package pl.decerto.hyperon.rest.configuration.security.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.filter.OncePerRequestFilter;
import pl.decerto.hyperon.common.security.dao.JwtTokenDao;

/* loaded from: input_file:pl/decerto/hyperon/rest/configuration/security/jwt/JwtTokenFilter.class */
public class JwtTokenFilter extends OncePerRequestFilter {
    private static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    private final JwtTokenDao jwtTokenDao;
    private final JwtTokenParser jwtTokenParser;
    private final JwtUserDetailsService jwtUserDetailsService;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            processFilter(httpServletRequest);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (JwtTokenNotValidException e) {
            SecurityContextHolder.clearContext();
            this.logger.error(e.getMessage());
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value(), e.getMessage());
        }
    }

    private void processFilter(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER_NAME);
        if (StringUtils.isBlank(header)) {
            throw new JwtTokenNotValidException("Authorization header not found");
        }
        String tokenWithoutBearer = JwtTokenUtils.getTokenWithoutBearer(header);
        if (StringUtils.isBlank(tokenWithoutBearer)) {
            throw new JwtTokenNotValidException("Token not found in authorization header");
        }
        if (Objects.isNull(this.jwtTokenDao.findByToken(tokenWithoutBearer))) {
            throw new JwtTokenNotValidException("Token has been revoked");
        }
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(this.jwtTokenParser.parse(tokenWithoutBearer)));
    }

    Authentication getAuthentication(Jws<Claims> jws) {
        UserDetails loadUser = this.jwtUserDetailsService.loadUser(jws);
        return new UsernamePasswordAuthenticationToken(loadUser, "", loadUser.getAuthorities());
    }

    public JwtTokenFilter(JwtTokenDao jwtTokenDao, JwtTokenParser jwtTokenParser, JwtUserDetailsService jwtUserDetailsService) {
        this.jwtTokenDao = jwtTokenDao;
        this.jwtTokenParser = jwtTokenParser;
        this.jwtUserDetailsService = jwtUserDetailsService;
    }
}
