package dev.galasa.framework.api.authentication.internal;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.InvalidClaimException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.annotations.Activate;

/* loaded from: input_file:dev/galasa/framework/api/authentication/internal/JwtAuthFilter.class */
public class JwtAuthFilter implements Filter {
    private static String SECRET_KEY = "framework.jwt.secret";
    private final Log logger = LogFactory.getLog(getClass());
    private Properties configurationProperties = new Properties();

    @Activate
    void activate(Map<String, Object> map) {
        synchronized (this.configurationProperties) {
            String str = (String) map.get(SECRET_KEY);
            if (str != null) {
                this.configurationProperties.put(SECRET_KEY, str);
            } else {
                this.configurationProperties.remove(SECRET_KEY);
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if ("/auth".equals(httpServletRequest.getServletPath())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getUserPrincipal() != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        if (!stringTokenizer.hasMoreTokens()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!"bearer".equalsIgnoreCase(stringTokenizer.nextToken())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!stringTokenizer.hasMoreTokens()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            DecodedJWT verify = JWT.require(Algorithm.HMAC256(this.configurationProperties.getProperty(SECRET_KEY))).withIssuer(new String[]{"galasa"}).build().verify(stringTokenizer.nextToken());
            filterChain.doFilter(new JwtRequestWrapper(verify.getSubject(), verify.getClaim("role").asString(), httpServletRequest), httpServletResponse);
        } catch (TokenExpiredException e) {
            filterChain.doFilter(servletRequest, servletResponse);
            invalidAuth(httpServletRequest, httpServletResponse, "Jwt has expired " + e);
        } catch (InvalidClaimException e2) {
            filterChain.doFilter(servletRequest, servletResponse);
            invalidAuth(httpServletRequest, httpServletResponse, "Invalid Claims " + e2);
        } catch (SignatureVerificationException e3) {
            filterChain.doFilter(servletRequest, servletResponse);
            invalidAuth(httpServletRequest, httpServletResponse, "Non valid signature " + e3);
        } catch (AlgorithmMismatchException e4) {
            filterChain.doFilter(servletRequest, servletResponse);
            invalidAuth(httpServletRequest, httpServletResponse, "Incorrect Algorithim " + e4);
        }
    }

    private void invalidAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.addHeader("WWW-Authenticate", "Bearer realm=\"Galasa\"");
        httpServletResponse.getWriter().write(str);
    }

    public void destroy() {
    }
}
