package io.rocketbase.commons.filter;

import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.rocketbase.commons.config.JwtProperties;
import io.rocketbase.commons.model.AppUser;
import io.rocketbase.commons.security.JwtTokenService;
import io.rocketbase.commons.service.AppUserService;
import java.io.IOException;
import java.util.Collection;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:io/rocketbase/commons/filter/JwtAuthenticationTokenFilter.class */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);

    @Resource
    private AppUserService appUserService;

    @Resource
    private JwtTokenService jwtTokenService;

    @Resource
    private JwtProperties jwtProperties;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader(this.jwtProperties.getHeader());
        String str = null;
        String str2 = null;
        if (header != null && header.startsWith(this.jwtProperties.getTokenPrefix())) {
            str2 = header.substring(this.jwtProperties.getTokenPrefix().length());
        } else if (httpServletRequest.getParameter(this.jwtProperties.getUriParam()) != null) {
            str2 = httpServletRequest.getParameter(this.jwtProperties.getUriParam());
        }
        if (str2 != null) {
            try {
                str = this.jwtTokenService.getUsernameFromToken(str2);
            } catch (MalformedJwtException e) {
                log.warn("the token has invalid format. {}", e.getMessage());
            } catch (IllegalArgumentException e2) {
                log.error("an error occured during getting username from token. {}", e2.getMessage());
            } catch (JwtException e3) {
                log.error("other token exception: {}", e3.getMessage());
            } catch (ExpiredJwtException e4) {
                log.warn("the token is expired and not valid anymore");
            }
        }
        if (str != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            AppUser appUser = (AppUser) this.appUserService.loadUserByUsername(str);
            if (this.jwtTokenService.validateToken(str2, appUser).booleanValue()) {
                Collection<? extends GrantedAuthority> authoritiesFromToken = this.jwtTokenService.getAuthoritiesFromToken(str2);
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(appUser, "", authoritiesFromToken);
                usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                if (log.isTraceEnabled()) {
                    log.trace("authenticated user {} with {}, setting security context", str, authoritiesFromToken);
                }
                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
