package com.wso2.openbanking.accelerator.consent.extensions.validate.impl;

import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionConstants;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidateData;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidationResult;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidator;
import com.wso2.openbanking.accelerator.consent.extensions.validate.util.ConsentValidatorUtil;
import com.wso2.openbanking.accelerator.consent.mgt.dao.models.AuthorizationResource;
import com.wso2.openbanking.accelerator.consent.mgt.dao.models.DetailedConsentResource;
import java.time.OffsetDateTime;
import java.time.format.DateTimeParseException;
import java.util.Iterator;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import net.minidev.json.parser.ParseException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/consent/extensions/validate/impl/DefaultConsentValidator.class */
public class DefaultConsentValidator implements ConsentValidator {
    private static final Log log = LogFactory.getLog(DefaultConsentValidator.class);
    private static final String ACCOUNTS_REGEX = "/accounts/[^/?]*";
    private static final String TRANSACTIONS_REGEX = "/accounts/[^/?]*/transactions";
    private static final String BALANCES_REGEX = "/accounts/[^/?]*/balances";
    private static final String PERMISSION_MISMATCH_ERROR = "Permission mismatch. Consent does not contain necessary permissions";
    private static final String INVALID_URI_ERROR = "Path requested is invalid";
    private static final String CONSENT_EXPIRED_ERROR = "Provided consent is expired";
    private static final String CONSENT_STATE_ERROR = "Provided consent not in authorised state";
    private static final String AUTHORISED_STATUS = "authorised";

    @Override // com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidator
    public void validate(ConsentValidateData consentValidateData, ConsentValidationResult consentValidationResult) throws ConsentException {
        consentValidateData.getRequestPath();
        try {
            JSONObject jSONObject = (JSONObject) new JSONParser(-1).parse(consentValidateData.getComprehensiveConsent().getReceipt());
            String userId = consentValidateData.getUserId();
            boolean z = false;
            Iterator it = consentValidateData.getComprehensiveConsent().getAuthorizationResources().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (userId.contains(((AuthorizationResource) it.next()).getUserID())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                log.error("Token received does not bound to the authorized user.:Header.AccessToken");
                consentValidationResult.setErrorMessage("Token received does not bound to the authorized user.:Header.AccessToken");
                consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
                consentValidationResult.setHttpCode(400);
                return;
            }
            String clientId = consentValidateData.getClientId();
            String clientID = consentValidateData.getComprehensiveConsent().getClientID();
            if (clientId == null || clientID == null || !clientId.equals(clientID)) {
                log.error("The client Id related the consent does not match with the client id bound to token:Header.Client-id");
                consentValidationResult.setErrorMessage("The client Id related the consent does not match with the client id bound to token:Header.Client-id");
                consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
                consentValidationResult.setHttpCode(403);
                return;
            }
            String consentType = consentValidateData.getComprehensiveConsent().getConsentType();
            boolean z2 = -1;
            switch (consentType.hashCode()) {
                case -2137146394:
                    if (consentType.equals(ConsentExtensionConstants.ACCOUNTS)) {
                        z2 = false;
                        break;
                    }
                    break;
                case -746982576:
                    if (consentType.equals(ConsentExtensionConstants.FUNDSCONFIRMATIONS)) {
                        z2 = 2;
                        break;
                    }
                    break;
                case 1382682413:
                    if (consentType.equals(ConsentExtensionConstants.PAYMENTS)) {
                        z2 = true;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    validateAccountSubmission(consentValidateData, jSONObject, consentValidationResult);
                    return;
                case true:
                    validatePaymentSubmission(consentValidateData, jSONObject, consentValidationResult);
                    return;
                case true:
                    validateFundsConfirmationSubmission(consentValidateData, jSONObject, consentValidationResult);
                    return;
                default:
                    log.error("Invalid Consent Type found in the request");
                    consentValidationResult.setErrorMessage("Invalid Consent Type found in the request");
                    consentValidationResult.setErrorCode("OB.UnexpectedError");
                    consentValidationResult.setHttpCode(500);
                    return;
            }
        } catch (ParseException e) {
            log.error(e.getMessage());
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Exception occurred while validating permissions");
        }
    }

    private void validateAccountSubmission(ConsentValidateData consentValidateData, JSONObject jSONObject, ConsentValidationResult consentValidationResult) {
        JSONArray jSONArray = (JSONArray) ((JSONObject) jSONObject.get(ConsentExtensionConstants.DATA)).get(ConsentExtensionConstants.PERMISSIONS);
        String requestPath = consentValidateData.getRequestPath();
        if (!requestPath.matches(ACCOUNTS_REGEX) && !requestPath.matches(TRANSACTIONS_REGEX) && !requestPath.matches(BALANCES_REGEX)) {
            consentValidationResult.setErrorMessage(INVALID_URI_ERROR);
            consentValidationResult.setErrorCode("00013");
            consentValidationResult.setHttpCode(401);
            return;
        }
        if ((requestPath.matches(ACCOUNTS_REGEX) && !jSONArray.contains("ReadAccountsDetail")) || ((requestPath.matches(TRANSACTIONS_REGEX) && !jSONArray.contains("ReadTransactionsDetail")) || (requestPath.matches(BALANCES_REGEX) && !jSONArray.contains("ReadBalances")))) {
            consentValidationResult.setErrorMessage(PERMISSION_MISMATCH_ERROR);
            consentValidationResult.setErrorCode("00010");
            consentValidationResult.setHttpCode(401);
        } else if (!"authorised".equalsIgnoreCase(consentValidateData.getComprehensiveConsent().getCurrentStatus())) {
            consentValidationResult.setErrorMessage("Account validation failed due to invalid consent state. :Payload.Status");
            consentValidationResult.setErrorCode("OB.Resource.InvalidConsentStatus");
            consentValidationResult.setHttpCode(400);
        } else {
            if (!isConsentExpired(((JSONObject) jSONObject.get(ConsentExtensionConstants.DATA)).getAsString(ConsentExtensionConstants.EXPIRATION_DATE))) {
                consentValidationResult.setValid(true);
                return;
            }
            consentValidationResult.setErrorMessage(CONSENT_EXPIRED_ERROR);
            consentValidationResult.setErrorCode("00011");
            consentValidationResult.setHttpCode(401);
        }
    }

    private void validatePaymentSubmission(ConsentValidateData consentValidateData, JSONObject jSONObject, ConsentValidationResult consentValidationResult) {
        DetailedConsentResource comprehensiveConsent = consentValidateData.getComprehensiveConsent();
        try {
            if (ConsentExtensionUtils.shouldSubmissionRequestBeRejected(ConsentExtensionUtils.convertToISO8601(comprehensiveConsent.getCreatedTime()))) {
                if (ConsentExtensionUtils.getConsentService().revokeConsent(comprehensiveConsent.getConsentID(), ConsentExtensionConstants.REJECTED_STATUS)) {
                    log.error("Cut off time has elapsed :Data.CutOffDateTime");
                    consentValidationResult.setErrorMessage("Cut off time has elapsed :Data.CutOffDateTime");
                    consentValidationResult.setErrorCode("OB.Rules.AfterCutOffDateTime");
                    consentValidationResult.setHttpCode(400);
                    return;
                }
                log.error("Token revocation unsuccessful. :Data.CutOffDateTime");
                consentValidationResult.setErrorMessage("Token revocation unsuccessful. :Data.CutOffDateTime");
                consentValidationResult.setErrorCode("OB.UnexpectedError");
                consentValidationResult.setHttpCode(500);
                return;
            }
            if (consentValidateData.getConsentId() == null || comprehensiveConsent.getConsentID() == null || !consentValidateData.getConsentId().equals(comprehensiveConsent.getConsentID())) {
                log.error("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
                consentValidationResult.setErrorMessage("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
                consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
                consentValidationResult.setHttpCode(400);
                return;
            }
            if (consentValidateData.getRequestPath().contains(ConsentExtensionConstants.PAYMENT_COF_PATH)) {
                new PaymentFundsConfirmationPayloadValidator().validatePaymentFundsConfirmationRequest(consentValidateData, consentValidationResult, comprehensiveConsent);
                return;
            }
            if (!"authorised".equalsIgnoreCase(consentValidateData.getComprehensiveConsent().getCurrentStatus())) {
                log.error("Payment validation failed due to invalid consent state.:Payload.Status");
                consentValidationResult.setErrorMessage("Payment validation failed due to invalid consent state.:Payload.Status");
                consentValidationResult.setErrorCode("OB.Resource.InvalidConsentStatus");
                consentValidationResult.setHttpCode(400);
                return;
            }
            JSONObject payload = consentValidateData.getPayload();
            new JSONObject();
            new JSONObject();
            JSONObject jSONObject2 = (JSONObject) ((JSONObject) jSONObject.get(ConsentExtensionConstants.DATA)).get(ConsentExtensionConstants.INITIATION);
            if (!payload.containsKey(ConsentExtensionConstants.DATA) || !(payload.get(ConsentExtensionConstants.DATA) instanceof JSONObject)) {
                log.error("Data is not found or empty in the request.:Data");
                consentValidationResult.setErrorMessage("Data is not found or empty in the request.:Data");
                consentValidationResult.setErrorCode("OB.Field.Missing");
                consentValidationResult.setHttpCode(400);
                return;
            }
            JSONObject jSONObject3 = (JSONObject) payload.get(ConsentExtensionConstants.DATA);
            if (!jSONObject3.containsKey(ConsentExtensionConstants.INITIATION) || !(jSONObject3.get(ConsentExtensionConstants.INITIATION) instanceof JSONObject)) {
                log.error("Initiation is not found or empty in the request.:Data.Initiation");
                consentValidationResult.setErrorMessage("Initiation is not found or empty in the request.:Data.Initiation");
                consentValidationResult.setErrorCode("OB.Field.Missing");
                consentValidationResult.setHttpCode(400);
                return;
            }
            JSONObject jSONObject4 = (JSONObject) jSONObject3.get(ConsentExtensionConstants.INITIATION);
            if (!jSONObject3.containsKey("ConsentId") || jSONObject3.get("ConsentId") == null || !jSONObject3.get("ConsentId").equals(comprehensiveConsent.getConsentID())) {
                log.error("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
                consentValidationResult.setErrorMessage("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
                consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
                consentValidationResult.setHttpCode(400);
                return;
            }
            JSONObject validateInitiation = new PaymentSubmissionPayloadValidator().validateInitiation(jSONObject4, jSONObject2);
            if (((Boolean) validateInitiation.get(ConsentExtensionConstants.IS_VALID_PAYLOAD)).booleanValue()) {
                consentValidationResult.setValid(true);
                return;
            }
            log.error(validateInitiation.getAsString(ConsentExtensionConstants.ERROR_MESSAGE));
            consentValidationResult.setErrorMessage(validateInitiation.getAsString(ConsentExtensionConstants.ERROR_MESSAGE));
            consentValidationResult.setErrorCode(validateInitiation.getAsString(ConsentExtensionConstants.ERROR_CODE));
            consentValidationResult.setHttpCode(400);
        } catch (ConsentManagementException e) {
            log.error(e.getMessage());
            consentValidationResult.setErrorMessage(e.getMessage());
            consentValidationResult.setErrorCode("OB.UnexpectedError");
            consentValidationResult.setHttpCode(500);
        }
    }

    private boolean isConsentExpired(String str) throws ConsentException {
        if (str == null || str.isEmpty()) {
            return false;
        }
        try {
            return OffsetDateTime.now().isAfter(OffsetDateTime.parse(str));
        } catch (DateTimeParseException e) {
            log.error("Error occurred while parsing the expiration date : " + str);
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Error occurred while parsing the expiration date");
        }
    }

    private static void validateFundsConfirmationSubmission(ConsentValidateData consentValidateData, JSONObject jSONObject, ConsentValidationResult consentValidationResult) {
        String requestPath = consentValidateData.getRequestPath();
        if (requestPath == null || !ConsentValidatorUtil.isCOFURIValid(requestPath)) {
            consentValidationResult.setErrorMessage("Path requested is invalid. :Data.Url");
            consentValidationResult.setErrorCode("OB.Resource.InvalidFormat");
            consentValidationResult.setHttpCode(401);
            return;
        }
        if (!"authorised".equalsIgnoreCase(consentValidateData.getComprehensiveConsent().getCurrentStatus())) {
            consentValidationResult.setErrorMessage("Confirmation of Funds validation failed due to invalid consent state.:Payload.Status");
            consentValidationResult.setErrorCode("OB.Resource.InvalidConsentStatus");
            consentValidationResult.setHttpCode(400);
            return;
        }
        if (ConsentValidatorUtil.isConsentExpired(((JSONObject) jSONObject.get(ConsentExtensionConstants.DATA)).getAsString(ConsentExtensionConstants.EXPIRATION_DATE))) {
            consentValidationResult.setErrorMessage("Provided consent is expired. :Data.Expiration-Date");
            consentValidationResult.setErrorCode("OB.Field.Invalid");
            consentValidationResult.setHttpCode(400);
            return;
        }
        if (consentValidateData.getConsentId() == null || consentValidateData.getComprehensiveConsent().getConsentID() == null || !consentValidateData.getConsentId().equals(consentValidateData.getComprehensiveConsent().getConsentID())) {
            log.error("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
            consentValidationResult.setErrorMessage("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
            consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
            consentValidationResult.setHttpCode(400);
            return;
        }
        JSONObject jSONObject2 = (JSONObject) consentValidateData.getPayload().get(ConsentExtensionConstants.DATA);
        if (jSONObject2.containsKey("ConsentId") && jSONObject2.get("ConsentId") != null && jSONObject2.get("ConsentId").equals(consentValidateData.getComprehensiveConsent().getConsentID())) {
            consentValidationResult.setValid(true);
            return;
        }
        log.error("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
        consentValidationResult.setErrorMessage("The requested consent-Id does not match with the consent-Id bound to token:Data.Initiation.Consent-id");
        consentValidationResult.setErrorCode("OB.Resource.ConsentMismatch");
        consentValidationResult.setHttpCode(400);
    }
}
