package de.adorsys.psd2.xs2a.web.filter;

import de.adorsys.psd2.xs2a.core.domain.MessageCategory;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.profile.ScaApproach;
import de.adorsys.psd2.xs2a.core.profile.ScaRedirectFlow;
import de.adorsys.psd2.xs2a.service.RequestProviderService;
import de.adorsys.psd2.xs2a.service.ScaApproachResolver;
import de.adorsys.psd2.xs2a.service.profile.AspspProfileServiceWrapper;
import de.adorsys.psd2.xs2a.web.Xs2aEndpointChecker;
import de.adorsys.psd2.xs2a.web.error.TppErrorMessageWriter;
import de.adorsys.psd2.xs2a.web.link.UrlHolder;
import de.adorsys.psd2.xs2a.web.request.RequestPathResolver;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-13.2.jar:de/adorsys/psd2/xs2a/web/filter/OauthModeFilter.class */
public class OauthModeFilter extends AbstractXs2aFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OauthModeFilter.class);
    private static final Map<String, List<String>> OAUTH2_ENDPOINTS_WITH_METHODS = new HashMap();
    private static final List<String> OAUTH2_GET_ENDPOINTS_WITH_METHODS = new ArrayList();
    private static final String HTTP_METHOD_DELETE = "DELETE";
    private static final String HTTP_METHOD_POST = "POST";
    private final AspspProfileServiceWrapper aspspProfileService;
    private final RequestProviderService requestProviderService;
    private final ScaApproachResolver scaApproachResolver;
    private final TppErrorMessageWriter tppErrorMessageWriter;
    private final RequestPathResolver requestPathResolver;

    public OauthModeFilter(TppErrorMessageWriter tppErrorMessageWriter, AspspProfileServiceWrapper aspspProfileServiceWrapper, RequestProviderService requestProviderService, ScaApproachResolver scaApproachResolver, TppErrorMessageWriter tppErrorMessageWriter2, RequestPathResolver requestPathResolver, Xs2aEndpointChecker xs2aEndpointChecker) {
        super(tppErrorMessageWriter, xs2aEndpointChecker);
        this.aspspProfileService = aspspProfileServiceWrapper;
        this.requestProviderService = requestProviderService;
        this.scaApproachResolver = scaApproachResolver;
        this.tppErrorMessageWriter = tppErrorMessageWriter2;
        this.requestPathResolver = requestPathResolver;
    }

    @Override // de.adorsys.psd2.xs2a.web.filter.GlobalAbstractExceptionFilter
    protected void doFilterInternalCustom(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (shouldFilterInternal(httpServletRequest)) {
            if (isRedirectApproachWithGivenOauthType(ScaRedirectFlow.OAUTH_PRE_STEP) && this.requestProviderService.getOAuth2Token() == null) {
                log.info("OAuth pre-step selected, no authorisation header is present in the request");
                this.tppErrorMessageWriter.writeError(httpServletResponse, new TppErrorMessage(MessageCategory.ERROR, MessageErrorCode.UNAUTHORIZED_NO_TOKEN, this.aspspProfileService.getOauthConfigurationUrl()));
                return;
            } else if (isRedirectApproachWithGivenOauthType(ScaRedirectFlow.OAUTH) && StringUtils.isNotBlank(this.requestProviderService.getOAuth2Token())) {
                log.info("OAuth integrated selected, authorisation header is present in the request");
                this.tppErrorMessageWriter.writeError(httpServletResponse, new TppErrorMessage(MessageCategory.ERROR, MessageErrorCode.FORBIDDEN, new Object[0]));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean shouldFilterInternal(HttpServletRequest httpServletRequest) {
        return !shouldNotFilterInternal(httpServletRequest);
    }

    private boolean shouldNotFilterInternal(HttpServletRequest httpServletRequest) {
        String resolveRequestPath = this.requestPathResolver.resolveRequestPath(httpServletRequest);
        if (!isRedirectApproachWithGivenOauthType(ScaRedirectFlow.OAUTH_PRE_STEP) || !httpServletRequest.getMethod().equals("GET")) {
            return OAUTH2_ENDPOINTS_WITH_METHODS.entrySet().stream().filter(entry -> {
                return resolveRequestPath.startsWith((String) entry.getKey());
            }).noneMatch(entry2 -> {
                return ((List) entry2.getValue()).contains(httpServletRequest.getMethod());
            });
        }
        Stream<String> stream = OAUTH2_GET_ENDPOINTS_WITH_METHODS.stream();
        Objects.requireNonNull(resolveRequestPath);
        return stream.noneMatch(resolveRequestPath::startsWith);
    }

    private boolean isRedirectApproachWithGivenOauthType(ScaRedirectFlow scaRedirectFlow) {
        return this.scaApproachResolver.resolveScaApproach() == ScaApproach.REDIRECT && this.aspspProfileService.getScaRedirectFlow() == scaRedirectFlow;
    }

    static {
        OAUTH2_ENDPOINTS_WITH_METHODS.put("/v1/payments", Arrays.asList("POST", "DELETE"));
        OAUTH2_ENDPOINTS_WITH_METHODS.put("/v1/bulk-payments", Arrays.asList("POST", "DELETE"));
        OAUTH2_ENDPOINTS_WITH_METHODS.put("/v1/periodic-payments", Arrays.asList("POST", "DELETE"));
        OAUTH2_ENDPOINTS_WITH_METHODS.put("/v1/consents", Collections.singletonList("POST"));
        OAUTH2_ENDPOINTS_WITH_METHODS.put(UrlHolder.PIIS_PREFIX, Collections.singletonList("POST"));
        OAUTH2_GET_ENDPOINTS_WITH_METHODS.add("/v1/payments");
        OAUTH2_GET_ENDPOINTS_WITH_METHODS.add("/v1/bulk-payments");
        OAUTH2_GET_ENDPOINTS_WITH_METHODS.add("/v1/periodic-payments");
        OAUTH2_GET_ENDPOINTS_WITH_METHODS.add("/v1/consents");
        OAUTH2_GET_ENDPOINTS_WITH_METHODS.add(UrlHolder.PIIS_PREFIX);
    }
}
