package com.wso2.openbanking.accelerator.gateway.util;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingRuntimeException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.gateway.cache.GatewayCacheKey;
import com.wso2.openbanking.accelerator.gateway.executor.exception.OpenBankingExecutorException;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.handler.JwsResponseSignatureHandler;
import com.wso2.openbanking.accelerator.gateway.internal.GatewayDataHolder;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.HttpGet;
import org.apache.synapse.commons.json.JsonUtil;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.apache.synapse.transport.passthru.util.RelayUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.XML;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/util/GatewayUtils.class */
public class GatewayUtils {
    private static final Log log = LogFactory.getLog(GatewayUtils.class);
    private static final String SOAP_ENV_START_TAG = "<soapenv:Body xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">";
    private static final String SOAP_ENV_END_TAG = "</soapenv:Body>";

    public static JSONObject decodeBase64(String str) throws UnsupportedEncodingException {
        return new JSONObject(new String(Base64.getDecoder().decode(str), String.valueOf(StandardCharsets.UTF_8)));
    }

    public static String getPayloadFromJWT(String str) {
        return str.split("\\.")[1];
    }

    @Deprecated
    public static String getPayloadFromXML(String str) throws OpenBankingException {
        try {
            JSONObject jSONObject = new JSONObject(JsonUtil.toJsonString(AXIOMUtil.stringToOM(str)).toString());
            if (jSONObject.has("Body")) {
                return jSONObject.get("Body").toString();
            }
            return null;
        } catch (AxisFault e) {
            log.error("Error occurred while reading the xml payload");
            throw new OpenBankingException("Error occurred while reading the xml payload", e);
        } catch (XMLStreamException e2) {
            log.error("Error occurred while transforming the xml payload to json");
            throw new OpenBankingException("Error occurred while transforming the xml payload to json", e2);
        }
    }

    public static String getXMLPayloadToSign(String str) throws OpenBankingException {
        try {
            OMElement firstOMChild = AXIOMUtil.stringToOM(str).getFirstOMChild();
            return firstOMChild != null ? firstOMChild.toString() : "";
        } catch (XMLStreamException e) {
            log.error("Error occurred while transforming the xml payload.");
            throw new OpenBankingException("Error occurred while transforming the xml payload", e);
        }
    }

    public static String getTextPayload(String str) {
        return XML.toJSONObject(str).getJSONObject("soapenv:Body").getJSONObject("text").getString("content");
    }

    public static String getBasicAuthHeader(String str, String str2) {
        return GatewayConstants.BASIC_TAG + new String(Base64.getEncoder().encode((str + ":" + str2).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    @Generated(message = "Cannot test without running APIM. Integration test will be written for this")
    public static String getSwaggerDefinition(String str) {
        String obj = GatewayDataHolder.getInstance().getOpenBankingConfigurationService().getConfigurations().get(GatewayConstants.PUBLISHER_HOSTNAME).toString();
        HttpGet httpGet = new HttpGet(obj.endsWith("/") ? obj + GatewayConstants.PUBLISHER_API_PATH + str + GatewayConstants.SWAGGER_ENDPOINT : obj + "/" + GatewayConstants.PUBLISHER_API_PATH + str + GatewayConstants.SWAGGER_ENDPOINT);
        httpGet.setHeader(GatewayConstants.AUTH_HEADER, getBasicAuthHeader(getAPIMgtConfig(GatewayConstants.API_KEY_VALIDATOR_USERNAME), getAPIMgtConfig(GatewayConstants.API_KEY_VALIDATOR_PASSWORD)));
        try {
            return IOUtils.toString(GatewayDataHolder.getHttpClient().execute(httpGet).getEntity().getContent(), String.valueOf(StandardCharsets.UTF_8));
        } catch (IOException | OpenBankingException e) {
            throw new OpenBankingRuntimeException("Failed to retrieve swagger definition from API", e);
        }
    }

    public static String getAPIMgtConfig(String str) {
        return GatewayDataHolder.getInstance().getApiManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty(str);
    }

    public static boolean isValidJWTToken(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return false;
        }
        try {
            decodeBase64(split[0]);
            decodeBase64(split[1]);
            return true;
        } catch (UnsupportedEncodingException | IllegalArgumentException | JSONException e) {
            return false;
        }
    }

    public static boolean isEligibleRequest(String str, String str2) {
        return (str.startsWith("application/json") || str.startsWith(GatewayConstants.APPLICATION_XML_CONTENT_TYPE) || str.startsWith(GatewayConstants.TEXT_XML_CONTENT_TYPE)) && ("POST".equals(str2) || "PUT".equals(str2));
    }

    public static boolean isEligibleResponse(String str, String str2) {
        return (str.startsWith("application/json") || str.startsWith(GatewayConstants.APPLICATION_XML_CONTENT_TYPE) || str.startsWith(GatewayConstants.TEXT_XML_CONTENT_TYPE)) && ("GET".equals(str2) || "POST".equals(str2) || "PUT".equals(str2) || "PATCH".equals(str2) || "DELETE".equals(str2));
    }

    public static Optional<String> extractRequestPayload(OBAPIRequestContext oBAPIRequestContext, Map<String, String> map) throws OpenBankingException {
        Optional<String> ofNullable;
        Optional.empty();
        if (!map.containsKey("Content-Type")) {
            ofNullable = Optional.ofNullable(oBAPIRequestContext.getRequestPayload());
        } else if (map.get("Content-Type").contains(GatewayConstants.TEXT_XML_CONTENT_TYPE) || map.get("Content-Type").contains(GatewayConstants.APPLICATION_XML_CONTENT_TYPE)) {
            try {
                ofNullable = Optional.of(getXMLPayloadToSign(oBAPIRequestContext.getMsgInfo().getPayloadHandler().consumeAsString()));
            } catch (Exception e) {
                throw new OpenBankingException("Internal Server Error, Unable to process Payload");
            }
        } else {
            ofNullable = Optional.ofNullable(oBAPIRequestContext.getRequestPayload());
        }
        return ofNullable;
    }

    public static Optional<String> extractResponsePayload(OBAPIResponseContext oBAPIResponseContext, Map<String, String> map) throws OpenBankingException {
        Optional<String> ofNullable;
        Optional.empty();
        if (!map.containsKey("Content-Type")) {
            ofNullable = Optional.ofNullable(oBAPIResponseContext.getResponsePayload());
        } else if (map.get("Content-Type").contains(GatewayConstants.TEXT_XML_CONTENT_TYPE) || map.get("Content-Type").contains(GatewayConstants.APPLICATION_XML_CONTENT_TYPE)) {
            try {
                ofNullable = Optional.of(getXMLPayloadToSign(oBAPIResponseContext.getMsgInfo().getPayloadHandler().consumeAsString()));
            } catch (Exception e) {
                throw new OpenBankingException("Internal Server Error, Unable to process Payload");
            }
        } else {
            ofNullable = Optional.ofNullable(oBAPIResponseContext.getResponsePayload());
        }
        return ofNullable;
    }

    @Generated(message = "Excluding from unit tests since it is covered by other methods")
    public static String constructJWSSignature(String str, HashMap<String, Object> hashMap) throws OpenBankingExecutorException, JOSEException {
        RSASSASigner eCDSASigner;
        String createDetachedJws;
        JWSAlgorithm signingAlgorithm = GatewaySignatureHandlingUtils.getSigningAlgorithm();
        Optional<Key> signingKey = GatewaySignatureHandlingUtils.getSigningKey();
        if (!signingKey.isPresent()) {
            throw new OpenBankingExecutorException("Signing key is not present");
        }
        Key key = signingKey.get();
        String signingKeyId = GatewaySignatureHandlingUtils.getSigningKeyId();
        if (StringUtils.isBlank(signingKeyId)) {
            throw new OpenBankingExecutorException("The kid is not present to sign.");
        }
        JWSHeader constructJWSHeader = GatewaySignatureHandlingUtils.constructJWSHeader(signingKeyId, hashMap, signingAlgorithm);
        JWSObject constructJWSObject = GatewaySignatureHandlingUtils.constructJWSObject(constructJWSHeader, str);
        if (key.getAlgorithm().equals("RSA")) {
            eCDSASigner = new RSASSASigner((PrivateKey) key);
        } else {
            if (!key.getAlgorithm().equals("EC")) {
                throw new JOSEException("The \"" + key.getAlgorithm() + "\" algorithm is not supported by the Solution");
            }
            eCDSASigner = new ECDSASigner((ECPrivateKey) key);
        }
        try {
            if (GatewaySignatureHandlingUtils.isB64HeaderVerifiable(constructJWSObject)) {
                constructJWSObject.sign(eCDSASigner);
                createDetachedJws = GatewaySignatureHandlingUtils.createDetachedJws(constructJWSObject.serialize());
            } else {
                createDetachedJws = GatewaySignatureHandlingUtils.createDetachedJws(constructJWSHeader, eCDSASigner.sign(constructJWSHeader, GatewaySignatureHandlingUtils.getSigningInput(constructJWSHeader, str)));
            }
            return createDetachedJws;
        } catch (JOSEException | UnsupportedEncodingException e) {
            throw new OpenBankingExecutorException("Unable to compute JWS signature", e);
        }
    }

    @Generated(message = "Excluding from unit tests since the method is for exceptionhandling")
    public static void handleRequestInternalServerError(OBAPIRequestContext oBAPIRequestContext, String str, String str2) {
        OpenBankingExecutorError openBankingExecutorError = new OpenBankingExecutorError(str2, JwsResponseSignatureHandler.INTERNAL_SERVER_ERROR, str, "500");
        ArrayList<OpenBankingExecutorError> errors = oBAPIRequestContext.getErrors();
        errors.add(openBankingExecutorError);
        oBAPIRequestContext.setError(true);
        oBAPIRequestContext.setErrors(errors);
    }

    @Generated(message = "Excluding from unit tests since the method is for exceptionhandling")
    public static void handleResponseInternalServerError(OBAPIResponseContext oBAPIResponseContext, String str, String str2) {
        OpenBankingExecutorError openBankingExecutorError = new OpenBankingExecutorError(str2, JwsResponseSignatureHandler.INTERNAL_SERVER_ERROR, str, "500");
        ArrayList<OpenBankingExecutorError> errors = oBAPIResponseContext.getErrors();
        errors.add(openBankingExecutorError);
        oBAPIResponseContext.setError(true);
        oBAPIResponseContext.setErrors(errors);
    }

    public static String getUserNameWithTenantDomain(String str) {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        return str.endsWith(tenantDomain) ? str : str + "@" + tenantDomain;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [java.util.List] */
    @Generated(message = "Ignoring since the method has covered in other tests")
    public static List<String> getAllowedOAuthFlows(OBAPIRequestContext oBAPIRequestContext) {
        ArrayList arrayList = new ArrayList();
        String httpMethod = oBAPIRequestContext.getMsgInfo().getHttpMethod();
        try {
            arrayList = (List) GatewayDataHolder.getGatewayCache().getFromCacheOrRetrieve(GatewayCacheKey.of(oBAPIRequestContext.getMsgInfo().getElectedResource() + ":" + httpMethod), () -> {
                return getAllowedOAuthFlowsFromSwagger(oBAPIRequestContext.getOpenAPI(), oBAPIRequestContext.getMsgInfo().getElectedResource(), httpMethod);
            });
        } catch (OpenBankingException e) {
            log.error("Unable to cache or retrieve from API Security Cache", e);
        }
        return arrayList;
    }

    public static List<String> getAllowedOAuthFlowsFromSwagger(OpenAPI openAPI, String str, String str2) {
        Map securitySchemes = openAPI.getComponents().getSecuritySchemes();
        HashMap hashMap = new HashMap();
        for (Object obj : securitySchemes.keySet()) {
            OAuthFlows flows = ((SecurityScheme) securitySchemes.get(obj.toString())).getFlows();
            if (flows != null) {
                ArrayList arrayList = new ArrayList();
                if (flows.getAuthorizationCode() != null) {
                    arrayList.add(GatewayConstants.AUTHORIZATION_CODE);
                }
                if (flows.getImplicit() != null) {
                    arrayList.add(GatewayConstants.IMPLICIT);
                }
                if (flows.getClientCredentials() != null) {
                    arrayList.add(GatewayConstants.CLIENT_CREDENTIALS);
                }
                if (flows.getPassword() != null) {
                    arrayList.add(GatewayConstants.PASSWORD_GRANT);
                }
                hashMap.put(obj.toString(), arrayList);
            }
        }
        PathItem pathItem = (PathItem) openAPI.getPaths().get(str);
        List list = null;
        if ("GET".equalsIgnoreCase(str2)) {
            list = pathItem.getGet().getSecurity();
        } else if ("POST".equalsIgnoreCase(str2)) {
            list = pathItem.getPost().getSecurity();
        } else if ("PUT".equalsIgnoreCase(str2)) {
            list = pathItem.getPut().getSecurity();
        } else if ("PATCH".equalsIgnoreCase(str2)) {
            list = pathItem.getPatch().getSecurity();
        } else if ("DELETE".equalsIgnoreCase(str2)) {
            list = pathItem.getDelete().getSecurity();
        }
        ArrayList arrayList2 = new ArrayList();
        ArrayList<String> arrayList3 = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList3.addAll(new ArrayList(((SecurityRequirement) it.next()).keySet()));
            }
        }
        for (String str3 : arrayList3) {
            if (!GatewayConstants.DEFAULT.equalsIgnoreCase(str3) && !GatewayConstants.OPENID.equalsIgnoreCase(str3) && hashMap.containsKey(str3)) {
                arrayList2.addAll((Collection) hashMap.get(str3));
            }
        }
        return arrayList2;
    }

    public static String getBearerTokenPayload(Map<String, String> map) throws OpenBankingExecutorException {
        if (!map.containsKey(GatewayConstants.AUTH_HEADER)) {
            log.debug("Missing Authorization header");
            throw new OpenBankingExecutorException("Missing Credentials.", String.valueOf(GatewayConstants.API_AUTH_MISSING_CREDENTIALS), GatewayConstants.MISSING_CREDENTIALS);
        }
        try {
            return map.get(GatewayConstants.AUTH_HEADER).split(" ")[1].split("\\.")[1];
        } catch (ArrayIndexOutOfBoundsException e) {
            log.debug("Invalid authorization header format", e);
            throw new OpenBankingExecutorException("Invalid Credentials.", String.valueOf(GatewayConstants.API_AUTH_INVALID_CREDENTIALS), GatewayConstants.INVALID_CREDENTIALS);
        }
    }

    public static String getTokenType(String str) throws OpenBankingExecutorException {
        try {
            return new JSONObject(new String(Base64.getUrlDecoder().decode(str), StandardCharsets.UTF_8)).getString(GatewayConstants.AUTHORIZED_USER_TYPE_CLAIM_NAME);
        } catch (RuntimeException e) {
            log.error("Invalid tokenPayload", e);
            throw new OpenBankingExecutorException("Invalid Credentials.", String.valueOf(GatewayConstants.API_AUTH_INVALID_CREDENTIALS), GatewayConstants.INVALID_CREDENTIALS);
        }
    }

    public static void validateGrantType(String str, List<String> list) throws OpenBankingExecutorException {
        if ((GatewayConstants.APPLICATION.equalsIgnoreCase(str) && list.contains(GatewayConstants.CLIENT_CREDENTIALS)) || (GatewayConstants.APPLICATION_USER.equalsIgnoreCase(str) && list.contains(GatewayConstants.AUTHORIZATION_CODE))) {
            log.debug("Valid Access Token type found");
        } else {
            log.error("Incorrect Access Token Type is provided");
            throw new OpenBankingExecutorException(GatewayConstants.INVALID_GRANT_TYPE, "200001", "Incorrect Access Token Type provided");
        }
    }

    public static Optional<String> buildMessagePayloadFromMessageContext(MessageContext messageContext, Map map) throws OpenBankingException {
        String str = null;
        if (!isMessageContextBuilt(messageContext)) {
            try {
                RelayUtils.buildMessage(messageContext);
            } catch (IOException | XMLStreamException e) {
                throw new OpenBankingException("Unable to build axis2 message", e);
            }
        }
        if (map.containsKey("Content-Type")) {
            if (map.get("Content-Type").toString().contains(GatewayConstants.TEXT_XML_CONTENT_TYPE) || map.get("Content-Type").toString().contains(GatewayConstants.APPLICATION_XML_CONTENT_TYPE) || map.get("Content-Type").toString().contains(GatewayConstants.JWT_CONTENT_TYPE)) {
                OMElement firstElement = messageContext.getEnvelope().getBody().getFirstElement();
                str = firstElement != null ? firstElement.toString() : "";
            } else {
                try {
                    if (JsonUtil.getJsonPayload(messageContext) != null) {
                        str = IOUtils.toString(JsonUtil.getJsonPayload(messageContext), StandardCharsets.UTF_8.name());
                    }
                } catch (IOException e2) {
                    throw new OpenBankingException("Unable to read payload stream", e2);
                }
            }
        }
        return Optional.ofNullable(str);
    }

    public static boolean isMessageContextBuilt(MessageContext messageContext) {
        boolean z = false;
        Object property = messageContext.getProperty("message.builder.invoked");
        if (property != null) {
            z = ((Boolean) property).booleanValue();
        }
        return z;
    }

    public static void returnSynapseHandlerJSONError(org.apache.synapse.MessageContext messageContext, String str, String str2) {
        MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        axis2MessageContext.setProperty("message.builder.invoked", Boolean.TRUE);
        try {
            RelayUtils.discardRequestMessage(axis2MessageContext);
        } catch (AxisFault e) {
            log.error("ResponseError occurred while discarding the message", e);
        }
        setJsonFaultPayloadToMessageContext(messageContext, str2);
        sendSynapseHandlerFaultResponse(messageContext, str);
    }

    private static void setJsonFaultPayloadToMessageContext(org.apache.synapse.MessageContext messageContext, String str) {
        MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        axis2MessageContext.setProperty("messageType", "application/json");
        try {
            JsonUtil.getNewJsonPayload(axis2MessageContext, str, true, true);
        } catch (AxisFault e) {
            log.error("Unable to set JSON payload to fault message", e);
        }
    }

    private static void sendSynapseHandlerFaultResponse(org.apache.synapse.MessageContext messageContext, String str) {
        MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        axis2MessageContext.setProperty(GatewayConstants.HTTP_SC, str);
        messageContext.setResponse(true);
        messageContext.setProperty("RESPONSE", GatewayConstants.TRUE);
        messageContext.setTo((EndpointReference) null);
        axis2MessageContext.removeProperty("ContentType");
        Axis2Sender.sendBack(messageContext);
    }
}
