package dev.tindersamurai.jwtea.security.filter;

import dev.tindersamurai.jwtea.security.callback.AuthorizationCallback;
import dev.tindersamurai.jwtea.security.callback.RefreshTokenCallback;
import dev.tindersamurai.jwtea.security.callback.data.HttpServlet;
import dev.tindersamurai.jwtea.security.callback.data.Token;
import dev.tindersamurai.jwtea.security.callback.exception.AuthorizationException;
import dev.tindersamurai.jwtea.security.credentials.TokenBasedPrincipal;
import dev.tindersamurai.jwtea.security.props.JwtSecretProperties;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/* loaded from: input_file:dev/tindersamurai/jwtea/security/filter/JwtAuthorizationFilter.class */
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthorizationFilter.class);
    private final JwtSecretProperties jwtSecretProperties;
    private AuthorizationCallback authorizationCallback;
    private RefreshTokenCallback refreshTokenCallback;

    public JwtAuthorizationFilter(AuthenticationManager authenticationManager, JwtSecretProperties jwtSecretProperties, AuthorizationCallback authorizationCallback, RefreshTokenCallback refreshTokenCallback) {
        this(authenticationManager, jwtSecretProperties);
        this.authorizationCallback = authorizationCallback;
        this.refreshTokenCallback = refreshTokenCallback;
    }

    public JwtAuthorizationFilter(AuthenticationManager authenticationManager, JwtSecretProperties jwtSecretProperties) {
        super(authenticationManager);
        this.jwtSecretProperties = jwtSecretProperties;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        log.debug("AUTHORIZE");
        UsernamePasswordAuthenticationToken authentication = getAuthentication(httpServletRequest, httpServletResponse);
        log.debug("authentication: {}", authentication);
        if (authentication == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        log.debug("AUTHORIZE[SET]");
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(this.jwtSecretProperties.getJwtTokenHeader());
        if (this.jwtSecretProperties.isCookieEnabled() && httpServletRequest.getCookies() != null) {
            Cookie[] cookies = httpServletRequest.getCookies();
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (this.jwtSecretProperties.getJwtTokenHeader().toLowerCase().trim().equals(cookie.getName().toLowerCase().trim())) {
                    header = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        HttpServlet httpServlet = new HttpServlet(httpServletRequest, httpServletResponse);
        if (header == null || header.isEmpty()) {
            return null;
        }
        if (!header.startsWith(this.jwtSecretProperties.getJwtTokenPrefix()) && !this.jwtSecretProperties.isCookieEnabled()) {
            return null;
        }
        try {
            byte[] bytes = this.jwtSecretProperties.getJwtSecretKey().getBytes();
            Jws parseClaimsJws = Jwts.parser().setSigningKey(bytes).parseClaimsJws(header.replace(this.jwtSecretProperties.getJwtTokenPrefix(), ""));
            Date expiration = ((Claims) parseClaimsJws.getBody()).getExpiration();
            String subject = ((Claims) parseClaimsJws.getBody()).getSubject();
            String id = ((Claims) parseClaimsJws.getBody()).getId();
            Token token = new Token(subject, id, expiration, header);
            if (this.authorizationCallback != null) {
                this.authorizationCallback.preAuthorization(token, httpServlet);
            }
            List list = (List) ((List) ((Claims) parseClaimsJws.getBody()).get("role")).stream().map(obj -> {
                return new SimpleGrantedAuthority((String) obj);
            }).collect(Collectors.toList());
            long time = expiration.getTime();
            if (subject == null || subject.isEmpty()) {
                return null;
            }
            TokenBasedPrincipal tokenBasedPrincipal = new TokenBasedPrincipal(id, subject, time);
            if (this.jwtSecretProperties.isAutoRefresh()) {
                long refreshFrameTime = this.jwtSecretProperties.getRefreshFrameTime();
                long time2 = time - Calendar.getInstance().getTime().getTime();
                if (time2 > 0 && time2 < refreshFrameTime) {
                    Claims claims = (Claims) parseClaimsJws.getBody();
                    if (this.refreshTokenCallback != null) {
                        this.refreshTokenCallback.preRefresh(token, httpServlet);
                    }
                    String uuid = UUID.randomUUID().toString();
                    Date createExpTime = createExpTime();
                    String compact = Jwts.builder().signWith(Keys.hmacShaKeyFor(bytes), SignatureAlgorithm.HS512).setHeaderParam("type", this.jwtSecretProperties.getJwtTokenType()).setIssuer(this.jwtSecretProperties.getJwtTokenIssuer()).setAudience(this.jwtSecretProperties.getJwtTokenAudience()).setExpiration(createExpTime).setId(uuid).claim("role", (List) ((List) claims.get("role")).stream().map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toList())).setSubject(subject).compact();
                    Token token2 = new Token(subject, uuid, createExpTime, compact);
                    httpServletResponse.addHeader(this.jwtSecretProperties.getJwtTokenHeader(), this.jwtSecretProperties.getJwtTokenPrefix() + compact);
                    httpServletResponse.addDateHeader(this.jwtSecretProperties.getJwtExpireHeader(), token2.getExpires().getTime());
                    httpServletResponse.addHeader(this.jwtSecretProperties.getJwtExpireEpochHeader(), Long.toString(token2.getExpires().getTime()));
                    if (this.jwtSecretProperties.isCookieEnabled()) {
                        Cookie cookie2 = new Cookie(this.jwtSecretProperties.getJwtTokenHeader(), compact);
                        int tokenLiveTimeSec = !this.jwtSecretProperties.isCookieSession() ? getTokenLiveTimeSec(token2.getExpires()) : -1;
                        cookie2.setHttpOnly(this.jwtSecretProperties.isCookieHttpOnly());
                        cookie2.setSecure(this.jwtSecretProperties.isCookieSecure());
                        cookie2.setPath(this.jwtSecretProperties.getCookiePath());
                        cookie2.setMaxAge(tokenLiveTimeSec);
                        String cookieDomain = this.jwtSecretProperties.getCookieDomain();
                        if (cookieDomain != null) {
                            cookie2.setDomain(cookieDomain);
                        }
                        httpServletResponse.addCookie(cookie2);
                    }
                    if (this.refreshTokenCallback != null) {
                        this.refreshTokenCallback.postRefresh(token2, httpServlet);
                    }
                    if (this.authorizationCallback != null) {
                        this.authorizationCallback.postAuthorization(token2, httpServlet);
                    }
                    return new UsernamePasswordAuthenticationToken(new TokenBasedPrincipal(id, subject, token2.getExpires().getTime()), (Object) null, list);
                }
            }
            httpServletResponse.addDateHeader(this.jwtSecretProperties.getJwtExpireHeader(), token.getExpires().getTime());
            httpServletResponse.addHeader(this.jwtSecretProperties.getJwtExpireEpochHeader(), Long.toString(token.getExpires().getTime()));
            if (this.authorizationCallback != null) {
                this.authorizationCallback.postAuthorization(token, httpServlet);
            }
            return new UsernamePasswordAuthenticationToken(tokenBasedPrincipal, (Object) null, list);
        } catch (SignatureException e) {
            log.warn("Request to parse JWT with invalid signature : {} failed : {}", header, e.getMessage());
            return null;
        } catch (MalformedJwtException e2) {
            log.warn("Request to parse invalid JWT : {} failed : {}", header, e2.getMessage());
            return null;
        } catch (UnsupportedJwtException e3) {
            log.warn("Request to parse unsupported JWT : {} failed : {}", header, e3.getMessage());
            return null;
        } catch (ExpiredJwtException e4) {
            log.warn("Request to parse expired JWT : {} failed : {}", header, e4.getMessage());
            return null;
        } catch (AuthorizationException e5) {
            log.warn("Authorization exception: {}, failed: {}", header, e5.getMessage());
            return null;
        } catch (IllegalArgumentException e6) {
            log.warn("Request to parse empty or null JWT : {} failed : {}", header, e6.getMessage());
            return null;
        }
    }

    private Date createExpTime() {
        return new Date(System.currentTimeMillis() + this.jwtSecretProperties.getJwtTokenLiveTime());
    }

    private int getTokenLiveTimeSec(Date date) {
        return (int) ((date.getTime() - Calendar.getInstance().getTime().getTime()) / 1000);
    }

    public void setAuthorizationCallback(AuthorizationCallback authorizationCallback) {
        this.authorizationCallback = authorizationCallback;
    }

    public void setRefreshTokenCallback(RefreshTokenCallback refreshTokenCallback) {
        this.refreshTokenCallback = refreshTokenCallback;
    }
}
