package de.adorsys.psd2.xs2a.web.filter;

import de.adorsys.psd2.validator.certificate.util.CertificateExtractorUtil;
import de.adorsys.psd2.validator.certificate.util.TppCertificateData;
import de.adorsys.psd2.xs2a.core.tpp.TppInfo;
import de.adorsys.psd2.xs2a.core.tpp.TppRole;
import de.adorsys.psd2.xs2a.service.validator.tpp.TppInfoHolder;
import de.adorsys.psd2.xs2a.service.validator.tpp.TppRoleValidationService;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.difi.certvalidator.api.CertificateValidationException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;

@Profile({"default"})
@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-1.17.jar:de/adorsys/psd2/xs2a/web/filter/QwacCertificateFilter.class */
public class QwacCertificateFilter extends AbstractXs2aFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) QwacCertificateFilter.class);
    private final TppRoleValidationService tppRoleValidationService;
    private final TppInfoHolder tppInfoHolder;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String encodedTppQwacCert = getEncodedTppQwacCert(httpServletRequest);
        if (StringUtils.isNotBlank(encodedTppQwacCert)) {
            try {
                TppCertificateData extract = CertificateExtractorUtil.extract(encodedTppQwacCert);
                TppInfo tppInfo = new TppInfo();
                tppInfo.setAuthorisationNumber(extract.getPspAuthorisationNumber());
                tppInfo.setTppName(extract.getName());
                tppInfo.setAuthorityId(extract.getPspAuthorityId());
                tppInfo.setAuthorityName(extract.getPspAuthorityName());
                tppInfo.setCountry(extract.getCountry());
                tppInfo.setOrganisation(extract.getOrganisation());
                tppInfo.setOrganisationUnit(extract.getOrganisationUnit());
                tppInfo.setCity(extract.getCity());
                tppInfo.setState(extract.getState());
                tppInfo.setTppRoles((List) extract.getPspRoles().stream().map(TppRole::valueOf).collect(Collectors.toList()));
                if (!this.tppRoleValidationService.hasAccess(tppInfo, httpServletRequest)) {
                    log.error("Access forbidden for TPP with authorisation number: {}", extract.getPspAuthorisationNumber());
                    httpServletResponse.sendError(403, "You don't have access to this resource");
                    return;
                }
                this.tppInfoHolder.setTppInfo(tppInfo);
            } catch (CertificateValidationException e) {
                log.debug(e.getMessage());
                httpServletResponse.sendError(401, e.getMessage());
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public String getEncodedTppQwacCert(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("tpp-qwac-certificate");
    }

    @ConstructorProperties({"tppRoleValidationService", "tppInfoHolder"})
    public QwacCertificateFilter(TppRoleValidationService tppRoleValidationService, TppInfoHolder tppInfoHolder) {
        this.tppRoleValidationService = tppRoleValidationService;
        this.tppInfoHolder = tppInfoHolder;
    }
}
