package app.utils.security.server.oauth;

import app.utils.config.AppConfig;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.JwkProviderBuilder;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/security/server/oauth/JwtAccessTokenFilter.class */
public class JwtAccessTokenFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(JwtAccessTokenFilter.class);
    private final JwkProvider jwkProvider;

    public JwtAccessTokenFilter() {
        try {
            this.jwkProvider = new JwkProviderBuilder(new URI(AppConfig.getInstance().getConfigs().getString("oauth.provider.jwks.endpoint")).toURL()).cached(true).build();
        } catch (MalformedURLException | URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String substring;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith("Bearer ") && (substring = header.substring("Bearer ".length())) != null && !substring.isEmpty() && verifyJWTAccessToken(httpServletRequest, substring)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("WWW-Authenticate", "Bearer");
        httpServletResponse.sendError(401, "Unauthorized");
    }

    private boolean verifyJWTAccessToken(HttpServletRequest httpServletRequest, String str) {
        try {
            DecodedJWT decode = JWT.decode(str);
            String keyId = decode.getKeyId();
            String algorithm = decode.getAlgorithm();
            JWT.require(getAlgorithm(keyId, algorithm)).withAudience(new String[]{httpServletRequest.getRequestURL().toString()}).build().verify(decode);
            LOG.debug("Access Token with algorithm {} is valid", algorithm);
            return true;
        } catch (Exception e) {
            LOG.error("An unexpected error occurred during Access Token validation", e);
            return false;
        } catch (JwkException e2) {
            LOG.error("Unable to get Access Token signature Public Key from provider", e2);
            return false;
        } catch (JWTVerificationException e3) {
            LOG.error("Access Token is not valid", e3);
            return false;
        }
    }

    private Algorithm getAlgorithm(String str, String str2) throws JwkException, JWTVerificationException {
        boolean z = -1;
        switch (str2.hashCode()) {
            case 78251122:
                if (str2.equals("RS256")) {
                    z = false;
                    break;
                }
                break;
            case 78252174:
                if (str2.equals("RS384")) {
                    z = true;
                    break;
                }
                break;
            case 78253877:
                if (str2.equals("RS512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Algorithm.RSA256(getRSAPublicKey(str), (RSAPrivateKey) null);
            case true:
                return Algorithm.RSA384(getRSAPublicKey(str), (RSAPrivateKey) null);
            case true:
                return Algorithm.RSA512(getRSAPublicKey(str), (RSAPrivateKey) null);
            default:
                throw new JWTVerificationException("Unsupported algorithm: " + str2);
        }
    }

    private RSAPublicKey getRSAPublicKey(String str) throws JwkException {
        return (RSAPublicKey) this.jwkProvider.get(str).getPublicKey();
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
