package cronapp.framework.authentication.token;

import cronapi.TokenUtils;
import cronapp.framework.api.ApiManager;
import java.io.IOException;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

/* loaded from: input_file:cronapp/framework/authentication/token/AuthenticationTokenFilter.class */
public class AuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
    private final boolean useApiManager;

    public AuthenticationTokenFilter(boolean z) {
        this.useApiManager = z;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Set<GrantedAuthority> set;
        User build;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("X-AUTH-TOKEN");
        if (header == null || header.isBlank()) {
            header = TokenUtils.getTokenFromCookie(httpServletRequest.getCookies());
        }
        String usernameFromToken = TokenUtils.getUsernameFromToken(header);
        if (usernameFromToken != null && SecurityContextHolder.getContext().getAuthentication() == null && TokenUtils.getScopeFromToken(header).isEmpty() && !TokenUtils.isTokenExpired(header)) {
            if ("local".equals(TokenUtils.getIssuerFromToken(header)) && this.useApiManager) {
                set = ApiManager.byUser(usernameFromToken).getAuthorities();
                cronapp.framework.api.User user = new cronapp.framework.api.User(usernameFromToken);
                build = new User(user.getUsername(), user.getPassword(), false, false, false, false, set);
            } else {
                set = (Set) TokenUtils.getAuthoritiesFromToken(header).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet());
                build = User.withUsername(usernameFromToken).password("").authorities(set).build();
            }
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(build, (Object) null, set);
            usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        }
        filterChain.doFilter(httpServletRequest, servletResponse);
    }
}
