package org.wso2.carbon.apimgt.keymgt.service;

import java.util.ArrayList;
import java.util.List;
import javax.cache.Cache;
import javax.cache.Caching;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.URITemplate;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.keymgt.APIKeyMgtException;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtDataHolder;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtUtil;
import org.wso2.carbon.core.AbstractAdmin;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/service/APIKeyValidationService.class */
public class APIKeyValidationService extends AbstractAdmin {
    private static final Log log = LogFactory.getLog(APIKeyValidationService.class);

    public APIKeyValidationInfoDTO validateKey(String str, String str2, String str3, String str4, String str5) throws APIKeyMgtException, APIManagementException {
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO;
        Cache cache = Caching.getCacheManager("API_MANAGER_CACHE").getCache("keyCache");
        String str6 = str3 + ":" + str + ":" + str2 + ":" + str4;
        ApiMgtDAO apiMgtDAO = new ApiMgtDAO();
        if (APIKeyMgtDataHolder.getKeyCacheEnabledKeyMgt().booleanValue() && (aPIKeyValidationInfoDTO = (APIKeyValidationInfoDTO) cache.get(str6)) != null) {
            if (log.isDebugEnabled()) {
                log.debug("Found cached access token for : " + str6 + " .Checking for expiration time.");
            }
            if (aPIKeyValidationInfoDTO.isAuthorized()) {
                checkClientDomainAuthorized(aPIKeyValidationInfoDTO, str5);
            }
            if (!APIKeyMgtUtil.hasAccessTokenExpired(aPIKeyValidationInfoDTO)) {
                if (!APIKeyMgtDataHolder.getJWTCacheEnabledKeyMgt().booleanValue() && aPIKeyValidationInfoDTO.isAuthorized()) {
                    aPIKeyValidationInfoDTO.setEndUserToken(aPIKeyValidationInfoDTO.getUserType().equalsIgnoreCase("APPLICATION") ? apiMgtDAO.createJWTTokenString(str, str2, aPIKeyValidationInfoDTO.getSubscriber(), apiMgtDAO.getApplicationNameFromId(Integer.parseInt(aPIKeyValidationInfoDTO.getApplicationId())), aPIKeyValidationInfoDTO.getTier(), "null") : apiMgtDAO.createJWTTokenString(str, str2, aPIKeyValidationInfoDTO.getSubscriber(), apiMgtDAO.getApplicationNameFromId(Integer.parseInt(aPIKeyValidationInfoDTO.getApplicationId())), aPIKeyValidationInfoDTO.getTier(), aPIKeyValidationInfoDTO.getEndUserName()));
                }
                return aPIKeyValidationInfoDTO;
            }
            log.info("Token " + str6 + " expired.");
        }
        APIKeyValidationInfoDTO validateKey = apiMgtDAO.validateKey(str, str2, str3, str4);
        if (validateKey.isAuthorized()) {
            checkClientDomainAuthorized(validateKey, str5);
        }
        if (validateKey != null) {
            cache.put(str6, validateKey);
        }
        return validateKey;
    }

    public ArrayList<URITemplate> getAllURITemplates(String str, String str2) throws APIKeyMgtException, APIManagementException {
        return ApiMgtDAO.getAllURITemplates(str, str2);
    }

    private void checkClientDomainAuthorized(APIKeyValidationInfoDTO aPIKeyValidationInfoDTO, String str) throws APIManagementException {
        if (str != null) {
            str = str.trim();
        }
        List authorizedDomains = aPIKeyValidationInfoDTO.getAuthorizedDomains();
        if (authorizedDomains.contains("ALL") || authorizedDomains.contains(str)) {
            return;
        }
        log.error("Unauthorized client domain :" + str + ". Only \"" + authorizedDomains + "\" domains are authorized to access the API.");
        throw new APIManagementException("Unauthorized client domain :" + str + ". Only \"" + authorizedDomains + "\" domains are authorized to access the API.");
    }
}
