package de.adorsys.psd2.xs2a.service.validator.tpp;

import com.google.common.net.InternetDomainName;
import de.adorsys.psd2.xs2a.core.domain.TppMessageInformation;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.profile.ScaApproach;
import de.adorsys.psd2.xs2a.core.profile.TppUriCompliance;
import de.adorsys.psd2.xs2a.core.service.validator.ValidationResult;
import de.adorsys.psd2.xs2a.core.tpp.TppInfo;
import de.adorsys.psd2.xs2a.service.ScaApproachResolver;
import de.adorsys.psd2.xs2a.service.TppService;
import de.adorsys.psd2.xs2a.service.profile.AspspProfileServiceWrapper;
import de.adorsys.psd2.xs2a.service.validator.BusinessValidator;
import de.adorsys.psd2.xs2a.web.validator.ErrorBuildingService;
import java.beans.ConstructorProperties;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-10.3.jar:de/adorsys/psd2/xs2a/service/validator/tpp/TppDomainValidator.class */
public class TppDomainValidator implements BusinessValidator<String> {
    private static final String PATTERN_FOR_NORMALIZE_DOMAIN = "\\*.";
    private final TppService tppService;
    private final AspspProfileServiceWrapper aspspProfileServiceWrapper;
    private final ErrorBuildingService errorBuildingService;
    private final ScaApproachResolver scaApproachResolver;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TppDomainValidator.class);
    private static final String INVALID_DOMAIN_MESSAGE = "TPP URIs are not compliant with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate";
    private static final TppMessageInformation INVALID_DOMAIN_WARNING_MESSAGE = TppMessageInformation.buildWarning(INVALID_DOMAIN_MESSAGE);

    @Override // de.adorsys.psd2.xs2a.service.validator.BusinessValidator
    public ValidationResult validate(String str) {
        if (StringUtils.isNotBlank(str) && isRedirectScaApproach() && isCheckUriComplianceToDomainSupported() && isRejectMode()) {
            List<URL> certificateUrls = getCertificateUrls();
            if (certificateUrls.isEmpty()) {
                return ValidationResult.valid();
            }
            URL buildURL = buildURL(str);
            if (buildURL == null || !isUrlCompliant(buildURL, certificateUrls)) {
                return buildInvalidResult();
            }
        }
        return ValidationResult.valid();
    }

    @Override // de.adorsys.psd2.xs2a.service.validator.BusinessValidator
    public Set<TppMessageInformation> buildWarningMessages(String str) {
        HashSet hashSet = new HashSet();
        if (!isCheckUriComplianceToDomainSupported()) {
            return hashSet;
        }
        if (StringUtils.isNotBlank(str)) {
            List<URL> certificateUrls = getCertificateUrls();
            if (certificateUrls.isEmpty()) {
                return hashSet;
            }
            URL buildURL = buildURL(str);
            if (buildURL == null) {
                hashSet.add(INVALID_DOMAIN_WARNING_MESSAGE);
                return hashSet;
            }
            if (!isUrlCompliant(buildURL, certificateUrls)) {
                hashSet.add(INVALID_DOMAIN_WARNING_MESSAGE);
            }
        }
        return hashSet;
    }

    private boolean isUrlCompliant(URL url, List<URL> list) {
        String topDomain = getTopDomain(url.getHost());
        return list.stream().map((v0) -> {
            return v0.getHost();
        }).map(this::getTopDomain).filter((v0) -> {
            return Objects.nonNull(v0);
        }).anyMatch(str -> {
            return Objects.equals(str, topDomain);
        });
    }

    private URL buildURL(String str) {
        try {
            URL url = new URL(getDomainWithProtocol(normalizeDomain(str)));
            if (InternetDomainName.from(url.getHost()).hasPublicSuffix()) {
                return url;
            }
            return null;
        } catch (MalformedURLException e) {
            log.warn("Cannot build URL from [{}]", str);
            return null;
        }
    }

    private String normalizeDomain(String str) {
        return str.replaceAll(PATTERN_FOR_NORMALIZE_DOMAIN, "");
    }

    private List<String> getDomainsFromTppInfo() {
        TppInfo tppInfo = this.tppService.getTppInfo();
        ArrayList arrayList = new ArrayList();
        Optional filter = Optional.ofNullable(tppInfo.getTppName()).filter(InternetDomainName::isValid);
        Objects.requireNonNull(arrayList);
        filter.ifPresent((v1) -> {
            r1.add(v1);
        });
        arrayList.addAll(tppInfo.getDnsList());
        return (List) arrayList.stream().filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).collect(Collectors.toList());
    }

    private String getDomainWithProtocol(String str) {
        return str.startsWith("http") ? str : "http://" + str;
    }

    private String getTopDomain(String str) {
        try {
            return InternetDomainName.from(str).topPrivateDomain().toString();
        } catch (IllegalStateException e) {
            log.warn("Cannot get top domain from [{}]", str);
            return null;
        }
    }

    private List<URL> getCertificateUrls() {
        return (List) getDomainsFromTppInfo().stream().map(this::buildURL).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private ValidationResult buildInvalidResult() {
        return ValidationResult.invalid(this.errorBuildingService.buildErrorType(), TppMessageInformation.of(MessageErrorCode.FORMAT_ERROR_INVALID_DOMAIN));
    }

    private boolean isRejectMode() {
        return this.aspspProfileServiceWrapper.getTppUriComplianceResponse() == TppUriCompliance.REJECT;
    }

    private boolean isCheckUriComplianceToDomainSupported() {
        return this.aspspProfileServiceWrapper.isCheckUriComplianceToDomainSupported();
    }

    private boolean isRedirectScaApproach() {
        return ScaApproach.REDIRECT == this.scaApproachResolver.resolveScaApproach();
    }

    @ConstructorProperties({"tppService", "aspspProfileServiceWrapper", "errorBuildingService", "scaApproachResolver"})
    public TppDomainValidator(TppService tppService, AspspProfileServiceWrapper aspspProfileServiceWrapper, ErrorBuildingService errorBuildingService, ScaApproachResolver scaApproachResolver) {
        this.tppService = tppService;
        this.aspspProfileServiceWrapper = aspspProfileServiceWrapper;
        this.errorBuildingService = errorBuildingService;
        this.scaApproachResolver = scaApproachResolver;
    }
}
