package io.jans.as.server.servlet;

import io.jans.as.common.model.registration.Client;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.util.CertUtils;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.stat.StatService;
import io.jans.as.server.service.token.TokenService;
import jakarta.inject.Inject;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.cert.X509Certificate;
import java.util.UUID;
import org.apache.commons.lang3.ArrayUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;

@WebServlet(urlPatterns = {"/open-banking/v3.1/aisp/accounts"}, loadOnStartup = 9)
/* loaded from: input_file:io/jans/as/server/servlet/AccountsServlet.class */
public class AccountsServlet extends HttpServlet {
    private static final long serialVersionUID = -8224898157373678903L;

    @Inject
    private Logger log;

    @Inject
    private TokenService tokenService;

    @Inject
    private ClientService clientService;

    @Inject
    private AbstractCryptoProvider cryptoProvider;

    public void init() throws ServletException {
        this.log.info("Inside init method of get Accounts Servlet  ***********************************************************************");
    }

    JSONObject getAccount(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("Nickname", str);
        jSONObject.put("Currency", str2);
        jSONObject.put("AccountId", str3);
        jSONObject.put("OpeningDate", str4);
        jSONObject.put("StatusUpdateDateTime", str5);
        jSONObject.put("AccountSubType", str6);
        jSONObject.put("Status", str7);
        jSONObject.put("AccountType", str8);
        return jSONObject;
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.log.info("Starting processRequest method of get Account Servlet***********************************************************************");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                String header = httpServletRequest.getHeader("x-fapi-interaction-id");
                String parameter = httpServletRequest.getParameter(StatService.ACCESS_TOKEN_KEY);
                if (header != null) {
                    httpServletResponse.addHeader("x-fapi-interaction-id", header);
                } else {
                    header = UUID.randomUUID().toString();
                    httpServletResponse.addHeader("x-fapi-interaction-id", header);
                }
                if (parameter != null && header != null) {
                    if (parameter.startsWith("Bearer")) {
                        httpServletResponse.sendError(400, "Bearer token in query is disallowed");
                        this.log.info("FAPI ACcount: Authorization Bearer Token is not allowed in query*********************************************");
                    } else {
                        httpServletResponse.sendError(400, "token in query is disallowed");
                        this.log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
                    }
                }
                String header2 = httpServletRequest.getHeader("X-ClientCert");
                if (header2 != null) {
                    this.log.info("FAPI Account: clientCertAsPem found*****************************************" + header2);
                } else {
                    this.log.info("FAPI Account: Nooooooooo clientCertAsPem *****************************************");
                }
                String header3 = httpServletRequest.getHeader("Authorization");
                String clientDn = this.tokenService.getClientDn(header3);
                X509Certificate x509CertificateFromPem = CertUtils.x509CertificateFromPem(header2);
                AuthorizationGrant bearerAuthorizationGrant = this.tokenService.getBearerAuthorizationGrant(header3);
                if (bearerAuthorizationGrant == null || x509CertificateFromPem == null) {
                    sendError(httpServletResponse, bearerAuthorizationGrant == null ? "Unable to find authorization grant." : "Failed to parse client certificate.");
                    if (writer != null) {
                        writer.close();
                        return;
                    }
                    return;
                }
                byte[] encoded = x509CertificateFromPem.getPublicKey().getEncoded();
                if (clientDn != null) {
                    this.log.info("FAPI Account: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
                    Client clientByDn = this.clientService.getClientByDn(clientDn);
                    JSONObject jSONObject = new JSONObject(clientByDn.getJwks());
                    if (jSONObject == null) {
                        this.log.debug("FAPI Account:********************Unable to load json web keys for client: {}, jwks_uri: {}, jks: {}", new Object[]{clientByDn.getClientId(), clientByDn.getJwksUri(), clientByDn.getJwks()});
                    }
                    int i = 0;
                    try {
                        for (JSONWebKey jSONWebKey : JSONWebKeySet.fromJSONObject(jSONObject).getKeys()) {
                            if (ArrayUtils.isEquals(encoded, this.cryptoProvider.getPublicKey(jSONWebKey.getKid(), jSONObject, (Algorithm) null).getEncoded())) {
                                i++;
                                this.log.debug("FAPI  Account: ********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", clientByDn.getClientId(), jSONWebKey.getKid());
                            }
                        }
                    } catch (Exception e) {
                        this.log.info("FAPI Account: Exception while keymatching****************************************************************");
                    }
                    if (i == 0) {
                        this.log.error("FAPI Account: Client certificate does not match clientId. clientId: " + clientByDn.getClientId() + "*********************************************");
                        httpServletResponse.setStatus(401, "The resource owner or authorization server denied the request");
                        if (writer != null) {
                            writer.close();
                            return;
                        }
                        return;
                    }
                } else {
                    this.log.info("FAPI Account: ClientDn from Authoirization(tokenService) is NULL*********************************************");
                }
                JSONObject jSONObject2 = new JSONObject();
                JSONArray jSONArray = new JSONArray();
                jSONObject2.put("Links", new JSONObject().put("self", "/open-banking/v3.1/aisp/accounts"));
                jSONObject2.put("Meta", new JSONObject().put("TotalPages", 1));
                jSONArray.put(getAccount("Account1", "GBP", "352413", "05 May 2021", "08 Jun 2021", "CurrentAccount", "Enabled", "Personal"));
                jSONArray.put(getAccount("Account2", "GBP", "4736325", "25 Mar 2021", "23 Apr 2021", "CurrentAccount", "Enabled", "Personal"));
                jSONObject2.put("Data", new JSONObject().put("Account", jSONArray));
                writer.print(jSONObject2.toString());
                httpServletResponse.setStatus(200, "OK");
                writer.flush();
                this.log.info("Finished processRequest method of get Account Servlet ***********************************************************************");
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2);
        }
    }

    private void sendError(HttpServletResponse httpServletResponse, String str) throws IOException {
        this.log.error(str);
        httpServletResponse.sendError(401, str);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "Account Access Consent";
    }
}
