package org.stellar.anchor.filter;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.stellar.anchor.dto.SepExceptionResponse;
import org.stellar.anchor.exception.SepValidationException;
import org.stellar.anchor.sep10.JwtService;
import org.stellar.anchor.sep10.JwtToken;
import org.stellar.anchor.util.Log;

/* loaded from: input_file:org/stellar/anchor/filter/BaseTokenFilter.class */
public abstract class BaseTokenFilter implements Filter {
    public static final String JWT_TOKEN = "token";
    public static final String OPTIONS = "OPTIONS";
    public static final String APPLICATION_JSON_VALUE = "application/json";
    final Gson gson = new GsonBuilder().setPrettyPrinting().create();
    final JwtService jwtService;

    public BaseTokenFilter(JwtService jwtService) {
        this.jwtService = jwtService;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("the request must be a HttpServletRequest");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("the request must be a HttpServletRequest");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getMethod().equals(OPTIONS)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            sendForbiddenError(httpServletResponse);
            return;
        }
        if (!header.contains("Bearer")) {
            sendForbiddenError(httpServletResponse);
            return;
        }
        try {
            try {
                JwtToken decode = this.jwtService.decode(header.split(" ")[1]);
                validate(decode);
                Log.infoF("token created. account={} url={}", Log.shorter(decode.getAccount()), httpServletRequest.getRequestURL());
                Log.debug(String.format("storing token to request %s:", httpServletRequest.getRequestURL()), decode);
                httpServletRequest.setAttribute(JWT_TOKEN, decode);
                filterChain.doFilter(servletRequest, servletResponse);
            } catch (Exception e) {
                sendForbiddenError(httpServletResponse);
            }
        } catch (Exception e2) {
            sendForbiddenError(httpServletResponse);
        }
    }

    protected abstract void validate(JwtToken jwtToken) throws SepValidationException;

    private void sendForbiddenError(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType(APPLICATION_JSON_VALUE);
        httpServletResponse.getWriter().print(this.gson.toJson(new SepExceptionResponse("forbidden")));
    }

    protected abstract boolean isEnabled();

    public void destroy() {
    }
}
