package de.frachtwerk.essencium.backend.security;

import de.frachtwerk.essencium.backend.service.JwtTokenService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.security.SignatureException;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:de/frachtwerk/essencium/backend/security/JwtTokenAuthenticationFilter.class */
public class JwtTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String TOKEN_QUERY_PARAM = "t";

    @Autowired
    private JwtTokenService jwtTokenService;
    private static final Pattern headerParamRegex = Pattern.compile("^Bearer ([A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]*)$");
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenAuthenticationFilter.class);

    public JwtTokenAuthenticationFilter(RequestMatcher requestMatcher) {
        super(requestMatcher);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOGGER.debug("attempting to extract jwt bearer token from authorization header or query string");
        return getAuthentication((String) Optional.ofNullable((String) Optional.ofNullable(httpServletRequest.getHeader("Authorization")).orElse(httpServletRequest.getParameter(TOKEN_QUERY_PARAM))).map(JwtTokenAuthenticationFilter::extractBearerToken).filter(str -> {
            return !str.isEmpty();
        }).orElseThrow(() -> {
            return new AuthenticationCredentialsNotFoundException("missing authorization header parameter");
        }));
    }

    public Authentication getAuthentication(String str) {
        try {
            Claims verifyToken = this.jwtTokenService.verifyToken(str);
            return getAuthenticationManager().authenticate(new JwtAuthenticationToken(verifyToken.getSubject(), verifyToken));
        } catch (SessionAuthenticationException e) {
            throw new BadCredentialsException(e.getMessage());
        } catch (SignatureException e2) {
            throw new BadCredentialsException("invalid token");
        }
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public static String extractBearerToken(String str) throws AuthenticationCredentialsNotFoundException {
        Matcher matcher = headerParamRegex.matcher(str);
        if (matcher.find() && matcher.groupCount() == 1) {
            return matcher.group(1).trim();
        }
        throw new AuthenticationCredentialsNotFoundException("missing bearer token parameter");
    }
}
