package io.sdsolutions.particle.security.filter.impl;

import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.proc.SimpleSecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import io.sdsolutions.particle.security.filter.AutoLoginFilter;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;

/* loaded from: input_file:io/sdsolutions/particle/security/filter/impl/OAuth2AutoLoginFilter.class */
public class OAuth2AutoLoginFilter extends AutoLoginFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2AutoLoginFilter.class);
    private static final String DUMMY_USER = "user";
    private static final String DUMMY_PASSWORD = "password";
    private static final String ROLE_PREFIX = "ROLE_";
    private final ConfigurableJWTProcessor<SimpleSecurityContext> configurableJWTProcessor;
    private final Environment environment;

    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        return DUMMY_PASSWORD;
    }

    public OAuth2AutoLoginFilter(AuthenticationManager authenticationManager, ConfigurableJWTProcessor<SimpleSecurityContext> configurableJWTProcessor, Environment environment) {
        super.setAuthenticationManager(authenticationManager);
        this.configurableJWTProcessor = configurableJWTProcessor;
        this.environment = environment;
    }

    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        return DUMMY_USER;
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws ServletException {
        try {
            super.successfulAuthentication(httpServletRequest, httpServletResponse, handleAuthentication(httpServletRequest));
        } catch (IOException e) {
            throw new PreAuthenticatedCredentialsNotFoundException(HttpStatus.UNAUTHORIZED.toString());
        }
    }

    private Authentication handleAuthentication(HttpServletRequest httpServletRequest) throws IOException {
        List list;
        String token = getToken(httpServletRequest);
        try {
            JWTClaimsSet process = this.configurableJWTProcessor.process(token, (SecurityContext) null);
            if (!isIssuedCorrectly(process)) {
                throw new IOException(String.format("Issuer (%s) in JWT token doesn't match IDP", process.getIssuer()));
            }
            String obj = process.getClaims().get(this.environment.getRequiredProperty("security.oauth2.userclaim")).toString();
            if (obj == null) {
                return null;
            }
            Collection arrayList = new ArrayList();
            if (StringUtils.isNotBlank(this.environment.getProperty("security.oauth2.groupsclaim")) && (list = (List) process.getClaims().get(this.environment.getProperty("security.oauth2.groupsclaim"))) != null && !list.isEmpty()) {
                arrayList = convertList(list, str -> {
                    return new SimpleGrantedAuthority("ROLE_" + str.toUpperCase());
                });
            }
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(obj, DUMMY_PASSWORD, arrayList);
            preAuthenticatedAuthenticationToken.setDetails(token);
            return preAuthenticatedAuthenticationToken;
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            throw new IOException(e);
        }
    }

    private String getToken(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isBlank(header)) {
            throw new IOException();
        }
        return header.replace("Bearer ", "");
    }

    private boolean isIssuedCorrectly(JWTClaimsSet jWTClaimsSet) {
        return jWTClaimsSet.getIssuer().equals(this.environment.getRequiredProperty("security.oauth2.identity_pool_url"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static <T, U> List<U> convertList(List<T> list, Function<T, U> function) {
        return (List) list.stream().map(function).collect(Collectors.toList());
    }
}
