package edu.kit.datamanager.security.filter;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.util.StandardCharset;
import edu.kit.datamanager.exceptions.InvalidAuthenticationException;
import edu.kit.datamanager.security.filter.JwtAuthenticationToken;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.DefaultClaims;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:edu/kit/datamanager/security/filter/PublicAuthenticationFilter.class */
public class PublicAuthenticationFilter extends OncePerRequestFilter {
    public static final String PUBLIC_USER = "anonymousUser";
    public static final String ROLE_PUBLIC_READ = "ROLE_ANONYMOUS";
    private static final Logger LOG = LoggerFactory.getLogger(PublicAuthenticationFilter.class);
    private final String secretKey;
    private static final String USERS_GROUP = "PUBLIC";

    public PublicAuthenticationFilter(String str) {
        this.secretKey = str;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException, AuthenticationException {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            LOG.trace("Set public authorization!");
            DefaultClaims defaultClaims = new DefaultClaims();
            defaultClaims.put(JwtAuthenticationToken.GROUPS_CLAIM, Arrays.asList(USERS_GROUP));
            defaultClaims.put(JwtAuthenticationToken.TOKENTYPE_CLAIM, JwtAuthenticationToken.TOKEN_TYPE.USER.toString());
            defaultClaims.put(JwtAuthenticationToken.USERNAME_CLAIM, "anonymousUser");
            HashSet hashSet = new HashSet();
            hashSet.add(ROLE_PUBLIC_READ);
            try {
                defaultClaims.put(JwtAuthenticationToken.ROLES_CLAIM, new ObjectMapper().writeValueAsString(hashSet.toArray(i -> {
                    return new String[i];
                })));
                Set entrySet = defaultClaims.entrySet();
                HashMap hashMap = new HashMap();
                entrySet.forEach(entry -> {
                    hashMap.put((String) entry.getKey(), entry.getValue());
                });
                SecurityContextHolder.getContext().setAuthentication(JwtAuthenticationToken.factoryToken(Jwts.builder().setClaims(defaultClaims).setExpiration(Date.from(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.HOURS))).signWith(new SecretKeySpec(this.secretKey.getBytes(StandardCharset.UTF_8), "HmacSHA256")).compact(), hashMap));
            } catch (JsonProcessingException e) {
                throw new InvalidAuthenticationException("Failed to create JWToken.", e);
            }
        } else {
            LOG.trace("Nothing to do as user is already authenticated!");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
