package it.cosenonjaviste.security.jwt.valves;

import it.cosenonjaviste.security.jwt.catalinawriters.ResponseWriter;
import it.cosenonjaviste.security.jwt.model.AuthErrorResponse;
import it.cosenonjaviste.security.jwt.utils.JwtConstants;
import it.cosenonjaviste.security.jwt.utils.JwtTokenVerifier;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.valves.ValveBase;

/* loaded from: input_file:it/cosenonjaviste/security/jwt/valves/JwtTokenValve.class */
public class JwtTokenValve extends ValveBase {
    private String secret;

    public void invoke(Request request, Response response) throws IOException, ServletException {
        SecurityConstraint[] findSecurityConstraints = this.container.getRealm().findSecurityConstraints(request, request.getContext());
        if ((findSecurityConstraints != null || request.getContext().getPreemptiveAuthentication()) && hasAuthContraint(findSecurityConstraints)) {
            handleAuthentication(request, response);
        } else {
            getNext().invoke(request, response);
        }
    }

    private boolean hasAuthContraint(SecurityConstraint[] securityConstraintArr) {
        boolean z = true;
        for (SecurityConstraint securityConstraint : securityConstraintArr) {
            z &= securityConstraint.getAuthConstraint();
        }
        return z;
    }

    private void handleAuthentication(Request request, Response response) throws IOException, ServletException {
        String header = request.getHeader(JwtConstants.AUTH_HEADER);
        if (header == null) {
            sendUnauthorizedError(request, response, "Please login first");
            return;
        }
        JwtTokenVerifier create = JwtTokenVerifier.create(this.secret);
        if (!create.verify(header)) {
            sendUnauthorizedError(request, response, "Token not valid. Please login first");
            return;
        }
        request.setUserPrincipal(createPrincipalFromToken(create));
        request.setAuthType("TOKEN");
        getNext().invoke(request, response);
    }

    private GenericPrincipal createPrincipalFromToken(JwtTokenVerifier jwtTokenVerifier) {
        return new GenericPrincipal(jwtTokenVerifier.getUserId(), (String) null, jwtTokenVerifier.getRoles());
    }

    protected void sendUnauthorizedError(Request request, Response response, String str) throws IOException {
        ResponseWriter.get(request.getHeader("accept")).write(response, 401, new AuthErrorResponse(str));
    }

    public void setSecret(String str) {
        this.secret = str;
    }
}
