package com.cumulocity.microservice.security.token;

import com.cumulocity.microservice.context.ContextService;
import com.cumulocity.microservice.context.credentials.UserCredentials;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import java.io.IOException;
import java.text.ParseException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/cumulocity/microservice/security/token/CumulocityOAuthMicroserviceFilter.class */
public class CumulocityOAuthMicroserviceFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(CumulocityOAuthMicroserviceFilter.class);
    private final AuthenticationManager authenticationManager;
    private final AuthenticationEntryPoint authenticationEntryPoint;
    private final ContextService<UserCredentials> userContextService;

    public CumulocityOAuthMicroserviceFilter(AuthenticationManager authenticationManager, AuthenticationEntryPoint authenticationEntryPoint, ContextService<UserCredentials> contextService) {
        this.authenticationManager = authenticationManager;
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.userContextService = contextService;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (shouldAuthenticate()) {
            Optional<JwtCredentials> readCredentials = readCredentials(httpServletRequest);
            if (readCredentials.isPresent()) {
                boolean isDebugEnabled = this.logger.isDebugEnabled();
                try {
                    Authentication authenticate = this.authenticationManager.authenticate(new JwtTokenAuthentication(readCredentials.get()));
                    if (isDebugEnabled) {
                        this.logger.debug("Authentication success: " + authenticate);
                    }
                    authenticate.setAuthenticated(true);
                    SecurityContextHolder.getContext().setAuthentication(authenticate);
                    this.userContextService.runWithinContext(((JwtTokenAuthentication) authenticate).getUserCredentials(), () -> {
                        try {
                            filterChain.doFilter(servletRequest, servletResponse);
                        } catch (Exception e) {
                            throw new AuthenticationServiceException("Error on login attempt", e);
                        }
                    });
                    return;
                } catch (AuthenticationException e) {
                    log.warn("Error {}", e);
                    this.logger.warn(e);
                    SecurityContextHolder.clearContext();
                    if (isDebugEnabled) {
                        this.logger.debug("Authentication request for failed: " + e);
                    }
                    this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean shouldAuthenticate() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication == null || !authentication.isAuthenticated();
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0044, code lost:
    
        r0 = com.cumulocity.microservice.security.token.CookieReader.readAuthorizationCookie(r7);
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x004d, code lost:
    
        if (r0.isPresent() == false) goto L17;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0050, code lost:
    
        r0 = r7.getHeader(com.cumulocity.microservice.security.filter.util.HttpRequestUtils.XSRF_TOKEN_HEADER);
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x005f, code lost:
    
        if (org.springframework.util.StringUtils.isEmpty(r0) != false) goto L17;
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x007c, code lost:
    
        return java.util.Optional.of(new com.cumulocity.microservice.security.token.JwtAndXsrfTokenCredentials(decodeAccessToken(r0.get().getValue()), r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0080, code lost:
    
        return java.util.Optional.empty();
     */
    /* JADX WARN: Code restructure failed: missing block: B:2:0x000a, code lost:
    
        if (r0 != null) goto L4;
     */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x0013, code lost:
    
        if (r0.hasMoreElements() == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:5:0x0016, code lost:
    
        r0 = (java.lang.String) r0.nextElement();
     */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x0029, code lost:
    
        if (r0.toLowerCase().startsWith("bearer") == false) goto L21;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x0040, code lost:
    
        return java.util.Optional.of(new com.cumulocity.microservice.security.token.JwtOnlyCredentials(decodeAccessToken(r0.substring(7))));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Optional<com.cumulocity.microservice.security.token.JwtCredentials> readCredentials(javax.servlet.http.HttpServletRequest r7) {
        /*
            r6 = this;
            r0 = r7
            java.lang.String r1 = "Authorization"
            java.util.Enumeration r0 = r0.getHeaders(r1)
            r8 = r0
            r0 = r8
            if (r0 == 0) goto L44
        Ld:
            r0 = r8
            boolean r0 = r0.hasMoreElements()
            if (r0 == 0) goto L44
            r0 = r8
            java.lang.Object r0 = r0.nextElement()
            java.lang.String r0 = (java.lang.String) r0
            r9 = r0
            r0 = r9
            java.lang.String r0 = r0.toLowerCase()
            java.lang.String r1 = "bearer"
            boolean r0 = r0.startsWith(r1)
            if (r0 == 0) goto L41
            com.cumulocity.microservice.security.token.JwtOnlyCredentials r0 = new com.cumulocity.microservice.security.token.JwtOnlyCredentials
            r1 = r0
            r2 = r6
            r3 = r9
            r4 = 7
            java.lang.String r3 = r3.substring(r4)
            com.nimbusds.jwt.JWT r2 = r2.decodeAccessToken(r3)
            r1.<init>(r2)
            java.util.Optional r0 = java.util.Optional.of(r0)
            return r0
        L41:
            goto Ld
        L44:
            r0 = r7
            java.util.Optional r0 = com.cumulocity.microservice.security.token.CookieReader.readAuthorizationCookie(r0)
            r9 = r0
            r0 = r9
            boolean r0 = r0.isPresent()
            if (r0 == 0) goto L7d
            r0 = r7
            java.lang.String r1 = "X-XSRF-TOKEN"
            java.lang.String r0 = r0.getHeader(r1)
            r10 = r0
            r0 = r10
            boolean r0 = org.springframework.util.StringUtils.isEmpty(r0)
            if (r0 != 0) goto L7d
            com.cumulocity.microservice.security.token.JwtAndXsrfTokenCredentials r0 = new com.cumulocity.microservice.security.token.JwtAndXsrfTokenCredentials
            r1 = r0
            r2 = r6
            r3 = r9
            java.lang.Object r3 = r3.get()
            javax.servlet.http.Cookie r3 = (javax.servlet.http.Cookie) r3
            java.lang.String r3 = r3.getValue()
            com.nimbusds.jwt.JWT r2 = r2.decodeAccessToken(r3)
            r3 = r10
            r1.<init>(r2, r3)
            java.util.Optional r0 = java.util.Optional.of(r0)
            return r0
        L7d:
            java.util.Optional r0 = java.util.Optional.empty()
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cumulocity.microservice.security.token.CumulocityOAuthMicroserviceFilter.readCredentials(javax.servlet.http.HttpServletRequest):java.util.Optional");
    }

    private JWT decodeAccessToken(String str) {
        try {
            return JWTParser.parse(str);
        } catch (ParseException e) {
            log.error("Failed to parse access token", e);
            throw new AuthenticationServiceException("Authentication failed: could not parse access token", e);
        }
    }
}
