package com.capitalone.dashboard.auth.token;

import com.capitalone.dashboard.auth.AuthProperties;
import com.google.common.collect.Sets;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/capitalone/dashboard/auth/token/TokenAuthenticationServiceImpl.class */
public class TokenAuthenticationServiceImpl implements TokenAuthenticationService {
    private static final String AUTHORIZATION = "Authorization";
    private static final String AUTH_PREFIX_W_SPACE = "Bearer ";
    private static final String AUTH_RESPONSE_HEADER = "X-Authentication-Token";
    private static final String ROLES_CLAIM = "roles";
    private static final String DETAILS_CLAIM = "details";
    private AuthProperties tokenAuthProperties;

    @Autowired
    public TokenAuthenticationServiceImpl(AuthProperties authProperties) {
        this.tokenAuthProperties = authProperties;
    }

    @Override // com.capitalone.dashboard.auth.token.TokenAuthenticationService
    public void addAuthentication(HttpServletResponse httpServletResponse, Authentication authentication) {
        httpServletResponse.addHeader(AUTH_RESPONSE_HEADER, Jwts.builder().setSubject(authentication.getName()).claim("details", authentication.getDetails()).claim(ROLES_CLAIM, getRoles(authentication.getAuthorities())).setExpiration(new Date(System.currentTimeMillis() + this.tokenAuthProperties.getExpirationTime().longValue())).signWith(SignatureAlgorithm.HS512, this.tokenAuthProperties.getSecret()).compact());
    }

    @Override // com.capitalone.dashboard.auth.token.TokenAuthenticationService
    public Authentication getAuthentication(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isBlank(header)) {
            return null;
        }
        try {
            Claims body = Jwts.parser().setSigningKey(this.tokenAuthProperties.getSecret()).parseClaimsJws(StringUtils.removeStart(header, AUTH_PREFIX_W_SPACE)).getBody();
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(body.getSubject(), null, getAuthorities((Collection) body.get(ROLES_CLAIM, Collection.class)));
            preAuthenticatedAuthenticationToken.setDetails(body.get("details"));
            return preAuthenticatedAuthenticationToken;
        } catch (ExpiredJwtException e) {
            return null;
        }
    }

    private Collection<String> getRoles(Collection<? extends GrantedAuthority> collection) {
        HashSet newHashSet = Sets.newHashSet();
        collection.forEach(grantedAuthority -> {
            newHashSet.add(grantedAuthority.getAuthority());
        });
        return newHashSet;
    }

    private Collection<? extends GrantedAuthority> getAuthorities(Collection<String> collection) {
        HashSet newHashSet = Sets.newHashSet();
        collection.forEach(str -> {
            newHashSet.add(new SimpleGrantedAuthority(str));
        });
        return newHashSet;
    }
}
