package com.wso2.openbanking.accelerator.gateway.executor.impl.mtls.cert.validation.executor;

import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.executor.util.CertificateValidationUtils;
import com.wso2.openbanking.accelerator.gateway.util.GatewayConstants;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/executor/impl/mtls/cert/validation/executor/MTLSEnforcementExecutor.class */
public class MTLSEnforcementExecutor implements OpenBankingGatewayExecutor {
    private static final Log LOG = LogFactory.getLog(MTLSEnforcementExecutor.class);

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since all cases are covered from other unit tests")
    public void preProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
        LOG.info("Starting mutual TLS enforcement process");
        if (oBAPIRequestContext.isError()) {
            return;
        }
        Certificate[] clientCertsLatest = oBAPIRequestContext.getClientCertsLatest();
        if (clientCertsLatest == null || clientCertsLatest.length <= 0) {
            LOG.error(GatewayConstants.CLIENT_CERTIFICATE_MISSING);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200007", GatewayConstants.INVALID_CLIENT, GatewayConstants.CLIENT_CERTIFICATE_MISSING, "401"), oBAPIRequestContext);
            return;
        }
        Optional<X509Certificate> empty = Optional.empty();
        try {
            empty = CertificateValidationUtils.convertCertToX509Cert(clientCertsLatest[0]);
        } catch (CertificateException e) {
            LOG.error("Error occurred while converting the client certificate to X509Certificate ", e);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200003", "Error occurred while converting the client certificate to X509Certificate ", e.getMessage(), "401"), oBAPIRequestContext);
        }
        if (empty.isPresent()) {
            LOG.debug("Mutual TLS enforcement success");
        } else {
            LOG.error(GatewayConstants.CLIENT_CERTIFICATE_INVALID);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200003", GatewayConstants.INVALID_CLIENT, GatewayConstants.CLIENT_CERTIFICATE_INVALID, "401"), oBAPIRequestContext);
        }
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void preProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
    }
}
