package org.hspconsortium.platform.authorization.security;

import com.google.common.collect.ImmutableList;
import com.google.firebase.auth.FirebaseToken;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
import org.hspconsortium.platform.service.FirebaseTokenService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.repository.impl.JpaUserInfoRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/classes/org/hspconsortium/platform/authorization/security/FirebaseJwtFilter.class */
public class FirebaseJwtFilter extends GenericFilterBean {
    private final Logger log = LoggerFactory.getLogger(FirebaseJwtFilter.class);

    @Value("${hspc.platform.auth.cookieName}")
    private String cookieName;

    @Inject
    private FirebaseTokenService firebaseTokenService;

    @PersistenceContext
    private EntityManager manager;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private JpaUserInfoRepository jpaUserInfoRepository;

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        FirebaseJwtAuthenticationToken authIfCookieExists = getAuthIfCookieExists((HttpServletRequest) servletRequest);
        if (authIfCookieExists != null) {
            SecurityContextHolder.getContext().setAuthentication(authIfCookieExists);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private FirebaseJwtAuthenticationToken getAuthIfCookieExists(HttpServletRequest httpServletRequest) {
        String resolveToken = resolveToken(httpServletRequest);
        if (resolveToken == null) {
            return null;
        }
        FirebaseToken validateToken = this.firebaseTokenService.validateToken(resolveToken);
        return validateToken != null ? new FirebaseJwtAuthenticationToken(validateToken, retrieveAuthorities(validateToken.getEmail())) : new FirebaseJwtAuthenticationToken();
    }

    private Collection<GrantedAuthority> retrieveAuthorities(String str) {
        UserInfo byEmailAddress = this.jpaUserInfoRepository.getByEmailAddress(str);
        if (byEmailAddress == null) {
            return defaultAuths();
        }
        List<GrantedAuthority> query = new JdbcTemplate(this.dataSource).query("SELECT * from authorities where username = ?", new String[]{byEmailAddress.getPreferredUsername()}, (resultSet, i) -> {
            return new SimpleGrantedAuthority(resultSet.getString("authority"));
        });
        if (query == null || query.isEmpty()) {
            query = defaultAuths();
        }
        return ImmutableList.copyOf((Collection) query);
    }

    private List<GrantedAuthority> defaultAuths() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleGrantedAuthority("ROLE_USER"));
        return arrayList;
    }

    private String resolveToken(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(this.cookieName)) {
                return cookie.getValue();
            }
        }
        return null;
    }
}
