package com.wso2.openbanking.accelerator.consent.extensions.manage.impl;

import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionConstants;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.consent.extensions.internal.ConsentExtensionsDataHolder;
import com.wso2.openbanking.accelerator.consent.extensions.manage.model.ConsentManageData;
import com.wso2.openbanking.accelerator.consent.extensions.util.ConsentManageUtil;
import com.wso2.openbanking.accelerator.consent.mgt.dao.models.ConsentResource;
import com.wso2.openbanking.accelerator.event.notifications.service.handler.EventNotificationPersistenceServiceHandler;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import net.minidev.json.parser.ParseException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/consent/extensions/manage/impl/AccountConsentManageRequestHandler.class */
public class AccountConsentManageRequestHandler implements ConsentManageRequestHandler {
    private static final String ACCOUNT_CONSENT_GET_PATH = "account-access-consents";
    private static final String UUID_REGEX = "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}";
    private static final String REVOKED_STATUS = "revoked";
    private static final String ACCOUNT_CONSENT_CREATE_PATH = "account-access-consents";
    private static final String CREATED_STATUS = "created";
    private static final String AUTH_TYPE_AUTHORIZATION = "authorization";
    private static final Log log = LogFactory.getLog(AccountConsentManageRequestHandler.class);
    private static final List<String> validPermissions = Arrays.asList("ReadAccountsDetail", "ReadTransactionsDetail", "ReadBalances");

    @Override // com.wso2.openbanking.accelerator.consent.extensions.manage.impl.ConsentManageRequestHandler
    public void handleConsentManagePost(ConsentManageData consentManageData) {
        Object payload = consentManageData.getPayload();
        if (payload == null || (payload instanceof JSONArray)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Payload is not a JSON object");
        }
        if (!consentManageData.getRequestPath().equals(ConsentExtensionConstants.ACCOUNT_CONSENT_GET_PATH)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Request path invalid");
        }
        JSONObject jSONObject = (JSONObject) payload;
        if (!validateInitiation(jSONObject)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Consent validation failed due to invalid initiation payload");
        }
        ConsentResource consentResource = new ConsentResource(consentManageData.getClientId(), jSONObject.toJSONString(), ConsentExtensionConstants.ACCOUNTS, ConsentExtensionConstants.AWAITING_AUTH_STATUS);
        appendConsentExpirationTimestampAttribute(consentResource);
        try {
            consentManageData.setResponsePayload(ConsentManageUtil.getInitiationResponse(jSONObject, ConsentExtensionsDataHolder.getInstance().getConsentCoreService().createAuthorizableConsent(consentResource, (String) null, "created", AUTH_TYPE_AUTHORIZATION, true), consentManageData, ConsentExtensionConstants.ACCOUNTS));
            consentManageData.setResponseStatus(ResponseStatus.CREATED);
        } catch (ConsentManagementException e) {
            log.error(e.getMessage());
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, e.getMessage());
        }
    }

    @Override // com.wso2.openbanking.accelerator.consent.extensions.manage.impl.ConsentManageRequestHandler
    public void handleConsentManageGet(ConsentManageData consentManageData) {
        if (!consentManageData.getRequestPath().startsWith(ConsentExtensionConstants.ACCOUNT_CONSENT_GET_PATH)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Request path invalid");
        }
        String str = consentManageData.getRequestPath().split("/")[1];
        if (!ConsentManageUtil.isConsentIdValid(str)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Consent ID invalid");
        }
        try {
            ConsentResource consent = ConsentExtensionsDataHolder.getInstance().getConsentCoreService().getConsent(str, false);
            if (consent == null) {
                log.error("No valid consent found for given information");
                throw new ConsentException(ResponseStatus.BAD_REQUEST, "No valid consent found for given information");
            }
            if (!consent.getClientID().equals(consentManageData.getClientId())) {
                throw new ConsentException(ResponseStatus.BAD_REQUEST, "No valid consent found for given information");
            }
            JSONObject jSONObject = (JSONObject) new JSONParser(-1).parse(consent.getReceipt());
            JSONObject jSONObject2 = (JSONObject) jSONObject.get(ConsentExtensionConstants.DATA);
            jSONObject2.appendField("ConsentId", consent.getConsentID());
            jSONObject2.appendField("CreationDateTime", convertEpochDateTime(consent.getCreatedTime()));
            jSONObject2.appendField(ConsentExtensionConstants.STATUS_UPDATE_TIME, convertEpochDateTime(consent.getUpdatedTime()));
            jSONObject.put(ConsentExtensionConstants.DATA, jSONObject2);
            consentManageData.setResponsePayload(jSONObject);
            consentManageData.setResponseStatus(ResponseStatus.OK);
        } catch (ConsentManagementException | ParseException e) {
            log.error(e.getMessage());
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, e.getMessage());
        }
    }

    @Override // com.wso2.openbanking.accelerator.consent.extensions.manage.impl.ConsentManageRequestHandler
    public void handleConsentManageDelete(ConsentManageData consentManageData) {
        if (!consentManageData.getRequestPath().startsWith(ConsentExtensionConstants.ACCOUNT_CONSENT_DELETE_PATH)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Request path invalid");
        }
        String str = consentManageData.getRequestPath().split(ConsentExtensionConstants.ACCOUNT_CONSENT_DELETE_PATH)[1];
        if (!ConsentManageUtil.isConsentIdValid(str)) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Consent ID invalid");
        }
        try {
            ConsentResource consent = ConsentExtensionsDataHolder.getInstance().getConsentCoreService().getConsent(str, false);
            if (!consent.getClientID().equals(consentManageData.getClientId())) {
                throw new ConsentException(ResponseStatus.BAD_REQUEST, "No valid consent found for given information");
            }
            if ("revoked".equals(consent.getCurrentStatus())) {
                throw new ConsentException(ResponseStatus.BAD_REQUEST, "Consent already in revoked state");
            }
            boolean revokeConsentWithReason = ConsentExtensionsDataHolder.getInstance().getConsentCoreService().revokeConsentWithReason(str, "revoked", "Revoke the consent");
            if (!revokeConsentWithReason) {
                throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Token revocation unsuccessful");
            }
            consentManageData.setResponseStatus(ResponseStatus.NO_CONTENT);
            if (revokeConsentWithReason && OpenBankingConfigParser.getInstance().isRealtimeEventNotificationEnabled()) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("consentID", str);
                jSONObject.put("status", "Consent Revocation");
                jSONObject.put("timeStamp", Long.valueOf(System.currentTimeMillis()));
                EventNotificationPersistenceServiceHandler.getInstance().persistRevokeEvent(consent.getClientID(), str, "Consent Revocation", jSONObject);
            }
        } catch (ConsentManagementException e) {
            log.error(e.getMessage());
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, e.getMessage());
        }
    }

    private boolean validateInitiation(JSONObject jSONObject) {
        if (!jSONObject.containsKey(ConsentExtensionConstants.DATA) || !(jSONObject.get(ConsentExtensionConstants.DATA) instanceof JSONObject)) {
            return false;
        }
        JSONObject jSONObject2 = (JSONObject) jSONObject.get(ConsentExtensionConstants.DATA);
        if (!jSONObject2.containsKey(ConsentExtensionConstants.PERMISSIONS) || !(jSONObject2.get(ConsentExtensionConstants.PERMISSIONS) instanceof JSONArray)) {
            return false;
        }
        Iterator it = ((JSONArray) jSONObject2.get(ConsentExtensionConstants.PERMISSIONS)).iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (!(next instanceof String)) {
                return false;
            }
            if (!validPermissions.contains((String) next)) {
                return false;
            }
        }
        return jSONObject2.containsKey(ConsentExtensionConstants.EXPIRATION_DATE) && (jSONObject2.get(ConsentExtensionConstants.EXPIRATION_DATE) instanceof String) && isConsentExpirationTimeValid(jSONObject2.getAsString(ConsentExtensionConstants.EXPIRATION_DATE)) && jSONObject2.containsKey(ConsentExtensionConstants.TRANSACTION_FROM_DATE) && (jSONObject2.get(ConsentExtensionConstants.TRANSACTION_FROM_DATE) instanceof String) && jSONObject2.containsKey(ConsentExtensionConstants.TRANSACTION_TO_DATE) && (jSONObject2.get(ConsentExtensionConstants.TRANSACTION_TO_DATE) instanceof String) && isTransactionFromToTimeValid(jSONObject2.getAsString(ConsentExtensionConstants.TRANSACTION_FROM_DATE), jSONObject2.getAsString(ConsentExtensionConstants.TRANSACTION_TO_DATE));
    }

    private static boolean isConsentExpirationTimeValid(String str) {
        if (str == null) {
            return true;
        }
        try {
            OffsetDateTime parse = OffsetDateTime.parse(str);
            OffsetDateTime now = OffsetDateTime.now(parse.getOffset());
            if (log.isDebugEnabled()) {
                log.debug("Provided expiry date is: " + parse + " current date is: " + now);
            }
            return parse.compareTo(now) > 0;
        } catch (DateTimeParseException e) {
            return false;
        }
    }

    private static boolean isTransactionFromToTimeValid(String str, String str2) {
        if (str == null || str2 == null) {
            return true;
        }
        try {
            return OffsetDateTime.parse(str).compareTo(OffsetDateTime.parse(str2)) <= 0;
        } catch (DateTimeParseException e) {
            return false;
        }
    }

    public static void appendConsentExpirationTimestampAttribute(ConsentResource consentResource) {
        Map consentAttributes = consentResource.getConsentAttributes();
        try {
            JSONObject jSONObject = (JSONObject) new JSONParser(-1).parse(consentResource.getReceipt());
            JSONObject jSONObject2 = null;
            if (jSONObject.containsKey(ConsentExtensionConstants.DATA)) {
                jSONObject2 = (JSONObject) jSONObject.get(ConsentExtensionConstants.DATA);
            }
            if (jSONObject2 != null && jSONObject2.containsKey(ConsentExtensionConstants.EXPIRATION_DATE)) {
                long epochSecond = Instant.from(ZonedDateTime.parse(jSONObject2.get(ConsentExtensionConstants.EXPIRATION_DATE).toString())).getEpochSecond();
                if (consentAttributes == null) {
                    consentAttributes = new HashMap();
                }
                consentAttributes.put(ConsentExtensionConstants.EXPIRATION_DATE, Long.toString(epochSecond));
                consentResource.setConsentAttributes(consentAttributes);
            }
        } catch (ParseException e) {
            log.error("Invalid consent receipt received to append expiration time. : " + consentResource.getConsentID());
        }
    }

    private static String convertEpochDateTime(long j) {
        return DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'").format(LocalDateTime.ofEpochSecond(j, 0, ZoneOffset.UTC));
    }
}
