package io.soffa.platform.springboot.web.filters;

import io.soffa.commons.core.context.RequestContext;
import io.soffa.commons.core.model.AuthenticationType;
import io.soffa.commons.core.model.TenantId;
import io.soffa.platform.core.app.RequestContextHolder;
import io.soffa.platform.core.app.RequestContextImpl;
import io.soffa.platform.core.error.InvalidTokenException;
import io.soffa.platform.core.error.UnauthorizedError;
import io.soffa.platform.core.http.AuthorizationHeader;
import io.soffa.platform.core.http.HttpRequestModel;
import io.soffa.platform.core.multitenancy.TenantContext;
import io.soffa.platform.core.multitenancy.TenantLoader;
import io.soffa.platform.core.security.TokenAuthenticator;
import io.soffa.platform.core.security.model.AuthenticationInfo;
import io.soffa.platform.springboot.core.config.model.ApplicationState;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* compiled from: RequestFilter.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��J\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u00172\u00020\u0001:\u0001\u0017B3\u0012\n\b\u0002\u0010\u0002\u001a\u0004\u0018\u00010\u0003\u0012\n\b\u0002\u0010\u0004\u001a\u0004\u0018\u00010\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t¢\u0006\u0002\u0010\u000bJ\u0010\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J \u0010\u0010\u001a\u00020\r2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0016R\u0014\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u0002\u001a\u0004\u0018\u00010\u0003X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u0004\u001a\u0004\u0018\u00010\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0018"}, d2 = {"Lio/soffa/platform/springboot/web/filters/RequestFilter;", "Lorg/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter;", "tenantLoader", "Lio/soffa/platform/core/multitenancy/TenantLoader;", "tokenAuthenticator", "Lio/soffa/platform/core/security/TokenAuthenticator;", "applicationState", "Lio/soffa/platform/springboot/core/config/model/ApplicationState;", "allowedPaths", "", "", "(Lio/soffa/platform/core/multitenancy/TenantLoader;Lio/soffa/platform/core/security/TokenAuthenticator;Lio/soffa/platform/springboot/core/config/model/ApplicationState;Ljava/util/Set;)V", "createRequestContext", "", "req", "Lio/soffa/platform/core/http/HttpRequestModel;", "doFilter", "request", "Ljavax/servlet/ServletRequest;", "response", "Ljavax/servlet/ServletResponse;", "chain", "Ljavax/servlet/FilterChain;", "Companion", "soffa-platform-springboot-web"})
/* loaded from: input_file:io/soffa/platform/springboot/web/filters/RequestFilter.class */
public final class RequestFilter extends UsernamePasswordAuthenticationFilter {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @Nullable
    private final TenantLoader tenantLoader;

    @Nullable
    private final TokenAuthenticator tokenAuthenticator;

    @NotNull
    private final ApplicationState applicationState;

    @NotNull
    private final Set<String> allowedPaths;

    @NotNull
    public static final String ERROR_PATH = "/error";

    /* compiled from: RequestFilter.kt */
    @Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lio/soffa/platform/springboot/web/filters/RequestFilter$Companion;", "", "()V", "ERROR_PATH", "", "soffa-platform-springboot-web"})
    /* loaded from: input_file:io/soffa/platform/springboot/web/filters/RequestFilter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public RequestFilter(@Nullable TenantLoader tenantLoader, @Nullable TokenAuthenticator tokenAuthenticator, @NotNull ApplicationState applicationState, @NotNull Set<String> set) {
        Intrinsics.checkNotNullParameter(applicationState, "applicationState");
        Intrinsics.checkNotNullParameter(set, "allowedPaths");
        this.tenantLoader = tenantLoader;
        this.tokenAuthenticator = tokenAuthenticator;
        this.applicationState = applicationState;
        this.allowedPaths = set;
    }

    public /* synthetic */ RequestFilter(TenantLoader tenantLoader, TokenAuthenticator tokenAuthenticator, ApplicationState applicationState, Set set, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? null : tenantLoader, (i & 2) != 0 ? null : tokenAuthenticator, applicationState, set);
    }

    public void doFilter(@NotNull ServletRequest servletRequest, @NotNull ServletResponse servletResponse, @NotNull FilterChain filterChain) {
        Intrinsics.checkNotNullParameter(servletRequest, "request");
        Intrinsics.checkNotNullParameter(servletResponse, "response");
        Intrinsics.checkNotNullParameter(filterChain, "chain");
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpRequestModel httpRequestModel = new HttpRequestModel(servletRequest);
        if (httpRequestModel.isOptions() || httpRequestModel.isStaticResourceRequest() || httpRequestModel.isOpenAPIRequest() || httpRequestModel.isActuatorRequest() || httpRequestModel.uriMatches(ERROR_PATH)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!this.applicationState.getReady()) {
            httpServletResponse.sendError(HttpStatus.SERVICE_UNAVAILABLE.value(), this.applicationState.getReadinessState());
            return;
        }
        try {
            createRequestContext(httpRequestModel);
            super.doFilter(servletRequest, servletResponse, filterChain);
        } catch (UnauthorizedError e) {
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), e.getMessage());
        } catch (InvalidTokenException e2) {
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), e2.getMessage());
        }
    }

    private final void createRequestContext(HttpRequestModel httpRequestModel) {
        Authentication anonymousAuthenticationToken;
        ArrayList arrayList = new ArrayList();
        RequestContext requestContextImpl = new RequestContextImpl((TenantId) null, (AuthenticationInfo) null, 3, (DefaultConstructorMarker) null);
        RequestContextHolder.set(requestContextImpl);
        String lookupTenantId = httpRequestModel.lookupTenantId();
        if (lookupTenantId != null) {
            TenantLoader tenantLoader = this.tenantLoader;
            if (tenantLoader == null ? false : tenantLoader.exists(lookupTenantId)) {
                requestContextImpl.setTenantId(new TenantId(lookupTenantId));
                arrayList.add(new SimpleGrantedAuthority("tenant_context"));
            }
        }
        AuthorizationHeader authorizationHeader = httpRequestModel.getAuthorizationHeader();
        if (authorizationHeader == null || this.tokenAuthenticator == null) {
            arrayList.add(new SimpleGrantedAuthority("guest"));
            anonymousAuthenticationToken = new AnonymousAuthenticationToken("guest", "guest", arrayList);
        } else {
            AuthenticationInfo authenticate = this.tokenAuthenticator.authenticate(authorizationHeader.getBearerToken());
            if (authenticate.getType() == AuthenticationType.APPLICATION) {
                arrayList.add(new SimpleGrantedAuthority("application"));
            } else {
                arrayList.add(new SimpleGrantedAuthority("user"));
            }
            Set permissions = authenticate.getPermissions();
            if (permissions != null) {
                Iterator it = permissions.iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority((String) it.next()));
                }
            }
            if (authenticate.getTenantId() != null) {
                requestContextImpl.setTenantId(authenticate.getTenantId());
                arrayList.add(new SimpleGrantedAuthority("tenant_context"));
            }
            requestContextImpl.setAuth(authenticate);
            anonymousAuthenticationToken = (Authentication) new UsernamePasswordAuthenticationToken(authenticate, (Object) null, arrayList);
        }
        Authentication authentication = anonymousAuthenticationToken;
        if (requestContextImpl.getTenantId() != null) {
            TenantContext.set(requestContextImpl.getTenantId());
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }
}
