package com.wso2.openbanking.accelerator.consent.endpoint.api;

import com.google.gson.Gson;
import com.google.gson.JsonParser;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.consent.endpoint.util.ConsentConstants;
import com.wso2.openbanking.accelerator.consent.endpoint.util.ConsentUtils;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.builder.ConsentStepsBuilder;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentData;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentPersistData;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentPersistStep;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentRetrievalStep;
import com.wso2.openbanking.accelerator.consent.extensions.common.AuthErrorCode;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentCache;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionExporter;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.consent.mgt.service.impl.ConsentCoreServiceImpl;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.swagger.jaxrs.PATCH;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import net.minidev.json.JSONObject;
import net.minidev.json.JSONValue;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;

@Path("/authorize")
@SuppressFBWarnings({"JAXRS_ENDPOINT"})
/* loaded from: input_file:WEB-INF/classes/com/wso2/openbanking/accelerator/consent/endpoint/api/ConsentAuthorizeEndpoint.class */
public class ConsentAuthorizeEndpoint {
    private static final String ERROR_PERSIST_INVALID_APPROVAL = "Invalid value for approval. Should be true/false";
    private static final String ERROR_PERSIST_APPROVAL_MANDATORY = "Mandatory body parameter approval is unavailable";
    private static final String ERROR_NO_TYPE_AND_APP_DATA = "Type and application data is unavailable";
    private static final String ERROR_SERVER_ERROR = "Internal server error";
    private static final String ERROR_NO_DATA_IN_SESSION_CACHE = "Data unavailable in session cache corresponding to the key provided";
    private static final String ERROR_CONSENT_DATA_RETRIEVAL = "Error while retrieving data consent data";
    private static final String ERROR_INVALID_VALUE_FOR_AUTHORIZE_PARAM = "\"authorize\" parameter is not defined properly or invalid";
    private static final int STATUS_FOUND = 302;
    private static final String IS_ERROR = "isError";
    private static final String APPROVAL = "approval";
    private static final String COOKIES = "cookies";
    private static final boolean storeConsent;
    private static final Log log = LogFactory.getLog(ConsentAuthorizeEndpoint.class);
    private static List<ConsentPersistStep> consentPersistSteps = null;
    private static List<ConsentRetrievalStep> consentRetrievalSteps = null;
    private static ConsentCoreServiceImpl consentCoreService = new ConsentCoreServiceImpl();
    private static final String preserveConsent = (String) OpenBankingConfigParser.getInstance().getConfiguration().get(ConsentConstants.PRESERVE_CONSENT);

    public ConsentAuthorizeEndpoint() {
        initializeConsentSteps();
    }

    private static synchronized void initializeConsentSteps() {
        if (consentRetrievalSteps != null && consentPersistSteps != null) {
            log.debug("Retrieval and persist steps are available");
            return;
        }
        ConsentStepsBuilder consentStepsBuilder = ConsentExtensionExporter.getConsentStepsBuilder();
        if (consentStepsBuilder != null) {
            consentRetrievalSteps = consentStepsBuilder.getConsentRetrievalSteps();
            consentPersistSteps = consentStepsBuilder.getConsentPersistSteps();
        }
        if (consentRetrievalSteps == null || consentRetrievalSteps.isEmpty()) {
            log.warn("Consent retrieval steps are null or empty");
        } else {
            log.info("Consent retrieval steps are not null or empty");
        }
        if (consentPersistSteps == null || consentPersistSteps.isEmpty()) {
            log.warn("Consent persist steps are null or empty");
        } else {
            log.info("Consent persist steps are not null or empty");
        }
    }

    @GET
    @Path("/retrieve/{session-data-key}")
    @Consumes({"application/x-www-form-urlencoded"})
    @Produces({"application/json; charset=utf-8"})
    public Response retrieve(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("session-data-key") String str) throws ConsentException, ConsentManagementException {
        String[] strArr;
        SessionDataCacheEntry cacheEntryFromSessionDataKey = ConsentCache.getCacheEntryFromSessionDataKey(str);
        OAuth2Parameters oAuth2Parameters = cacheEntryFromSessionDataKey.getoAuth2Parameters();
        try {
            URI uri = new URI(oAuth2Parameters.getRedirectURI());
            String clientId = oAuth2Parameters.getClientId();
            String state = oAuth2Parameters.getState();
            Map sensitiveDataWithConsentKey = ConsentExtensionUtils.getSensitiveDataWithConsentKey(str);
            if (!"false".equals(sensitiveDataWithConsentKey.get(IS_ERROR))) {
                log.error("Error while getting endpoint parameters. " + ((String) sensitiveDataWithConsentKey.get(IS_ERROR)));
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, ERROR_SERVER_ERROR, state);
            }
            String str2 = (String) sensitiveDataWithConsentKey.get(ConsentConstants.LOGGED_IN_USER);
            String str3 = (String) sensitiveDataWithConsentKey.get(ConsentConstants.APPLICATION);
            String str4 = (String) sensitiveDataWithConsentKey.get(ConsentConstants.SP_QUERY_PARAMS);
            String str5 = (String) sensitiveDataWithConsentKey.get("scope");
            if (!str5.contains("openid") && (strArr = (String[]) cacheEntryFromSessionDataKey.getParamMap().get("scope")) != null && strArr.length != 0 && strArr[0].contains("openid")) {
                str5 = strArr[0];
            }
            JSONObject jSONObject = new JSONObject();
            ConsentData consentData = new ConsentData(str, str2, str4, str5, str3, ConsentExtensionUtils.getHeaders(httpServletRequest));
            consentData.setSensitiveDataMap(sensitiveDataWithConsentKey);
            consentData.setRedirectURI(uri);
            if (clientId == null) {
                log.error("Client Id not available");
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, ERROR_SERVER_ERROR, state);
            }
            consentData.setClientId(clientId);
            consentData.setState(state);
            try {
                consentData.setRegulatory(Boolean.valueOf(IdentityCommonUtil.getRegulatoryFromSPMetaData(clientId)));
                executeRetrieval(consentData, jSONObject);
                if (consentData.getType() == null || consentData.getApplication() == null) {
                    log.error(ERROR_NO_TYPE_AND_APP_DATA);
                    throw new ConsentException(consentData.getRedirectURI(), AuthErrorCode.SERVER_ERROR, ERROR_SERVER_ERROR, state);
                }
                ConsentExtensionUtils.setCommonDataToResponse(consentData, jSONObject);
                String json = new Gson().toJson(consentData);
                HashMap hashMap = new HashMap();
                hashMap.put(consentData.getSessionDataKey(), json);
                ConsentCache.addConsentDataToCache(str, consentData);
                if (storeConsent && consentCoreService.getConsentAttributesByName(str).isEmpty()) {
                    consentCoreService.storeConsentAttributes(consentData.getConsentId(), hashMap);
                }
                return Response.ok(jSONObject.toJSONString(), "application/json").build();
            } catch (OpenBankingException e) {
                log.error("Error while getting regulatory data", e);
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, "Error while obtaining regulatory data", state);
            }
        } catch (URISyntaxException e2) {
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Invalid redirect URI");
        }
    }

    @Path("/persist/{session-data-key}")
    @Consumes({"application/json; charset=utf-8"})
    @Produces({"application/json; charset=utf-8"})
    @PATCH
    public Response persist(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("session-data-key") String str, @QueryParam("authorize") String str2) throws ConsentException, ConsentManagementException, URISyntaxException {
        ConsentData consentDataFromCache = ConsentCache.getConsentDataFromCache(str);
        if (consentDataFromCache == null) {
            try {
                if (!storeConsent) {
                    throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Unable to get consent data");
                }
                Map consentAttributesByName = consentCoreService.getConsentAttributesByName(str);
                if (consentAttributesByName.isEmpty()) {
                    throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Unable to get consent data");
                }
                consentDataFromCache = ConsentUtils.getConsentDataFromAttributes(new JsonParser().parse((String) consentAttributesByName.get((String) new ArrayList(consentAttributesByName.keySet()).get(0))).getAsJsonObject(), str);
                if (consentAttributesByName.isEmpty()) {
                    throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Unable to get consent data");
                }
            } catch (Throwable th) {
                if (storeConsent && consentDataFromCache != null) {
                    ArrayList arrayList = new ArrayList();
                    consentCoreService.getConsentAttributes(consentDataFromCache.getConsentId()).getConsentAttributes().forEach((str3, str4) -> {
                        if (JSONValue.isValidJson(str4) && str4.contains("sessionDataKey")) {
                            arrayList.add(str3);
                        }
                    });
                    consentCoreService.deleteConsentAttributes(consentDataFromCache.getConsentId(), arrayList);
                }
                throw th;
            }
        }
        try {
            JSONObject jSONObjectPayload = ConsentUtils.getJSONObjectPayload(httpServletRequest);
            Map headers = ConsentExtensionUtils.getHeaders(httpServletRequest);
            if (jSONObjectPayload == null) {
                throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, "Payload unavailable", consentDataFromCache.getState());
            }
            if (!jSONObjectPayload.containsKey(APPROVAL)) {
                throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, ERROR_PERSIST_APPROVAL_MANDATORY, consentDataFromCache.getState());
            }
            try {
                boolean booleanValue = jSONObjectPayload.get(APPROVAL) instanceof Boolean ? ((Boolean) jSONObjectPayload.get(APPROVAL)).booleanValue() : Boolean.parseBoolean((String) jSONObjectPayload.get(APPROVAL));
                ConsentPersistData consentPersistData = new ConsentPersistData(jSONObjectPayload, headers, booleanValue, consentDataFromCache);
                if (jSONObjectPayload.containsKey(COOKIES)) {
                    consentPersistData.setBrowserCookies((Map) jSONObjectPayload.get(COOKIES));
                }
                executePersistence(consentPersistData);
                if (!booleanValue) {
                    throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.ACCESS_DENIED, "User denied the consent", consentDataFromCache.getState());
                }
                if (str2 == null || StringUtils.equals("true", str2)) {
                    URI authorizeRequest = ConsentUtils.authorizeRequest(Boolean.toString(consentPersistData.getApproval()), consentPersistData.getBrowserCookies(), consentDataFromCache);
                    if (storeConsent && consentDataFromCache != null) {
                        ArrayList arrayList2 = new ArrayList();
                        consentCoreService.getConsentAttributes(consentDataFromCache.getConsentId()).getConsentAttributes().forEach((str32, str42) -> {
                            if (JSONValue.isValidJson(str42) && str42.contains("sessionDataKey")) {
                                arrayList2.add(str32);
                            }
                        });
                        consentCoreService.deleteConsentAttributes(consentDataFromCache.getConsentId(), arrayList2);
                    }
                    return Response.status(302).location(authorizeRequest).build();
                }
                if (StringUtils.equals("", str2) || !StringUtils.equals("false", str2)) {
                    throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.INVALID_REQUEST, ERROR_INVALID_VALUE_FOR_AUTHORIZE_PARAM, consentDataFromCache.getState());
                }
                Response build = Response.ok().build();
                if (storeConsent && consentDataFromCache != null) {
                    ArrayList arrayList3 = new ArrayList();
                    consentCoreService.getConsentAttributes(consentDataFromCache.getConsentId()).getConsentAttributes().forEach((str322, str422) -> {
                        if (JSONValue.isValidJson(str422) && str422.contains("sessionDataKey")) {
                            arrayList3.add(str322);
                        }
                    });
                    consentCoreService.deleteConsentAttributes(consentDataFromCache.getConsentId(), arrayList3);
                }
                return build;
            } catch (ClassCastException e) {
                log.error("Error while processing consent persistence approval", e);
                throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, ERROR_PERSIST_INVALID_APPROVAL, consentDataFromCache.getState());
            }
        } catch (ConsentException e2) {
            throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, ERROR_NO_DATA_IN_SESSION_CACHE, consentDataFromCache.getState());
        }
    }

    private void executeRetrieval(ConsentData consentData, JSONObject jSONObject) throws ConsentException {
        for (ConsentRetrievalStep consentRetrievalStep : consentRetrievalSteps) {
            if (log.isDebugEnabled()) {
                log.debug("Executing retrieval step " + consentRetrievalStep.getClass().toString());
            }
            consentRetrievalStep.execute(consentData, jSONObject);
        }
    }

    private void executePersistence(ConsentPersistData consentPersistData) throws ConsentException {
        for (ConsentPersistStep consentPersistStep : consentPersistSteps) {
            if (log.isDebugEnabled()) {
                log.debug("Executing persistence step " + consentPersistStep.getClass().toString());
            }
            consentPersistStep.execute(consentPersistData);
        }
    }

    static {
        storeConsent = preserveConsent == null ? false : Boolean.parseBoolean(preserveConsent);
    }
}
