package edu.kit.datamanager.security.filter;

import edu.kit.datamanager.exceptions.InvalidAuthenticationException;
import edu.kit.datamanager.exceptions.NoJwtTokenException;
import edu.kit.datamanager.util.JsonMapper;
import edu.kit.datamanager.util.NetworkUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:edu/kit/datamanager/security/filter/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider implements AuthenticationProvider, JsonMapper {
    private final Logger LOGGER;
    private final String secretKey;

    public JwtAuthenticationProvider(String str, Logger logger) {
        this.secretKey = str;
        this.LOGGER = logger;
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthenticationToken.class.isAssignableFrom(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (null == authentication) {
            throw new InvalidAuthenticationException("No authentication received. Aborting authentication.");
        }
        if (authentication instanceof JwtAuthenticationToken) {
            return getJwtAuthentication(((JwtAuthenticationToken) authentication).getToken());
        }
        throw new InvalidAuthenticationException("Provided authentication is not supported. Expecting JwtAuthenticationToken, received " + authentication.getClass() + ".");
    }

    public Authentication getJwtAuthentication(String str) throws AuthenticationException {
        if (null == str) {
            throw new NoJwtTokenException("No JWToken provided. Authentication aborted.");
        }
        try {
            Set entrySet = ((Claims) Jwts.parser().setSigningKey(this.secretKey).parseClaimsJws(str).getBody()).entrySet();
            HashMap hashMap = new HashMap();
            entrySet.forEach(entry -> {
                hashMap.put(entry.getKey(), entry.getValue());
            });
            JwtAuthenticationToken factoryToken = JwtAuthenticationToken.factoryToken(str, hashMap);
            if ((factoryToken instanceof JwtServiceToken) && ((JwtServiceToken) factoryToken).getSources() != null) {
                JwtServiceToken jwtServiceToken = (JwtServiceToken) factoryToken;
                this.LOGGER.debug("Performing source check for JWToken for service {} and sources {}.", jwtServiceToken.getPrincipal(), Arrays.asList(jwtServiceToken.getSources()));
                String remoteAddr = RequestContextHolder.currentRequestAttributes().getRequest().getRemoteAddr();
                this.LOGGER.debug("Trying to match remote address {} with at least one allowed source.", remoteAddr);
                boolean z = false;
                String[] sources = jwtServiceToken.getSources();
                int length = sources.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (NetworkUtils.matches(remoteAddr, sources[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    this.LOGGER.warn("Invalid request from remote address {} to service {} found. Request denied.", remoteAddr, jwtServiceToken.getPrincipal());
                    throw new InvalidAuthenticationException("You are not allowed to authenticate using the provided token from your current location.");
                }
            }
            return factoryToken;
        } catch (MalformedJwtException e) {
            this.LOGGER.debug("Provided token is malformed.", e);
            throw new NoJwtTokenException("The provided token '" + str + "' seems not to be a JWToken.");
        } catch (SignatureException e2) {
            this.LOGGER.debug("Provided token has invalid signature. Secret key seems not to match.", e2);
            throw new InvalidAuthenticationException("Your token signature is invalid. Please check if the token issuer is trusted by the consumer.");
        } catch (ExpiredJwtException e3) {
            this.LOGGER.debug("Provided token has expired. Refresh of login required.", e3);
            throw new InvalidAuthenticationException("Your token has expired. Please refresh your login.");
        }
    }

    public List<SimpleGrantedAuthority> convertRoleListToGrantedAuthorities(Set<String> set) {
        return null == set ? new ArrayList() : (List) set.stream().map((v0) -> {
            return v0.toString();
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }
}
