package com.trigyn.jws.usermanagement.security.config;

import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.trigyn.jws.dbutils.service.PropertyMasterService;
import com.trigyn.jws.usermanagement.utils.Constants;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.SignatureException;
import java.io.IOException;
import java.net.URL;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:com/trigyn/jws/usermanagement/security/config/JwtRequestFilter.class */
public class JwtRequestFilter extends OncePerRequestFilter {
    private static final Logger logger = LogManager.getLogger(JwtRequestFilter.class);

    @Autowired
    @Lazy
    private UserDetailsService userDetailsService = null;

    @Autowired
    @Lazy
    private JwtUtil jwtUtil = null;

    @Autowired
    private ApplicationSecurityDetails applicationSecurityDetails = null;

    @Autowired
    @Lazy
    private PropertyMasterService propertyMasterService = null;

    protected void doFilterInternal(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String stringBuffer;
        String substring;
        Map<String, Object> authenticationDetails = this.applicationSecurityDetails.getAuthenticationDetails();
        try {
            final String requestURI = httpServletRequest.getRequestURI();
            final String str = this.propertyMasterService.findPropertyMasterValue("scheduler-url") + "-api";
            if (requestURI != null && str != null && requestURI.contains("/" + str + "/")) {
                filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { // from class: com.trigyn.jws.usermanagement.security.config.JwtRequestFilter.1
                    public String getRequestURI() {
                        return requestURI.replace("/" + str + "/", "/api/");
                    }

                    public StringBuffer getRequestURL() {
                        return new StringBuffer(httpServletRequest.getRequestURL().toString().replace("/" + str + "/", "/api/"));
                    }
                }, httpServletResponse);
                return;
            }
            if (authenticationDetails != null) {
                String substring2 = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
                String header = httpServletRequest.getHeader("Authorization");
                String header2 = httpServletRequest.getHeader("at");
                String parameter = httpServletRequest.getParameter("enableAuthenticationType");
                String str2 = null;
                String str3 = null;
                if (header2 != null && null == Constants.AuthType.valueOfAt(header2)) {
                    httpServletResponse.sendError(412, "Authentication not supported");
                    return;
                }
                String valueOf = parameter != null ? parameter : header2 != null ? String.valueOf(Constants.AuthType.valueOfAt(header2).getAuthType()) : null;
                if (valueOf != null && header != null && header.startsWith("Bearer ")) {
                    str3 = header.substring(7);
                    if ((str3 != null && Integer.valueOf(valueOf) == Constants.AuthType.DAO.getAuthType()) || Integer.valueOf(valueOf) == Constants.AuthType.LDAP.getAuthType()) {
                        str2 = this.jwtUtil.extractUsername(str3);
                    } else if (str3 != null && Integer.valueOf(valueOf) == Constants.AuthType.OAUTH.getAuthType()) {
                        str2 = retrieveUsernameFromJwtToken(str3);
                        if ("jq_532".equalsIgnoreCase(str2)) {
                            httpServletResponse.sendError(403, "You do not have enough privilege to access this module due to password expiry.");
                            return;
                        } else if (str2 == null) {
                            str2 = this.jwtUtil.extractUsername(str3);
                        }
                    }
                }
                if (httpServletRequest.getRequestURL() != null && (stringBuffer = httpServletRequest.getRequestURL().toString()) != null && (substring = stringBuffer.substring(stringBuffer.lastIndexOf(47) + 1)) != null && str3 == null && substring != null && !substring.equalsIgnoreCase("login")) {
                    httpServletResponse.sendError(412, "JWT Token is not available.");
                    return;
                }
                if (str3 != null && str2 == null) {
                    httpServletResponse.sendError(403, "You do not have enough privilege to access this module");
                    return;
                }
                boolean z = false;
                Map map = (Map) authenticationDetails.get("activeAuthDetails");
                if (map != null && header2 != null) {
                    z = map.containsKey(String.valueOf(Constants.AuthType.valueOfAt(header2).getAuthType()));
                }
                if (str2 != null && !str2.equalsIgnoreCase("anonymous") && !z) {
                    httpServletResponse.sendError(403, "You do not have enough privilege to access this module");
                    return;
                }
                if (str2 != null && z && valueOf != null && !str2.equalsIgnoreCase("anonymous") && (((substring2 != null && substring2.startsWith("/japi/") && !substring2.equals("/japi/error")) || (header != null && header.startsWith("Bearer "))) && map != null && !map.isEmpty() && SecurityContextHolder.getContext().getAuthentication() != null)) {
                    UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(str2);
                    if (loadUserByUsername == null || !loadUserByUsername.isEnabled()) {
                        httpServletResponse.sendError(403, "You do not have enough privilege to access this module");
                        return;
                    }
                    if (str3 != null && ((valueOf != null && Integer.valueOf(valueOf) != Constants.AuthType.OAUTH.getAuthType() && this.jwtUtil.validateToken(str3, loadUserByUsername).booleanValue()) || Integer.valueOf(valueOf) == Constants.AuthType.OAUTH.getAuthType())) {
                        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities());
                        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                    }
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (SignatureException e) {
            logger.error("Inside JwtRequestFilter - SignatureException - Error occurred while processing the request (Request URI: {}})", httpServletRequest.getRequestURI(), e);
            httpServletResponse.sendError(500, e.getMessage());
        } catch (ExpiredJwtException e2) {
            logger.error("Inside JwtRequestFilter - ExpiredJwtException - Error occurred while processing the request (Request URI: {}})", httpServletRequest.getRequestURI(), e2);
            httpServletResponse.sendError(412, e2.getMessage());
        } catch (Throwable th) {
            th.printStackTrace();
            logger.error("Inside JwtRequestFilter - Throwable - Error occurred while processing the request (Request URI: {}})", httpServletRequest.getRequestURI(), th);
            if (th.getCause() instanceof AccessDeniedException) {
                httpServletResponse.sendError(403, "You do not have enough privilege to access this module");
            } else {
                httpServletResponse.sendError(500, th.getMessage());
            }
        }
    }

    private String retrieveUsernameFromJwtToken(String str) throws Exception {
        try {
            DecodedJWT decode = JWT.decode(str);
            if (decode == null || decode.getKeyId() == null) {
                return null;
            }
            UrlJwkProvider urlJwkProvider = null;
            String findPropertyMasterValue = this.propertyMasterService.findPropertyMasterValue("system", "system", "JwkProvider");
            if (findPropertyMasterValue != null) {
                urlJwkProvider = new UrlJwkProvider(new URL(findPropertyMasterValue));
            }
            Algorithm.RSA256((RSAPublicKey) urlJwkProvider.get(decode.getKeyId()).getPublicKey(), (RSAPrivateKey) null).verify(decode);
            if (!decode.getClaim("exp").asDate().before(new Date())) {
                return decode.getClaim("upn").asString();
            }
            logger.error("JWT Token expired");
            return "jq_532";
        } catch (Exception e) {
            logger.error("Error while retrieving user name from jwt token of OAUTH authentication", e);
            return null;
        }
    }
}
