package com.wso2.openbanking.accelerator.identity.auth.extensions.request.validator;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.auth.extensions.request.validator.models.OBRequestObject;
import com.wso2.openbanking.accelerator.identity.auth.extensions.request.validator.models.ValidationResponse;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonConstants;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonHelper;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.util.Arrays;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.RequestObjectException;
import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;
import org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl;
import org.wso2.carbon.identity.openidconnect.model.RequestObject;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/auth/extensions/request/validator/OBRequestObjectValidationExtension.class */
public class OBRequestObjectValidationExtension extends RequestObjectValidatorImpl {
    private static final Log log = LogFactory.getLog(OBRequestObjectValidationExtension.class);
    static OBRequestObjectValidator obDefaultRequestObjectValidator = IdentityExtensionsDataHolder.getInstance().getObRequestObjectValidator();

    public boolean validateRequestObject(RequestObject requestObject, OAuth2Parameters oAuth2Parameters) throws RequestObjectException {
        try {
            if (isRegulatory(oAuth2Parameters)) {
                OBRequestObject oBRequestObject = new OBRequestObject(requestObject);
                HashMap hashMap = new HashMap();
                String allowedScopes = getAllowedScopes(oAuth2Parameters);
                if (StringUtils.isNotBlank(allowedScopes)) {
                    hashMap.put("scope", Arrays.asList(allowedScopes.split(IdentityCommonConstants.SPACE_SEPARATOR)));
                }
                ValidationResponse validateOBConstraints = obDefaultRequestObjectValidator.validateOBConstraints(oBRequestObject, hashMap);
                if (!validateOBConstraints.isValid()) {
                    throw new RequestObjectException("invalid_request", validateOBConstraints.getViolationMessage());
                }
            }
            return validateIAMConstraints(requestObject, oAuth2Parameters);
        } catch (OpenBankingException e) {
            log.error("Error while retrieving regulatory property from sp metadata", e);
            throw new RequestObjectException("invalid_request", "Error while retrieving regulatory property from sp metadata");
        }
    }

    @Generated(message = "super methods cannot be mocked")
    boolean validateIAMConstraints(RequestObject requestObject, OAuth2Parameters oAuth2Parameters) throws RequestObjectException {
        return super.validateRequestObject(requestObject, oAuth2Parameters);
    }

    @Generated(message = "Empty method")
    protected boolean isValidAudience(RequestObject requestObject, OAuth2Parameters oAuth2Parameters) {
        return true;
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    protected String getAllowedScopes(OAuth2Parameters oAuth2Parameters) throws RequestObjectException {
        try {
            return new IdentityCommonHelper().getAppPropertyFromSPMetaData(oAuth2Parameters.getClientId(), "scope");
        } catch (OpenBankingException e) {
            throw new RequestObjectException(e.getMessage(), e);
        }
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    protected boolean isRegulatory(OAuth2Parameters oAuth2Parameters) throws OpenBankingException {
        return IdentityCommonUtil.getRegulatoryFromSPMetaData(oAuth2Parameters.getClientId());
    }
}
