package org.entur.jwt.spring.filter;

import java.io.IOException;
import java.io.Serializable;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.entur.jwt.jwk.JwksClientException;
import org.entur.jwt.jwk.JwksException;
import org.entur.jwt.spring.filter.log.JwtMappedDiagnosticContextMapper;
import org.entur.jwt.verifier.JwtClaimExtractor;
import org.entur.jwt.verifier.JwtClientException;
import org.entur.jwt.verifier.JwtException;
import org.entur.jwt.verifier.JwtVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;

/* loaded from: input_file:org/entur/jwt/spring/filter/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter<T> extends OncePerRequestFilter {
    public static final String AUTHORIZATION = "Authorization";
    public static final String BEARER = "Bearer ";
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    private final JwtVerifier<T> verifier;
    private final JwtAuthorityMapper<T> authorityMapper;
    private final JwtMappedDiagnosticContextMapper<T> mdcMapper;
    private final JwtClaimExtractor<T> extractor;
    private final boolean required;
    private final HandlerExceptionResolver handlerExceptionResolver;
    private final JwtDetailsMapper detailsMapper;
    private final JwtPrincipalMapper principalMapper;

    public JwtAuthenticationFilter(JwtVerifier<T> jwtVerifier, boolean z, JwtAuthorityMapper<T> jwtAuthorityMapper, JwtMappedDiagnosticContextMapper<T> jwtMappedDiagnosticContextMapper, JwtClaimExtractor<T> jwtClaimExtractor, HandlerExceptionResolver handlerExceptionResolver, JwtPrincipalMapper jwtPrincipalMapper, JwtDetailsMapper jwtDetailsMapper) {
        this.verifier = jwtVerifier;
        this.authorityMapper = jwtAuthorityMapper;
        this.mdcMapper = jwtMappedDiagnosticContextMapper;
        this.extractor = jwtClaimExtractor;
        this.required = z;
        this.handlerExceptionResolver = handlerExceptionResolver;
        this.principalMapper = jwtPrincipalMapper;
        this.detailsMapper = jwtDetailsMapper;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(AUTHORIZATION);
        if (header != null) {
            if (header.startsWith(BEARER)) {
                doFilterInternalForBearerToken(httpServletRequest, httpServletResponse, filterChain, header);
                return;
            }
            log.debug("Invalid authorization header type");
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            this.handlerExceptionResolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new BadCredentialsException("Invalid authorization header type"));
            return;
        }
        if (!this.required) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        log.debug("Authentication is required, however there was no bearer token");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        this.handlerExceptionResolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new BadCredentialsException("Expected token"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void doFilterInternalForBearerToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str) throws IOException, ServletException {
        String substring = str.substring(BEARER.length());
        try {
            Object verify = this.verifier.verify(substring);
            if (verify != null) {
                List<GrantedAuthority> grantedAuthorities = this.authorityMapper.getGrantedAuthorities(verify);
                Map<String, Object> claims = this.extractor.getClaims(verify);
                Serializable details = this.detailsMapper.getDetails(httpServletRequest, claims);
                SecurityContextHolder.getContext().setAuthentication(new JwtAuthenticationToken(claims, substring, grantedAuthorities, this.principalMapper.getPrincipal(claims), details));
                if (this.mdcMapper != null) {
                    this.mdcMapper.addContext(verify);
                    try {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        this.mdcMapper.removeContext(verify);
                    } catch (Throwable th) {
                        this.mdcMapper.removeContext(verify);
                        throw th;
                    }
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            } else {
                log.debug("Unable to verify token");
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                this.handlerExceptionResolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new BadCredentialsException("Unable to verify token"));
            }
        } catch (JwksException | JwtException e) {
            log.warn("Unable to process token", e);
            httpServletResponse.setStatus(HttpStatus.SERVICE_UNAVAILABLE.value());
            this.handlerExceptionResolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new JwtAuthenticationServiceUnavailableException("Unable to process token", e));
        } catch (JwtClientException | JwksClientException e2) {
            log.debug("JWT verification failed due to {}", e2.getMessage());
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            this.handlerExceptionResolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new BadCredentialsException("Unable to verify token", e2));
        }
    }
}
