package de.adorsys.psd2.xs2a.web.filter;

import de.adorsys.psd2.validator.signature.DigestVerifier;
import de.adorsys.psd2.validator.signature.SignatureVerifier;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.exception.MessageCategory;
import de.adorsys.psd2.xs2a.service.RequestProviderService;
import de.adorsys.psd2.xs2a.service.profile.AspspProfileServiceWrapper;
import de.adorsys.psd2.xs2a.web.error.TppErrorMessageBuilder;
import de.adorsys.psd2.xs2a.web.error.TppErrorMessageWriter;
import de.adorsys.psd2.xs2a.web.request.RequestPathResolver;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/adorsys/psd2/xs2a/web/filter/SignatureFilter.class */
public class SignatureFilter extends AbstractXs2aFilter {
    private static final Logger log = LoggerFactory.getLogger(SignatureFilter.class);
    private static final String PATTERN_MESSAGE = "InR-ID: [{}], X-Request-ID: [{}], TPP unauthorized: {}";
    private final AspspProfileServiceWrapper aspspProfileService;
    private final RequestProviderService requestProviderService;
    private final TppErrorMessageWriter tppErrorMessageWriter;
    private final TppErrorMessageBuilder tppErrorMessageBuilder;
    private final DigestVerifier digestVerifier;
    private final SignatureVerifier signatureVerifier;

    public SignatureFilter(TppErrorMessageWriter tppErrorMessageWriter, RequestPathResolver requestPathResolver, AspspProfileServiceWrapper aspspProfileServiceWrapper, RequestProviderService requestProviderService, TppErrorMessageWriter tppErrorMessageWriter2, TppErrorMessageBuilder tppErrorMessageBuilder, DigestVerifier digestVerifier, SignatureVerifier signatureVerifier) {
        super(tppErrorMessageWriter, requestPathResolver);
        this.aspspProfileService = aspspProfileServiceWrapper;
        this.requestProviderService = requestProviderService;
        this.tppErrorMessageWriter = tppErrorMessageWriter2;
        this.tppErrorMessageBuilder = tppErrorMessageBuilder;
        this.digestVerifier = digestVerifier;
        this.signatureVerifier = signatureVerifier;
    }

    @Override // de.adorsys.psd2.xs2a.web.filter.GlobalAbstractExceptionFilter
    protected void doFilterInternalCustom(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.aspspProfileService.getTppSignatureRequired().booleanValue()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (validateHeadersExist(httpServletRequest, httpServletResponse)) {
            if (!this.digestVerifier.verify(httpServletRequest.getHeader("Digest"), (String) httpServletRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator())))) {
                log.info(PATTERN_MESSAGE, new Object[]{this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId(), "Mandatory header 'digest' is invalid!"});
                setResponseStatusAndErrorCode(httpServletResponse, MessageErrorCode.FORMAT_ERROR);
                return;
            }
            Map<String, String> obtainRequestHeaders = obtainRequestHeaders(httpServletRequest);
            if (this.signatureVerifier.verify(httpServletRequest.getHeader("Signature"), httpServletRequest.getHeader("TPP-Signature-Certificate"), obtainRequestHeaders, httpServletRequest.getMethod(), httpServletRequest.getRequestURL().toString())) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                log.info(PATTERN_MESSAGE, new Object[]{this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId(), "Mandatory header 'signature' is invalid!"});
                setResponseStatusAndErrorCode(httpServletResponse, MessageErrorCode.SIGNATURE_INVALID);
            }
        }
    }

    private Map<String, String> obtainRequestHeaders(HttpServletRequest httpServletRequest) {
        Stream stream = Collections.list(httpServletRequest.getHeaderNames()).stream();
        Function identity = Function.identity();
        httpServletRequest.getClass();
        return (Map) stream.collect(Collectors.toMap(identity, httpServletRequest::getHeader));
    }

    private boolean validateHeadersExist(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (StringUtils.isBlank(httpServletRequest.getHeader("X-Request-ID"))) {
            log.info("InR-ID: [{}], TPP unauthorized: {}", this.requestProviderService.getInternalRequestId(), "Header 'x-request-id' is missing in request.");
            setResponseStatusAndErrorCode(httpServletResponse, MessageErrorCode.FORMAT_ERROR);
            return false;
        }
        if (StringUtils.isBlank(httpServletRequest.getHeader("Signature"))) {
            log.info(PATTERN_MESSAGE, new Object[]{this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId(), "Header 'signature' is missing in request."});
            setResponseStatusAndErrorCode(httpServletResponse, MessageErrorCode.SIGNATURE_MISSING);
            return false;
        }
        StringBuilder sb = new StringBuilder();
        Stream.of((Object[]) new String[]{"TPP-Signature-Certificate", "Digest", "Date"}).filter(str -> {
            return StringUtils.isBlank(httpServletRequest.getHeader(str));
        }).forEach(str2 -> {
            appendMessageError(sb, str2);
        });
        if (sb.length() <= 0) {
            return true;
        }
        log.info(PATTERN_MESSAGE, new Object[]{this.requestProviderService.getInternalRequestId(), this.requestProviderService.getRequestId(), sb.toString()});
        setResponseStatusAndErrorCode(httpServletResponse, MessageErrorCode.FORMAT_ERROR);
        return false;
    }

    private void appendMessageError(StringBuilder sb, String str) {
        sb.append("Header '").append(str).append("' is missing in request.").append("\n");
    }

    private void setResponseStatusAndErrorCode(HttpServletResponse httpServletResponse, MessageErrorCode messageErrorCode) throws IOException {
        this.tppErrorMessageWriter.writeError(httpServletResponse, messageErrorCode.getCode(), this.tppErrorMessageBuilder.buildTppErrorMessage(MessageCategory.ERROR, messageErrorCode));
    }
}
