package com.supwisdom.insititute.token.server.security.domain.web.authentication;

import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUserConverter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.3.7-RELEASE.jar:com/supwisdom/insititute/token/server/security/domain/web/authentication/IdTokenAuthenticationFilter.class */
public class IdTokenAuthenticationFilter extends BasicAuthenticationFilter {
    private MessageSourceAccessor messageSourceAccessor;
    private TokenUserConverter tokenUserConverter;
    static final /* synthetic */ boolean $assertionsDisabled;

    public IdTokenAuthenticationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter, org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        Assert.notNull(this.messageSourceAccessor, "An MessageSourceAccessor is required");
        Assert.notNull(this.tokenUserConverter, "An TokenUserConverter is required");
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter, org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null && cookies.length > 0) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equalsIgnoreCase("X-Id-Token") && cookie.isHttpOnly()) {
                    str = cookie.getValue();
                }
            }
        }
        if (str == null || str.isEmpty()) {
            String header = httpServletRequest.getHeader("X-Id-Token");
            if (header == null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else {
                if (!$assertionsDisabled && header.split("\\.").length != 3) {
                    throw new AssertionError();
                }
                str = header;
            }
        }
        TokenUser convertFromTokenEraseCredentials = this.tokenUserConverter.convertFromTokenEraseCredentials(str);
        if (convertFromTokenEraseCredentials == null) {
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
        } else {
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(convertFromTokenEraseCredentials, null, convertFromTokenEraseCredentials.getAuthorities()));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    public void setMessageSourceAccessor(MessageSourceAccessor messageSourceAccessor) {
        this.messageSourceAccessor = messageSourceAccessor;
    }

    public void setTokenUserConverter(TokenUserConverter tokenUserConverter) {
        this.tokenUserConverter = tokenUserConverter;
    }

    static {
        $assertionsDisabled = !IdTokenAuthenticationFilter.class.desiredAssertionStatus();
    }
}
