package org.jahia.modules.apitokens.core;

import java.util.Arrays;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.jahia.api.usermanager.JahiaUserManagerService;
import org.jahia.bin.filters.CompositeFilter;
import org.jahia.modules.apitokens.TokenDetails;
import org.jahia.modules.apitokens.TokenService;
import org.jahia.params.valves.AuthValveContext;
import org.jahia.params.valves.BaseAuthValve;
import org.jahia.pipelines.Pipeline;
import org.jahia.pipelines.PipelineException;
import org.jahia.pipelines.valves.Valve;
import org.jahia.pipelines.valves.ValveContext;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRUserNode;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ServiceScope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Valve.class}, immediate = true, scope = ServiceScope.SINGLETON)
/* loaded from: input_file:org/jahia/modules/apitokens/core/TokenAuthValve.class */
public class TokenAuthValve extends BaseAuthValve {
    public static final String API_TOKEN = "APIToken";
    private static final Logger logger = LoggerFactory.getLogger(TokenAuthValve.class);
    private Pipeline authPipeline;
    private TokenService tokenService;
    private JahiaUserManagerService userManagerService;
    private String[] urlPatterns = null;

    @Reference(service = Pipeline.class, target = "(type=authentication)")
    public void setAuthPipeline(Pipeline pipeline) {
        this.authPipeline = pipeline;
    }

    @Reference
    public void setTokenService(TokenService tokenService) {
        this.tokenService = tokenService;
    }

    @Reference
    public void setUserManagerService(JahiaUserManagerService jahiaUserManagerService) {
        this.userManagerService = jahiaUserManagerService;
    }

    @Activate
    public void activate(Map<String, ?> map) {
        setId("patValve");
        if (map.get("urlPatterns") != null) {
            this.urlPatterns = StringUtils.split((String) map.get("urlPatterns"), ",");
        }
        removeValve(this.authPipeline);
        addValve(this.authPipeline, 0, null, null);
    }

    @Deactivate
    public void deactivate() {
        removeValve(this.authPipeline);
    }

    public void invoke(Object obj, ValveContext valveContext) throws PipelineException {
        AuthValveContext authValveContext = (AuthValveContext) obj;
        HttpServletRequest request = authValveContext.getRequest();
        String substring = request.getRequestURI().substring(request.getContextPath().length());
        if (Arrays.stream(this.urlPatterns).anyMatch(str -> {
            return CompositeFilter.matchFiltersURL(str, substring);
        })) {
            try {
                JCRUserNode authenticate = authenticate(request.getHeader("Authorization"));
                if (authenticate != null) {
                    authValveContext.setShouldStoreAuthInSession(false);
                    authValveContext.getSessionFactory().setCurrentUser(authenticate.getJahiaUser());
                    return;
                }
            } catch (RepositoryException e) {
                throw new PipelineException(e);
            }
        }
        valveContext.invokeNext(obj);
    }

    private JCRUserNode authenticate(String str) throws RepositoryException {
        if (str == null || !str.contains(API_TOKEN)) {
            return null;
        }
        String trim = StringUtils.substringAfter(str, API_TOKEN).trim();
        return (JCRUserNode) JCRTemplate.getInstance().doExecuteWithSystemSession(jCRSessionWrapper -> {
            TokenDetails verifyToken = this.tokenService.verifyToken(trim, jCRSessionWrapper);
            logger.debug("Received token {}", verifyToken);
            if (verifyToken == null || !verifyToken.isValid()) {
                return null;
            }
            return this.userManagerService.lookupUserByPath(verifyToken.getUserPath());
        });
    }
}
