package com.wso2.openbanking.accelerator.gateway.executor.impl.consent;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.internal.GatewayDataHolder;
import com.wso2.openbanking.accelerator.gateway.util.GatewayConstants;
import com.wso2.openbanking.accelerator.gateway.util.GatewayUtils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.json.JSONObject;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/executor/impl/consent/ConsentEnforcementExecutor.class */
public class ConsentEnforcementExecutor implements OpenBankingGatewayExecutor {
    protected static final String ERROR_TITLE = "Consent Enforcement Error";
    protected static final String HEADERS_TAG = "headers";
    protected static final String BODY_TAG = "body";
    protected static final String CONTEXT_TAG = "context";
    protected static final String RESOURCE_TAG = "resource";
    protected static final String ELECTED_RESOURCE_TAG = "electedResource";
    protected static final String HTTP_METHOD = "httpMethod";
    protected static final String CONSENT_ID_TAG = "consentId";
    protected static final String USER_ID_TAG = "userId";
    protected static final String CLIENT_ID_TAG = "clientId";
    protected static final String RESOURCE_PARAMS = "resourceParams";
    private static final Log log = LogFactory.getLog(ConsentEnforcementExecutor.class);
    private static final GatewayDataHolder dataHolder = GatewayDataHolder.getInstance();
    private static final String INFO_HEADER_TAG = "Account-Request-Information";
    private static final String IS_VALID = "isValid";
    private static final String ERROR_CODE = "errorCode";
    private static final String ERROR_MESSAGE = "errorMessage";
    private static final String HTTP_CODE = "httpCode";
    private static final String MODIFIED_PAYLOAD = "modifiedPayload";
    private static final String CONSENT_INFO = "consentInformation";
    private static volatile String consentValidationEndpoint;
    private static volatile Key key;

    private static String getValidationEndpoint() {
        if (consentValidationEndpoint == null) {
            synchronized (ConsentEnforcementExecutor.class) {
                if (consentValidationEndpoint == null) {
                    consentValidationEndpoint = dataHolder.getOpenBankingConfigurationService().getConfigurations().get(GatewayConstants.CONSENT_VALIDATION_ENDPOINT_TAG).toString();
                }
            }
        }
        return consentValidationEndpoint;
    }

    @SuppressFBWarnings({"PATH_TRAVERSAL_IN"})
    protected static Key getJWTSigningKey() {
        if (key == null) {
            synchronized (ConsentEnforcementExecutor.class) {
                if (key == null) {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(dataHolder.getKeyStoreLocation());
                        Throwable th = null;
                        try {
                            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                            keyStore.load(fileInputStream, dataHolder.getKeyStorePassword());
                            key = keyStore.getKey(dataHolder.getKeyAlias(), dataHolder.getKeyPassword().toCharArray());
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                        } catch (Throwable th3) {
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            throw th3;
                        }
                    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                        log.error("Error occurred while retrieving private key from keystore ", e);
                    }
                }
            }
        }
        return key;
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Unit testable components are covered")
    public void preProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void preProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    protected String generateJWT(String str) {
        return Jwts.builder().setPayload(str).signWith(SignatureAlgorithm.RS512, getJWTSigningKey()).compact();
    }

    @Generated(message = "Ignoring from unit tests since this method require calling external component to function")
    private String invokeConsentValidationService(String str) throws IOException, OpenBankingException {
        HttpPost httpPost = new HttpPost(getValidationEndpoint());
        httpPost.setEntity(new StringEntity(str));
        httpPost.setHeader("Content-Type", GatewayConstants.JWT_CONTENT_TYPE);
        httpPost.setHeader(GatewayConstants.AUTH_HEADER, GatewayUtils.getBasicAuthHeader(GatewayUtils.getAPIMgtConfig(GatewayConstants.API_KEY_VALIDATOR_USERNAME), GatewayUtils.getAPIMgtConfig(GatewayConstants.API_KEY_VALIDATOR_PASSWORD)));
        return IOUtils.toString(GatewayDataHolder.getHttpClient().execute(httpPost).getEntity().getContent(), String.valueOf(StandardCharsets.UTF_8));
    }

    protected void handleError(OBAPIRequestContext oBAPIRequestContext, String str, String str2, String str3) {
        oBAPIRequestContext.setError(true);
        ArrayList<OpenBankingExecutorError> errors = oBAPIRequestContext.getErrors();
        errors.add(new OpenBankingExecutorError(str, ERROR_TITLE, str2, str3));
        oBAPIRequestContext.setErrors(errors);
        oBAPIRequestContext.addContextProperty(GatewayConstants.ERROR_STATUS_PROP, str3);
    }

    protected JSONObject createValidationRequestPayload(Map<String, String> map, String str, Map<String, Object> map2) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.getClass();
        map.forEach((v1, v2) -> {
            r1.put(v1, v2);
        });
        jSONObject.put(HEADERS_TAG, jSONObject2);
        if (str != null && !str.isEmpty() && !str.equals("null")) {
            jSONObject.put(BODY_TAG, new JSONObject(str));
        }
        jSONObject.getClass();
        map2.forEach(jSONObject::put);
        return jSONObject;
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
        Object obj;
        if (oBAPIRequestContext.isError() || oBAPIRequestContext.getConsentId() == null) {
            return;
        }
        Map<String, String> headers = oBAPIRequestContext.getMsgInfo().getHeaders();
        HashMap hashMap = new HashMap();
        hashMap.put(ELECTED_RESOURCE_TAG, oBAPIRequestContext.getMsgInfo().getElectedResource());
        hashMap.put(CONSENT_ID_TAG, oBAPIRequestContext.getConsentId());
        hashMap.put(USER_ID_TAG, oBAPIRequestContext.getApiRequestInfo().getUsername());
        hashMap.put(CLIENT_ID_TAG, oBAPIRequestContext.getApiRequestInfo().getConsumerKey());
        hashMap.put(RESOURCE_PARAMS, getResourceParamMap(oBAPIRequestContext));
        try {
            JSONObject jSONObject = new JSONObject(invokeConsentValidationService(generateJWT((StringUtils.isNotBlank(oBAPIRequestContext.getModifiedPayload()) ? createValidationRequestPayload(headers, oBAPIRequestContext.getModifiedPayload(), hashMap) : createValidationRequestPayload(headers, oBAPIRequestContext.getRequestPayload(), hashMap)).toString())));
            if (!((Boolean) jSONObject.get(IS_VALID)).booleanValue()) {
                String obj2 = jSONObject.get(ERROR_CODE).toString();
                String obj3 = jSONObject.get(ERROR_MESSAGE).toString();
                String obj4 = jSONObject.get(HTTP_CODE).toString();
                oBAPIRequestContext.setError(true);
                handleError(oBAPIRequestContext, obj2, obj3, obj4);
                return;
            }
            if (!jSONObject.isNull(MODIFIED_PAYLOAD)) {
                Object obj5 = jSONObject.get(MODIFIED_PAYLOAD);
                if (obj5 != null) {
                    oBAPIRequestContext.setModifiedPayload(obj5.toString());
                    return;
                }
                return;
            }
            if (jSONObject.isNull(CONSENT_INFO) || (obj = jSONObject.get(CONSENT_INFO)) == null) {
                return;
            }
            headers.put(INFO_HEADER_TAG, obj.toString());
            oBAPIRequestContext.setAddedHeaders(headers);
        } catch (IOException | OpenBankingException e) {
            handleError(oBAPIRequestContext, "200002", e.getMessage(), "500");
        }
    }

    private Map<String, String> getResourceParamMap(OBAPIRequestContext oBAPIRequestContext) {
        HashMap hashMap = new HashMap();
        hashMap.put(RESOURCE_TAG, oBAPIRequestContext.getMsgInfo().getResource());
        hashMap.put(HTTP_METHOD, oBAPIRequestContext.getMsgInfo().getHttpMethod());
        hashMap.put(CONTEXT_TAG, oBAPIRequestContext.getApiRequestInfo().getContext());
        return hashMap;
    }
}
