package org.cloudfoundry.multiapps.controller.web.security;

import com.sap.cloudfoundry.client.facade.oauth2.OAuth2AccessTokenWithAdditionalInfo;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
import org.cloudfoundry.multiapps.controller.core.util.SSLUtil;
import org.cloudfoundry.multiapps.controller.core.util.SecurityUtil;
import org.cloudfoundry.multiapps.controller.core.util.UserInfo;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.cloudfoundry.multiapps.controller.web.util.TokenGeneratorFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.server.ResponseStatusException;

@Named
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/security/AuthenticationLoaderFilter.class */
public class AuthenticationLoaderFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationLoaderFilter.class);
    private final TokenGeneratorFactory tokenGeneratorFactory;

    @Inject
    public AuthenticationLoaderFilter(TokenGeneratorFactory tokenGeneratorFactory, ApplicationConfiguration applicationConfiguration) {
        this.tokenGeneratorFactory = tokenGeneratorFactory;
        if (applicationConfiguration.shouldSkipSslValidation().booleanValue()) {
            SSLUtil.disableSSLValidation();
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            failWithUnauthorized(Messages.NO_AUTHORIZATION_HEADER_WAS_PROVIDED);
        }
        loadAuthenticationInContext(SecurityUtil.getTokenUserInfo(generateOauthToken(header)));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void failWithUnauthorized(String str) {
        SecurityContextHolder.clearContext();
        LOGGER.error(str);
        throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, str);
    }

    private OAuth2AccessTokenWithAdditionalInfo generateOauthToken(String str) {
        String[] split = str.split("\\s");
        return this.tokenGeneratorFactory.createGenerator(split[0]).generate(split[1]);
    }

    private void loadAuthenticationInContext(UserInfo userInfo) {
        SecurityContextHolder.getContext().setAuthentication(SecurityUtil.createAuthentication(userInfo));
    }
}
