package com.atlassian.asap.core.server.filter;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.AuthenticationFailedException;
import com.atlassian.asap.api.exception.TransientAuthenticationFailedException;
import com.atlassian.asap.api.server.http.RequestAuthenticator;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/asap/core/server/filter/AbstractRequestAuthenticationFilter.class */
public abstract class AbstractRequestAuthenticationFilter implements Filter {
    public static final String AUTHENTIC_JWT_REQUEST_ATTRIBUTE = "asap.authentic.jwt";
    private static final Logger logger = LoggerFactory.getLogger(AbstractRequestAuthenticationFilter.class);
    private RequestAuthenticator requestAuthenticator;
    private boolean allowAnonymousRequests;

    public AbstractRequestAuthenticationFilter() {
        this(false);
    }

    public AbstractRequestAuthenticationFilter(boolean z) {
        this.allowAnonymousRequests = z;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.requestAuthenticator = getRequestAuthenticator(filterConfig);
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Preconditions.checkState(this.requestAuthenticator != null, "Filter has not been initialized");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isBlank(header)) {
            if (this.allowAnonymousRequests) {
                logger.debug("Allowing request with no JWT token.");
                onAuthenticationSuccess(null, httpServletRequest, httpServletResponse, filterChain);
                return;
            } else {
                logger.debug("Request rejected because JWT token cannot be found");
                onAuthenticationFailure(httpServletRequest, httpServletResponse, filterChain);
                return;
            }
        }
        try {
            Jwt authenticateRequest = this.requestAuthenticator.authenticateRequest(header);
            logger.trace("Accepting authentic token with identifier {}", authenticateRequest.getClaims().getJwtId());
            saveToken(servletRequest, authenticateRequest);
            onAuthenticationSuccess(authenticateRequest, httpServletRequest, httpServletResponse, filterChain);
        } catch (AuthenticationFailedException e) {
            logger.debug("Request rejected because JWT token cannot be verified", e);
            onAuthenticationFailure(httpServletRequest, httpServletResponse, filterChain);
        } catch (TransientAuthenticationFailedException e2) {
            logger.debug("Request rejected because JWT token could not be verified at this time", e2);
            onAuthenticationError(httpServletRequest, httpServletResponse, filterChain, e2);
        }
    }

    protected void saveToken(ServletRequest servletRequest, Jwt jwt) {
        servletRequest.setAttribute(AUTHENTIC_JWT_REQUEST_ATTRIBUTE, jwt);
    }

    protected void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        httpServletResponse.sendError(401);
        httpServletResponse.setHeader("WWW-Authenticate", "Bearer");
    }

    protected void onAuthenticationError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, TransientAuthenticationFailedException transientAuthenticationFailedException) throws IOException, ServletException {
        logger.error("An error occurred while authenticating this request", transientAuthenticationFailedException);
        httpServletResponse.sendError(503);
    }

    protected void onAuthenticationSuccess(Jwt jwt, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void destroy() {
    }

    protected abstract RequestAuthenticator getRequestAuthenticator(FilterConfig filterConfig);
}
