package io.github.censodev.jauthlibspringweb;

import io.github.censodev.jauthlibcore.AuthFilterHook;
import io.github.censodev.jauthlibcore.CanAuth;
import io.github.censodev.jauthlibcore.TokenProvider;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:io/github/censodev/jauthlibspringweb/SpringWebAuthFilter.class */
public class SpringWebAuthFilter<T extends CanAuth> implements Filter {
    private final TokenProvider tokenProvider;
    private final Class<T> canAuthConcreteClass;
    private final AuthFilterHook hook;

    public SpringWebAuthFilter(TokenProvider tokenProvider, Class<T> cls) {
        this.tokenProvider = tokenProvider;
        this.canAuthConcreteClass = cls;
        this.hook = new AuthFilterHook() { // from class: io.github.censodev.jauthlibspringweb.SpringWebAuthFilter.1
            public void beforeVerify(TokenProvider tokenProvider2, String str) {
            }

            public void onPassed(CanAuth canAuth) {
            }

            public void onFailed(Exception exc) {
            }
        };
    }

    public SpringWebAuthFilter(TokenProvider tokenProvider, Class<T> cls, AuthFilterHook authFilterHook) {
        this.tokenProvider = tokenProvider;
        this.canAuthConcreteClass = cls;
        this.hook = authFilterHook;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = ((HttpServletRequest) servletRequest).getHeader(this.tokenProvider.getHeader());
        if (header == null || !header.startsWith(this.tokenProvider.getPrefix())) {
            this.hook.onFailed(new Exception("Invalid HTTP header for authentication"));
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String replace = header.replace(this.tokenProvider.getPrefix(), "");
        try {
            this.hook.beforeVerify(this.tokenProvider, replace);
            this.tokenProvider.validateToken(replace);
            CanAuth credential = this.tokenProvider.getCredential(replace, this.canAuthConcreteClass);
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(credential.principle(), credential, (List) credential.authorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList())));
            this.hook.onPassed(credential);
        } catch (Exception e) {
            this.hook.onFailed(e);
            SecurityContextHolder.clearContext();
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
