package io.gravitee.management.rest.resource;

import io.gravitee.common.component.Lifecycle;
import io.gravitee.definition.model.Properties;
import io.gravitee.definition.model.Proxy;
import io.gravitee.definition.model.services.Services;
import io.gravitee.management.model.ApiQualityMetricsEntity;
import io.gravitee.management.model.EventType;
import io.gravitee.management.model.InlinePictureEntity;
import io.gravitee.management.model.MessageEntity;
import io.gravitee.management.model.Visibility;
import io.gravitee.management.model.api.ApiEntity;
import io.gravitee.management.model.api.UpdateApiEntity;
import io.gravitee.management.model.api.header.ApiHeaderEntity;
import io.gravitee.management.model.notification.NotifierEntity;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.rest.resource.param.LifecycleActionParam;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.MessageService;
import io.gravitee.management.service.NotifierService;
import io.gravitee.management.service.QualityMetricsService;
import io.gravitee.management.service.exceptions.ApiNotFoundException;
import io.gravitee.management.service.exceptions.ForbiddenAccessException;
import io.gravitee.repository.management.model.NotificationReferenceType;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.io.ByteArrayOutputStream;
import java.text.ParseException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.glassfish.jersey.message.internal.HttpHeaderReader;
import org.glassfish.jersey.message.internal.MatchingEntityTag;
import org.springframework.beans.factory.annotation.Autowired;

@Api(tags = {"API"})
/* loaded from: input_file:io/gravitee/management/rest/resource/ApiResource.class */
public class ApiResource extends AbstractResource {

    @Context
    private UriInfo uriInfo;

    @Context
    private ResourceContext resourceContext;

    @Autowired
    private NotifierService notifierService;

    @Autowired
    private QualityMetricsService qualityMetricsService;

    @Autowired
    private MessageService messageService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.gravitee.management.rest.resource.ApiResource$1, reason: invalid class name */
    /* loaded from: input_file:io/gravitee/management/rest/resource/ApiResource$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$gravitee$common$component$Lifecycle$State = new int[Lifecycle.State.values().length];

        static {
            try {
                $SwitchMap$io$gravitee$common$component$Lifecycle$State[Lifecycle.State.STARTED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$gravitee$common$component$Lifecycle$State[Lifecycle.State.STOPPED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$io$gravitee$management$rest$resource$param$LifecycleActionParam$LifecycleAction = new int[LifecycleActionParam.LifecycleAction.values().length];
            try {
                $SwitchMap$io$gravitee$management$rest$resource$param$LifecycleActionParam$LifecycleAction[LifecycleActionParam.LifecycleAction.START.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$gravitee$management$rest$resource$param$LifecycleActionParam$LifecycleAction[LifecycleActionParam.LifecycleAction.STOP.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "API definition", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @ApiOperation(value = "Get the API definition", notes = "User must have the READ permission to use this service")
    @Produces({"application/json"})
    public Response get(@PathParam("api") String str) {
        ApiEntity findById = this.apiService.findById(str);
        if (!Visibility.PUBLIC.equals(findById.getVisibility()) && !hasPermission(RolePermission.API_DEFINITION, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        setPicture(findById);
        findById.setContextPath(findById.getProxy().getContextPath());
        filterSensitiveData(findById);
        return Response.ok(findById).tag(Long.toString(findById.getUpdatedAt().getTime())).lastModified(findById.getUpdatedAt()).build();
    }

    private void setPicture(ApiEntity apiEntity) {
        UriBuilder path = this.uriInfo.getAbsolutePathBuilder().path("picture");
        if (apiEntity.getPicture() != null) {
            path.queryParam("hash", new Object[]{Integer.valueOf(apiEntity.getPicture().hashCode())});
        }
        apiEntity.setPictureUrl(path.build(new Object[0]).toString());
        apiEntity.setPicture((String) null);
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "API's picture"), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("picture")
    @ApiOperation(value = "Get the API's picture", notes = "User must have the READ permission to use this service")
    public Response picture(@Context Request request, @PathParam("api") String str) throws ApiNotFoundException {
        if (!Visibility.PUBLIC.equals(this.apiService.findById(str).getVisibility()) && !hasPermission(RolePermission.API_DEFINITION, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoTransform(true);
        cacheControl.setMustRevalidate(false);
        cacheControl.setNoCache(false);
        cacheControl.setMaxAge(86400);
        InlinePictureEntity picture = this.apiService.getPicture(str);
        EntityTag entityTag = new EntityTag(Integer.toString(new String(picture.getContent()).hashCode()));
        Response.ResponseBuilder evaluatePreconditions = request.evaluatePreconditions(entityTag);
        if (evaluatePreconditions != null) {
            return evaluatePreconditions.cacheControl(cacheControl).build();
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(picture.getContent(), 0, picture.getContent().length);
        return Response.ok(byteArrayOutputStream).cacheControl(cacheControl).tag(entityTag).type(picture.getType()).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "API's picture"), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Manage the API's lifecycle", notes = "User must have the MANAGE_LIFECYCLE permission to use this service")
    @POST
    public Response doLifecycleAction(@Context HttpHeaders httpHeaders, @QueryParam("action") @ApiParam(required = true, allowableValues = "START, STOP") LifecycleActionParam lifecycleActionParam, @PathParam("api") String str) {
        ApiEntity apiEntity;
        Response response = get(str);
        Response.ResponseBuilder evaluateIfMatch = evaluateIfMatch(httpHeaders, response.getEntityTag().getValue());
        if (evaluateIfMatch != null) {
            return evaluateIfMatch.build();
        }
        ApiEntity apiEntity2 = (ApiEntity) response.getEntity();
        switch (lifecycleActionParam.getAction()) {
            case START:
                checkAPILifeCycle(apiEntity2, lifecycleActionParam.getAction());
                apiEntity = this.apiService.start(apiEntity2.getId(), getAuthenticatedUser());
                break;
            case STOP:
                checkAPILifeCycle(apiEntity2, lifecycleActionParam.getAction());
                apiEntity = this.apiService.stop(apiEntity2.getId(), getAuthenticatedUser());
                break;
            default:
                apiEntity = null;
                break;
        }
        return Response.noContent().tag(Long.toString(apiEntity.getUpdatedAt().getTime())).lastModified(apiEntity.getUpdatedAt()).build();
    }

    @ApiResponses({@ApiResponse(code = 200, message = "API successfully updated", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE}), @Permission(value = RolePermission.API_GATEWAY_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Update the API", notes = "User must have the MANAGE_APPLICATION permission to use this service")
    @Produces({"application/json"})
    @PUT
    public Response update(@Context HttpHeaders httpHeaders, @NotNull @Valid @ApiParam(name = "api", required = true) UpdateApiEntity updateApiEntity, @PathParam("api") String str) {
        Response response = get(str);
        Response.ResponseBuilder evaluateIfMatch = evaluateIfMatch(httpHeaders, response.getEntityTag().getValue());
        if (evaluateIfMatch != null) {
            return evaluateIfMatch.build();
        }
        checkImageSize(updateApiEntity.getPicture());
        ApiEntity apiEntity = (ApiEntity) response.getEntity();
        if (!hasPermission(RolePermission.API_GATEWAY_DEFINITION, str, RolePermissionAction.UPDATE) && !Objects.equals(apiEntity.getPrimaryOwner().getId(), getAuthenticatedUser()) && !isAdmin()) {
            updateApiEntity.getProxy().setContextPath(apiEntity.getProxy().getContextPath());
        }
        ApiEntity update = this.apiService.update(str, updateApiEntity);
        setPicture(update);
        return Response.ok(update).tag(Long.toString(update.getUpdatedAt().getTime())).lastModified(update.getUpdatedAt()).build();
    }

    private Response.ResponseBuilder evaluateIfMatch(HttpHeaders httpHeaders, String str) {
        String headerString = httpHeaders.getHeaderString("If-Match");
        if (headerString == null || headerString.isEmpty()) {
            return null;
        }
        try {
            Set readMatchingEntityTag = HttpHeaderReader.readMatchingEntityTag(headerString.replaceAll("-gzip", ""));
            EntityTag entityTag = new EntityTag(str, ((MatchingEntityTag) readMatchingEntityTag.iterator().next()).isWeak());
            if (readMatchingEntityTag == MatchingEntityTag.ANY_MATCH || readMatchingEntityTag.contains(entityTag)) {
                return null;
            }
            return Response.status(Response.Status.PRECONDITION_FAILED);
        } catch (ParseException e) {
            return null;
        }
    }

    @ApiResponses({@ApiResponse(code = 204, message = "API successfully deleted"), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.DELETE})})
    @DELETE
    @ApiOperation(value = "Delete the API", notes = "User must have the DELETE permission to use this service")
    public Response delete(@PathParam("api") String str) {
        this.apiService.delete(str);
        return Response.noContent().build();
    }

    @ApiResponses({@ApiResponse(code = 200, message = "API successfully deployed", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("deploy")
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Deploy API to gateway instances", notes = "User must have the MANAGE_LIFECYCLE permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response deployAPI(@PathParam("api") String str) {
        try {
            ApiEntity deploy = this.apiService.deploy(str, getAuthenticatedUser(), EventType.PUBLISH_API);
            return Response.ok(deploy).tag(Long.toString(deploy.getUpdatedAt().getTime())).lastModified(deploy.getUpdatedAt()).build();
        } catch (Exception e) {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("JsonProcessingException " + e).build();
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "API's state", response = io.gravitee.management.rest.model.ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("state")
    @ApiOperation(value = "Get the state of the API", notes = "User must have the MANAGE_LIFECYCLE permission to use this service")
    @Produces({"application/json"})
    public io.gravitee.management.rest.model.ApiEntity isAPISynchronized(@PathParam("api") String str) {
        if (!Visibility.PUBLIC.equals(this.apiService.findById(str).getVisibility()) && !hasPermission(RolePermission.API_DEFINITION, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        io.gravitee.management.rest.model.ApiEntity apiEntity = new io.gravitee.management.rest.model.ApiEntity();
        apiEntity.setApiId(str);
        setSynchronizationState(apiEntity);
        return apiEntity;
    }

    @Path("rollback")
    @POST
    @ApiResponses({@ApiResponse(code = 200, message = "API successfully rollbacked", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Rollback API to a previous version", notes = "User must have the MANAGE_LIFECYCLE permission to use this service")
    @Produces({"application/json"})
    public Response rollback(@PathParam("api") String str, @NotNull @Valid @ApiParam(name = "api", required = true) UpdateApiEntity updateApiEntity) {
        try {
            ApiEntity rollback = this.apiService.rollback(str, updateApiEntity);
            return Response.ok(rollback).tag(Long.toString(rollback.getUpdatedAt().getTime())).lastModified(rollback.getUpdatedAt()).build();
        } catch (Exception e) {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e).build();
        }
    }

    @ApiResponses({@ApiResponse(code = 200, message = "API successfully updated from API definition", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("import")
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Update the API with an existing API definition", notes = "User must have the MANAGE_APPLICATION permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response updateWithDefinition(@PathParam("api") String str, @ApiParam(name = "definition", required = true) String str2) {
        ApiEntity createOrUpdateWithDefinition = this.apiService.createOrUpdateWithDefinition((ApiEntity) get(str).getEntity(), str2, getAuthenticatedUser());
        return Response.ok(createOrUpdateWithDefinition).tag(Long.toString(createOrUpdateWithDefinition.getUpdatedAt().getTime())).lastModified(createOrUpdateWithDefinition.getUpdatedAt()).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "API definition", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("export")
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.READ})})
    @ApiOperation(value = "Export the API definition in JSON format", notes = "User must have the MANAGE_APPLICATION permission to use this service")
    @Produces({"application/json"})
    public Response exportDefinition(@PathParam("api") String str, @QueryParam("version") @DefaultValue("default") String str2, @QueryParam("exclude") @DefaultValue("") String str3) {
        ApiEntity apiEntity = (ApiEntity) get(str).getEntity();
        filterSensitiveData(apiEntity);
        return Response.ok(this.apiService.exportAsJson(str, str2, str3.split(","))).header("Content-Disposition", String.format("attachment;filename=%s", getExportFilename(apiEntity))).build();
    }

    @GET
    @Path("notifiers")
    @Permissions({@Permission(value = RolePermission.API_NOTIFICATION, acls = {RolePermissionAction.READ})})
    @Produces({"application/json"})
    public List<NotifierEntity> getNotifiers(@PathParam("api") String str) {
        return this.notifierService.list(NotificationReferenceType.API, str);
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Path mappings successfully imported", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("import-path-mappings")
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Import path mappings from a page", notes = "User must have the MANAGE_APPLICATION permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response importPathMappingsFromPage(@PathParam("api") String str, @NotNull @QueryParam("page") String str2) {
        ApiEntity importPathMappingsFromPage = this.apiService.importPathMappingsFromPage((ApiEntity) get(str).getEntity(), str2);
        return Response.ok(importPathMappingsFromPage).tag(Long.toString(importPathMappingsFromPage.getUpdatedAt().getTime())).lastModified(importPathMappingsFromPage.getUpdatedAt()).build();
    }

    @GET
    @Path("quality")
    @Permissions({@Permission(value = RolePermission.API_DEFINITION, acls = {RolePermissionAction.READ})})
    @ApiOperation("Get the quality metrics of the API")
    @Produces({"application/json"})
    public ApiQualityMetricsEntity getQualityMetrics(@PathParam("api") String str) {
        return this.qualityMetricsService.getMetrics((ApiEntity) get(str).getEntity());
    }

    @Path("/messages")
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_MESSAGE, acls = {RolePermissionAction.CREATE})})
    @POST
    @Produces({"application/json"})
    public Response create(@PathParam("api") String str, MessageEntity messageEntity) {
        return Response.ok(Integer.valueOf(this.messageService.create(str, messageEntity))).build();
    }

    @GET
    @Path("headers")
    @ApiOperation("Get the portal API headers values")
    @Produces({"application/json"})
    public List<ApiHeaderEntity> getHeaders(@PathParam("api") String str) {
        return this.apiService.getPortalHeaders(str);
    }

    @Path("keys")
    public ApiKeysResource getApiKeyResource() {
        return (ApiKeysResource) this.resourceContext.getResource(ApiKeysResource.class);
    }

    @Path("members")
    public ApiMembersResource getApiMembersResource() {
        return (ApiMembersResource) this.resourceContext.getResource(ApiMembersResource.class);
    }

    @Path("analytics")
    public ApiAnalyticsResource getApiAnalyticsResource() {
        return (ApiAnalyticsResource) this.resourceContext.getResource(ApiAnalyticsResource.class);
    }

    @Path("logs")
    public ApiLogsResource getApiLogsResource() {
        return (ApiLogsResource) this.resourceContext.getResource(ApiLogsResource.class);
    }

    @Path("health")
    public ApiHealthResource getApiHealthResource() {
        return (ApiHealthResource) this.resourceContext.getResource(ApiHealthResource.class);
    }

    @Path("pages")
    public ApiPagesResource getApiPagesResource() {
        return (ApiPagesResource) this.resourceContext.getResource(ApiPagesResource.class);
    }

    @Path("events")
    public ApiEventsResource getApiEventsResource() {
        return (ApiEventsResource) this.resourceContext.getResource(ApiEventsResource.class);
    }

    @Path("plans")
    public ApiPlansResource getApiPlansResource() {
        return (ApiPlansResource) this.resourceContext.getResource(ApiPlansResource.class);
    }

    @Path("subscriptions")
    public ApiSubscriptionsResource getApiSubscriptionsResource() {
        return (ApiSubscriptionsResource) this.resourceContext.getResource(ApiSubscriptionsResource.class);
    }

    @Path("subscribers")
    public ApiSubscribersResource geApiSubscribersResource() {
        return (ApiSubscribersResource) this.resourceContext.getResource(ApiSubscribersResource.class);
    }

    @Path("metadata")
    public ApiMetadataResource getApiMetadataResource() {
        return (ApiMetadataResource) this.resourceContext.getResource(ApiMetadataResource.class);
    }

    @Path("ratings")
    public ApiRatingResource getRatingResource() {
        return (ApiRatingResource) this.resourceContext.getResource(ApiRatingResource.class);
    }

    @Path("audit")
    public ApiAuditResource getApiAuditResource() {
        return (ApiAuditResource) this.resourceContext.getResource(ApiAuditResource.class);
    }

    @Path("notificationsettings")
    public ApiNotificationSettingsResource getNotificationSettingsResource() {
        return (ApiNotificationSettingsResource) this.resourceContext.getResource(ApiNotificationSettingsResource.class);
    }

    @Path("alerts")
    public ApiAlertsResource getApiAlertsResource() {
        return (ApiAlertsResource) this.resourceContext.getResource(ApiAlertsResource.class);
    }

    private void setSynchronizationState(io.gravitee.management.rest.model.ApiEntity apiEntity) {
        if (this.apiService.isSynchronized(apiEntity.getApiId())) {
            apiEntity.setIsSynchronized(true);
        } else {
            apiEntity.setIsSynchronized(false);
        }
    }

    private void checkAPILifeCycle(ApiEntity apiEntity, LifecycleActionParam.LifecycleAction lifecycleAction) {
        switch (AnonymousClass1.$SwitchMap$io$gravitee$common$component$Lifecycle$State[apiEntity.getState().ordinal()]) {
            case 1:
                if (LifecycleActionParam.LifecycleAction.START.equals(lifecycleAction)) {
                    throw new BadRequestException("API is already started");
                }
                return;
            case 2:
                if (LifecycleActionParam.LifecycleAction.STOP.equals(lifecycleAction)) {
                    throw new BadRequestException("API is already stopped");
                }
                return;
            default:
                return;
        }
    }

    private String getExportFilename(ApiEntity apiEntity) {
        return String.format("%s-%s.json", apiEntity.getName(), apiEntity.getVersion()).trim().toLowerCase().replaceAll(" +", " ").replaceAll(" ", "-").replaceAll("[^\\w\\s\\.]", "-").replaceAll("-+", "-");
    }

    private void filterSensitiveData(ApiEntity apiEntity) {
        if ((isAuthenticated() || !Visibility.PUBLIC.equals(apiEntity.getVisibility())) && (isAdmin() || hasPermission(RolePermission.API_GATEWAY_DEFINITION, apiEntity.getId(), RolePermissionAction.READ))) {
            return;
        }
        apiEntity.setProxy((Proxy) null);
        apiEntity.setPaths((Map) null);
        apiEntity.setProperties((Properties) null);
        apiEntity.setServices((Services) null);
        apiEntity.setResources((List) null);
        apiEntity.setPathMappings((Set) null);
    }
}
