package de.adorsys.ledgers.oba.rest.server.auth.oba;

import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import feign.FeignException;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;

/* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/auth/oba/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends AbstractAuthFilter {
    private static final Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
    private final AuthRequestInterceptor authInterceptor;
    private final KeycloakTokenService tokenService;

    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String resolveBearerToken = resolveBearerToken(httpServletRequest);
        this.authInterceptor.setAccessToken((String) null);
        if (StringUtils.isBlank(resolveBearerToken)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (authenticationIsRequired()) {
            try {
                this.authInterceptor.setAccessToken(resolveBearerToken);
                fillSecurityContext((BearerTokenTO) Optional.ofNullable(this.tokenService.validate(resolveBearerToken)).orElseThrow(() -> {
                    return new RestException("Couldn't get bearer token");
                }));
            } catch (FeignException | RestException | AccessDeniedException e) {
                handleAuthenticationFailure(httpServletResponse, e);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private String resolveBearerToken(HttpServletRequest httpServletRequest) {
        return (String) Optional.ofNullable(obtainFromHeader(httpServletRequest, "Authorization")).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).filter(str -> {
            return StringUtils.startsWithIgnoreCase(str, SecurityConstant.BEARER_TOKEN_PREFIX);
        }).map(str2 -> {
            return StringUtils.substringAfter(str2, SecurityConstant.BEARER_TOKEN_PREFIX);
        }).orElse(null);
    }

    public TokenAuthenticationFilter(AuthRequestInterceptor authRequestInterceptor, KeycloakTokenService keycloakTokenService) {
        this.authInterceptor = authRequestInterceptor;
        this.tokenService = keycloakTokenService;
    }
}
