package io.convergence_platform.services.security;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.convergence_platform.common.Constants;
import io.convergence_platform.common.annotations.NoAuthorizationRequired;
import io.convergence_platform.common.dto.FailureInfoDTO;
import io.convergence_platform.common.exceptions.ManagedApiException;
import io.convergence_platform.common.helpers.ConvergenceHelpers;
import io.convergence_platform.common.helpers.JsonHelper;
import io.convergence_platform.common.responses.ApiResponse;
import io.convergence_platform.common.responses.Errors;
import io.convergence_platform.common.responses.HttpErrors;
import io.convergence_platform.services.SecurityHelper;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.UUID;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerExecutionChain;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

@Component
/* loaded from: input_file:io/convergence_platform/services/security/AuthorizationTokenValidationFilter.class */
public class AuthorizationTokenValidationFilter extends OncePerRequestFilter {

    @Value("${security.authentication.secret}")
    private String secret;

    @Value("${application.mode}")
    private String mode;

    @Autowired
    private RequestMappingHandlerMapping mapper;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String coalese = ConvergenceHelpers.coalese(httpServletRequest.getServletPath(), httpServletRequest.getPathInfo());
        Exception[] excArr = {null};
        HandlerExecutionChain handlerForURL = getHandlerForURL(httpServletRequest, excArr);
        if (handlerForURL == null) {
            postNotFoundOrMethodNotAllowed(httpServletRequest, httpServletResponse, coalese, excArr[0]);
            return;
        }
        if (isPublicURL(handlerForURL)) {
            callNextFilter(httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        String token = getToken(httpServletRequest.getHeader("Authorization"));
        if (token == null) {
            HttpStatus httpStatus = HttpStatus.FORBIDDEN;
            FailureInfoDTO failureInfoDTO = new FailureInfoDTO();
            failureInfoDTO.setHttpStatusCode(httpStatus.value());
            failureInfoDTO.setCode(Errors.ERR_ACCESS_DENIED);
            failureInfoDTO.setMessage(String.format("The authorization token is invalid for path %s.", coalese));
            failureInfoDTO.setRequestId(ConvergenceHelpers.getRequestIdFromRequest(httpServletRequest));
            failureInfoDTO.setParentRequestId(ConvergenceHelpers.getParentRequestIdFromRequest(httpServletRequest));
            postResponse(httpServletResponse, httpStatus, failureInfoDTO);
            return;
        }
        try {
            processAuthorizationToken(httpServletRequest, httpServletResponse, filterChain, token);
        } catch (Exception e) {
            HttpStatus httpStatus2 = HttpStatus.FORBIDDEN;
            FailureInfoDTO failureInfoDTO2 = new FailureInfoDTO();
            failureInfoDTO2.setHttpStatusCode(httpStatus2.value());
            failureInfoDTO2.setCode(Errors.ERR_ACCESS_DENIED);
            failureInfoDTO2.setMessage("The authorization token verification failed.");
            failureInfoDTO2.setRequestId(ConvergenceHelpers.getRequestIdFromRequest(httpServletRequest));
            failureInfoDTO2.setParentRequestId(ConvergenceHelpers.getParentRequestIdFromRequest(httpServletRequest));
            postResponse(httpServletResponse, httpStatus2, failureInfoDTO2);
        }
    }

    private void postNotFoundOrMethodNotAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Exception exc) throws IOException {
        HttpStatus httpStatus;
        FailureInfoDTO failureInfoDTO = new FailureInfoDTO();
        if (exc instanceof HttpRequestMethodNotSupportedException) {
            httpStatus = HttpStatus.METHOD_NOT_ALLOWED;
            failureInfoDTO.setHttpStatusCode(httpStatus.value());
            failureInfoDTO.setCode(Errors.API_METHOD_NOT_ALLOWED);
            failureInfoDTO.setMessage(String.format("Unable to find resource at path %s %s.", httpServletRequest.getMethod().toUpperCase(), str));
        } else {
            httpStatus = HttpStatus.NOT_FOUND;
            failureInfoDTO.setHttpStatusCode(httpStatus.value());
            failureInfoDTO.setCode(Errors.API_RESOURCE_NOT_FOUND);
            failureInfoDTO.setMessage(String.format("Unable to find resource at path %s.", str));
        }
        failureInfoDTO.setRequestId(ConvergenceHelpers.getRequestIdFromRequest(httpServletRequest));
        failureInfoDTO.setParentRequestId(ConvergenceHelpers.getParentRequestIdFromRequest(httpServletRequest));
        postResponse(httpServletResponse, httpStatus, failureInfoDTO);
    }

    private HandlerExecutionChain getHandlerForURL(HttpServletRequest httpServletRequest, Exception[] excArr) {
        try {
            return this.mapper.getHandler(httpServletRequest);
        } catch (Exception e) {
            excArr[0] = e;
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r1v27, types: [Type extends io.convergence_platform.common.responses.IApiResponseBody, io.convergence_platform.common.responses.IApiResponseBody] */
    private void callNextFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            if (!(e.getCause() instanceof ManagedApiException)) {
                FailureInfoDTO failureInfoDTO = new FailureInfoDTO();
                failureInfoDTO.setHttpStatusCode(HttpErrors.INTERNAL_ERROR);
                failureInfoDTO.setCode(Errors.API_INTERNAL_ERROR);
                if (this.mode.equals("production")) {
                    failureInfoDTO.setMessage("An unexpected error happened during API execution");
                } else {
                    failureInfoDTO.setMessage(e.getMessage());
                }
                failureInfoDTO.setRequestId(ConvergenceHelpers.getRequestIdFromRequest(httpServletRequest));
                failureInfoDTO.setParentRequestId(ConvergenceHelpers.getParentRequestIdFromRequest(httpServletRequest));
                postResponse(httpServletResponse, failureInfoDTO.getHttpStatusCode(), failureInfoDTO);
                return;
            }
            ManagedApiException managedApiException = (ManagedApiException) e.getCause();
            FailureInfoDTO failureInfoDTO2 = new FailureInfoDTO();
            failureInfoDTO2.setHttpStatusCode(managedApiException.getHttpStatusCode());
            failureInfoDTO2.setCode(managedApiException.getCode());
            failureInfoDTO2.setMessage(managedApiException.getMessage());
            failureInfoDTO2.setRequestId(ConvergenceHelpers.getRequestIdFromRequest(httpServletRequest));
            failureInfoDTO2.setParentRequestId(ConvergenceHelpers.getParentRequestIdFromRequest(httpServletRequest));
            ApiResponse from = ApiResponse.from(failureInfoDTO2);
            if (managedApiException.getErrorDetails() != null) {
                from.body = managedApiException.getErrorDetails();
                from.header.setBodyType(from.body.getResponseBodyType());
            }
            postResponse(httpServletResponse, failureInfoDTO2.getHttpStatusCode(), from);
        }
    }

    protected boolean isPublicURL(HandlerExecutionChain handlerExecutionChain) {
        Object handler = handlerExecutionChain.getHandler();
        if (!(handler instanceof HandlerMethod)) {
            return false;
        }
        for (Annotation annotation : ((HandlerMethod) handler).getMethod().getAnnotations()) {
            if (annotation instanceof NoAuthorizationRequired) {
                return true;
            }
        }
        return false;
    }

    private static void postResponse(HttpServletResponse httpServletResponse, HttpStatus httpStatus, FailureInfoDTO failureInfoDTO) throws IOException {
        postResponse(httpServletResponse, httpStatus.value(), ApiResponse.from(failureInfoDTO));
    }

    private static void postResponse(HttpServletResponse httpServletResponse, int i, FailureInfoDTO failureInfoDTO) throws IOException {
        postResponse(httpServletResponse, i, ApiResponse.from(failureInfoDTO));
    }

    private static void postResponse(HttpServletResponse httpServletResponse, int i, ApiResponse apiResponse) throws IOException {
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(i);
        httpServletResponse.getOutputStream().write(JsonHelper.asJsonString(apiResponse).getBytes(StandardCharsets.UTF_8));
    }

    private void processAuthorizationToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str) throws IOException, ServletException {
        try {
            DecodedJWT verifyJwt = SecurityHelper.verifyJwt(JWT.require(SecurityHelper.getJwtAlgorithm(this.secret)).build(), str);
            String subject = verifyJwt.getSubject();
            String asString = verifyJwt.getClaim("user_uuid").asString();
            ArrayList arrayList = new ArrayList();
            if (!verifyJwt.getClaim(Constants.JWT_AUTHORITY_CLAIM_FIELD).isMissing()) {
                Arrays.stream((String[]) verifyJwt.getClaim(Constants.JWT_AUTHORITY_CLAIM_FIELD).asArray(String.class)).forEach(str2 -> {
                    arrayList.add(new SimpleGrantedAuthority(str2));
                });
            }
            ServiceAuthenticationToken serviceAuthenticationToken = new ServiceAuthenticationToken(subject, null, arrayList);
            Claim claim = verifyJwt.getClaim("is_inter_service_call");
            if (claim.isMissing()) {
                if (!verifyJwt.getClaim("user_uuid").isMissing()) {
                    serviceAuthenticationToken.userUuid = UUID.fromString(asString);
                }
                serviceAuthenticationToken.isUser = true;
            } else {
                if (!claim.asBoolean().booleanValue()) {
                    throw new ManagedApiException(HttpErrors.BAD_REQUEST, Errors.ERR_ACCESS_DENIED, "The provided JWT is not valid.");
                }
                serviceAuthenticationToken.isService = true;
                serviceAuthenticationToken.invokerService = verifyJwt.getSubject();
            }
            serviceAuthenticationToken.jwt = str;
            SecurityContextHolder.getContext().setAuthentication(serviceAuthenticationToken);
            callNextFilter(httpServletRequest, httpServletResponse, filterChain);
        } catch (ManagedApiException e) {
            FailureInfoDTO failureInfoDTO = new FailureInfoDTO();
            failureInfoDTO.setHttpStatusCode(e.getHttpStatusCode());
            failureInfoDTO.setCode(e.getCode());
            failureInfoDTO.setMessage(e.getMessage());
            postResponse(httpServletResponse, HttpStatus.valueOf(e.getHttpStatusCode()), failureInfoDTO);
        }
    }

    private String getToken(String str) {
        if (str == null || !str.startsWith("Bearer ")) {
            return null;
        }
        return str.substring("Bearer ".length());
    }

    public String getKey() {
        return this.secret;
    }
}
