package de.tschuehly.htmx.spring.supabase.auth.security;

import com.auth0.jwt.exceptions.IncorrectClaimException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import de.tschuehly.htmx.spring.supabase.auth.config.SupabaseProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.web.filter.OncePerRequestFilter;

/* compiled from: SupabaseJwtFilter.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u001d2\u00020\u0001:\u0001\u001dB\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ \u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015H\u0002J \u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0017\u001a\u00020\u0018H\u0014J\u001e\u0010\u0019\u001a\u0004\u0018\u00010\u00112\b\u0010\u001a\u001a\u0004\u0018\u00010\u00112\b\u0010\u001b\u001a\u0004\u0018\u00010\u001cH\u0002R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\t\u001a\n \u000b*\u0004\u0018\u00010\n0\nX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"Lde/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter;", "Lorg/springframework/web/filter/OncePerRequestFilter;", "authenticationManager", "Lorg/springframework/security/authentication/AuthenticationManager;", "supabaseProperties", "Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;", "authenticationEntryPoint", "Lorg/springframework/security/web/AuthenticationEntryPoint;", "(Lorg/springframework/security/authentication/AuthenticationManager;Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;Lorg/springframework/security/web/AuthenticationEntryPoint;)V", "securityContextHolderStrategy", "Lorg/springframework/security/core/context/SecurityContextHolderStrategy;", "kotlin.jvm.PlatformType", "securityContextRepository", "Lorg/springframework/security/web/context/SecurityContextRepository;", "authenticate", "", "jwt", "", "request", "Ljakarta/servlet/http/HttpServletRequest;", "response", "Ljakarta/servlet/http/HttpServletResponse;", "doFilterInternal", "filterChain", "Ljakarta/servlet/FilterChain;", "getJwtString", "header", "cookie", "Ljakarta/servlet/http/Cookie;", "Companion", "htmx-supabase-spring-boot-starter"})
@SourceDebugExtension({"SMAP\nSupabaseJwtFilter.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SupabaseJwtFilter.kt\nde/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,90:1\n1#2:91\n*E\n"})
/* loaded from: input_file:de/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter.class */
public final class SupabaseJwtFilter extends OncePerRequestFilter {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final AuthenticationManager authenticationManager;

    @NotNull
    private final SupabaseProperties supabaseProperties;

    @NotNull
    private final AuthenticationEntryPoint authenticationEntryPoint;
    private final SecurityContextHolderStrategy securityContextHolderStrategy;

    @NotNull
    private final SecurityContextRepository securityContextRepository;

    /* compiled from: SupabaseJwtFilter.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\b\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J$\u0010\u0003\u001a\u00020\u0004*\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\b\b\u0002\u0010\n\u001a\u00020\u000b¨\u0006\f"}, d2 = {"Lde/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter$Companion;", "", "()V", "setJWTCookie", "", "Ljakarta/servlet/http/HttpServletResponse;", "accessToken", "", "supabaseProperties", "Lde/tschuehly/htmx/spring/supabase/auth/config/SupabaseProperties;", "maxAge", "", "htmx-supabase-spring-boot-starter"})
    /* loaded from: input_file:de/tschuehly/htmx/spring/supabase/auth/security/SupabaseJwtFilter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public final void setJWTCookie(@NotNull HttpServletResponse httpServletResponse, @NotNull String str, @NotNull SupabaseProperties supabaseProperties, int i) {
            Intrinsics.checkNotNullParameter(httpServletResponse, "<this>");
            Intrinsics.checkNotNullParameter(str, "accessToken");
            Intrinsics.checkNotNullParameter(supabaseProperties, "supabaseProperties");
            Cookie cookie = new Cookie("JWT", str);
            cookie.setSecure(supabaseProperties.getSslOnly());
            cookie.setHttpOnly(true);
            cookie.setPath("/");
            cookie.setMaxAge(i);
            httpServletResponse.addCookie(cookie);
        }

        public static /* synthetic */ void setJWTCookie$default(Companion companion, HttpServletResponse httpServletResponse, String str, SupabaseProperties supabaseProperties, int i, int i2, Object obj) {
            if ((i2 & 4) != 0) {
                i = 6000;
            }
            companion.setJWTCookie(httpServletResponse, str, supabaseProperties, i);
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public SupabaseJwtFilter(@NotNull AuthenticationManager authenticationManager, @NotNull SupabaseProperties supabaseProperties, @NotNull AuthenticationEntryPoint authenticationEntryPoint) {
        Intrinsics.checkNotNullParameter(authenticationManager, "authenticationManager");
        Intrinsics.checkNotNullParameter(supabaseProperties, "supabaseProperties");
        Intrinsics.checkNotNullParameter(authenticationEntryPoint, "authenticationEntryPoint");
        this.authenticationManager = authenticationManager;
        this.supabaseProperties = supabaseProperties;
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.securityContextRepository = new RequestAttributeSecurityContextRepository();
    }

    protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) {
        Cookie cookie;
        Intrinsics.checkNotNullParameter(httpServletRequest, "request");
        Intrinsics.checkNotNullParameter(httpServletResponse, "response");
        Intrinsics.checkNotNullParameter(filterChain, "filterChain");
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            int length = cookies.length;
            while (true) {
                if (i >= length) {
                    cookie = null;
                    break;
                }
                Cookie cookie2 = cookies[i];
                if (Intrinsics.areEqual(cookie2.getName(), "JWT")) {
                    cookie = cookie2;
                    break;
                }
                i++;
            }
        } else {
            cookie = null;
        }
        String jwtString = getJwtString(httpServletRequest.getHeader("HX-Current-URL"), cookie);
        if (jwtString != null) {
            try {
                authenticate(jwtString, httpServletRequest, httpServletResponse);
            } catch (IncorrectClaimException e) {
                String message = e.getMessage();
                if (message != null ? StringsKt.contains$default(message, "The Token can't be used before", false, 2, (Object) null) : false) {
                    this.logger.debug(e.getMessage());
                    Thread.sleep(1000L);
                    authenticate(jwtString, httpServletRequest, httpServletResponse);
                }
            } catch (TokenExpiredException e2) {
                Companion.setJWTCookie(httpServletResponse, jwtString, this.supabaseProperties, 0);
            }
        }
        filterChain.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse);
    }

    private final void authenticate(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Authentication authenticate = this.authenticationManager.authenticate(new JwtAuthenticationToken(str));
        SecurityContext createEmptyContext = this.securityContextHolderStrategy.createEmptyContext();
        Intrinsics.checkNotNullExpressionValue(createEmptyContext, "createEmptyContext(...)");
        createEmptyContext.setAuthentication(authenticate);
        Companion.setJWTCookie$default(Companion, httpServletResponse, str, this.supabaseProperties, 0, 4, null);
        this.securityContextRepository.saveContext(createEmptyContext, httpServletRequest, httpServletResponse);
    }

    private final String getJwtString(String str, Cookie cookie) {
        if (str != null ? StringsKt.contains$default(str, "#access_token=", false, 2, (Object) null) : false) {
            return StringsKt.substringAfter$default(StringsKt.substringBefore$default(str, "&", (String) null, 2, (Object) null), "#access_token=", (String) null, 2, (Object) null);
        }
        if (cookie != null) {
            return cookie.getValue();
        }
        return null;
    }
}
