package net.seedboxer.seedboxer.ws.security;

import java.io.IOException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.seedboxer.seedboxer.core.domain.Token;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component
/* loaded from: input_file:WEB-INF/classes/net/seedboxer/seedboxer/ws/security/AuthenticationAPIKeyFilter.class */
public class AuthenticationAPIKeyFilter extends GenericFilterBean {
    private static final String APIKEY_PARAM = "apikey";
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

    @Autowired
    private AuthenticationAPIKeyEntryPoint authenticationEntryPoint;

    @Autowired
    private SeedBoxerUDS seedboxerUDS;

    public void setSeedboxerUDS(SeedBoxerUDS seedBoxerUDS) {
        this.seedboxerUDS = seedBoxerUDS;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Map parameterMap = httpServletRequest.getParameterMap();
        if (parameterMap.containsKey(APIKEY_PARAM)) {
            String str = ((String[]) parameterMap.get(APIKEY_PARAM))[0];
            if (!Token.validate(str)) {
                fail(httpServletRequest, httpServletResponse, new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound", new Object[]{str}, "Invalid APIKey {0}")));
                return;
            } else {
                try {
                    SecurityContextHolder.getContext().setAuthentication(createSuccessfulAuthentication(httpServletRequest, this.seedboxerUDS.loadUserByAPIKey(str)));
                } catch (UsernameNotFoundException e) {
                    fail(httpServletRequest, httpServletResponse, new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound", new Object[]{str}, "User with APIKey {0} not found")));
                    return;
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private Authentication createSuccessfulAuthentication(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return usernamePasswordAuthenticationToken;
    }

    private void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(null);
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }
}
