package com.wso2.openbanking.accelerator.gateway.executor.impl.tpp.validation.executor;

import com.wso2.openbanking.accelerator.common.exception.CertificateValidationException;
import com.wso2.openbanking.accelerator.common.exception.TPPValidationException;
import com.wso2.openbanking.accelerator.common.model.PSD2RoleEnum;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.executor.service.CertValidationService;
import com.wso2.openbanking.accelerator.gateway.executor.util.CertificateValidationUtils;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONValue;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/executor/impl/tpp/validation/executor/DCRTPPValidationExecutor.class */
public class DCRTPPValidationExecutor implements OpenBankingGatewayExecutor {
    private static final String BODY = "body";
    private static final String GET_METHOD_TYPE = "GET";
    private static final String DELETE_METHOD_TYPE = "DELETE";
    private static final String SOFTWARE_ROLES = "software_roles";
    private static final String SOFTWARE_STATEMENT = "software_statement";
    private static final Log log = LogFactory.getLog(DCRTPPValidationExecutor.class);

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since all cases are covered from other unit tests")
    public void preProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
        if (oBAPIRequestContext.isError()) {
            return;
        }
        try {
            try {
                Certificate[] clientCertsLatest = oBAPIRequestContext.getClientCertsLatest();
                if (clientCertsLatest != null && clientCertsLatest.length > 0) {
                    Optional<X509Certificate> convertCertToX509Cert = CertificateValidationUtils.convertCertToX509Cert(clientCertsLatest[0]);
                    if (convertCertToX509Cert.isPresent()) {
                        String httpMethod = oBAPIRequestContext.getMsgInfo().getHttpMethod();
                        if ("GET".equals(httpMethod) || "DELETE".equals(httpMethod)) {
                            return;
                        }
                        List<PSD2RoleEnum> rolesFromSSA = getRolesFromSSA(getSSAFromPayload(oBAPIRequestContext.getRequestPayload()));
                        if (rolesFromSSA.isEmpty()) {
                            throw new TPPValidationException("No roles found associated with the request. Hence, cannot continue with TPP validation");
                        }
                        if (!CertValidationService.getInstance().validateTppRoles(convertCertToX509Cert.get(), rolesFromSSA)) {
                            log.error("TPP validation service returned invalid TPP status");
                            throw new TPPValidationException("TPP validation service returned invalid TPP status");
                        }
                        log.debug("TPP validation service returned a success response");
                    }
                }
            } catch (CertificateException e) {
                log.error("Error occurred while converting the client certificate to X509Certificate ", e);
                CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200004", "Error occurred while converting the client certificate to X509Certificate ", e.getMessage(), "403"), oBAPIRequestContext);
            }
        } catch (TPPValidationException | CertificateValidationException | ParseException e2) {
            log.error("Error occurred while validating the TPP status ", e2);
            CertificateValidationUtils.handleExecutorErrors(new OpenBankingExecutorError("200004", e2.getMessage(), "Error occurred while validating the TPP status ", "403"), oBAPIRequestContext);
        }
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void preProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    public void postProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
    }

    private String getSSAFromPayload(String str) throws ParseException {
        return JWTUtils.decodeRequestJWT(str, BODY).getAsString(SOFTWARE_STATEMENT);
    }

    public List<PSD2RoleEnum> getRolesFromSSA(String str) throws TPPValidationException {
        ArrayList arrayList = new ArrayList();
        try {
            String asString = JWTUtils.decodeRequestJWT(str, BODY).getAsString(SOFTWARE_ROLES);
            if (StringUtils.isNotBlank(asString) && asString.contains("[")) {
                Stream filter = ((JSONArray) JSONValue.parseStrict(asString)).stream().map(obj -> {
                    return PSD2RoleEnum.fromValue((String) obj);
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                });
                arrayList.getClass();
                filter.forEach((v1) -> {
                    r1.add(v1);
                });
            } else {
                log.error("Invalid SSA software roles received. Expected array of software roles. Received: " + asString);
            }
            return arrayList;
        } catch (net.minidev.json.parser.ParseException | ParseException e) {
            log.error("Error while parsing the message to json", e);
            throw new TPPValidationException("Error while parsing the message to json", e);
        }
    }
}
