package com.mware.web.auth;

import com.google.common.base.Preconditions;
import com.mware.core.bootstrap.InjectHelper;
import com.mware.core.exception.BcException;
import com.mware.core.model.user.GeUser;
import com.mware.core.model.user.UserRepository;
import com.mware.core.security.AuthToken;
import com.mware.core.security.AuthTokenException;
import com.mware.core.util.BcLogger;
import com.mware.core.util.BcLoggerFactory;
import com.mware.ge.values.storable.Values;
import com.mware.web.CurrentUser;
import java.io.IOException;
import javax.crypto.SecretKey;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/mware/web/auth/AuthTokenFilter.class */
public class AuthTokenFilter implements Filter {
    private static final BcLogger LOGGER = BcLoggerFactory.getLogger(AuthTokenFilter.class);
    private static final int MIN_AUTH_TOKEN_EXPIRATION_MINS = 1;
    public static final String TOKEN_COOKIE_NAME = "JWT";
    public static final String TOKEN_HEADER_NAME = "BC-AuthToken";
    private SecretKey tokenSigningKey;
    private long tokenValidityDurationInMinutes;
    private int tokenExpirationToleranceInSeconds;
    private UserRepository userRepository;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.tokenValidityDurationInMinutes = Long.parseLong(getRequiredInitParameter(filterConfig, "web.ui.auth.token.expiration_minutes"));
        if (this.tokenValidityDurationInMinutes < 1) {
            throw new BcException("Configuration: 'web.ui.auth.token.expiration_minutes' must be at least 1 minute(s)");
        }
        this.tokenExpirationToleranceInSeconds = Integer.parseInt(getRequiredInitParameter(filterConfig, "auth.token.expiration_tolerance_seconds"));
        String requiredInitParameter = getRequiredInitParameter(filterConfig, "auth.token.password");
        String requiredInitParameter2 = getRequiredInitParameter(filterConfig, "auth.token.salt");
        this.userRepository = (UserRepository) InjectHelper.getInstance(UserRepository.class);
        try {
            this.tokenSigningKey = AuthToken.generateKey(requiredInitParameter, requiredInitParameter2);
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException {
        try {
            AuthToken authToken = getAuthToken(httpServletRequest);
            AuthTokenHttpResponse authTokenHttpResponse = new AuthTokenHttpResponse(authToken, httpServletRequest, httpServletResponse, this.tokenSigningKey, this.tokenValidityDurationInMinutes);
            if (authToken != null) {
                if (authToken.isExpired(this.tokenExpirationToleranceInSeconds)) {
                    authTokenHttpResponse.invalidateAuthentication();
                } else {
                    GeUser findById = this.userRepository.findById(authToken.getUserId());
                    if (findById != null) {
                        if (findById instanceof GeUser) {
                            findById.setProperty("jwt", Values.stringValue(authToken.serialize()));
                        }
                        CurrentUser.set(httpServletRequest, findById);
                    } else {
                        authTokenHttpResponse.invalidateAuthentication();
                    }
                }
            }
            filterChain.doFilter(httpServletRequest, authTokenHttpResponse);
        } catch (Exception e) {
            LOGGER.warn("Auth token signature verification failed", e);
            httpServletResponse.sendError(401);
        }
    }

    public void destroy() {
    }

    private AuthToken getAuthToken(HttpServletRequest httpServletRequest) throws AuthTokenException {
        if (httpServletRequest.getHeader(TOKEN_HEADER_NAME) != null) {
            return AuthToken.parse(httpServletRequest.getHeader(TOKEN_HEADER_NAME), this.tokenSigningKey);
        }
        Cookie tokenCookie = getTokenCookie(httpServletRequest);
        if (tokenCookie != null) {
            return AuthToken.parse(tokenCookie.getValue(), this.tokenSigningKey);
        }
        return null;
    }

    private Cookie getTokenCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        Cookie cookie = null;
        for (Cookie cookie2 : cookies) {
            if (cookie2.getName().equals(TOKEN_COOKIE_NAME)) {
                if (StringUtils.isEmpty(cookie2.getValue())) {
                    return null;
                }
                cookie = cookie2;
            }
        }
        return cookie;
    }

    private String getRequiredInitParameter(FilterConfig filterConfig, String str) {
        String initParameter = filterConfig.getInitParameter(str);
        Preconditions.checkNotNull(initParameter, "FilterConfig init parameter '" + str + "' was not set.");
        return initParameter;
    }
}
