package com.fivefaces.structureclient.config.security.patient;

import com.fivefaces.structureclient.config.security.SecurityConstants;
import com.fivefaces.structureclient.config.security.User;
import com.fivefaces.structureclient.config.security.UserAuthenticationToken;
import com.fivefaces.structureclient.config.security.UserType;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/fivefaces/structureclient/config/security/patient/PatientAuthenticationFilter.class */
public class PatientAuthenticationFilter extends OncePerRequestFilter {
    private final AuthenticationManager authenticationManager;
    private final AuthenticationEntryPoint authenticationEntryPoint;
    private final PatientJwtTokenService patientJwtTokenService;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (getAuthentication().isEmpty()) {
            try {
                Optional<String> extractApiKeyHeaderValue = extractApiKeyHeaderValue(httpServletRequest);
                Optional<String> extractJwtToken = extractJwtToken(httpServletRequest);
                if (extractJwtToken.isPresent()) {
                    SecurityContextHolder.getContext().setAuthentication(this.authenticationManager.authenticate(new UserAuthenticationToken(extractApiKeyHeaderValue.orElse(null), User.fromJwt(this.patientJwtTokenService.validateToken(extractJwtToken.get()), UserType.PATIENT))));
                }
            } catch (AuthenticationException e) {
                SecurityContextHolder.clearContext();
                this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private Optional<String> extractApiKeyHeaderValue(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getHeader(SecurityConstants.X_API_KEY_HEADER));
    }

    private Optional<String> extractJwtToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(SecurityConstants.AUTHORIZATION_HEADER);
        return (StringUtils.isBlank(header) || !header.startsWith(SecurityConstants.AUTHORIZATION_BEARER_KEYWORD)) ? Optional.empty() : Optional.of(StringUtils.substringAfter(header, SecurityConstants.AUTHORIZATION_BEARER_KEYWORD));
    }

    private Optional<Authentication> getAuthentication() {
        return Optional.ofNullable(SecurityContextHolder.getContext()).map((v0) -> {
            return v0.getAuthentication();
        });
    }

    public PatientAuthenticationFilter(AuthenticationManager authenticationManager, AuthenticationEntryPoint authenticationEntryPoint, PatientJwtTokenService patientJwtTokenService) {
        this.authenticationManager = authenticationManager;
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.patientJwtTokenService = patientJwtTokenService;
    }
}
