package org.apache.streampipes.rest.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.streampipes.commons.constants.HttpConstants;
import org.apache.streampipes.model.client.user.Principal;
import org.apache.streampipes.model.client.user.ServiceAccount;
import org.apache.streampipes.model.client.user.UserAccount;
import org.apache.streampipes.storage.api.IUserStorage;
import org.apache.streampipes.storage.management.StorageDispatcher;
import org.apache.streampipes.user.management.jwt.JwtTokenProvider;
import org.apache.streampipes.user.management.model.ServiceAccountDetails;
import org.apache.streampipes.user.management.model.UserAccountDetails;
import org.apache.streampipes.user.management.service.TokenService;
import org.apache.streampipes.user.management.util.TokenUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/streampipes-rest-0.69.0.jar:org/apache/streampipes/rest/filter/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends OncePerRequestFilter {
    private final JwtTokenProvider tokenProvider = new JwtTokenProvider();
    private final IUserStorage userStorage = StorageDispatcher.INSTANCE.getNoSqlStore().getUserStorageAPI();
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TokenAuthenticationFilter.class);

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            String jwtFromRequest = getJwtFromRequest(httpServletRequest);
            if (StringUtils.hasText(jwtFromRequest) && this.tokenProvider.validateJwtToken(jwtFromRequest)) {
                applySuccessfulAuth(httpServletRequest, this.tokenProvider.getUserIdFromToken(jwtFromRequest));
            } else {
                String apiKeyFromRequest = getApiKeyFromRequest(httpServletRequest);
                String apiUserFromRequest = getApiUserFromRequest(httpServletRequest);
                if (StringUtils.hasText(apiKeyFromRequest) && StringUtils.hasText(apiUserFromRequest)) {
                    if (new TokenService().hasValidToken(apiUserFromRequest, TokenUtil.hashToken(apiKeyFromRequest))) {
                        applySuccessfulAuth(httpServletRequest, apiUserFromRequest);
                    }
                }
            }
        } catch (Exception e) {
            logger.error("Could not set user authentication in security context", (Throwable) e);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void applySuccessfulAuth(HttpServletRequest httpServletRequest, String str) {
        Principal user = this.userStorage.getUser(str);
        UserDetails userAccountDetails = user instanceof UserAccount ? new UserAccountDetails((UserAccount) user) : new ServiceAccountDetails((ServiceAccount) user);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userAccountDetails, null, userAccountDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
    }

    private String getJwtFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.hasText(header) && header.startsWith(HttpConstants.BEARER)) {
            return header.substring(7);
        }
        return null;
    }

    private String getApiKeyFromRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HttpConstants.X_API_KEY);
    }

    private String getApiUserFromRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HttpConstants.X_API_USER);
    }
}
