package com.wso2.openbanking.accelerator.gateway.handler;

import com.nimbusds.jose.JOSEException;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.executor.exception.OpenBankingExecutorException;
import com.wso2.openbanking.accelerator.gateway.util.GatewayUtils;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.AbstractSynapseHandler;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/handler/JwsResponseSignatureHandler.class */
public class JwsResponseSignatureHandler extends AbstractSynapseHandler {
    private static final Log log = LogFactory.getLog(JwsResponseSignatureHandler.class);
    private String xWso2ApiVersion = null;
    private String xWso2ApiType = null;
    private final String signatureHeaderName = getSignatureHeaderName();
    public static final String ERRORS_TAG = "errors";
    public static final String INTERNAL_SERVER_ERROR = "Internal server error";

    @Generated(message = "Ignoring since method contains no logics")
    public JwsResponseSignatureHandler() {
        log.debug("Initializing JwsResponseSignatureHandler to append jws response signature.");
    }

    @Generated(message = "Ignoring since method contains no logics")
    public boolean handleRequestInFlow(MessageContext messageContext) {
        return true;
    }

    @Generated(message = "Ignoring since method contains no logics")
    public boolean handleRequestOutFlow(MessageContext messageContext) {
        return true;
    }

    @Generated(message = "Ignoring since all cases are covered from other unit tests")
    public boolean handleResponseInFlow(MessageContext messageContext) {
        return appendJwsSignatureToResponse(messageContext);
    }

    public boolean handleResponseOutFlow(MessageContext messageContext) {
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        if (messageContext.getEnvelope() != null && messageContext.getEnvelope().getBody() != null && StringUtils.contains(messageContext.getEnvelope().getBody().toString(), "Schema validation failed")) {
            return appendJwsSignatureToResponse(messageContext);
        }
        if (!map.containsKey(this.signatureHeaderName) || map.get(this.signatureHeaderName) == null) {
            return appendJwsSignatureToResponse(messageContext);
        }
        return true;
    }

    private boolean appendJwsSignatureToResponse(MessageContext messageContext) {
        setXWso2ApiVersion((String) messageContext.getProperty("SYNAPSE_REST_API_VERSION"));
        setXWso2ApiType((String) messageContext.getProperty("REST_API_CONTEXT"));
        try {
        } catch (RuntimeException e) {
            log.debug("Internal Server Error, Unable to append jws signature", e);
            GatewayUtils.returnSynapseHandlerJSONError(messageContext, "500", getFormattedSignatureHandlingErrorResponse(messageContext, "500", INTERNAL_SERVER_ERROR, "Internal Server Error, Unable to append jws signature"));
        }
        if (!isApplicable(messageContext)) {
            log.debug("Signature generation is not applicable for this response");
            return true;
        }
        log.debug("Generating signature for the response");
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        Map map = (Map) axis2MessageContext.getProperty("TRANSPORT_HEADERS");
        try {
            Optional<String> buildMessagePayloadFromMessageContext = GatewayUtils.buildMessagePayloadFromMessageContext(axis2MessageContext, map);
            if (buildMessagePayloadFromMessageContext.isPresent()) {
                try {
                    map.put(this.signatureHeaderName, generateJWSSignature(buildMessagePayloadFromMessageContext));
                } catch (JOSEException | OpenBankingException e2) {
                    log.error("Unable to sign response", e2);
                    GatewayUtils.returnSynapseHandlerJSONError(messageContext, "500", getFormattedSignatureHandlingErrorResponse(messageContext, "500", INTERNAL_SERVER_ERROR, "Internal Server Error, Unable to sign the response"));
                    return true;
                }
            } else {
                log.debug("Signature cannot be generated as the payload is invalid or not present.");
            }
            axis2MessageContext.setProperty("TRANSPORT_HEADERS", map);
            return true;
        } catch (OpenBankingException e3) {
            log.error("Unable to build response payload", e3);
            GatewayUtils.returnSynapseHandlerJSONError(messageContext, "500", getFormattedSignatureHandlingErrorResponse(messageContext, "500", INTERNAL_SERVER_ERROR, "Internal Server Error, Unable to build response payload"));
            return true;
        }
    }

    @Generated(message = "Excluding from unit tests since there is no logics to test")
    public String getSignatureHeaderName() {
        return "x-jws-signature";
    }

    @Generated(message = "Excluding from unit tests since there is a call to a method in Common Module")
    public boolean isApplicable(MessageContext messageContext) {
        return OpenBankingConfigParser.getInstance().isJwsResponseSigningEnabled();
    }

    public String generateJWSSignature(Optional<String> optional) throws OpenBankingException, JOSEException {
        String str = null;
        if (optional.isPresent() && StringUtils.isNotBlank(optional.get())) {
            try {
                str = GatewayUtils.constructJWSSignature(optional.get(), getCriticalHeaderParameters());
            } catch (OpenBankingExecutorException e) {
                throw new OpenBankingException(e.getMessage());
            }
        } else {
            log.debug("Signature cannot be generated as the payload is invalid.");
        }
        return str;
    }

    @Generated(message = "Excluding from unit test coverage")
    public HashMap<String, Object> getCriticalHeaderParameters() {
        return new HashMap<>();
    }

    @Generated(message = "Excluding from unit test coverage")
    public String getFormattedSignatureHandlingErrorResponse(MessageContext messageContext, String str, String str2, String str3) {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("Code", str);
        jSONObject2.put("Title", str2);
        jSONObject2.put("Message", str3);
        jSONArray.put(jSONObject2);
        return jSONObject.put(ERRORS_TAG, jSONArray).toString();
    }

    @Generated(message = "Excluding from unit test coverage")
    public void setXWso2ApiVersion(String str) {
        this.xWso2ApiVersion = str;
    }

    @Generated(message = "Excluding from unit test coverage")
    public String getXWso2ApiVersion() {
        return this.xWso2ApiVersion;
    }

    @Generated(message = "Excluding from unit test coverage")
    public String getXWso2ApiType() {
        return this.xWso2ApiType;
    }

    @Generated(message = "Excluding from unit test coverage")
    public void setXWso2ApiType(String str) {
        this.xWso2ApiType = str;
    }
}
