package io.gravitee.am.management.handlers.management.api.authentication.filter;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.identityprovider.api.DefaultUser;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.jwt.DefaultJWTParser;
import io.gravitee.am.jwt.JWTParser;
import io.gravitee.am.management.handlers.management.api.authentication.csrf.CookieCsrfSignedTokenRepository;
import io.gravitee.am.management.handlers.management.api.authentication.provider.generator.JWTGenerator;
import io.gravitee.am.management.handlers.management.api.authentication.service.AuthenticationService;
import io.gravitee.am.management.handlers.management.api.authentication.service.impl.AuthenticationServiceImpl;
import io.gravitee.am.model.Environment;
import io.gravitee.am.service.EnvironmentService;
import io.gravitee.node.api.configuration.Configuration;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.util.HashMap;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/filter/CockpitAuthenticationFilter.class */
public class CockpitAuthenticationFilter extends GenericFilterBean {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CockpitAuthenticationFilter.class);
    private static final String COCKPIT_SOURCE = "cockpit";

    @Autowired
    private Configuration configuration;

    @Autowired
    @Lazy
    private JWTGenerator jwtGenerator;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private EnvironmentService environmentService;
    private JWTParser jwtParser;

    private void initialize() {
        if (enabled() && this.jwtParser == null) {
            try {
                this.jwtParser = new DefaultJWTParser(getPublicKey());
            } catch (Exception e) {
                throw new RuntimeException("Unable to load cockpit JWT public key");
            }
        }
    }

    private UsernamePasswordAuthenticationToken convertToAuthentication(JWT jwt) {
        String str = (String) jwt.get("preferred_username");
        String str2 = (String) jwt.get("org");
        DefaultUser defaultUser = new DefaultUser(str);
        defaultUser.setId((String) jwt.get("sub"));
        defaultUser.setAdditionalInformation(new HashMap());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(defaultUser, (Object) null, AuthorityUtils.NO_AUTHORITIES);
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationServiceImpl.SOURCE, COCKPIT_SOURCE);
        hashMap.put("preferred_username", str);
        hashMap.put("org", str2);
        usernamePasswordAuthenticationToken.setDetails(hashMap);
        return usernamePasswordAuthenticationToken;
    }

    private Key getPublicKey() throws Exception {
        return loadKeyStore().getCertificate(keyAlias()).getPublicKey();
    }

    private KeyStore loadKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(keyStoreType());
        InputStream openStream = new File(keyStorePath()).toURI().toURL().openStream();
        try {
            keyStore.load(openStream, null == keyStorePassword() ? null : keyStorePassword().toCharArray());
            if (openStream != null) {
                openStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!enabled() || !httpServletRequest.getPathInfo().equals("/cockpit")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        initialize();
        String parameter = servletRequest.getParameter(CookieCsrfSignedTokenRepository.TOKEN_CLAIM);
        if (StringUtils.isEmpty(parameter)) {
            httpServletResponse.sendError(400);
            return;
        }
        try {
            JWT parse = this.jwtParser.parse(parameter);
            User onAuthenticationSuccess = this.authenticationService.onAuthenticationSuccess(convertToAuthentication(parse));
            Environment environment = (Environment) this.environmentService.findById((String) parse.get("env"), (String) parse.get("org")).blockingGet();
            String str = environment != null ? "/environments/" + ((String) environment.getHrids().get(0)) : "";
            httpServletResponse.addCookie(this.jwtGenerator.generateCookie(onAuthenticationSuccess));
            httpServletResponse.sendRedirect(((String) parse.get("redirect_uri")) + str);
        } catch (Exception e) {
            log.error("Error occurred when trying to login using cockpit.", e);
            httpServletResponse.sendError(403);
        }
    }

    private boolean enabled() {
        return ((Boolean) getProperty("cockpit.enabled", "cloud.enabled", Boolean.class, false)).booleanValue();
    }

    private String keyStoreType() {
        return getProperty("cockpit.keystore.type", "cloud.connector.ws.ssl.keystore.type", null);
    }

    private String keyStorePath() {
        return getProperty("cockpit.keystore.path", "cloud.connector.ws.ssl.keystore.path", null);
    }

    private String keyStorePassword() {
        return getProperty("cockpit.keystore.password", "cloud.connector.ws.ssl.keystore.password", null);
    }

    private String keyAlias() {
        return getProperty("cockpit.keystore.key.alias", "cloud.connector.ws.ssl.keystore.key.alias", "cockpit-client");
    }

    private String getProperty(String str, String str2, String str3) {
        return (String) getProperty(str, str2, String.class, str3);
    }

    <T> T getProperty(String str, String str2, Class<T> cls, T t) {
        Object property = this.configuration.getProperty(str, cls);
        if (property == null) {
            property = this.configuration.getProperty(str2, cls);
        }
        return property != null ? (T) property : t;
    }
}
