package org.squashtest.tm.web.config;

import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import org.squashtest.tm.api.security.authentication.ApiTokenPermissionsExemptionEndPoint;
import org.squashtest.tm.service.internal.security.SquashUserDetailsManager;
import org.squashtest.tm.service.jwt.JwtTokenService;
import org.squashtest.tm.service.user.UserManagerService;

@Component
/* loaded from: input_file:org/squashtest/tm/web/config/JwtTokenFilter.class */
public class JwtTokenFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenFilter.class);

    @Inject
    @Named("squashtest.core.security.JdbcUserDetailsManager")
    private SquashUserDetailsManager userManager;

    @Inject
    private JwtTokenService jwtTokenService;

    @Inject
    private JwtConfig jwtConfig;

    @Inject
    private UserManagerService userManagerService;

    @Autowired(required = false)
    private List<ApiTokenPermissionsExemptionEndPoint> tokenPermissionsExemptionEndPoints = Collections.emptyList();

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            String extractTokenFromRequest = extractTokenFromRequest(httpServletRequest);
            List list = this.tokenPermissionsExemptionEndPoints.stream().map((v0) -> {
                return v0.getIgnorePermissionsEndPoints();
            }).flatMap((v0) -> {
                return v0.stream();
            }).toList();
            if (extractTokenFromRequest != null && this.jwtTokenService.validateApiToken(list, extractTokenFromRequest, this.jwtConfig.getJwtSecret(), httpServletRequest)) {
                UserDetails loadUserByUsername = this.userManager.loadUserByUsername(this.userManagerService.findLoginByUserId(Long.parseLong(this.jwtTokenService.getUserIdFromToken(extractTokenFromRequest, this.jwtConfig.getJwtSecret()))));
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities()));
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (BadCredentialsException e) {
            LOGGER.error("Invalid token", e);
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(401, e.getMessage());
        }
    }

    private String extractTokenFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.hasText(header) && header.startsWith("Bearer ")) {
            return header.substring(7);
        }
        return null;
    }
}
