package org.genesys.blocks.tokenauth.spring;

import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/genesys/blocks/tokenauth/spring/ApiTokenAuthenticationFilter.class */
public class ApiTokenAuthenticationFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(ApiTokenAuthenticationFilter.class);
    private static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String AUTHORIZATION_TYPE = "API-Token";
    private RequestMatcher requiresAuthenticationRequestMatcher;
    private AuthenticationManager authenticationManager;
    private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();

    public ApiTokenAuthenticationFilter(RequestMatcher requestMatcher, AuthenticationManager authenticationManager) {
        this.requiresAuthenticationRequestMatcher = requestMatcher;
        this.authenticationManager = authenticationManager;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!requiresAuthentication(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            Authentication attemptAuthentication = attemptAuthentication(httpServletRequest, httpServletResponse);
            if (attemptAuthentication == null) {
                return;
            }
            successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, attemptAuthentication);
        } catch (InternalAuthenticationServiceException e) {
            log.error("An internal error occurred while trying to authenticate the user.", e);
            unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
        } catch (AuthenticationException e2) {
            unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e2);
        }
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        SecurityContext createEmptyContext = this.securityContextHolderStrategy.createEmptyContext();
        createEmptyContext.setAuthentication(authentication);
        this.securityContextHolderStrategy.setContext(createEmptyContext);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        this.securityContextHolderStrategy.clearContext();
        log.trace("Failed to process authentication request", authenticationException);
        log.trace("Cleared SecurityContextHolder");
        log.trace("Handling authentication failure");
        httpServletResponse.addHeader("WWW-Authenticate", "Invalid API-Token");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.requiresAuthenticationRequestMatcher.matches(httpServletRequest)) {
            return false;
        }
        Optional ofNullable = Optional.ofNullable(httpServletRequest.getHeader(AUTHORIZATION_HEADER));
        if (ofNullable.isPresent()) {
            return StringUtils.startsWithIgnoreCase((CharSequence) ofNullable.get(), AUTHORIZATION_TYPE);
        }
        return false;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        log.trace("Have {} header: {}", AUTHORIZATION_HEADER, header);
        String trim = StringUtils.removeStartIgnoreCase(header, AUTHORIZATION_TYPE).trim();
        if (trim.length() == 0) {
            throw new AuthenticationCredentialsNotFoundException("Invalid API token");
        }
        log.debug("Received {} token: {}", AUTHORIZATION_TYPE, trim);
        return this.authenticationManager.authenticate(new ApiTokenAuthenticationToken(trim));
    }
}
