package it.cosenonjaviste.security.jwt.valves;

import it.cosenonjaviste.security.jwt.catalinawriters.ResponseWriter;
import it.cosenonjaviste.security.jwt.model.AuthErrorResponse;
import it.cosenonjaviste.security.jwt.utils.JwtConstants;
import it.cosenonjaviste.security.jwt.utils.JwtTokenBuilder;
import it.cosenonjaviste.security.jwt.utils.JwtTokenVerifier;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.valves.ValveBase;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;

/* loaded from: input_file:it/cosenonjaviste/security/jwt/valves/JwtTokenValve.class */
public class JwtTokenValve extends ValveBase {
    private String secret;
    private boolean updateExpire;
    private String cookieName;

    public void invoke(Request request, Response response) throws IOException, ServletException {
        SecurityConstraint[] findSecurityConstraints = this.container.getRealm().findSecurityConstraints(request, request.getContext());
        if ((findSecurityConstraints != null || request.getContext().getPreemptiveAuthentication()) && hasAuthConstraint(findSecurityConstraints)) {
            handleAuthentication(request, response);
        } else {
            getNext().invoke(request, response);
        }
    }

    private boolean hasAuthConstraint(SecurityConstraint[] securityConstraintArr) {
        if (securityConstraintArr == null) {
            return false;
        }
        boolean z = true;
        for (SecurityConstraint securityConstraint : securityConstraintArr) {
            z &= securityConstraint.getAuthConstraint();
        }
        return z;
    }

    private void handleAuthentication(Request request, Response response) throws IOException, ServletException {
        String token = getToken(request);
        if (token == null) {
            sendUnauthorizedError(request, response, "Please login first");
            return;
        }
        JwtTokenVerifier create = JwtTokenVerifier.create(this.secret);
        if (!create.verify(token)) {
            sendUnauthorizedError(request, response, "Token not valid. Please login first");
            return;
        }
        request.setUserPrincipal(createPrincipalFromToken(create));
        request.setAuthType("TOKEN");
        if (this.updateExpire) {
            updateToken(create, response);
        }
        getNext().invoke(request, response);
    }

    private String getCookieValueByName(Request request, String str) {
        Cookie[] cookies;
        if (str == null || (cookies = request.getCookies()) == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equalsIgnoreCase(str)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private String getToken(Request request) {
        String header = request.getHeader(JwtConstants.AUTH_HEADER);
        if (header != null) {
            return header;
        }
        String header2 = request.getHeader("Authorization");
        return (header2 == null || !header2.toLowerCase().startsWith("bearer ")) ? request.getParameter(JwtConstants.AUTH_PARAM) != null ? request.getParameter(JwtConstants.AUTH_PARAM) : getCookieValueByName(request, this.cookieName) : header2.replaceAll("(?i)Bearer (.*)", "$1");
    }

    private void updateToken(JwtTokenVerifier jwtTokenVerifier, Response response) {
        response.setHeader(JwtConstants.AUTH_HEADER, JwtTokenBuilder.from(jwtTokenVerifier, this.secret).build());
    }

    private GenericPrincipal createPrincipalFromToken(JwtTokenVerifier jwtTokenVerifier) {
        return new GenericPrincipal(jwtTokenVerifier.getUserId(), (String) null, jwtTokenVerifier.getRoles());
    }

    protected void sendUnauthorizedError(Request request, Response response, String str) throws IOException {
        ResponseWriter.get(request.getHeader("accept")).write(response, 401, new AuthErrorResponse(str));
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public void setUpdateExpire(boolean z) {
        this.updateExpire = z;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }
}
