package de.adorsys.psd2.xs2a.web.filter;

import de.adorsys.psd2.validator.certificate.util.CertificateExtractorUtil;
import de.adorsys.psd2.validator.certificate.util.TppCertificateData;
import de.adorsys.psd2.xs2a.domain.TppInfo;
import de.adorsys.psd2.xs2a.domain.Xs2aTppRole;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.difi.certvalidator.api.CertificateValidationException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Profile({"default"})
@Component
/* loaded from: input_file:de/adorsys/psd2/xs2a/web/filter/QwacCertificateFilter.class */
public class QwacCertificateFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(QwacCertificateFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("OncePerRequestFilter just supports HTTP requests");
        }
        if (Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) {
            String encodedTppQwacCert = getEncodedTppQwacCert((HttpServletRequest) servletRequest);
            if (StringUtils.isNotBlank(encodedTppQwacCert)) {
                try {
                    TppCertificateData extract = CertificateExtractorUtil.extract(encodedTppQwacCert);
                    TppInfo tppInfo = new TppInfo();
                    tppInfo.setAuthorisationNumber(extract.getPspAuthorisationNumber());
                    tppInfo.setTppName(extract.getName());
                    tppInfo.setAuthorityId(extract.getPspAuthorityId());
                    tppInfo.setAuthorityName(extract.getPspAuthorityName());
                    tppInfo.setCountry(extract.getCountry());
                    tppInfo.setOrganisation(extract.getOrganisation());
                    tppInfo.setOrganisationUnit(extract.getOrganisationUnit());
                    tppInfo.setCity(extract.getCity());
                    tppInfo.setState(extract.getState());
                    List pspRoles = extract.getPspRoles();
                    tppInfo.setTppRoles((List) pspRoles.stream().map(tppRole -> {
                        return Xs2aTppRole.valueOf(tppRole.name());
                    }).collect(Collectors.toList()));
                    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(extract.getPspAuthorisationNumber(), tppInfo, (List) pspRoles.stream().map(tppRole2 -> {
                        return new SimpleGrantedAuthority("ROLE_" + tppRole2.name());
                    }).collect(Collectors.toList())));
                } catch (CertificateValidationException e) {
                    log.debug(e.getMessage());
                    ((HttpServletResponse) servletResponse).sendError(401, e.getMessage());
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public String getEncodedTppQwacCert(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("tpp-qwac-certificate");
    }
}
