package com.wso2.openbanking.accelerator.gateway.executor.impl.selfcare.portal;

import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIRequestContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OBAPIResponseContext;
import com.wso2.openbanking.accelerator.gateway.executor.model.OpenBankingExecutorError;
import com.wso2.openbanking.accelerator.gateway.util.GatewayConstants;
import com.wso2.openbanking.accelerator.gateway.util.GatewayUtils;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Optional;
import net.minidev.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/gateway/executor/impl/selfcare/portal/UserPermissionValidationExecutor.class */
public class UserPermissionValidationExecutor implements OpenBankingGatewayExecutor {
    private static final Log LOG = LogFactory.getLog(UserPermissionValidationExecutor.class);

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since all cases are covered from other unit tests")
    public void preProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
        try {
            if (oBAPIRequestContext.isError()) {
                return;
            }
            JSONObject decodeRequestJWT = JWTUtils.decodeRequestJWT(((String) oBAPIRequestContext.getMsgInfo().getHeaders().get(GatewayConstants.AUTH_HEADER)).replace(GatewayConstants.BEARER_TAG, ""), "body");
            if (!isCustomerCareOfficer(decodeRequestJWT.getAsString("scope"))) {
                Optional<String> userIdsFromQueryParams = getUserIdsFromQueryParams(oBAPIRequestContext.getMsgInfo().getResource());
                String userNameWithTenantDomain = GatewayUtils.getUserNameWithTenantDomain(decodeRequestJWT.getAsString("sub"));
                if (!userIdsFromQueryParams.isPresent() || !isUserIdMatchesTokenSub(userIdsFromQueryParams.get(), userNameWithTenantDomain)) {
                    LOG.error("Invalid self care portal request received. UserId and token subject do not match. userIDs: " + userIdsFromQueryParams.orElse(" ") + " sub: " + userNameWithTenantDomain);
                    OpenBankingExecutorError openBankingExecutorError = new OpenBankingExecutorError("200006", "Unauthorized Request", "Invalid self care portal request received. UserId and token subject do not match.", "401");
                    oBAPIRequestContext.setError(true);
                    ArrayList<OpenBankingExecutorError> errors = oBAPIRequestContext.getErrors();
                    errors.add(openBankingExecutorError);
                    oBAPIRequestContext.setErrors(errors);
                    HashMap hashMap = new HashMap();
                    hashMap.put(GatewayConstants.ERROR_STATUS_PROP, "401");
                    oBAPIRequestContext.setContextProps(hashMap);
                }
            }
        } catch (ParseException e) {
            LOG.error("Error occurred while validating self care portal user permissions. Caused by, ", e);
            OpenBankingExecutorError openBankingExecutorError2 = new OpenBankingExecutorError("200006", e.getMessage(), "Error occurred while validating self care portal user permissions", "400");
            ArrayList<OpenBankingExecutorError> errors2 = oBAPIRequestContext.getErrors();
            errors2.add(openBankingExecutorError2);
            oBAPIRequestContext.setError(true);
            oBAPIRequestContext.setErrors(errors2);
        }
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since empty")
    public void postProcessRequest(OBAPIRequestContext oBAPIRequestContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since empty")
    public void preProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    @Override // com.wso2.openbanking.accelerator.gateway.executor.core.OpenBankingGatewayExecutor
    @Generated(message = "Ignoring since empty")
    public void postProcessResponse(OBAPIResponseContext oBAPIResponseContext) {
    }

    protected Optional<String> getUserIdsFromQueryParams(String str) {
        if (StringUtils.isNotEmpty(str) && str.contains("?")) {
            for (String str2 : str.split("\\?")[1].split("&")) {
                if (str2.contains("userIDs") || str2.contains("userID")) {
                    String[] split = str2.split("=");
                    if (split.length > 1) {
                        return Optional.of(GatewayUtils.getUserNameWithTenantDomain(split[1]));
                    }
                }
            }
        }
        return Optional.empty();
    }

    protected boolean isCustomerCareOfficer(String str) {
        if (StringUtils.isNotEmpty(str)) {
            return str.contains(GatewayConstants.CUSTOMER_CARE_OFFICER_SCOPE);
        }
        return false;
    }

    protected boolean isUserIdMatchesTokenSub(String str, String str2) {
        if (StringUtils.isNotEmpty(str2)) {
            return str2.equalsIgnoreCase(str);
        }
        return false;
    }
}
