package de.adorsys.psd2.xs2a.web.filter;

import de.adorsys.psd2.validator.certificate.util.CertificateExtractorUtil;
import de.adorsys.psd2.validator.certificate.util.TppCertificateData;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.tpp.TppInfo;
import de.adorsys.psd2.xs2a.core.tpp.TppRole;
import de.adorsys.psd2.xs2a.exception.MessageCategory;
import de.adorsys.psd2.xs2a.service.RequestProviderService;
import de.adorsys.psd2.xs2a.service.validator.tpp.TppInfoHolder;
import de.adorsys.psd2.xs2a.web.error.TppErrorMessageBuilder;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.difi.certvalidator.api.CertificateValidationException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;

@Profile({"!mock-qwac"})
@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-4.5.jar:de/adorsys/psd2/xs2a/web/filter/QwacCertificateFilter.class */
public class QwacCertificateFilter extends AbstractXs2aFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) QwacCertificateFilter.class);
    private final TppInfoHolder tppInfoHolder;
    private final RequestProviderService requestProviderService;
    private final TppErrorMessageBuilder tppErrorMessageBuilder;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String encodedTppQwacCert = getEncodedTppQwacCert(httpServletRequest);
        if (StringUtils.isNotBlank(encodedTppQwacCert)) {
            try {
                TppCertificateData extract = CertificateExtractorUtil.extract(encodedTppQwacCert);
                if (isCertificateExpired(extract.getNotAfter())) {
                    log.info("InR-ID: [{}], X-Request-ID: [{}], TPP Certificate is expired", this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId());
                    httpServletResponse.setStatus(401);
                    httpServletResponse.getWriter().print(this.tppErrorMessageBuilder.buildTppErrorMessage(MessageCategory.ERROR, MessageErrorCode.CERTIFICATE_EXPIRED));
                    return;
                }
                TppInfo tppInfo = new TppInfo();
                tppInfo.setAuthorisationNumber(extract.getPspAuthorisationNumber());
                tppInfo.setTppName(extract.getName());
                tppInfo.setAuthorityId(extract.getPspAuthorityId());
                tppInfo.setAuthorityName(extract.getPspAuthorityName());
                tppInfo.setCountry(extract.getCountry());
                tppInfo.setOrganisation(extract.getOrganisation());
                tppInfo.setOrganisationUnit(extract.getOrganisationUnit());
                tppInfo.setCity(extract.getCity());
                tppInfo.setState(extract.getState());
                tppInfo.setIssuerCN(extract.getIssuerCN());
                tppInfo.setTppRoles((List) extract.getPspRoles().stream().map(TppRole::valueOf).collect(Collectors.toList()));
                tppInfo.setDnsList(extract.getDnsList());
                this.tppInfoHolder.setTppInfo(tppInfo);
            } catch (CertificateValidationException e) {
                log.info("InR-ID: [{}], X-Request-ID: [{}], TPP unauthorised because CertificateValidationException: {}", this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId(), e.getMessage());
                httpServletResponse.setStatus(401);
                httpServletResponse.getWriter().print(this.tppErrorMessageBuilder.buildTppErrorMessage(MessageCategory.ERROR, MessageErrorCode.CERTIFICATE_INVALID_NO_ACCESS));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public String getEncodedTppQwacCert(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("tpp-qwac-certificate");
    }

    private boolean isCertificateExpired(Date date) {
        return ((Boolean) Optional.ofNullable(date).map(date2 -> {
            return date2.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
        }).map(localDateTime -> {
            return Boolean.valueOf(localDateTime.isBefore(LocalDateTime.now()));
        }).orElse(true)).booleanValue();
    }

    @ConstructorProperties({"tppInfoHolder", "requestProviderService", "tppErrorMessageBuilder"})
    public QwacCertificateFilter(TppInfoHolder tppInfoHolder, RequestProviderService requestProviderService, TppErrorMessageBuilder tppErrorMessageBuilder) {
        this.tppInfoHolder = tppInfoHolder;
        this.requestProviderService = requestProviderService;
        this.tppErrorMessageBuilder = tppErrorMessageBuilder;
    }
}
