package org.tbk.spring.lnurl.security.wallet;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.util.UriComponentsBuilder;
import org.tbk.lnurl.auth.K1;
import org.tbk.lnurl.auth.LinkingKey;
import org.tbk.lnurl.auth.Signature;
import org.tbk.lnurl.simple.auth.SimpleK1;
import org.tbk.lnurl.simple.auth.SimpleLinkingKey;
import org.tbk.lnurl.simple.auth.SimpleSignature;
import org.tbk.lnurl.simple.auth.SimpleSignedLnurlAuth;
import org.tbk.spring.lnurl.security.LnurlAuthenticationException;

/* loaded from: input_file:org/tbk/spring/lnurl/security/wallet/LnurlAuthWalletAuthenticationFilter.class */
public class LnurlAuthWalletAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger log = LoggerFactory.getLogger(LnurlAuthWalletAuthenticationFilter.class);
    private static final LnurlAuthWalletAuthenticationFailureHandler failureHandler = new LnurlAuthWalletAuthenticationFailureHandler();
    private static final LnurlAuthWalletAuthenticationSuccessHandler successHandler = new LnurlAuthWalletAuthenticationSuccessHandler();
    private static final String successBody = "{\n  \"status\": \"OK\"\n}";
    private static final String errorBody = "{\n  \"status\": \"ERROR\",\n  \"reason\": \"Request could not be authenticated.\"\n}";

    public LnurlAuthWalletAuthenticationFilter(String str) {
        this(new AntPathRequestMatcher(str, HttpMethod.GET.name()));
    }

    protected LnurlAuthWalletAuthenticationFilter(AntPathRequestMatcher antPathRequestMatcher) {
        super(antPathRequestMatcher);
        setAuthenticationFailureHandler(failureHandler);
        setAuthenticationSuccessHandler(successHandler);
        setAllowSessionCreation(false);
    }

    public final Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (!httpServletRequest.getMethod().equals(HttpMethod.GET.name())) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        LnurlAuthWalletToken buildToken = buildToken(httpServletRequest);
        if (log.isDebugEnabled()) {
            log.debug("got lnurl-auth wallet authentication request for k1 '{}'", buildToken.getK1().toHex());
        }
        setDetails(httpServletRequest, buildToken);
        return getAuthenticationManager().authenticate(buildToken);
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
        if ((authentication instanceof LnurlAuthWalletToken) && this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new LnurlAuthWalletActionEvent(this, (LnurlAuthWalletToken) authentication, SimpleSignedLnurlAuth.from(UriComponentsBuilder.fromHttpRequest(new ServletServerHttpRequest(httpServletRequest)).build().toUri())));
        }
        if (httpServletResponse.isCommitted()) {
            return;
        }
        writeSuccessBody(httpServletRequest, httpServletResponse);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        super.unsuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticationException);
        if (httpServletResponse.isCommitted()) {
            return;
        }
        writeErrorBody(httpServletRequest, httpServletResponse);
    }

    @SuppressFBWarnings({"XSS_SERVLET"})
    protected void writeSuccessBody(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().write(successBody);
    }

    @SuppressFBWarnings({"XSS_SERVLET"})
    protected void writeErrorBody(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().write(errorBody);
    }

    protected LnurlAuthWalletToken buildToken(HttpServletRequest httpServletRequest) {
        try {
            return new LnurlAuthWalletToken(obtainK1(httpServletRequest).orElseThrow(() -> {
                return new LnurlAuthenticationException("k1 is missing or invalid.");
            }), obtainSig(httpServletRequest).orElseThrow(() -> {
                return new LnurlAuthenticationException("Signature is missing or invalid.");
            }), obtainKey(httpServletRequest).orElseThrow(() -> {
                return new LnurlAuthenticationException("Key is missing or invalid.");
            }));
        } catch (IllegalArgumentException e) {
            throw new LnurlAuthenticationException(e.getMessage(), e);
        } catch (Exception e2) {
            throw new LnurlAuthenticationException("Cannot build wallet token from request", e2);
        } catch (LnurlAuthenticationException e3) {
            throw e3;
        }
    }

    protected Optional<K1> obtainK1(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getParameter("k1")).map(SimpleK1::fromHex);
    }

    protected Optional<Signature> obtainSig(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getParameter("sig")).map(SimpleSignature::fromHex);
    }

    protected Optional<LinkingKey> obtainKey(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getParameter("key")).map(SimpleLinkingKey::fromHex);
    }

    protected void setDetails(HttpServletRequest httpServletRequest, LnurlAuthWalletToken lnurlAuthWalletToken) {
        lnurlAuthWalletToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }
}
