package org.joget.api.service;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.lang.reflect.Parameter;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.transform.OutputKeys;
import net.sf.ehcache.Cache;
import net.sf.ehcache.Element;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.cfg.Ejb3DiscriminatorColumn;
import org.hibernate.dialect.function.AnsiTrimEmulationFunction;
import org.hibernate.hql.internal.classic.ParserHelper;
import org.hibernate.id.PersistentIdentifierGenerator;
import org.hibernate.id.SequenceGenerator;
import org.hibernate.persister.collection.CollectionPropertyNames;
import org.hibernate.type.EnumType;
import org.hibernate.type.descriptor.java.JdbcTimestampTypeDescriptor;
import org.joget.api.annotations.Operation;
import org.joget.api.annotations.Param;
import org.joget.api.annotations.Response;
import org.joget.api.annotations.Responses;
import org.joget.api.dao.ApiCredentialDao;
import org.joget.api.dao.ApiLogDao;
import org.joget.api.lib.Activator;
import org.joget.api.model.ApiAuthenticatorAbstract;
import org.joget.api.model.ApiCredential;
import org.joget.api.model.ApiDefinition;
import org.joget.api.model.ApiLog;
import org.joget.api.model.ApiPlugin;
import org.joget.api.model.ApiResponse;
import org.joget.api.model.JSONOrderedObject;
import org.joget.apps.app.dao.BuilderDefinitionDao;
import org.joget.apps.app.model.AppDefinition;
import org.joget.apps.app.model.BuilderDefinition;
import org.joget.apps.app.model.CustomBuilderAbstract;
import org.joget.apps.app.service.AppPluginUtil;
import org.joget.apps.app.service.AppService;
import org.joget.apps.app.service.AppUtil;
import org.joget.apps.app.service.CustomBuilderUtil;
import org.joget.apps.userview.model.Permission;
import org.joget.commons.util.DynamicDataSourceManager;
import org.joget.commons.util.FileStore;
import org.joget.commons.util.HostManager;
import org.joget.commons.util.LogUtil;
import org.joget.commons.util.ResourceBundleUtil;
import org.joget.commons.util.SecurityUtil;
import org.joget.commons.util.StringUtil;
import org.joget.plugin.base.PluginManager;
import org.joget.plugin.base.PluginWebSupport;
import org.joget.plugin.property.service.PropertyUtil;
import org.joget.workflow.model.WorkflowAssignment;
import org.joget.workflow.model.dao.WorkflowHelper;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.joget.workflow.util.WorkflowUtil;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.MultiValueMap;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;

/* loaded from: input_file:org/joget/api/service/ApiBuilder.class */
public class ApiBuilder extends CustomBuilderAbstract implements PluginWebSupport {
    public String getName() {
        return "apiBuilder";
    }

    public String getObjectName() {
        return "api";
    }

    public String getVersion() {
        return "7.0.4";
    }

    public String getIcon() {
        return "fas fa-key";
    }

    public String getColor() {
        return "#85ea2d";
    }

    public String getClassName() {
        return getClass().getName();
    }

    public String getDescription() {
        return AppPluginUtil.getMessage(getName() + ".desc", getClassName(), Activator.MESSAGE_PATH);
    }

    public String getLabel() {
        return AppPluginUtil.getMessage(getName() + ".label", getClassName(), Activator.MESSAGE_PATH);
    }

    public String getObjectLabel() {
        return AppPluginUtil.getMessage("apiBuilder.apiKey", getClassName(), Activator.MESSAGE_PATH);
    }

    public String getIdPrefix() {
        return "API-";
    }

    public String getPropertyOptions() {
        return AppUtil.readPluginResource(getClassName(), "/properties/api/setting.json", (Object[]) null, true, Activator.MESSAGE_PATH);
    }

    public String getBuilderConfig() {
        return AppUtil.readPluginResource(getClassName(), "/properties/api/api_builder.json", (Object[]) null, false, Activator.MESSAGE_PATH);
    }

    public String getResourceBundlePath() {
        return "messages/apiBuilder";
    }

    public String getBuilderJS(String str, String str2) {
        return "<script type=\"text/javascript\" src=\"" + str + "/plugin/org.joget.api.service.ApiBuilder/api/apibuilder.js?build=" + getVersion() + str2 + "\"></script>";
    }

    public String getBuilderCSS(String str, String str2) {
        return "<link href=\"" + str + "/plugin/org.joget.api.service.ApiBuilder/api/apibuilder.css?build=" + getVersion() + str2 + "\" rel=\"stylesheet\" type=\"text/css\" />";
    }

    public String getBuilderHTML(BuilderDefinition builderDefinition, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ((Cache) AppUtil.getApplicationContext().getBean("fluCache")).remove(DynamicDataSourceManager.getCurrentProfile() + "_API_BUILDER_" + builderDefinition.getId());
        return "";
    }

    public void builderPreview(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.setContentType("text/html; charset=utf-8");
            HashMap hashMap = new HashMap();
            hashMap.put("spec", getBuilderResult(str, new HashMap()));
            hashMap.put("api_id", addToPreviewCache(AppUtil.getCurrentAppDefinition().getAppId(), str));
            hashMap.put("api_key", "******************");
            hashMap.put("api_secret", "******************");
            httpServletResponse.getWriter().write(CustomBuilderUtil.generateHtml(this, "templates/swagger-ui.ftl", hashMap, httpServletRequest));
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, "");
        }
    }

    public void webService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!WorkflowUtil.isCurrentUserInRole("ROLE_ADMIN")) {
            httpServletResponse.sendError(401);
            return;
        }
        try {
            JSONArray jSONArray = new JSONArray();
            for (ApiPlugin apiPlugin : getAvailableElements()) {
                HashMap hashMap = new HashMap();
                hashMap.put("className", apiPlugin.getClassName());
                hashMap.put("icon", apiPlugin.getIcon());
                hashMap.put("label", apiPlugin.getLabel());
                hashMap.put("propertyOptions", apiPlugin.getPropertyOptions());
                hashMap.put("tag", apiPlugin.getTag());
                ArrayList arrayList = new ArrayList();
                for (Map.Entry<String, String> entry : apiPlugin.getOperationOptions().entrySet()) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("value", entry.getKey());
                    hashMap2.put("label", entry.getValue());
                    arrayList.add(hashMap2);
                }
                hashMap.put("operations", arrayList);
                hashMap.put("isSimple", Boolean.valueOf(apiPlugin.usingSimpleConfig()));
                if (apiPlugin.getPropertyOptions() == null || apiPlugin.getPropertyOptions().isEmpty()) {
                    hashMap.put("defaultProperties", "{}");
                } else {
                    hashMap.put("defaultProperties", PropertyUtil.getDefaultPropertyValues(hashMap.get("propertyOptions").toString()));
                }
                jSONArray.put((Map) hashMap);
            }
            jSONArray.write(httpServletResponse.getWriter());
        } catch (Exception e) {
            LogUtil.error(getClass().getName(), e, "Get available report element plugin error!");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [org.json.JSONObject, org.joget.api.model.JSONOrderedObject] */
    /* JADX WARN: Type inference failed for: r0v223, types: [org.json.JSONObject, org.joget.api.model.JSONOrderedObject, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v296, types: [org.json.JSONObject] */
    /* JADX WARN: Type inference failed for: r0v83, types: [java.lang.Object, org.json.JSONArray] */
    public Object getBuilderResult(String str, Map<String, Object> map) {
        String string;
        ApiPlugin plugin;
        if (str == null) {
            serveApi((HttpServletRequest) map.get("request"), (HttpServletResponse) map.get("response"), (Date) map.get("timestamp"));
            return null;
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            JSONObject jSONObject2 = jSONObject.getJSONObject("properties");
            HashSet hashSet = new HashSet();
            HttpServletRequest httpServletRequest = WorkflowUtil.getHttpServletRequest();
            if (httpServletRequest != null) {
                httpServletRequest.setAttribute("api_id", jSONObject2.getString("id"));
            }
            ?? jSONOrderedObject = new JSONOrderedObject();
            jSONOrderedObject.put("openapi", "3.0.1");
            JSONOrderedObject jSONOrderedObject2 = new JSONOrderedObject();
            jSONOrderedObject2.put("description", jSONObject2.getString("description"));
            jSONOrderedObject2.put(OutputKeys.VERSION, ResourceBundleUtil.getMessage("build.version"));
            jSONOrderedObject2.put("title", jSONObject2.getString("name"));
            if (jSONObject2.has("termsOfService") && !jSONObject2.getString("termsOfService").isEmpty()) {
                jSONOrderedObject2.put("termsOfService", jSONObject2.getString("termsOfService"));
            }
            if (jSONObject2.has("contactEmail") && !jSONObject2.getString("contactEmail").isEmpty()) {
                JSONOrderedObject jSONOrderedObject3 = new JSONOrderedObject();
                jSONOrderedObject3.put("email", jSONObject2.getString("contactEmail"));
                if (jSONObject2.has("contactName") && !jSONObject2.getString("contactName").isEmpty()) {
                    jSONOrderedObject3.put("name", jSONObject2.getString("contactName"));
                }
                jSONOrderedObject2.put("contact", jSONOrderedObject3);
            }
            if (jSONObject2.has("licenseUrl") && !jSONObject2.getString("licenseUrl").isEmpty()) {
                JSONOrderedObject jSONOrderedObject4 = new JSONOrderedObject();
                jSONOrderedObject4.put("url", jSONObject2.getString("licenseUrl"));
                if (jSONObject2.has("licenseName") && !jSONObject2.getString("licenseName").isEmpty()) {
                    jSONOrderedObject4.put("name", jSONObject2.getString("licenseName"));
                }
                jSONOrderedObject2.put("license", jSONOrderedObject4);
            }
            jSONOrderedObject.put("info", jSONOrderedObject2);
            String scheme = httpServletRequest.getScheme();
            String serverName = httpServletRequest.getServerName();
            int serverPort = httpServletRequest.getServerPort();
            StringBuilder sb = new StringBuilder();
            sb.append(scheme).append("://");
            sb.append(serverName);
            if (serverPort != 80 && serverPort != 443) {
                sb.append(ParserHelper.HQL_VARIABLE_PREFIX).append(serverPort);
            }
            sb.append(httpServletRequest.getContextPath()).append("/api");
            jSONOrderedObject.put("servers", new Object[]{new JSONOrderedObject().put("url", sb)});
            JSONOrderedObject jSONOrderedObject5 = new JSONOrderedObject();
            jSONOrderedObject5.put("api_id", new JSONOrderedObject().put(EnumType.TYPE, "apiKey").put("in", "header").put("name", "api_id"));
            jSONOrderedObject5.put("api_key", new JSONOrderedObject().put(EnumType.TYPE, "apiKey").put("in", "header").put("name", "api_key"));
            jSONOrderedObject5.put("token", new JSONOrderedObject().put(EnumType.TYPE, "apiKey").put("in", "header").put("name", "token"));
            jSONOrderedObject5.put("Authorization", new JSONOrderedObject().put(EnumType.TYPE, "apiKey").put("in", "header").put("name", "Authorization"));
            JSONArray jSONArray = new JSONArray();
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("api_id", new JSONOrderedObject());
            jSONObject3.put("api_key", new JSONOrderedObject());
            jSONArray.put(jSONObject3);
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put("api_id", new JSONOrderedObject());
            jSONObject4.put("api_key", new JSONOrderedObject());
            jSONObject4.put("token", new JSONOrderedObject());
            jSONArray.put(jSONObject4);
            JSONObject jSONObject5 = new JSONObject();
            jSONObject5.put("api_id", new JSONOrderedObject());
            jSONObject5.put("api_key", new JSONOrderedObject());
            jSONObject5.put("Authorization", new JSONOrderedObject());
            jSONArray.put(jSONObject5);
            JSONOrderedObject jSONOrderedObject6 = new JSONOrderedObject();
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            ?? jSONArray2 = new JSONArray();
            if (jSONObject.has(CollectionPropertyNames.COLLECTION_ELEMENTS)) {
                JSONArray jSONArray3 = jSONObject.getJSONArray(CollectionPropertyNames.COLLECTION_ELEMENTS);
                if (jSONArray3.length() > 0) {
                    PluginManager pluginManager = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
                    for (int i = 0; i < jSONArray3.length(); i++) {
                        JSONObject jSONObject6 = jSONArray3.getJSONObject(i);
                        if (jSONObject6.has("className") && (string = jSONObject6.getString("className")) != null && !string.isEmpty() && (plugin = pluginManager.getPlugin(string)) != null) {
                            String tag = plugin.getTag();
                            if (tag.contains("{") && tag.contains("}")) {
                                if (jSONObject6.has("properties")) {
                                    tag = populateVariable(tag, jSONObject6.getJSONObject("properties"));
                                    if (tag.contains("{") && tag.contains("}")) {
                                    }
                                }
                            }
                            plugin.setProperties(PropertyUtil.getProperties(jSONObject6.getJSONObject("properties")));
                            JSONOrderedObject jSONOrderedObject7 = new JSONOrderedObject();
                            jSONOrderedObject7.put("name", tag);
                            jSONOrderedObject7.put("description", plugin.getTagDesc());
                            if (plugin.getExternalDocsURL() != null && !plugin.getExternalDocsURL().isEmpty()) {
                                JSONOrderedObject jSONOrderedObject8 = new JSONOrderedObject();
                                jSONOrderedObject8.put("url", plugin.getExternalDocsURL());
                                if (plugin.getExternalDocsURL() != null && !plugin.getExternalDocsURL().isEmpty()) {
                                    jSONOrderedObject8.put("description", plugin.getExternalDocsDesc());
                                }
                                jSONOrderedObject7.put("externalDocs", jSONOrderedObject8);
                            }
                            for (Method method : plugin.getOperationMethods().values()) {
                                if (method.isAnnotationPresent(Operation.class)) {
                                    Operation operation = (Operation) method.getAnnotation(Operation.class);
                                    if (plugin.isAPIEnabled(operation.type().toString(), operation.path()).booleanValue()) {
                                        String str2 = "/" + tag;
                                        if (!operation.path().equals("/")) {
                                            str2 = str2 + operation.path();
                                        }
                                        Map map2 = (Map) linkedHashMap.get(str2);
                                        if (map2 == null) {
                                            map2 = new HashMap();
                                            linkedHashMap.put(str2, map2);
                                        }
                                        ?? jSONOrderedObject9 = new JSONOrderedObject();
                                        jSONOrderedObject9.put("tags", new String[]{tag});
                                        jSONOrderedObject9.put("summary", ApiService.getMessage(plugin, operation.summary()));
                                        jSONOrderedObject9.put("description", ApiService.getMessage(plugin, operation.description()));
                                        jSONOrderedObject9.put("operationId", method.getName());
                                        JSONArray jSONArray4 = new JSONArray();
                                        for (Parameter parameter : method.getParameters()) {
                                            Param param = (Param) parameter.getAnnotation(Param.class);
                                            if (param != null) {
                                                JSONOrderedObject jSONOrderedObject10 = new JSONOrderedObject();
                                                String value = param.value();
                                                jSONOrderedObject10.put("name", value);
                                                if ("body".equalsIgnoreCase(value)) {
                                                    JSONOrderedObject jSONOrderedObject11 = new JSONOrderedObject();
                                                    if (!param.description().isEmpty()) {
                                                        jSONOrderedObject11.put("description", ApiService.getMessage(plugin, param.description()));
                                                    }
                                                    JSONOrderedObject jSONOrderedObject12 = new JSONOrderedObject();
                                                    if (!param.definition().isEmpty()) {
                                                        JSONOrderedObject jSONOrderedObject13 = new JSONOrderedObject();
                                                        String definition = param.definition();
                                                        if (definition.contains("{")) {
                                                            definition = populateVariable(definition, jSONObject6.getJSONObject("properties"));
                                                        }
                                                        hashSet.add(definition);
                                                        jSONOrderedObject13.put("$ref", "#/components/schemas/" + definition);
                                                        jSONOrderedObject12.put(PersistentIdentifierGenerator.SCHEMA, jSONOrderedObject13);
                                                    }
                                                    jSONOrderedObject11.put("content", new JSONOrderedObject().put(operation.bodyContentType(), jSONOrderedObject12));
                                                    jSONOrderedObject9.put("requestBody", jSONOrderedObject11);
                                                } else {
                                                    if (param.header()) {
                                                        jSONOrderedObject10.put("in", "header");
                                                    } else if (operation.path().contains("{" + value + "}")) {
                                                        jSONOrderedObject10.put("in", "path");
                                                    } else if (byte[].class.isAssignableFrom(parameter.getType()) || InputStream.class.isAssignableFrom(parameter.getType())) {
                                                        JSONOrderedObject jSONOrderedObject14 = new JSONOrderedObject();
                                                        if (!param.description().isEmpty()) {
                                                            jSONOrderedObject14.put("description", ApiService.getMessage(plugin, param.description()));
                                                        }
                                                        JSONOrderedObject jSONOrderedObject15 = new JSONOrderedObject();
                                                        if (param.definition().isEmpty()) {
                                                            JSONOrderedObject jSONOrderedObject16 = new JSONOrderedObject();
                                                            jSONOrderedObject16.put(EnumType.TYPE, Ejb3DiscriminatorColumn.DEFAULT_DISCRIMINATOR_TYPE);
                                                            jSONOrderedObject16.put("format", "binary");
                                                            jSONOrderedObject15.put(PersistentIdentifierGenerator.SCHEMA, jSONOrderedObject16);
                                                        } else {
                                                            JSONOrderedObject jSONOrderedObject17 = new JSONOrderedObject();
                                                            String definition2 = param.definition();
                                                            if (definition2.contains("{")) {
                                                                definition2 = populateVariable(definition2, jSONObject6.getJSONObject("properties"));
                                                            }
                                                            hashSet.add(definition2);
                                                            jSONOrderedObject17.put("$ref", "#/components/schemas/" + definition2);
                                                            jSONOrderedObject15.put(PersistentIdentifierGenerator.SCHEMA, jSONOrderedObject17);
                                                        }
                                                        jSONOrderedObject14.put("content", new JSONOrderedObject().put("application/octet-stream", jSONOrderedObject15));
                                                        jSONOrderedObject9.put("requestBody", jSONOrderedObject14);
                                                    } else {
                                                        jSONOrderedObject10.put("in", "query");
                                                    }
                                                    if (!param.description().isEmpty()) {
                                                        jSONOrderedObject10.put("description", ApiService.getMessage(plugin, param.description()));
                                                    }
                                                    jSONOrderedObject10.put("required", param.required() || operation.path().contains(new StringBuilder().append("{").append(value).append("}").toString()));
                                                    String str3 = null;
                                                    if (!param.definition().isEmpty()) {
                                                        String definition3 = param.definition();
                                                        if (definition3.contains("{")) {
                                                            definition3 = populateVariable(definition3, jSONObject6.getJSONObject("properties"));
                                                        }
                                                        hashSet.add(definition3);
                                                        str3 = "#/components/schemas/" + definition3;
                                                    }
                                                    jSONOrderedObject10.put(PersistentIdentifierGenerator.SCHEMA, ApiService.getSchema(parameter.getType(), str3));
                                                    jSONArray4.put(jSONOrderedObject10);
                                                }
                                            }
                                        }
                                        if (jSONArray4.length() > 0) {
                                            jSONOrderedObject9.put(SequenceGenerator.PARAMETERS, jSONArray4);
                                        }
                                        JSONOrderedObject jSONOrderedObject18 = new JSONOrderedObject();
                                        for (Response response : ((Responses) method.getAnnotation(Responses.class)).value()) {
                                            JSONOrderedObject jSONOrderedObject19 = new JSONOrderedObject();
                                            jSONOrderedObject19.put("description", ApiService.getMessage(plugin, response.description()));
                                            JSONOrderedObject jSONOrderedObject20 = new JSONOrderedObject();
                                            if (!response.definition().isEmpty()) {
                                                JSONOrderedObject jSONOrderedObject21 = new JSONOrderedObject();
                                                String definition4 = response.definition();
                                                if (definition4.contains("{")) {
                                                    definition4 = populateVariable(definition4, jSONObject6.getJSONObject("properties"));
                                                }
                                                if (definition4.startsWith("{") && definition4.endsWith("}")) {
                                                    jSONOrderedObject21 = new JSONObject(definition4);
                                                } else {
                                                    hashSet.add(definition4);
                                                    if (response.array()) {
                                                        jSONOrderedObject21.put(EnumType.TYPE, "array");
                                                        jSONOrderedObject21.put("items", new JSONObject().put("$ref", "#/components/schemas/" + definition4));
                                                    } else {
                                                        jSONOrderedObject21.put("$ref", "#/components/schemas/" + definition4);
                                                    }
                                                }
                                                jSONOrderedObject20.put(PersistentIdentifierGenerator.SCHEMA, jSONOrderedObject21);
                                            }
                                            jSONOrderedObject19.put("content", new JSONOrderedObject().put(response.contentType(), jSONOrderedObject20));
                                            jSONOrderedObject18.put(Integer.toString(response.responseCode()), jSONOrderedObject19);
                                        }
                                        jSONOrderedObject9.put("responses", jSONOrderedObject18);
                                        jSONOrderedObject9.put("security", jSONArray);
                                        if (operation.deprecated()) {
                                            jSONOrderedObject9.put("deprecated", true);
                                        }
                                        map2.put(operation.type().toString(), jSONOrderedObject9);
                                    }
                                }
                            }
                            Map<String, ApiDefinition> definitions = plugin.getDefinitions();
                            if (definitions != null && !definitions.isEmpty()) {
                                for (String str4 : definitions.keySet()) {
                                    if (hashSet.contains(str4)) {
                                        jSONOrderedObject6.put(str4, definitions.get(str4).getDefinition());
                                    }
                                }
                            }
                            jSONArray2.put(jSONOrderedObject7);
                        }
                    }
                }
            }
            jSONOrderedObject.put("tags", jSONArray2);
            jSONOrderedObject.put("paths", linkedHashMap);
            JSONOrderedObject jSONOrderedObject22 = new JSONOrderedObject();
            jSONOrderedObject22.put("securitySchemes", jSONOrderedObject5);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            linkedHashMap2.put("code", Integer.class);
            linkedHashMap2.put("message", String.class);
            linkedHashMap2.put("date", Date.class);
            jSONOrderedObject6.put("ApiResponse", new ApiDefinition((Map<String, Class>) linkedHashMap2).getDefinition());
            jSONOrderedObject22.put("schemas", jSONOrderedObject6);
            jSONOrderedObject.put("components", jSONOrderedObject22);
            if (jSONObject2.has("externalDocUrl") && !jSONObject2.getString("externalDocUrl").isEmpty()) {
                JSONOrderedObject jSONOrderedObject23 = new JSONOrderedObject();
                jSONOrderedObject23.put("url", jSONObject2.getString("externalDocUrl"));
                if (jSONObject2.has("externalDocDesc") && !jSONObject2.getString("externalDocDesc").isEmpty()) {
                    jSONOrderedObject23.put("description", jSONObject2.getString("externalDocDesc"));
                }
                jSONOrderedObject.put("externalDocs", jSONOrderedObject23);
            }
            if (map.containsKey("output") && "yaml".equalsIgnoreCase(map.get("output").toString())) {
                return null;
            }
            return jSONOrderedObject.toString();
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, "");
            return null;
        }
    }

    public static Collection<ApiPlugin> getAvailableElements() {
        PluginManager pluginManager = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
        ArrayList arrayList = new ArrayList();
        for (ApiPlugin apiPlugin : pluginManager.list(ApiPlugin.class)) {
            if (apiPlugin instanceof ApiPlugin) {
                arrayList.add(apiPlugin);
            }
        }
        return arrayList;
    }

    public String getCreateNewPageHtml() {
        HashMap hashMap = new HashMap();
        hashMap.put("apiKey", UUID.randomUUID());
        return ((PluginManager) AppUtil.getApplicationContext().getBean("pluginManager")).getPluginFreeMarkerTemplate(hashMap, getClass().getName(), "/templates/apiBuilderNew.ftl", (String) null);
    }

    public String createNewJSON(String str, String str2, String str3, BuilderDefinition builderDefinition) {
        String replaceAll = UUID.randomUUID().toString().replaceAll("-", "");
        String str4 = "";
        if (builderDefinition != null) {
            try {
                JSONObject jSONObject = new JSONObject(builderDefinition.getJson());
                if (!jSONObject.isNull("properties")) {
                    JSONObject jSONObject2 = jSONObject.getJSONObject("properties");
                    jSONObject2.put("id", str);
                    jSONObject2.put("name", str2);
                    jSONObject2.put("description", str3);
                }
                str4 = jSONObject.toString();
            } catch (Exception e) {
            }
        } else {
            str4 = AppUtil.readPluginResource(getClassName(), "/properties/api/defaultDefinition.json", new String[]{str, str2, str3, replaceAll}, true, (String) null);
        }
        return str4;
    }

    protected void doOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Allow", "GET, POST, PUT, DELETE, HEAD, TRACE, OPTIONS");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, HEAD, TRACE, OPTIONS");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", BooleanUtils.TRUE);
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
    }

    @Transactional
    protected void serveApi(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Date date) {
        ApiResponse writeSystemError;
        String substring = httpServletRequest.getPathInfo().substring(1);
        if (httpServletRequest.getMethod().equals("OPTIONS")) {
            doOptions(httpServletRequest, httpServletResponse);
            return;
        }
        if (substring.startsWith("API-") && !substring.contains("/")) {
            BuilderDefinition json = getJson(substring);
            try {
                if (json != null) {
                    httpServletRequest.setAttribute("api_id", substring);
                    new HashMap();
                    httpServletResponse.setContentType("text/html; charset=utf-8");
                    HashMap hashMap = new HashMap();
                    hashMap.put("spec", getBuilderResult(json.getJson(), new HashMap()));
                    hashMap.put("api_id", substring);
                    httpServletResponse.getWriter().write(CustomBuilderUtil.generateHtml(this, "templates/swagger-ui.ftl", hashMap, httpServletRequest));
                } else {
                    httpServletResponse.sendError(404);
                }
                return;
            } catch (Exception e) {
                LogUtil.error(ApiBuilder.class.getName(), e, "");
                return;
            }
        }
        long currentTimeMillis = System.currentTimeMillis();
        HostManager.initHost();
        String header = httpServletRequest.getHeader("api_id");
        String header2 = httpServletRequest.getHeader("api_key");
        if (header == null || "".equals(header)) {
            writeBadRequest(httpServletResponse).write(httpServletResponse);
            return;
        }
        JSONObject api = getAPI(header, httpServletRequest);
        if (api == null) {
            writeSystemError = writeBadRequest(httpServletResponse);
        } else {
            try {
                httpServletRequest.setAttribute("api_id", api.getJSONObject("properties").getString("id"));
            } catch (Exception e2) {
                LogUtil.error(getClassName(), e2, substring);
            }
            boolean z = false;
            try {
                z = authenticate(httpServletRequest, httpServletResponse, date, api);
            } catch (Exception e3) {
                LogUtil.error(ApiBuilder.class.getName(), e3, substring);
            }
            if (z) {
                try {
                    writeSystemError = runOperation(substring, httpServletRequest.getMethod(), api, httpServletRequest, httpServletResponse);
                } catch (Exception e4) {
                    LogUtil.error(ApiBuilder.class.getName(), e4, substring);
                    writeSystemError = writeSystemError(httpServletResponse);
                }
            } else {
                writeSystemError = writeUnauthorized(httpServletResponse);
            }
        }
        if (writeSystemError != null) {
            writeSystemError.write(httpServletResponse);
            if ((header.startsWith("API-") || !header.contains("_API_BUILDER_PREVIEW_")) && api != null) {
                try {
                    JSONObject jSONObject = api.getJSONObject("properties");
                    boolean z2 = false;
                    if (jSONObject.has("enableInternal") && !jSONObject.isNull("enableInternal")) {
                        z2 = BooleanUtils.TRUE.equalsIgnoreCase(jSONObject.getString("enableInternal"));
                    }
                    String str = "";
                    if (jSONObject.has("internalKey") && !jSONObject.isNull("internalKey")) {
                        str = jSONObject.getString("internalKey");
                    }
                    if (header2 != null && z2) {
                        if (header2.equals(str)) {
                            return;
                        }
                    }
                } catch (Exception e5) {
                    LogUtil.error(ApiBuilder.class.getName(), e5, "");
                }
                ApiCredential apiCredential = ((ApiCredentialDao) ApiAppContext.getInstance().getAppContext().getBean("apiCredentialDao")).get(header2);
                if (apiCredential.getLog() == null || !apiCredential.getLog().equalsIgnoreCase(BooleanUtils.TRUE)) {
                    return;
                }
                ApiLogDao apiLogDao = (ApiLogDao) ApiAppContext.getInstance().getAppContext().getBean("apiLogDao");
                ApiLog apiLog = new ApiLog();
                apiLog.setId(UUID.randomUUID().toString());
                apiLog.setApiId(header);
                apiLog.setApiKey(header2);
                apiLog.setMethod(substring);
                apiLog.setSourceIp(AppUtil.getClientIp(httpServletRequest));
                apiLog.setStatus(writeSystemError.getStatus());
                apiLog.setMessage(writeSystemError.getMessage());
                apiLog.setTimestamp(date);
                apiLog.setUserAgent(httpServletRequest.getHeader("User-Agent"));
                apiLog.setExecTimeMs(System.currentTimeMillis() - currentTimeMillis);
                if (apiCredential.getLogDetails() != null && apiCredential.getLogDetails().equalsIgnoreCase(BooleanUtils.TRUE)) {
                    JSONObject jSONObject2 = new JSONObject();
                    try {
                        if (httpServletRequest.getQueryString() != null && !httpServletRequest.getQueryString().isEmpty()) {
                            jSONObject2.put("queryString", httpServletRequest.getQueryString());
                        }
                        if (httpServletRequest.getHeaderNames() != null) {
                            HashMap hashMap2 = new HashMap();
                            Enumeration headerNames = httpServletRequest.getHeaderNames();
                            while (headerNames.hasMoreElements()) {
                                String str2 = (String) headerNames.nextElement();
                                hashMap2.put(str2, httpServletRequest.getHeader(str2));
                            }
                            jSONObject2.put("headers", (Map) hashMap2);
                        }
                        if (writeSystemError.getParameter() != null) {
                            HashMap hashMap3 = new HashMap();
                            Parameter[] parameter = writeSystemError.getParameter();
                            List<Object> parameterValues = writeSystemError.getParameterValues();
                            for (int i = 0; i < parameter.length; i++) {
                                Param param = (Param) parameter[i].getAnnotation(Param.class);
                                if (param != null) {
                                    String value = param.value();
                                    if (parameterValues.get(i) != null) {
                                        hashMap3.put(value, parameterValues.get(i));
                                    }
                                }
                            }
                            jSONObject2.put("payload", (Map) hashMap3);
                        }
                        if (writeSystemError.getContent() != null && !writeSystemError.getContent().isEmpty()) {
                            if (writeSystemError.getContent().startsWith("[") && writeSystemError.getContent().endsWith("]")) {
                                jSONObject2.put("content", new JSONArray(writeSystemError.getContent()));
                            } else if (writeSystemError.getContent().startsWith("{") && writeSystemError.getContent().endsWith("}")) {
                                jSONObject2.put("content", new JSONObject(writeSystemError.getContent()));
                            }
                        }
                    } catch (Exception e6) {
                        LogUtil.error(ApiBuilder.class.getName(), e6, header2);
                    }
                    try {
                        apiLog.setLogDetails(jSONObject2.toString(4));
                    } catch (JSONException e7) {
                        LogUtil.error(ApiBuilder.class.getName(), e7, header2);
                    }
                }
                apiLogDao.save(apiLog);
            }
        }
    }

    public static ApiResponse writeBadRequest(HttpServletResponse httpServletResponse) {
        return new ApiResponse(400, AppPluginUtil.getMessage("api.error.400", ApiBuilder.class.getName(), Activator.MESSAGE_PATH));
    }

    public static ApiResponse writeUnauthorized(HttpServletResponse httpServletResponse) {
        return new ApiResponse(401, AppPluginUtil.getMessage("api.error.401", ApiBuilder.class.getName(), Activator.MESSAGE_PATH));
    }

    public static ApiResponse writeSystemError(HttpServletResponse httpServletResponse) {
        return new ApiResponse(500, AppPluginUtil.getMessage("api.error.500", ApiBuilder.class.getName(), Activator.MESSAGE_PATH));
    }

    public static boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Date date, JSONObject jSONObject) throws JSONException {
        String header = httpServletRequest.getHeader("api_id");
        if (!header.startsWith("API-") && header.contains("_API_BUILDER_PREVIEW_")) {
            return true;
        }
        String header2 = httpServletRequest.getHeader("api_key");
        JSONObject jSONObject2 = jSONObject.getJSONObject("properties");
        boolean z = false;
        if (jSONObject2.has("enableInternal") && !jSONObject2.isNull("enableInternal")) {
            z = BooleanUtils.TRUE.equalsIgnoreCase(jSONObject2.getString("enableInternal"));
        }
        String str = "";
        if (jSONObject2.has("internalKey") && !jSONObject2.isNull("internalKey")) {
            str = jSONObject2.getString("internalKey");
        }
        if (header2 == null || (z && header2.equals(str))) {
            if (header2 == null || !z || !header2.equals(str)) {
                return false;
            }
            WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
            String domainName = SecurityUtil.getDomainName(httpServletRequest.getHeader("referer"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(httpServletRequest.getServerName());
            if (!SecurityUtil.isAllowedDomain(domainName, arrayList)) {
                LogUtil.info(ApiBuilder.class.getName(), "Possible CSRF attack from url(" + httpServletRequest.getRequestURI() + ") referer(" + httpServletRequest.getHeader("referer") + ")");
                return false;
            }
            JSONObject jSONObject3 = jSONObject2.getJSONObject("internalPermission");
            if (jSONObject3 == null) {
                return false;
            }
            String string = jSONObject3.getString("className");
            PluginManager pluginManager = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
            Permission permission = null;
            if (string != null && !string.isEmpty()) {
                permission = (Permission) pluginManager.getPlugin(string);
            }
            if (permission == null) {
                return false;
            }
            if (jSONObject3.has("properties")) {
                permission.setProperties(PropertyUtil.getProperties(jSONObject3.getJSONObject("properties")));
            }
            permission.setRequestParameters(httpServletRequest.getParameterMap());
            permission.setCurrentUser(workflowUserManager.getCurrentUser());
            return permission.isAuthorize();
        }
        ApiCredential apiCredential = ((ApiCredentialDao) ApiAppContext.getInstance().getAppContext().getBean("apiCredentialDao")).get(header2);
        if (apiCredential == null) {
            return false;
        }
        boolean z2 = false;
        try {
            if (apiCredential.getCustomAuthMethod() == null || "".equalsIgnoreCase(apiCredential.getCustomAuthMethod()) || "add".equalsIgnoreCase(apiCredential.getCustomAuthMethod())) {
                if ("token".equalsIgnoreCase(apiCredential.getType())) {
                    String setting = apiCredential.getSetting();
                    String header3 = httpServletRequest.getHeader("token");
                    String str2 = "";
                    if (setting.contains("(")) {
                        str2 = setting.substring(0, setting.indexOf("("));
                        setting = setting.substring(setting.indexOf("(") + 1, setting.length() - 1);
                    }
                    String replaceAll = setting.replaceAll(StringUtil.escapeRegex("{api_key}"), StringUtil.escapeRegex(header2));
                    if (replaceAll.indexOf("{api_secret}") != -1) {
                        replaceAll = replaceAll.replaceAll(StringUtil.escapeRegex("{api_secret}"), StringUtil.escapeRegex(SecurityUtil.decrypt(apiCredential.getApiSecret())));
                    }
                    if (replaceAll.contains("{")) {
                        if (validate(str2, populateTime(replaceAll, date), header3)) {
                            z2 = true;
                        } else {
                            Calendar calendar = Calendar.getInstance();
                            calendar.setTime(date);
                            calendar.add(12, -1);
                            z2 = validate(str2, populateTime(replaceAll, calendar.getTime()), header3);
                        }
                    } else {
                        z2 = validate(str2, replaceAll, header3);
                    }
                } else if ("basic".equalsIgnoreCase(apiCredential.getType())) {
                    String header4 = httpServletRequest.getHeader("Authorization");
                    if (header4 == null || !header4.startsWith("Basic ")) {
                        return false;
                    }
                    String[] extractAndDecodeHeader = extractAndDecodeHeader(header4);
                    if (extractAndDecodeHeader.length != 2) {
                        return false;
                    }
                    WorkflowUserManager workflowUserManager2 = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
                    try {
                        Authentication authenticate = ((AuthenticationManager) AppUtil.getApplicationContext().getBean("authenticationManager")).authenticate(new UsernamePasswordAuthenticationToken(extractAndDecodeHeader[0], extractAndDecodeHeader[1]));
                        SecurityContextHolder.getContext().setAuthentication(authenticate);
                        HttpSession session = httpServletRequest.getSession(false);
                        if (session != null) {
                            SavedRequest request = new HttpSessionRequestCache().getRequest(httpServletRequest, httpServletResponse);
                            session.invalidate();
                            httpServletRequest.getSession(true);
                            if (request != null) {
                                new HttpSessionRequestCache().saveRequest(httpServletRequest, httpServletResponse);
                            }
                        }
                        z2 = authenticate.isAuthenticated();
                        if (z2) {
                            workflowUserManager2.clearCurrentThreadUser();
                        }
                        String clientIp = AppUtil.getClientIp(httpServletRequest);
                        LogUtil.info(ApiBuilder.class.getName(), "Authentication for user " + extractAndDecodeHeader[0] + " (" + clientIp + ") : " + z2);
                        ((WorkflowHelper) AppUtil.getApplicationContext().getBean("workflowHelper")).addAuditTrail(ApiBuilder.class.getName(), "authenticate", "Authentication for user " + extractAndDecodeHeader[0] + " (" + clientIp + ") : " + z2);
                        if (!z2) {
                            return false;
                        }
                        String setting2 = apiCredential.getSetting();
                        PluginManager pluginManager2 = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
                        String decrypt = SecurityUtil.decrypt(apiCredential.getApiSecret());
                        Permission permission2 = null;
                        if (decrypt != null && !decrypt.isEmpty()) {
                            permission2 = (Permission) pluginManager2.getPlugin(decrypt);
                        }
                        if (permission2 != null) {
                            if (setting2 != null) {
                                permission2.setProperties(PropertyUtil.getPropertiesValueFromJson(setting2));
                            }
                            permission2.setRequestParameters(httpServletRequest.getParameterMap());
                            permission2.setCurrentUser(workflowUserManager2.getCurrentUser());
                            z2 = permission2.isAuthorize();
                        }
                    } catch (Exception e) {
                        String clientIp2 = AppUtil.getClientIp(httpServletRequest);
                        LogUtil.info(ApiBuilder.class.getName(), "Authentication for user " + extractAndDecodeHeader[0] + " (" + clientIp2 + ") : " + z2);
                        ((WorkflowHelper) AppUtil.getApplicationContext().getBean("workflowHelper")).addAuditTrail(ApiBuilder.class.getName(), "authenticate", "Authentication for user " + extractAndDecodeHeader[0] + " (" + clientIp2 + ") : " + z2);
                        return false;
                    }
                } else if ("simple".equalsIgnoreCase(apiCredential.getType())) {
                    z2 = true;
                }
            }
            if ((z2 && "add".equalsIgnoreCase(apiCredential.getCustomAuthMethod())) || AnsiTrimEmulationFunction.REPLACE.equalsIgnoreCase(apiCredential.getCustomAuthMethod())) {
                String settingCustom = apiCredential.getSettingCustom();
                PluginManager pluginManager3 = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
                String apiCustom = apiCredential.getApiCustom();
                ApiAuthenticatorAbstract apiAuthenticatorAbstract = null;
                if (apiCustom != null && !apiCustom.isEmpty()) {
                    apiAuthenticatorAbstract = (ApiAuthenticatorAbstract) pluginManager3.getPlugin(apiCustom);
                }
                if (apiAuthenticatorAbstract != null) {
                    if (settingCustom != null) {
                        apiAuthenticatorAbstract.setProperties(PropertyUtil.getPropertiesValueFromJson(settingCustom));
                    }
                    z2 = apiAuthenticatorAbstract.authenticate(httpServletRequest, httpServletResponse);
                }
            }
            if (z2) {
                String domainWhitelist = apiCredential.getDomainWhitelist();
                String ipWhitelist = apiCredential.getIpWhitelist();
                if (!"*".equals(domainWhitelist) && !"*".equals(ipWhitelist)) {
                    String domainName2 = SecurityUtil.getDomainName(httpServletRequest.getHeader("referer"));
                    String clientIp3 = AppUtil.getClientIp(httpServletRequest);
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(httpServletRequest.getServerName());
                    if (domainWhitelist != null) {
                        arrayList2.addAll(Arrays.asList(domainWhitelist.split("\\r?\\n")));
                    }
                    ArrayList arrayList3 = new ArrayList();
                    if (ipWhitelist != null) {
                        arrayList3.addAll(Arrays.asList(ipWhitelist.split("\\r?\\n")));
                    }
                    if (!SecurityUtil.isAllowedDomain(domainName2, arrayList2) && !SecurityUtil.isAllowedDomain(clientIp3, arrayList3)) {
                        LogUtil.info(ApiBuilder.class.getName(), "Possible CSRF attack from url(" + httpServletRequest.getRequestURI() + ") referer(" + httpServletRequest.getHeader("referer") + ") IP(" + clientIp3 + ")");
                        z2 = false;
                    }
                }
                if ("*".equals(domainWhitelist) || (z2 && httpServletRequest.getHeader("Origin") != null)) {
                    String header5 = httpServletRequest.getHeader("Origin");
                    if (header5 != null) {
                        header5 = header5.replace(StringUtils.LF, "").replace(StringUtils.CR, "");
                    } else if ("*".equals(domainWhitelist)) {
                        header5 = "*";
                    }
                    httpServletResponse.setHeader("Access-Control-Allow-Origin", header5);
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", BooleanUtils.TRUE);
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
                }
            }
        } catch (Exception e2) {
            LogUtil.error(ApiBuilder.class.getName(), e2, header2);
        }
        return z2;
    }

    public static BuilderDefinition getJson(String str) {
        BuilderDefinition builderDefinition;
        String str2 = DynamicDataSourceManager.getCurrentProfile() + "_API_BUILDER_" + str;
        Cache cache = (Cache) AppUtil.getApplicationContext().getBean("fluCache");
        Element element = cache.get(str2);
        if (element != null) {
            return element.getValue();
        }
        BuilderDefinitionDao builderDefinitionDao = (BuilderDefinitionDao) AppUtil.getApplicationContext().getBean("builderDefinitionDao");
        if (builderDefinitionDao == null) {
            return null;
        }
        Collection find = builderDefinitionDao.find("and id=?", new Object[]{str}, (AppDefinition) null, (String) null, (Boolean) null, (Integer) null, (Integer) null);
        AppService appService = (AppService) AppUtil.getApplicationContext().getBean("appService");
        if (find.isEmpty()) {
            return null;
        }
        Iterator it = find.iterator();
        Long publishedVersion = appService.getPublishedVersion(((BuilderDefinition) find.iterator().next()).getAppId());
        do {
            builderDefinition = (BuilderDefinition) it.next();
        } while (!builderDefinition.getAppVersion().equals(publishedVersion));
        cache.put(new Element(str2, builderDefinition));
        return builderDefinition;
    }

    public static JSONObject getAPI(String str, HttpServletRequest httpServletRequest) {
        BuilderDefinition json;
        String header;
        JSONObject jSONObject = null;
        try {
            json = getJson(str);
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, str);
        }
        if (json != null) {
            AppUtil.setCurrentAppDefinition(json.getAppDefinition());
            jSONObject = new JSONObject(AppUtil.processHashVariable(json.getJson(), (WorkflowAssignment) null, "json", (Map) null));
            return jSONObject;
        }
        String previewCache = getPreviewCache(str);
        if (previewCache == null || previewCache.isEmpty() || (header = httpServletRequest.getHeader("referer")) == null || !header.matches("^.+/app/[^/]+/[0-9]+/cbuilder/api/preview/.+$")) {
            return null;
        }
        String[] split = header.substring(header.indexOf("/app/") + 5, header.indexOf("/cbuilder/api/preview/")).split("/");
        ((AppService) AppUtil.getApplicationContext().getBean("appService")).getAppDefinition(split[0], split[1]);
        JSONObject jSONObject2 = new JSONObject(AppUtil.processHashVariable(previewCache, (WorkflowAssignment) null, "json", (Map) null));
        if (jSONObject2.has("properties") && header.endsWith(jSONObject2.getJSONObject("properties").getString("id"))) {
            return jSONObject2;
        }
        return null;
    }

    public static ApiResponse runOperation(String str, String str2, JSONObject jSONObject, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int countMatches;
        String string;
        ApiPlugin apiPlugin;
        try {
            ApiPlugin apiPlugin2 = null;
            Method method = null;
            Map<String, String> map = null;
            if (jSONObject.has(CollectionPropertyNames.COLLECTION_ELEMENTS)) {
                JSONArray jSONArray = jSONObject.getJSONArray(CollectionPropertyNames.COLLECTION_ELEMENTS);
                if (jSONArray.length() > 0) {
                    PluginManager pluginManager = (PluginManager) AppUtil.getApplicationContext().getBean("pluginManager");
                    for (int i = 0; i < jSONArray.length(); i++) {
                        JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                        if (jSONObject2.has("className") && (string = jSONObject2.getString("className")) != null && !string.isEmpty() && (apiPlugin = (ApiPlugin) pluginManager.getPlugin(string)) != null) {
                            String tag = apiPlugin.getTag();
                            if (tag.contains("{") && tag.contains("}")) {
                                if (jSONObject2.has("properties")) {
                                    boolean z = false;
                                    JSONObject jSONObject3 = jSONObject2.getJSONObject("properties");
                                    Matcher matcher = Pattern.compile("\\{([a-zA-Z0-9_]+)\\}").matcher(tag);
                                    while (true) {
                                        if (!matcher.find()) {
                                            break;
                                        }
                                        String group = matcher.group(1);
                                        if (!jSONObject3.has(group)) {
                                            z = true;
                                            break;
                                        }
                                        tag = tag.replaceAll(StringUtil.escapeRegex(matcher.group(0)), jSONObject3.get(group).toString());
                                    }
                                    if (z) {
                                    }
                                }
                            }
                            if (str.startsWith(tag + "/") || str.equals(tag)) {
                                apiPlugin.setProperties(PropertyUtil.getProperties(jSONObject2.getJSONObject("properties")));
                                apiPlugin2 = apiPlugin;
                                str = str.replaceFirst(StringUtil.escapeRegex(tag), StringUtil.escapeRegex(""));
                                break;
                            }
                        }
                    }
                }
            }
            if (apiPlugin2 != null) {
                apiPlugin2.getClass();
                int i2 = Integer.MAX_VALUE;
                for (Method method2 : apiPlugin2.getOperationMethods().values()) {
                    if (method2.isAnnotationPresent(Operation.class)) {
                        Operation operation = (Operation) method2.getAnnotation(Operation.class);
                        if (apiPlugin2.isAPIEnabled(operation.type().toString(), operation.path()).booleanValue()) {
                            int i3 = Integer.MAX_VALUE;
                            if (str2.equalsIgnoreCase(operation.type().toString())) {
                                i3 = 1000;
                            } else if (!str2.equalsIgnoreCase(operation.type().toString()) && operation.type().toString().equalsIgnoreCase("get") && str2.equalsIgnoreCase("post")) {
                                i3 = 1001;
                            }
                            if (i3 < i2) {
                                String path = operation.path();
                                if (path.contains("{") && path.contains("}")) {
                                    path = path.replaceAll("\\{([a-zA-Z0-9_]+)\\}", StringUtil.escapeRegex("([^/]+)"));
                                }
                                if ((str.isEmpty() && "/".equals(path)) || ((str.isEmpty() && path.isEmpty()) || str.equals(path))) {
                                    map = getPathParams(str, operation.path(), path);
                                    method = method2;
                                    if (i3 == 1000) {
                                        break;
                                    }
                                    i2 = i3;
                                } else if (str.matches("(?i:^" + path + "$)") && (countMatches = org.apache.commons.lang.StringUtils.countMatches(path, "([^/]+)") + i3) < i2) {
                                    map = getPathParams(str, operation.path(), path);
                                    method = method2;
                                    i2 = countMatches;
                                }
                            } else {
                                continue;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return method != null ? runOperation(apiPlugin2, method, map, httpServletRequest, httpServletResponse) : writeBadRequest(httpServletResponse);
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, str);
            return writeSystemError(httpServletResponse);
        }
    }

    protected static ApiResponse runOperation(ApiPlugin apiPlugin, Method method, Map<String, String> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Operation operation = (Operation) method.getAnnotation(Operation.class);
        Parameter[] parameters = method.getParameters();
        ArrayList arrayList = new ArrayList();
        try {
            for (Parameter parameter : parameters) {
                Param param = (Param) parameter.getAnnotation(Param.class);
                Class<?> type = parameter.getType();
                if (param != null) {
                    String value = param.value();
                    if ("body".equalsIgnoreCase(value)) {
                        if (ServletFileUpload.isMultipartContent(httpServletRequest) && FileUploadBase.MULTIPART_FORM_DATA.equals(operation.bodyContentType())) {
                            HashMap hashMap = new HashMap();
                            HashMap hashMap2 = new HashMap();
                            Map parameterMap = httpServletRequest.getParameterMap();
                            for (String str : parameterMap.keySet()) {
                                String[] strArr = (String[]) parameterMap.get(str);
                                String[] strArr2 = (String[]) hashMap.get(str);
                                if (strArr2 == null) {
                                    hashMap.put(str, new String[]{strArr[0]});
                                } else {
                                    int length = strArr2.length;
                                    String[] strArr3 = new String[length + 1];
                                    System.arraycopy(strArr2, 0, strArr3, 0, length);
                                    strArr3[length] = strArr[0];
                                    hashMap.put(str, strArr3);
                                }
                            }
                            MultiValueMap multiFileMap = ((MultipartHttpServletRequest) httpServletRequest).getMultiFileMap();
                            for (String str2 : multiFileMap.keySet()) {
                                hashMap2.put(str2, ((List) multiFileMap.get(str2)).toArray(new MultipartFile[0]));
                            }
                            FileStore.setFileMap(hashMap2);
                            arrayList.add(hashMap);
                        } else if (BufferedReader.class.isAssignableFrom(type)) {
                            arrayList.add(httpServletRequest.getReader());
                        } else {
                            String iOUtils = IOUtils.toString(httpServletRequest.getReader());
                            if (JSONObject.class.isAssignableFrom(type)) {
                                JSONObject jSONObject = null;
                                if (!iOUtils.isEmpty()) {
                                    try {
                                        jSONObject = new JSONObject(iOUtils);
                                    } catch (Exception e) {
                                        throw new RuntimeException("Not supported format for body");
                                    }
                                }
                                if (jSONObject == null) {
                                    jSONObject = new JSONObject();
                                }
                                arrayList.add(jSONObject);
                            } else if (JSONArray.class.isAssignableFrom(type)) {
                                JSONArray jSONArray = null;
                                if (!iOUtils.isEmpty()) {
                                    try {
                                        jSONArray = new JSONArray(iOUtils);
                                    } catch (Exception e2) {
                                        throw new RuntimeException("Not supported format for body");
                                    }
                                }
                                if (jSONArray == null) {
                                    jSONArray = new JSONArray();
                                }
                                arrayList.add(jSONArray);
                            } else if (String.class.isAssignableFrom(type)) {
                                arrayList.add(iOUtils);
                            } else if (type.isAssignableFrom(byte[].class)) {
                                arrayList.add(IOUtils.toByteArray(httpServletRequest.getReader()));
                            } else if (InputStream.class.isAssignableFrom(type)) {
                                arrayList.add(httpServletRequest.getInputStream());
                            } else if (Map.class.isAssignableFrom(type)) {
                                arrayList.add(new Gson().fromJson(iOUtils, new TypeToken<Map<String, String>>() { // from class: org.joget.api.service.ApiBuilder.1
                                }.getType()));
                            } else {
                                try {
                                    arrayList.add(new Gson().fromJson(iOUtils, (Class) type));
                                } catch (Exception e3) {
                                    throw new RuntimeException("Not supported class (" + type.getName() + ") for body");
                                }
                            }
                        }
                    } else if (type.isAssignableFrom(byte[].class)) {
                        arrayList.add(IOUtils.toByteArray(httpServletRequest.getReader()));
                    } else if (InputStream.class.isAssignableFrom(type)) {
                        arrayList.add(httpServletRequest.getInputStream());
                    } else if (Map.class.isAssignableFrom(type)) {
                        HashMap hashMap3 = new HashMap();
                        if (type.isAssignableFrom(hashMap3.getClass())) {
                            Enumeration parameterNames = httpServletRequest.getParameterNames();
                            while (parameterNames.hasMoreElements()) {
                                String escapeHtml = StringEscapeUtils.escapeHtml((String) parameterNames.nextElement());
                                String[] parameterValues = httpServletRequest.getParameterValues(escapeHtml);
                                if (parameterValues.length > 1) {
                                    hashMap3.put(escapeHtml, org.apache.commons.lang.StringUtils.join(parameterValues, ";"));
                                } else if (parameterValues.length == 1) {
                                    hashMap3.put(escapeHtml, parameterValues[0]);
                                }
                            }
                            arrayList.add(hashMap3);
                        } else {
                            arrayList.add(httpServletRequest.getParameterMap());
                        }
                    } else {
                        String[] parameterValues2 = param.header() ? new String[]{httpServletRequest.getHeader(value)} : map.containsKey(value) ? new String[]{map.get(value)} : httpServletRequest.getParameterValues(value);
                        if (parameterValues2 == null && param.required()) {
                            throw new RuntimeException("Parameter (" + value + ") is required");
                        }
                        arrayList.add(castValue(type, parameterValues2));
                    }
                } else if (HttpServletRequest.class.isAssignableFrom(type)) {
                    arrayList.add(httpServletRequest);
                } else if (HttpServletResponse.class.isAssignableFrom(type)) {
                    arrayList.add(httpServletResponse);
                } else {
                    if (!PrintWriter.class.isAssignableFrom(type)) {
                        throw new RuntimeException("Not supported parameter : " + param.value());
                    }
                    arrayList.add(httpServletResponse.getWriter());
                }
            }
            try {
                Object invoke = apiPlugin.getClass().getDeclaredMethod(method.getName(), method.getParameterTypes()).invoke(apiPlugin, arrayList.toArray(new Object[0]));
                if (invoke == null || !(invoke instanceof ApiResponse)) {
                    return new ApiResponse(200, "");
                }
                ApiResponse apiResponse = (ApiResponse) invoke;
                if (parameters != null) {
                    apiResponse.setParameter(parameters);
                }
                apiResponse.setParameterValues(arrayList);
                return apiResponse;
            } catch (Exception e4) {
                LogUtil.error(ApiBuilder.class.getName(), e4, method.getName());
                return writeSystemError(httpServletResponse);
            }
        } catch (Exception e5) {
            LogUtil.error(ApiBuilder.class.getName(), e5, method.getName());
            return writeBadRequest(httpServletResponse);
        }
    }

    protected static Object castValue(Class cls, String[] strArr) throws Exception {
        if (strArr == null) {
            return null;
        }
        if (cls.isArray()) {
            Class<?> componentType = cls.getComponentType();
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                arrayList.add(castValue(componentType, new String[]{str}));
            }
            return arrayList.toArray(new Object[0]);
        }
        if (strArr.length <= 0) {
            return null;
        }
        String str2 = strArr[0];
        if (String.class.isAssignableFrom(cls)) {
            return str2;
        }
        if (Integer.class.isAssignableFrom(cls)) {
            return Integer.valueOf(Integer.parseInt(str2));
        }
        if (Float.class.isAssignableFrom(cls)) {
            return Float.valueOf(Float.parseFloat(str2));
        }
        if (Long.class.isAssignableFrom(cls)) {
            return Long.valueOf(Long.parseLong(str2));
        }
        if (Double.class.isAssignableFrom(cls)) {
            return Double.valueOf(Double.parseDouble(str2));
        }
        if (Boolean.class.isAssignableFrom(cls)) {
            return Boolean.valueOf(Boolean.parseBoolean(str2));
        }
        if (Date.class.isAssignableFrom(cls)) {
            return new SimpleDateFormat(JdbcTimestampTypeDescriptor.TIMESTAMP_FORMAT).parse(str2);
        }
        if (JSONObject.class.isAssignableFrom(cls)) {
            return new JSONObject(str2);
        }
        if (JSONArray.class.isAssignableFrom(cls)) {
            return new JSONArray(str2);
        }
        throw new RuntimeException("Unsupported cast class (" + cls.getName() + ")");
    }

    protected static Map<String, String> getPathParams(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        if (str2.contains("{") && str2.contains("}")) {
            Matcher matcher = Pattern.compile("\\{([a-zA-Z0-9_]+)\\}").matcher(str2);
            ArrayList arrayList = new ArrayList();
            while (matcher.find()) {
                arrayList.add(matcher.group(1));
            }
            Matcher matcher2 = Pattern.compile("^" + str3 + "$").matcher(str);
            while (matcher2.find()) {
                for (int i = 0; i < matcher2.groupCount(); i++) {
                    hashMap.put(arrayList.get(i), matcher2.group(i + 1));
                }
            }
        }
        return hashMap;
    }

    protected static String getPreviewCache(String str) {
        Element element = ((Cache) AppUtil.getApplicationContext().getBean("fluCache")).get(str);
        if (element != null) {
            return (String) element.getObjectValue();
        }
        return null;
    }

    protected static String addToPreviewCache(String str, String str2) {
        if (!WorkflowUtil.isCurrentUserInRole("ROLE_ADMIN")) {
            return "";
        }
        Cache cache = (Cache) AppUtil.getApplicationContext().getBean("fluCache");
        String str3 = DynamicDataSourceManager.getCurrentProfile() + "_" + str + "_API_BUILDER_PREVIEW_" + UUID.randomUUID().toString();
        Element element = new Element(str3, str2);
        element.setTimeToLive(1800);
        cache.put(element);
        return str3;
    }

    protected static boolean validate(String str, String str2, String str3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            if (messageDigest != null) {
                byte[] digest = messageDigest.digest(str2.getBytes("UTF-8"));
                StringBuilder sb = new StringBuilder();
                for (byte b : digest) {
                    sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
                }
                str2 = sb.toString();
            }
            return str3.equals(str2);
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, "");
            return false;
        }
    }

    protected static String populateVariable(String str, JSONObject jSONObject) {
        try {
            Matcher matcher = Pattern.compile("\\{([a-zA-Z0-9_]+)\\}").matcher(str);
            while (matcher.find()) {
                String group = matcher.group(1);
                if (jSONObject.has(group)) {
                    str = str.replaceAll(StringUtil.escapeRegex(matcher.group(0)), jSONObject.get(group).toString());
                }
            }
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, str);
        }
        return str;
    }

    protected static String populateTime(String str, Date date) {
        try {
            Matcher matcher = Pattern.compile("\\{(.+)\\}").matcher(str);
            while (matcher.find()) {
                str = str.replaceAll(StringUtil.escapeRegex(matcher.group(0)), StringUtil.escapeRegex(new SimpleDateFormat(matcher.group(1)).format(date)));
            }
        } catch (Exception e) {
            LogUtil.error(ApiBuilder.class.getName(), e, str);
        }
        return str;
    }

    protected static String[] extractAndDecodeHeader(String str) throws IOException {
        try {
            String str2 = new String(Base64.getDecoder().decode(str.substring(6).getBytes("UTF-8")), "UTF-8");
            int indexOf = str2.indexOf(ParserHelper.HQL_VARIABLE_PREFIX);
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid basic authentication token");
            }
            return new String[]{str2.substring(0, indexOf), str2.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }
}
