package it.geosolutions.geostore.services.rest.security.oauth2.openid_connect;

import it.geosolutions.geostore.services.rest.security.TokenAuthenticationCache;
import it.geosolutions.geostore.services.rest.security.oauth2.DiscoveryClient;
import it.geosolutions.geostore.services.rest.security.oauth2.GeoStoreOAuthRestTemplate;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Configuration;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter;
import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.bearer.OpenIdTokenValidator;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/security/oauth2/openid_connect/OpenIdConnectFilter.class */
public class OpenIdConnectFilter extends OAuth2GeoStoreAuthenticationFilter {
    private static final Logger LOGGER = LogManager.getLogger(OpenIdConnectFilter.class);
    private final OpenIdTokenValidator bearerTokenValidator;

    public OpenIdConnectFilter(RemoteTokenServices remoteTokenServices, GeoStoreOAuthRestTemplate geoStoreOAuthRestTemplate, OAuth2Configuration oAuth2Configuration, TokenAuthenticationCache tokenAuthenticationCache, OpenIdTokenValidator openIdTokenValidator) {
        super(remoteTokenServices, geoStoreOAuthRestTemplate, oAuth2Configuration, tokenAuthenticationCache);
        if (oAuth2Configuration.getDiscoveryUrl() != null && !"".equals(oAuth2Configuration.getDiscoveryUrl())) {
            new DiscoveryClient(oAuth2Configuration.getDiscoveryUrl()).autofill(oAuth2Configuration);
        }
        this.bearerTokenValidator = openIdTokenValidator;
    }

    @Override // it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter
    protected String getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth2AccessToken oAuth2AccessToken) throws IOException, ServletException {
        String preAuthenticatedPrincipal = super.getPreAuthenticatedPrincipal(httpServletRequest, httpServletResponse, oAuth2AccessToken);
        OAuth2GeoStoreAuthenticationFilter.OAuth2AuthenticationType oAuth2AuthenticationType = (OAuth2GeoStoreAuthenticationFilter.OAuth2AuthenticationType) httpServletRequest.getAttribute(OAuth2GeoStoreAuthenticationFilter.OAUTH2_AUTHENTICATION_TYPE_KEY);
        if (oAuth2AuthenticationType != null && oAuth2AuthenticationType.equals(OAuth2GeoStoreAuthenticationFilter.OAuth2AuthenticationType.BEARER) && this.bearerTokenValidator != null) {
            if (!((OpenIdConnectConfiguration) this.configuration).isAllowBearerTokens()) {
                LOGGER.warn("OIDC: received an attached Bearer token, but Bearer tokens aren't allowed!");
                throw new IOException("OIDC: received an attached Bearer token, but Bearer tokens aren't allowed!");
            }
            String value = oAuth2AccessToken != null ? oAuth2AccessToken.getValue() : (String) httpServletRequest.getAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE);
            try {
                this.bearerTokenValidator.verifyToken((OpenIdConnectConfiguration) this.configuration, JSONObject.fromObject(JwtHelper.decode(value).getClaims()), (Map) httpServletRequest.getAttribute(OAuth2GeoStoreAuthenticationFilter.OAUTH2_ACCESS_TOKEN_CHECK_KEY));
            } catch (Exception e) {
                throw new IOException("Attached Bearer Token is invalid", e);
            }
        }
        return preAuthenticatedPrincipal;
    }
}
