package net.coder966.spring.multisecurityrealms.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import net.coder966.spring.multisecurityrealms.authentication.SecurityRealmAnonymousAuthentication;
import net.coder966.spring.multisecurityrealms.authentication.SecurityRealmAuthentication;
import net.coder966.spring.multisecurityrealms.converter.AuthenticationTokenConverter;
import net.coder966.spring.multisecurityrealms.dto.AuthenticationResponse;
import net.coder966.spring.multisecurityrealms.reflection.SecurityRealmDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:net/coder966/spring/multisecurityrealms/filter/SecurityRealmAuthenticationFilter.class */
public class SecurityRealmAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(SecurityRealmAuthenticationFilter.class);
    private final SecurityRealmDescriptor descriptor;
    private final ObjectMapper objectMapper;
    private final AuthenticationTokenConverter authenticationTokenConverter;

    public SecurityRealmAuthenticationFilter(SecurityRealmDescriptor securityRealmDescriptor, AuthenticationTokenConverter authenticationTokenConverter, ObjectMapper objectMapper) {
        this.descriptor = securityRealmDescriptor;
        this.objectMapper = objectMapper;
        this.authenticationTokenConverter = authenticationTokenConverter;
    }

    private boolean matchesLogin(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && this.descriptor.getAuthenticationEndpointRequestMatcher().matches(httpServletRequest);
    }

    private boolean matchesPublicApi(HttpServletRequest httpServletRequest) {
        return this.descriptor.getPublicApisRequestMatchers().stream().anyMatch(requestMatcher -> {
            return requestMatcher.matches(httpServletRequest);
        });
    }

    public boolean handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SecurityRealmAuthentication extractAuthenticationFromRequest = extractAuthenticationFromRequest(httpServletRequest);
        if (extractAuthenticationFromRequest != null) {
            setAuthenticationInContext(extractAuthenticationFromRequest);
        }
        if (matchesLogin(httpServletRequest)) {
            handleLogin(httpServletRequest, httpServletResponse, extractAuthenticationFromRequest);
            return true;
        }
        if (!matchesPublicApi(httpServletRequest) || extractAuthenticationFromRequest != null) {
            return false;
        }
        setAuthenticationInContext(new SecurityRealmAnonymousAuthentication());
        return false;
    }

    private void handleLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityRealmAuthentication securityRealmAuthentication) {
        SecurityRealmAuthentication invoke;
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        authenticationResponse.setRealm(this.descriptor.getName());
        if (securityRealmAuthentication != null && securityRealmAuthentication.isAuthenticated()) {
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            authenticationResponse.setError("Already fully authenticated");
            writeAuthenticationResponse(authenticationResponse, httpServletResponse);
            return;
        }
        String firstStepName = securityRealmAuthentication == null ? this.descriptor.getFirstStepName() : securityRealmAuthentication.getNextAuthenticationStep();
        try {
            invoke = this.descriptor.getAuthenticationStepInvokers().get(firstStepName).invoke(httpServletRequest, httpServletResponse, securityRealmAuthentication);
        } catch (AuthenticationException e) {
            authenticationResponse.setToken(extractTokenFromRequest(httpServletRequest));
            authenticationResponse.setNextAuthenticationStep(firstStepName);
            authenticationResponse.setError(e.getMessage());
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        }
        if (invoke == null) {
            throw new IllegalStateException("You should not return a null SecurityRealmAuthentication. To indicate authentication failure, throw exceptions of type AuthenticationException.");
        }
        invoke.setRealmName(this.descriptor.getName());
        authenticationResponse.setToken(this.authenticationTokenConverter.createToken(invoke));
        authenticationResponse.setNextAuthenticationStep(invoke.getNextAuthenticationStep());
        writeAuthenticationResponse(authenticationResponse, httpServletResponse);
    }

    private SecurityRealmAuthentication extractAuthenticationFromRequest(HttpServletRequest httpServletRequest) {
        SecurityRealmAuthentication verifyToken;
        String extractTokenFromRequest = extractTokenFromRequest(httpServletRequest);
        if (extractTokenFromRequest == null || (verifyToken = this.authenticationTokenConverter.verifyToken(extractTokenFromRequest)) == null || !verifyToken.getRealmName().equals(this.descriptor.getName())) {
            return null;
        }
        return verifyToken;
    }

    private String extractTokenFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        if (header.toUpperCase().startsWith("BEARER ")) {
            header = header.substring(7);
        }
        return header.trim();
    }

    private void setAuthenticationInContext(Authentication authentication) {
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }

    private void writeAuthenticationResponse(AuthenticationResponse authenticationResponse, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
        httpServletResponse.getWriter().write(this.objectMapper.writeValueAsString(authenticationResponse));
        httpServletResponse.getWriter().close();
    }
}
