package de.adorsys.aspsp.xs2a.web.filter;

import de.adorsys.aspsp.xs2a.service.profile.AspspProfileServiceWrapper;
import de.adorsys.psd2.validator.certificate.CertificateErrorMsgCode;
import de.adorsys.psd2.validator.signature.TppSignatureValidator;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-1.10.jar:de/adorsys/aspsp/xs2a/web/filter/SignatureFilter.class */
public class SignatureFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SignatureFilter.class);

    @Autowired
    private AspspProfileServiceWrapper aspspProfileService;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.aspspProfileService.getTppSignatureRequired().booleanValue()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("OncePerRequestFilter just supports HTTP requests");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("signature");
        if (StringUtils.isBlank(header)) {
            ((HttpServletResponse) servletResponse).sendError(401, CertificateErrorMsgCode.SIGNATURE_MISSING.toString());
            return;
        }
        if (digestContainsErrors(httpServletRequest)) {
            ((HttpServletResponse) servletResponse).sendError(400, CertificateErrorMsgCode.FORMAT_ERROR.toString());
            return;
        }
        Map<String, String> obtainRequestHeaders = obtainRequestHeaders(httpServletRequest);
        try {
            if (new TppSignatureValidator().verifySignature(header, httpServletRequest.getHeader("tpp-signature-certificate"), obtainRequestHeaders)) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                ((HttpServletResponse) servletResponse).sendError(401, CertificateErrorMsgCode.SIGNATURE_INVALID.toString());
            }
        } catch (NoSuchAlgorithmException | SignatureException e) {
            log.debug(e.getMessage());
            ((HttpServletResponse) servletResponse).sendError(401, CertificateErrorMsgCode.SIGNATURE_INVALID.toString());
        }
    }

    private boolean digestContainsErrors(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("digest");
        return StringUtils.isBlank(header) || !Arrays.asList(64, 128).contains(Integer.valueOf(header.getBytes().length));
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private Map<String, String> obtainRequestHeaders(HttpServletRequest httpServletRequest) {
        Stream stream = Collections.list(httpServletRequest.getHeaderNames()).stream();
        Function identity = Function.identity();
        httpServletRequest.getClass();
        return (Map) stream.collect(Collectors.toMap(identity, httpServletRequest::getHeader));
    }
}
