package dev.tindersamurai.jwtea.security.filter;

import dev.tindersamurai.jwtea.security.callback.DisAuthenticationCallback;
import dev.tindersamurai.jwtea.security.callback.data.HttpServlet;
import dev.tindersamurai.jwtea.security.callback.data.Token;
import dev.tindersamurai.jwtea.security.props.JwtSecretProperties;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:dev/tindersamurai/jwtea/security/filter/JwtLogoutFilter.class */
public class JwtLogoutFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtLogoutFilter.class);
    private final JwtSecretProperties jwtSecretProperties;
    private DisAuthenticationCallback disAuthenticationCallback;
    private RequestMatcher requestMatcher;

    public JwtLogoutFilter(JwtSecretProperties jwtSecretProperties, DisAuthenticationCallback disAuthenticationCallback, String str) {
        this(jwtSecretProperties, str);
        this.disAuthenticationCallback = disAuthenticationCallback;
    }

    public JwtLogoutFilter(JwtSecretProperties jwtSecretProperties, String str) {
        this.jwtSecretProperties = jwtSecretProperties;
        setFilterProcessesUrl(str);
    }

    private void setRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        this.requestMatcher = requestMatcher;
    }

    private void setFilterProcessesUrl(String str) {
        setRequestMatcher(new AntPathRequestMatcher(str));
    }

    protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        log.debug("jwt logout filter: {}, {}, {}", new Object[]{httpServletRequest, httpServletResponse, filterChain});
        removeTokenFromWhitelist(httpServletRequest, httpServletResponse);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        httpServletResponse.setStatus(200);
    }

    private void removeTokenFromWhitelist(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(this.jwtSecretProperties.getJwtTokenHeader());
        if (this.jwtSecretProperties.isCookieEnabled() && httpServletRequest.getCookies() != null) {
            Cookie[] cookies = httpServletRequest.getCookies();
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (this.jwtSecretProperties.getJwtTokenHeader().toLowerCase().trim().equals(cookie.getName().toLowerCase().trim())) {
                    header = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        if (header == null || header.isEmpty()) {
            return;
        }
        if (header.startsWith(this.jwtSecretProperties.getJwtTokenPrefix()) || this.jwtSecretProperties.isCookieEnabled()) {
            try {
                Jws parseClaimsJws = Jwts.parser().setSigningKey(this.jwtSecretProperties.getJwtSecretKey().getBytes()).parseClaimsJws(header.replace(this.jwtSecretProperties.getJwtTokenPrefix(), ""));
                if (this.jwtSecretProperties.isCookieEnabled() && httpServletRequest.getCookies() != null) {
                    Cookie cookie2 = new Cookie(this.jwtSecretProperties.getJwtTokenHeader(), "0");
                    cookie2.setMaxAge(0);
                    cookie2.setHttpOnly(this.jwtSecretProperties.isCookieHttpOnly());
                    cookie2.setSecure(this.jwtSecretProperties.isCookieSecure());
                    cookie2.setPath(this.jwtSecretProperties.getCookiePath());
                    httpServletResponse.addCookie(cookie2);
                }
                if (this.disAuthenticationCallback != null) {
                    this.disAuthenticationCallback.disAuthenticate(new Token(((Claims) parseClaimsJws.getBody()).getSubject(), ((Claims) parseClaimsJws.getBody()).getId(), ((Claims) parseClaimsJws.getBody()).getExpiration(), header), new HttpServlet(httpServletRequest, httpServletResponse));
                }
            } catch (Exception e) {
                log.warn("Cannot parse or process jwt token", e);
            }
        }
    }

    public void setDisAuthenticationCallback(DisAuthenticationCallback disAuthenticationCallback) {
        this.disAuthenticationCallback = disAuthenticationCallback;
    }
}
