package org.apache.streampipes.service.extensions.security;

import com.fasterxml.jackson.core.JsonProcessingException;
import io.jsonwebtoken.Claims;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apache.streampipes.model.UserInfo;
import org.apache.streampipes.security.jwt.JwtTokenUtils;
import org.apache.streampipes.security.jwt.JwtTokenValidator;
import org.apache.streampipes.security.jwt.PublicKeyResolver;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/apache/streampipes/service/extensions/security/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends OncePerRequestFilter {
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            String jwtFromRequest = getJwtFromRequest(httpServletRequest);
            if (StringUtils.hasText(jwtFromRequest) && JwtTokenValidator.validateJwtToken(jwtFromRequest, new PublicKeyResolver())) {
                applySuccessfulAuth(httpServletRequest, JwtTokenUtils.getClaimsFromToken(jwtFromRequest, new PublicKeyResolver()));
            }
        } catch (Exception e) {
            this.logger.error("Could not set user authentication in security context", e);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private String getJwtFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.hasText(header) && header.startsWith("Bearer ")) {
            return header.substring(7);
        }
        return null;
    }

    private void applySuccessfulAuth(HttpServletRequest httpServletRequest, Claims claims) throws JsonProcessingException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(parseUserInfo((Map) claims.get("user")), (Object) null, (Collection) null);
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
    }

    private UserInfo parseUserInfo(Map<String, Object> map) {
        UserInfo userInfo = new UserInfo();
        userInfo.setUsername(map.get("username").toString());
        userInfo.setDisplayName(map.get("displayName").toString());
        userInfo.setRoles(new HashSet((List) map.get("roles")));
        return userInfo;
    }
}
