package eu.arrowhead.common.token;

import eu.arrowhead.common.CommonConstants;
import eu.arrowhead.common.SecurityUtilities;
import eu.arrowhead.common.Utilities;
import eu.arrowhead.common.exception.ArrowheadException;
import eu.arrowhead.common.exception.AuthException;
import eu.arrowhead.common.filter.ArrowheadFilter;
import eu.arrowhead.common.token.TokenUtilities;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.Nullable;

/* loaded from: input_file:eu/arrowhead/common/token/TokenSecurityFilter.class */
public abstract class TokenSecurityFilter extends ArrowheadFilter {
    @Override // eu.arrowhead.common.filter.ArrowheadFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            this.log.debug("Checking access in TokenSecurityFilter...");
            try {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                String stripEndSlash = Utilities.stripEndSlash(httpServletRequest.getRequestURL().toString());
                String certificateCNFromRequest = getCertificateCNFromRequest(httpServletRequest);
                if (certificateCNFromRequest == null) {
                    this.log.error("Unauthorized access: {}", stripEndSlash);
                    throw new AuthException("Unauthorized access: " + stripEndSlash);
                }
                String parameter = httpServletRequest.getParameter(CommonConstants.REQUEST_PARAM_TOKEN);
                if (Utilities.isEmpty(parameter)) {
                    this.log.error("Unauthorized access: {}, no token is specified", stripEndSlash);
                    throw new AuthException("Unauthorized access: " + stripEndSlash + ", no token is specified");
                }
                checkToken(certificateCNFromRequest, parameter, stripEndSlash);
            } catch (ArrowheadException e) {
                handleException(e, servletResponse);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected abstract PrivateKey getMyPrivateKey();

    protected abstract PublicKey getAuthorizationPublicKey();

    protected TokenSecurityFilter() {
    }

    protected TokenUtilities.TokenInfo checkToken(String str, String str2, String str3) {
        String str4 = str.split("\\.")[0];
        TokenUtilities.TokenInfo validateTokenAndExtractTokenInfo = TokenUtilities.validateTokenAndExtractTokenInfo(str2, getAuthorizationPublicKey(), getMyPrivateKey());
        if (str4.equalsIgnoreCase(validateTokenAndExtractTokenInfo.getConsumerName())) {
            return validateTokenAndExtractTokenInfo;
        }
        this.log.error("Client CN ({}) and token information ({}) is mismatched at: {}", str, validateTokenAndExtractTokenInfo.getConsumerName(), str3);
        throw new AuthException("Unauthorized accesss: " + str3 + ", invalid token.");
    }

    @Nullable
    private String getCertificateCNFromRequest(HttpServletRequest httpServletRequest) {
        return SecurityUtilities.getCertificateCNFromRequest(httpServletRequest);
    }
}
