package org.opentestfactory.services.components.auth;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.proc.JWSVerifierFactory;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.MutableHttpResponse;
import io.micronaut.http.annotation.Filter;
import io.micronaut.http.filter.HttpServerFilter;
import io.micronaut.http.filter.ServerFilterChain;
import io.reactivex.rxjava3.core.Flowable;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.ParseException;
import java.util.Iterator;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Filter({"/**"})
/* loaded from: input_file:org/opentestfactory/services/components/auth/JwtAuthFilter.class */
public class JwtAuthFilter implements HttpServerFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthFilter.class);
    private static final String AUTHORIZATION = "Authorization";
    private AuthConfiguration authConfiguration;

    public JwtAuthFilter(AuthConfiguration authConfiguration) {
        this.authConfiguration = authConfiguration;
        LOGGER.debug("JWTAuth filter created, {} mode.", authConfiguration.anonymousAllowed() ? "test" : "secure");
    }

    public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> httpRequest, ServerFilterChain serverFilterChain) {
        LOGGER.trace("Applying JWT auth filter");
        if (this.authConfiguration.anonymousAllowed() && (httpRequest.getServerAddress().getAddress().isLoopbackAddress() || httpRequest.getServerAddress().getAddress().isAnyLocalAddress())) {
            return serverFilterChain.proceed(httpRequest);
        }
        String str = (String) httpRequest.getHeaders().get(AUTHORIZATION);
        return (str == null || str.trim().length() == 0) ? sendJsonErrorStatus("Unauthenticated", 401) : checkAuthorizationHeader(str, serverFilterChain, httpRequest);
    }

    private Publisher<MutableHttpResponse<?>> checkAuthorizationHeader(String str, ServerFilterChain serverFilterChain, HttpRequest<?> httpRequest) {
        String[] split = str.split(" ");
        return (split.length == 2 && "bearer".equalsIgnoreCase(split[0])) ? isValidHeader(split[1]) ? serverFilterChain.proceed(httpRequest) : sendInvalidTokenError() : sendInvalidTokenError();
    }

    private boolean isValidHeader(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            DefaultJWSVerifierFactory defaultJWSVerifierFactory = new DefaultJWSVerifierFactory();
            Iterator<File> it = this.authConfiguration.trustedAutorities().iterator();
            while (it.hasNext()) {
                if (checkTokenAgainstPublicKey(it.next(), defaultJWSVerifierFactory, parse)) {
                    return true;
                }
            }
            return false;
        } catch (ParseException e) {
            LOGGER.debug("Token parsing error", e);
            return false;
        }
    }

    private boolean checkTokenAgainstPublicKey(File file, JWSVerifierFactory jWSVerifierFactory, SignedJWT signedJWT) {
        try {
            FileReader fileReader = new FileReader(file);
            try {
                if (signedJWT.verify(jWSVerifierFactory.createJWSVerifier(signedJWT.getHeader(), new JcaPEMKeyConverter().getPublicKey(SubjectPublicKeyInfo.getInstance(new PEMParser(fileReader).readObject()))))) {
                    fileReader.close();
                    return true;
                }
                fileReader.close();
                return false;
            } catch (Throwable th) {
                try {
                    fileReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e) {
            LOGGER.error("Error while reading Public Key", e);
            return false;
        } catch (JOSEException e2) {
            LOGGER.debug("Token parsing error", e2);
            return false;
        } catch (PEMException e3) {
            LOGGER.error("Token could not be verified by the provided public key : " + file.getPath(), e3);
            return false;
        }
    }

    private Publisher<MutableHttpResponse<?>> sendInvalidTokenError() {
        return sendJsonErrorStatus("Invalid token", 403);
    }

    private Publisher<MutableHttpResponse<?>> sendJsonErrorStatus(String str, int i) {
        try {
            return Flowable.just(HttpResponse.status(HttpStatus.valueOf(i)).body(new ObjectMapper().writeValueAsString(new UnauthorizedStatus(str))).characterEncoding(StandardCharsets.UTF_8).contentType("application/json"));
        } catch (JsonProcessingException e) {
            LOGGER.error("Error sending JSON error response: {}", e.getMessage());
            return Flowable.error(e);
        }
    }
}
