package com.cumulocity.microservice.security.token;

import com.cumulocity.microservice.context.ContextService;
import com.cumulocity.microservice.security.filter.util.HttpRequestUtils;
import com.google.common.base.Optional;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

@Component
/* loaded from: input_file:com/cumulocity/microservice/security/token/CumulocityOAuthMicroserviceFilter.class */
public class CumulocityOAuthMicroserviceFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(CumulocityOAuthMicroserviceFilter.class);
    private AuthenticationManager authenticationManager;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private ContextService userContextService;

    public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (shouldAuthenticate()) {
            Optional<JwtCredentials> readCredentials = readCredentials(httpServletRequest);
            if (readCredentials.isPresent()) {
                boolean isDebugEnabled = this.logger.isDebugEnabled();
                try {
                    Authentication authenticate = this.authenticationManager.authenticate(new JwtTokenAuthentication((JwtCredentials) readCredentials.get()));
                    if (isDebugEnabled) {
                        this.logger.debug("Authentication success: " + authenticate);
                    }
                    authenticate.setAuthenticated(true);
                    SecurityContextHolder.getContext().setAuthentication(authenticate);
                    this.userContextService.runWithinContext(((JwtTokenAuthentication) authenticate).getUserCredentials(), new Runnable() { // from class: com.cumulocity.microservice.security.token.CumulocityOAuthMicroserviceFilter.1
                        @Override // java.lang.Runnable
                        public void run() {
                            try {
                                filterChain.doFilter(servletRequest, servletResponse);
                            } catch (Exception e) {
                                throw new AuthenticationServiceException("Error on login attempt", e);
                            }
                        }
                    });
                    return;
                } catch (AuthenticationException e) {
                    log.warn("Error {}", e);
                    this.logger.warn(e);
                    SecurityContextHolder.clearContext();
                    if (isDebugEnabled) {
                        this.logger.debug("Authentication request for failed: " + e);
                    }
                    this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean shouldAuthenticate() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication == null || !authentication.isAuthenticated();
    }

    private Optional<JwtCredentials> readCredentials(HttpServletRequest httpServletRequest) {
        Enumeration<String> headers = httpServletRequest.getHeaders("Authorization");
        if (headers != null) {
            Optional<JwtCredentials> findBearerCredentials = findBearerCredentials(headers);
            if (findBearerCredentials.isPresent()) {
                return findBearerCredentials;
            }
        }
        Optional<Cookie> readAuthorizationCookie = CookieReader.readAuthorizationCookie(httpServletRequest);
        if (readAuthorizationCookie.isPresent()) {
            Optional<JwtCredentials> buildCookieCredentialsWithXSRFToken = buildCookieCredentialsWithXSRFToken(readAuthorizationCookie, httpServletRequest);
            if (buildCookieCredentialsWithXSRFToken.isPresent()) {
                return buildCookieCredentialsWithXSRFToken;
            }
        }
        return Optional.absent();
    }

    private Optional<JwtCredentials> findBearerCredentials(Enumeration<String> enumeration) {
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            if (nextElement.toLowerCase().startsWith("bearer")) {
                return Optional.of(new JwtOnlyCredentials(JwtHelper.decode(nextElement.substring(7))));
            }
        }
        return Optional.absent();
    }

    private Optional<JwtCredentials> buildCookieCredentialsWithXSRFToken(Optional<Cookie> optional, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpRequestUtils.XSRF_TOKEN_HEADER);
        return !StringUtils.isEmpty(header) ? Optional.of(new JwtAndXsrfTokenCredentials(JwtHelper.decode(((Cookie) optional.get()).getValue()), header)) : Optional.absent();
    }

    @Autowired
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Autowired(required = false)
    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    @Autowired
    public void setUserContextService(ContextService contextService) {
        this.userContextService = contextService;
    }
}
