package de.adorsys.ledgers.oba.rest.server.auth;

import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.oba.rest.server.auth.oba.SecurityConstant;
import de.adorsys.ledgers.oba.service.api.domain.UserAuthentication;
import de.adorsys.ledgers.oba.service.api.service.TokenAuthenticationService;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/auth/JWTAuthenticationFilter.class */
public class JWTAuthenticationFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JWTAuthenticationFilter.class);
    private static final List<String> EXCLUDED_URLS = Arrays.asList("/**/auth", "/**/login");
    private static final AntPathMatcher matcher = new AntPathMatcher();
    private static final String ACCESS_TOKEN_COOKIE = "ACCESS_TOKEN";
    private final TokenAuthenticationService tokenAuthenticationService;
    private final AuthRequestInterceptor authInterceptor;

    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (log.isTraceEnabled()) {
            log.trace("doFilter start");
        }
        this.authInterceptor.setAccessToken((String) null);
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            String readAccessTokenCookie = readAccessTokenCookie(httpServletRequest);
            UserAuthentication authentication = this.tokenAuthenticationService.getAuthentication(StringUtils.isBlank(readAccessTokenCookie) ? readAccessTokenHeader(httpServletRequest) : readAccessTokenCookie);
            if (authentication != null) {
                BearerTokenTO bearerToken = authentication.getBearerToken();
                AccessTokenTO accessTokenObject = bearerToken.getAccessTokenObject();
                SecurityContextHolder.getContext().setAuthentication(new ObaMiddlewareAuthentication(accessTokenObject.getSub(), bearerToken, buildAuthorities(accessTokenObject)));
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        if (log.isTraceEnabled()) {
            log.trace("doFilter end");
        }
    }

    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) {
        return EXCLUDED_URLS.stream().anyMatch(str -> {
            return matcher.match(str, httpServletRequest.getServletPath());
        });
    }

    private String readAccessTokenCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = WebUtils.getCookie(httpServletRequest, "ACCESS_TOKEN");
        if (cookie != null) {
            return cookie.getValue();
        }
        return null;
    }

    private String readAccessTokenHeader(HttpServletRequest httpServletRequest) {
        return (String) Optional.ofNullable(httpServletRequest.getHeader("authorization")).map(str -> {
            return str.replace(SecurityConstant.BEARER_TOKEN_PREFIX, "");
        }).orElse(null);
    }

    private List<GrantedAuthority> buildAuthorities(AccessTokenTO accessTokenTO) {
        ArrayList arrayList = new ArrayList();
        if (accessTokenTO.getRole() != null) {
            arrayList.add(new SimpleGrantedAuthority("ROLE_" + accessTokenTO.getRole().name()));
        }
        return arrayList;
    }

    public JWTAuthenticationFilter(TokenAuthenticationService tokenAuthenticationService, AuthRequestInterceptor authRequestInterceptor) {
        this.tokenAuthenticationService = tokenAuthenticationService;
        this.authInterceptor = authRequestInterceptor;
    }
}
