package com.wso2.openbanking.accelerator.gateway.executor.impl.tpp.validation.executor;

import com.wso2.openbanking.accelerator.common.exception.CertificateValidationException;
import com.wso2.openbanking.accelerator.common.exception.TPPValidationException;
import com.wso2.openbanking.accelerator.common.model.PSD2RoleEnum;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.executor.service.CertValidationService;
import com.wso2.openbanking.accelerator.gateway.executor.util.CertificateValidationUtils;
import com.wso2.openbanking.accelerator.gateway.internal.GatewayDataHolder;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/executor/impl/tpp/validation/executor/APITPPValidationExecutor.class */
public class APITPPValidationExecutor implements OpenBankingGatewayExecutor {
    private static final String GET = "GET";
    private static final String POST = "POST";
    private static final String PUT = "PUT";
    private static final String PATCH = "PATCH";
    private static final String DELETE = "DELETE";
    private static final Log log = LogFactory.getLog(APITPPValidationExecutor.class);

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void preProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void preProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since all cases are covered from other unit tests")
    public void postProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
        if (oBAPIRequestContext.isError()) {
            return;
        }
        try {
            Certificate[] clientCertsLatest = oBAPIRequestContext.getClientCertsLatest();
            if (clientCertsLatest != null && clientCertsLatest.length > 0) {
                Optional<X509Certificate> convertCertToX509Cert = CertificateValidationUtils.convertCertToX509Cert(clientCertsLatest[0]);
                if (convertCertToX509Cert.isPresent()) {
                    List<PSD2RoleEnum> rolesFromScopes = getRolesFromScopes(GatewayDataHolder.getInstance().getOpenBankingConfigurationService().getAllowedScopes(), extractScopesFromSwaggerAPI((PathItem) oBAPIRequestContext.getOpenAPI().getPaths().get(oBAPIRequestContext.getMsgInfo().getElectedResource()), oBAPIRequestContext.getMsgInfo().getHttpMethod()));
                    if (rolesFromScopes.isEmpty()) {
                        throw new TPPValidationException("No roles found associated with the request. Hence, cannot continue with TPP validation");
                    }
                    if (!CertValidationService.getInstance().validateTppRoles(convertCertToX509Cert.get(), rolesFromScopes)) {
                        log.error("TPP validation service returned invalid TPP status");
                        throw new TPPValidationException("TPP validation service returned invalid TPP status");
                    }
                    log.debug("TPP validation service returned a success response");
                }
            }
        } catch (CertificateException e) {
            log.error("Error occurred while converting the client certificate to X509Certificate ", e);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200004", "Error occurred while converting the client certificate to X509Certificate ", e.getMessage(), "403"), oBAPIRequestContext);
        } catch (TPPValidationException | CertificateValidationException e2) {
            log.error("Error occurred while validating the TPP status ", e2);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200004", "Error occurred while validating the TPP status ", e2.getMessage(), "403"), oBAPIRequestContext);
        }
    }

    private List<PSD2RoleEnum> getRolesFromScopes(Map<String, List<String>> map, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        for (String str : set) {
            for (Map.Entry<String, List<String>> entry : map.entrySet()) {
                if (str.equalsIgnoreCase(entry.getKey())) {
                    hashSet.addAll(entry.getValue());
                }
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            arrayList.add(PSD2RoleEnum.fromValue((String) it.next()));
        }
        return arrayList;
    }

    private Set<String> extractScopesFromSwaggerAPI(PathItem pathItem, String str) {
        List list = null;
        HashSet hashSet = new HashSet();
        if ("GET".equalsIgnoreCase(str)) {
            list = pathItem.getGet().getSecurity();
        } else if ("POST".equalsIgnoreCase(str)) {
            list = pathItem.getPost().getSecurity();
        } else if ("PUT".equalsIgnoreCase(str)) {
            list = pathItem.getPut().getSecurity();
        } else if ("PATCH".equalsIgnoreCase(str)) {
            list = pathItem.getPatch().getSecurity();
        } else if ("DELETE".equalsIgnoreCase(str)) {
            list = pathItem.getDelete().getSecurity();
        }
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Iterator it2 = ((SecurityRequirement) it.next()).entrySet().iterator();
                while (it2.hasNext()) {
                    hashSet.addAll((Collection) ((Map.Entry) it2.next()).getValue());
                }
            }
        }
        return hashSet;
    }
}
