeyAuthenticator.getGatewayApiKeyDataCache().put(accessTokenCacheKey, jWTTokenPayloadInfo2);
                }
            } else {
                jWTClaimsSet = jWTTokenPayloadInfo.getPayload();
                if (isJwtTokenExpired(jWTClaimsSet)) {
                    apiKeyAuthenticator.getGatewayApiKeyCache().remove(jwtid);
                    apiKeyAuthenticator.getInvalidGatewayApiKeyCache().put(jwtid, tenantDomain);
                    log.error("Api Key is expired");
                    throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
                }
                apiKeyAuthenticator.validateAPIKeyRestrictions(jWTClaimsSet, messageContext);
            }
            JSONObject validateAPISubscription = GatewayUtils.validateAPISubscription(str, str2, jWTClaimsSet, split, false);
            if (log.isDebugEnabled()) {
                log.debug("Api Key authentication successful.");
            }
            String str5 = null;
            String str6 = null;
            if (apiKeyAuthenticator.jwtGenerationEnabled.booleanValue()) {
                str5 = apiKeyAuthenticator.generateAndRetrieveBackendJWTToken(jwtid, GatewayUtils.generateJWTInfoDto(validateAPISubscription, apiKeyAuthenticator.getJwtValidationInfo(new SignedJWTInfo(extractApiKey, parse, jWTClaimsSet)), (APIKeyValidationInfoDTO) null, messageContext));
                str6 = apiKeyAuthenticator.getContextHeader();
            }
            APISecurityUtils.setAuthenticationContext(messageContext, GatewayUtils.generateAuthenticationContext(jwtid, jWTClaimsSet, validateAPISubscription, apiKeyAuthenticator.getApiLevelPolicy(), str5, messageContext), str6);
            if (log.isDebugEnabled()) {
                log.debug("User is authorized to access the resource using Api Key.");
            }
            return new AuthenticationResponse(true, apiKeyAuthenticator.isMandatory, false, 0, null);
        } catch (ParseException e4) {
            log.error("Error while parsing API Key", e4);
            return new AuthenticationResponse(false, apiKeyAuthenticator.isMandatory, true, 900900, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
        } catch (APISecurityException e5) {
            return new AuthenticationResponse(false, apiKeyAuthenticator.isMandatory, true, e5.getErrorCode(), e5.getMessage());
        }
    }

    static final void validateAPIKeyRestrictions_aroundBody6(ApiKeyAuthenticator apiKeyAuthenticator, JWTClaimsSet jWTClaimsSet, MessageContext messageContext, JoinPoint joinPoint) {
        TreeMap treeMap;
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String str = jWTClaimsSet.getClaim("permittedIP") != null ? (String) jWTClaimsSet.getClaim("permittedIP") : null;
        if (StringUtils.isNotEmpty(str)) {
            String ip = GatewayUtils.getIp(axis2MessageContext);
            if (StringUtils.isNotEmpty(ip)) {
                for (String str2 : str.split(APIMgtGatewayConstants.CUSTOM_ANALYTICS_PROPERTY_SEPARATOR)) {
                    if (APIUtil.isIpInNetwork(ip, str2.trim())) {
                        return;
                    }
                }
                if (log.isDebugEnabled()) {
                    String str3 = (String) messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT);
                    String str4 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
                    if (StringUtils.isNotEmpty(ip)) {
                        log.debug("Invocations to API: " + str3 + ":" + str4 + " is not permitted for client with IP: " + ip);
                    }
                }
                throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, "Access forbidden for the invocations");
            }
        }
        String str5 = jWTClaimsSet.getClaim("permittedReferer") != null ? (String) jWTClaimsSet.getClaim("permittedReferer") : null;
        if (!StringUtils.isNotEmpty(str5) || (treeMap = (TreeMap) axis2MessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS)) == null) {
            return;
        }
        String str6 = (String) treeMap.get("Referer");
        if (!StringUtils.isNotEmpty(str6)) {
            throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, "Access forbidden for the invocations");
        }
        for (String str7 : str5.split(APIMgtGatewayConstants.CUSTOM_ANALYTICS_PROPERTY_SEPARATOR)) {
            if (str6.matches(str7.trim().replace("*", "[^ ]*"))) {
                return;
            }
        }
        if (log.isDebugEnabled()) {
            String str8 = (String) messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT);
            String str9 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
            if (StringUtils.isNotEmpty(str6)) {
                log.debug("Invocations to API: " + str8 + ":" + str9 + " is not permitted for referer: " + str6);
            }
        }
        throw new APISecurityException(APISecurityConstants.API_AUTH_FORBIDDEN, "Access forbidden for the invocations");
    }

    static final String generateAndRetrieveBackendJWTToken_aroundBody8(ApiKeyAuthenticator apiKeyAuthenticator, String str, JWTInfoDto jWTInfoDto, JoinPoint joinPoint) {
        String str2 = null;
        boolean z = false;
        String concat = jWTInfoDto.getApiContext().concat(":").concat(jWTInfoDto.getVersion()).concat(":").concat(str);
        if (apiKeyAuthenticator.isGatewayTokenCacheEnabled.booleanValue()) {
            Object obj = apiKeyAuthenticator.getGatewayApiKeyCache().get(concat);
            if (obj != null) {
                str2 = (String) obj;
                z = new org.json.JSONObject(new String(Base64.getUrlDecoder().decode(((String) obj).split("\\.")[1]))).getLong("exp") - System.currentTimeMillis() > OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
            }
            if (StringUtils.isEmpty(str2) || !z) {
                try {
                    str2 = apiKeyAuthenticator.apiMgtGatewayJWTGenerator.generateToken(jWTInfoDto);
                    apiKeyAuthenticator.getGatewayApiKeyCache().put(concat, str2);
                } catch (JWTGeneratorException e) {
                    log.error("Error while Generating Backend JWT", e);
                    throw new APISecurityException(900900, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
                }
            }
        } else {
            try {
                str2 = apiKeyAuthenticator.apiMgtGatewayJWTGenerator.generateToken(jWTInfoDto);
            } catch (JWTGeneratorException e2) {
                log.error("Error while Generating Backend JWT", e2);
                throw new APISecurityException(900900, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e2);
            }
        }
        return str2;
    }

    static final String extractApiKey_aroundBody10(ApiKeyAuthenticator apiKeyAuthenticator, MessageContext messageContext, JoinPoint joinPoint) {
        String str;
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        Map map = (Map) axis2MessageContext.getProperty(APIMgtGatewayConstants.TRANSPORT_HEADERS);
        if (map != null && (str = (String) map.get(apiKeyAuthenticator.securityParam)) != null) {
            map.remove(apiKeyAuthenticator.securityParam);
            return str.trim();
        }
        try {
            String stringValueOf = new SynapseXPath("$url:apikey").stringValueOf(messageContext);
            if (StringUtils.isNotBlank(stringValueOf)) {
                axis2MessageContext.setProperty(APIMgtGatewayConstants.REST_URL_POSTFIX, apiKeyAuthenticator.removeApiKeyFromQueryParameters((String) axis2MessageContext.getProperty(APIMgtGatewayConstants.REST_URL_POSTFIX), URLEncoder.encode(stringValueOf)));
                return stringValueOf.trim();
            }
            if (log.isDebugEnabled()) {
                log.debug("Api Key Authentication failed: Header or Query parameter with the name '".concat(apiKeyAuthenticator.securityParam).concat("' was not found."));
            }
            throw new APISecurityException(APISecurityConstants.API_AUTH_MISSING_CREDENTIALS, APISecurityConstants.API_AUTH_MISSING_CREDENTIALS_MESSAGE);
        } catch (JaxenException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while retrieving apikey from the request query params.", e);
            }
            throw new APISecurityException(APISecurityConstants.API_AUTH_MISSING_CREDENTIALS, APISecurityConstants.API_AUTH_MISSING_CREDENTIALS_MESSAGE);
        }
    }

    static final String removeApiKeyFromQueryParameters_aroundBody12(ApiKeyAuthenticator apiKeyAuthenticator, String str, String str2, JoinPoint joinPoint) {
        String replace = str.replace("?apikey=" + str2, "?").replace("&apikey=" + str2, APIMgtGatewayConstants.EMPTY).replace("?&", "?");
        if (replace.lastIndexOf("?") == replace.length() - 1) {
            replace = replace.replace("?", APIMgtGatewayConstants.EMPTY);
        }
        return replace;
    }

    static final boolean isJwtTokenExpired_aroundBody14(JWTClaimsSet jWTClaimsSet, JoinPoint joinPoint) {
        int timeStampSkewInSeconds = (int) OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds();
        DefaultJWTClaimsVerifier defaultJWTClaimsVerifier = new DefaultJWTClaimsVerifier();
        defaultJWTClaimsVerifier.setMaxClockSkew(timeStampSkewInSeconds);
        try {
            defaultJWTClaimsVerifier.verify(jWTClaimsSet);
            if (log.isDebugEnabled()) {
                log.debug("Token is not expired. User: " + jWTClaimsSet.getSubject());
            }
        } catch (BadJWTException e) {
            if ("Expired JWT".equals(e.getMessage())) {
                return true;
            }
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Token is not expired. User: " + jWTClaimsSet.getSubject());
        return false;
    }

    static final JWTValidationInfo getJwtValidationInfo_aroundBody16(ApiKeyAuthenticator apiKeyAuthenticator, SignedJWTInfo signedJWTInfo, JoinPoint joinPoint) {
        JWTValidationInfo jWTValidationInfo = new JWTValidationInfo();
        jWTValidationInfo.setClaims(signedJWTInfo.getJwtClaimsSet().getClaims());
        jWTValidationInfo.setUser(signedJWTInfo.getJwtClaimsSet().getSubject());
        return jWTValidationInfo;
    }

    static final byte[] decode_aroundBody18(ApiKeyAuthenticator apiKeyAuthenticator, String str, JoinPoint joinPoint) {
        return Base64.getUrlDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
    }

    static final String getContextHeader_aroundBody20(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getJwtConfigurationDto().getJwtHeader();
    }

    static final void setContextHeader_aroundBody22(ApiKeyAuthenticator apiKeyAuthenticator, String str, JoinPoint joinPoint) {
        apiKeyAuthenticator.contextHeader = str;
    }

    static final Cache getGatewayApiKeyCache_aroundBody24(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return CacheProvider.getGatewayApiKeyCache();
    }

    static final Cache getInvalidGatewayApiKeyCache_aroundBody26(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return CacheProvider.getInvalidGatewayApiKeyCache();
    }

    static final Cache getGatewayApiKeyDataCache_aroundBody28(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return CacheProvider.getGatewayApiKeyDataCache();
    }

    static final String getApiLevelPolicy_aroundBody30(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return apiKeyAuthenticator.apiLevelPolicy;
    }

    static final String getChallengeString_aroundBody32(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return null;
    }

    static final String getRequestOrigin_aroundBody34(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return null;
    }

    static final int getPriority_aroundBody36(ApiKeyAuthenticator apiKeyAuthenticator, JoinPoint joinPoint) {
        return 30;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("ApiKeyAuthenticator.java", ApiKeyAuthenticator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "init", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "org.apache.synapse.core.SynapseEnvironment", "env", APIMgtGatewayConstants.EMPTY, "void"), 99);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "destroy", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "void"), 104);
        ajc$tjp_10 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getContextHeader", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "java.lang.String"), 608);
        ajc$tjp_11 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "setContextHeader", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "java.lang.String", "contextHeader", APIMgtGatewayConstants.EMPTY, "void"), 614);
        ajc$tjp_12 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getGatewayApiKeyCache", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 619);
        ajc$tjp_13 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getInvalidGatewayApiKeyCache", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 623);
        ajc$tjp_14 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getGatewayApiKeyDataCache", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "javax.cache.Cache"), 628);
        ajc$tjp_15 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getApiLevelPolicy", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "java.lang.String"), 632);
        ajc$tjp_16 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getChallengeString", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "java.lang.String"), 637);
        ajc$tjp_17 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getRequestOrigin", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "java.lang.String"), 642);
        ajc$tjp_18 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getPriority", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, APIMgtGatewayConstants.EMPTY, "int"), 647);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "org.apache.synapse.MessageContext", "synCtx", APIMgtGatewayConstants.EMPTY, "org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationResponse"), 109);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "validateAPIKeyRestrictions", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "com.nimbusds.jwt.JWTClaimsSet:org.apache.synapse.MessageContext", "payload:synCtx", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "void"), Constants.RESOURCE_NOT_FOUND_ERROR_CODE);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "generateAndRetrieveBackendJWTToken", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "java.lang.String:org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto", "tokenSignature:jwtInfoDto", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "java.lang.String"), 479);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "extractApiKey", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "org.apache.synapse.MessageContext", "mCtx", "org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException", "java.lang.String"), 518);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "removeApiKeyFromQueryParameters", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "java.lang.String:java.lang.String", "queryParam:apiKey", APIMgtGatewayConstants.EMPTY, "java.lang.String"), 558);
        ajc$tjp_7 = factory.makeSJP("method-execution", factory.makeMethodSig("a", "isJwtTokenExpired", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "com.nimbusds.jwt.JWTClaimsSet", "payload", APIMgtGatewayConstants.EMPTY, "boolean"), 575);
        ajc$tjp_8 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getJwtValidationInfo", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo", "signedJWTInfo", APIMgtGatewayConstants.EMPTY, "org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo"), 597);
        ajc$tjp_9 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "decode", "org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator", "java.lang.String", "payload", "java.lang.IllegalArgumentException", "[B"), 604);
    }
}
