package com.wso2.openbanking.accelerator.consent.endpoint.api;

import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.consent.endpoint.util.ConsentConstants;
import com.wso2.openbanking.accelerator.consent.endpoint.util.ConsentUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionExporter;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.consent.extensions.validate.builder.ConsentValidateBuilder;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidateData;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidationResult;
import com.wso2.openbanking.accelerator.consent.extensions.validate.model.ConsentValidator;
import com.wso2.openbanking.accelerator.consent.mgt.service.impl.ConsentCoreServiceImpl;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.Map;
import java.util.TreeMap;
import javassist.bytecode.Opcode;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

@Path("/validate")
@SuppressFBWarnings({"JAXRS_ENDPOINT"})
/* loaded from: input_file:WEB-INF/classes/com/wso2/openbanking/accelerator/consent/endpoint/api/ConsentValidationEndpoint.class */
public class ConsentValidationEndpoint {
    private static final Log log = LogFactory.getLog(ConsentValidationEndpoint.class);
    private static final ConsentCoreServiceImpl consentCoreService = new ConsentCoreServiceImpl();
    private static ConsentValidator consentValidator = null;
    private static String requestSignatureAlias;

    public ConsentValidationEndpoint() {
        if (consentValidator == null) {
            initializeConsentValidator();
        }
    }

    private static void initializeConsentValidator() {
        ConsentValidateBuilder consentValidateBuilder = ConsentExtensionExporter.getConsentValidateBuilder();
        if (consentValidateBuilder != null) {
            consentValidator = consentValidateBuilder.getConsentValidator();
            requestSignatureAlias = consentValidateBuilder.getRequestSignatureAlias();
            log.info("Consent validator " + consentValidator.getClass().getName() + "initialized");
        }
        if (consentValidator != null) {
            log.info("Consent validator " + consentValidator.getClass().getName() + "initialized");
        } else {
            log.warn("Consent validator is null");
        }
    }

    @Path("/")
    @Consumes({"application/jwt; charset=utf-8"})
    @POST
    @Produces({"application/json; charset=utf-8"})
    public Response validate(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        JSONObject decodeRequestJWT;
        String stringPayload = ConsentUtils.getStringPayload(httpServletRequest);
        if (IdentityCommonUtil.getConsentJWTPayloadValidatorConfigEnabled()) {
            try {
                IdentityCommonUtil.validateJWTSignatureWithPublicKey(stringPayload, requestSignatureAlias);
                decodeRequestJWT = JWTUtils.decodeRequestJWT(stringPayload, "body");
            } catch (OpenBankingException e) {
                log.error("Error while validating JWT signature", e);
                throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Error while validating JWT signature");
            } catch (ParseException e2) {
                log.error("Error while decoding validation JWT", e2);
                throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Error while decoding validation JWT");
            }
        } else {
            try {
                Object parse = new JSONParser(-1).parse(stringPayload);
                if (!(parse instanceof JSONObject)) {
                    throw new ConsentException(ResponseStatus.BAD_REQUEST, "Payload is not a JSON object");
                }
                decodeRequestJWT = (JSONObject) parse;
            } catch (net.minidev.json.parser.ParseException e3) {
                log.error("Unable to parse the request payload", e3);
                throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Unable to parse the request payload");
            }
        }
        JSONObject jSONObject = (JSONObject) decodeRequestJWT.get("headers");
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        for (String str : jSONObject.keySet()) {
            treeMap.put(str, jSONObject.getAsString(str));
        }
        JSONObject jSONObject2 = (JSONObject) decodeRequestJWT.get("body");
        String asString = decodeRequestJWT.getAsString("electedResource");
        String asString2 = decodeRequestJWT.getAsString(ConsentConstants.CONSENT_ID);
        String asString3 = decodeRequestJWT.getAsString(ConsentConstants.USERID);
        String asString4 = decodeRequestJWT.containsKey(ConsentConstants.CLIENT_ID) ? decodeRequestJWT.getAsString(ConsentConstants.CLIENT_ID) : null;
        Map map = (Map) decodeRequestJWT.get("resourceParams");
        if (asString2 == null) {
            throw new ConsentException(ResponseStatus.BAD_REQUEST, "Consent Id is mandatory for consent validation");
        }
        try {
            ConsentValidateData consentValidateData = new ConsentValidateData(jSONObject, jSONObject2, asString, asString2, asString3, asString4, ConsentUtils.addQueryParametersToResourceParamMap(map), treeMap);
            try {
                consentValidateData.setComprehensiveConsent(consentCoreService.getDetailedConsent(asString2));
                ConsentValidationResult consentValidationResult = new ConsentValidationResult();
                consentValidator.validate(consentValidateData, consentValidationResult);
                JSONObject detailedConsentToJSON = ConsentExtensionUtils.detailedConsentToJSON(consentValidateData.getComprehensiveConsent());
                detailedConsentToJSON.put("additionalConsentInfo", consentValidationResult.getConsentInformation());
                consentValidationResult.setConsentInformation(detailedConsentToJSON);
                try {
                    JSONObject generatePayload = consentValidationResult.generatePayload();
                    generatePayload.appendField("consentInformation", IdentityCommonUtil.signJWTWithDefaultKey(consentValidationResult.getConsentInformation().toJSONString()));
                    return Response.status(Opcode.GOTO_W).entity(generatePayload).build();
                } catch (Exception e4) {
                    log.error("Error occurred while getting private key", e4);
                    throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Error while getting private key");
                }
            } catch (ConsentManagementException e5) {
                log.error("Exception while getting consent", e5);
                throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Exception while getting consent");
            }
        } catch (URISyntaxException e6) {
            log.error("Error while extracting query parameters", e6);
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Error while extracting query parameters");
        }
    }
}
