package org.opentestfactory.services.components.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.proc.JWSVerifierFactory;
import com.nimbusds.jwt.SignedJWT;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.text.ParseException;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/opentestfactory/services/components/auth/JwtAuthFilter.class */
public class JwtAuthFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthFilter.class);
    private AuthConfiguration cfg;

    public JwtAuthFilter(AuthConfiguration authConfiguration) {
        this.cfg = authConfiguration;
        LOGGER.debug("JWTAuth filter created, {} mode.", authConfiguration.anonymousAllowed() ? "test" : "secure");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        LOGGER.trace("Applying JWT auth filter");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this.cfg.anonymousAllowed() && (httpServletRequest.getLocalAddr().matches("127.0.0.[12]?[0-9]?[0-9]") || httpServletRequest.getLocalAddr().matches("0:0:0:0:0:0:0:[0-9a-f]+"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.trim().length() == 0) {
            sendJsonErrorStatus(servletResponse, "Unauthenticated", 401);
        } else {
            checkAuthorizationHeader(header, filterChain, servletRequest, servletResponse);
        }
    }

    private void checkAuthorizationHeader(String str, FilterChain filterChain, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        String[] split = str.split(" ");
        if (split.length != 2 || !"bearer".equalsIgnoreCase(split[0])) {
            sendInvalidTokenError(servletResponse);
        } else if (isValidHeader(split[1])) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            sendInvalidTokenError(servletResponse);
        }
    }

    private boolean isValidHeader(String str) throws IOException {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            DefaultJWSVerifierFactory defaultJWSVerifierFactory = new DefaultJWSVerifierFactory();
            Iterator<File> it = this.cfg.trustedAutorities().iterator();
            while (it.hasNext()) {
                if (checkTokenAgainstPublicKey(it.next(), defaultJWSVerifierFactory, parse)) {
                    return true;
                }
            }
            return false;
        } catch (ParseException e) {
            LOGGER.debug("Token parsing error", e);
            return false;
        }
    }

    private boolean checkTokenAgainstPublicKey(File file, JWSVerifierFactory jWSVerifierFactory, SignedJWT signedJWT) throws IOException {
        try {
            FileReader fileReader = new FileReader(file);
            try {
                if (signedJWT.verify(jWSVerifierFactory.createJWSVerifier(signedJWT.getHeader(), new JcaPEMKeyConverter().getPublicKey(SubjectPublicKeyInfo.getInstance(new PEMParser(fileReader).readObject()))))) {
                    fileReader.close();
                    return true;
                }
                fileReader.close();
                return false;
            } catch (Throwable th) {
                try {
                    fileReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (JOSEException e) {
            LOGGER.debug("Token parsing error", e);
            return false;
        } catch (PEMException e2) {
            LOGGER.error("Token could not be verified by the provided public key : " + file.getPath(), e2);
            return false;
        }
    }

    private void sendInvalidTokenError(ServletResponse servletResponse) throws IOException {
        sendJsonErrorStatus(servletResponse, "Invalid token", 403);
    }

    private void sendJsonErrorStatus(ServletResponse servletResponse, String str, int i) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(new ObjectMapper().writeValueAsString(new UnauthorizedStatus(str)));
        httpServletResponse.setStatus(i);
    }
}
