package at.letto.lti.security;

import at.letto.lti.service.LTIDataService;
import at.letto.lti.service.LTIJWTService;
import at.letto.lti.utils.lti.LTI3Request;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.SignatureException;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/classes/at/letto/lti/security/LTI3OAuthProviderProcessingFilter.class */
public class LTI3OAuthProviderProcessingFilter extends GenericFilterBean {
    LTIDataService ltiDataService;
    LTIJWTService ltijwtService;
    static final Logger log = LoggerFactory.getLogger((Class<?>) LTI3OAuthProviderProcessingFilter.class);

    public LTI3OAuthProviderProcessingFilter(LTIDataService lTIDataService, LTIJWTService lTIJWTService) {
        if (lTIDataService == null) {
            throw new AssertionError();
        }
        this.ltiDataService = lTIDataService;
        if (lTIJWTService == null) {
            throw new AssertionError();
        }
        this.ltijwtService = lTIJWTService;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new IllegalStateException("LTI request MUST be an HttpServletRequest (cannot only be a ServletRequest)");
        }
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            this.ltijwtService.validateState(httpServletRequest.getParameter("state"));
            String parameter = httpServletRequest.getParameter("id_token");
            if (StringUtils.hasText(parameter) && this.ltijwtService.validateJWT(parameter) != null) {
                LTI3Request lTI3Request = new LTI3Request(httpServletRequest, this.ltiDataService, true);
                httpServletRequest.setAttribute("LTI3", true);
                httpServletRequest.setAttribute("lti3_valid", Boolean.valueOf(lTI3Request.isLoaded() && lTI3Request.isComplete()));
                httpServletRequest.setAttribute(LTI3Request.class.getName(), lTI3Request);
            }
            filterChain.doFilter(servletRequest, servletResponse);
            resetAuthenticationAfterRequest();
        } catch (ExpiredJwtException e) {
            log.info("Security exception for user {} - {}", e.getClaims().getSubject(), e.getMessage());
            ((HttpServletResponse) servletResponse).setStatus(401);
            log.debug("Exception " + e.getMessage(), (Throwable) e);
        } catch (SignatureException e2) {
            log.info("Invalid JWT signature: {0}", e2.getMessage());
            log.debug("Exception " + e2.getMessage(), (Throwable) e2);
            ((HttpServletResponse) servletResponse).setStatus(401);
        }
    }

    private void resetAuthenticationAfterRequest() {
        SecurityContextHolder.getContext().setAuthentication(null);
    }
}
