package br.com.fiorilli.sia.abertura.application.security;

import br.com.fiorilli.sia.abertura.application.client.sia7.AuthSia7Client;
import br.com.fiorilli.sia.abertura.application.client.sia8.AuthClient;
import br.com.fiorilli.sia.abertura.application.enums.VersaoSIA;
import br.com.fiorilli.sia.abertura.application.exception.UnauthorizedException;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springdoc.core.Constants;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/classes/br/com/fiorilli/sia/abertura/application/security/SecurityFilter.class */
public class SecurityFilter extends OncePerRequestFilter {
    private static final String AUTHENTICATION_SCHEME = "Bearer";
    private final AuthClient authClient;
    private final AuthSia7Client authSia7Client;

    public SecurityFilter(AuthClient authClient, AuthSia7Client authSia7Client) {
        this.authClient = authClient;
        this.authSia7Client = authSia7Client;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        return List.of((Object[]) new String[]{"/", "/error", "/images/**", Constants.INDEX_PAGE, "/favicon.ico", "/webjars/**", "/v3/api-docs/**", Constants.DEFAULT_SWAGGER_UI_PATH, "/swagger-ui/**", "/v1/**", "/api_integracao/**", "/wsb013/**", "/ping", "/entidade", "/entidade/logo", "/solicitacoes/consultar", "/auth/**", "/acesso/auth", "/IntegradorPaulista/IntegracaoInscricaoMunicipal/Autenticacao"}).stream().anyMatch(str -> {
            return antPathMatcher.match(str, httpServletRequest.getServletPath());
        });
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        try {
            if (br.com.fiorilli.sia.abertura.application.config.Constants.APP_CONFIG.getVersaoSIA().equals(VersaoSIA.SIA8)) {
                this.authClient.authorize(header);
            } else {
                if (header.contains("Bearer")) {
                    header = header.replace("Bearer ", "");
                }
                this.authSia7Client.verificar(header);
            }
            SecurityContextHolder.getContext().setAuthentication(new IntegradorAuthentication(extractPrincipal(header)));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            httpServletResponse.setStatus(403);
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getOutputStream().println(new ObjectMapper().writeValueAsString(new UnauthorizedException(e.getMessage())));
        }
    }

    private CustomPrincipal extractPrincipal(String str) {
        DecodedJWT decode = JWT.decode(br.com.fiorilli.sia.abertura.application.config.Constants.APP_CONFIG.getVersaoSIA().equals(VersaoSIA.SIA8) ? str.substring("Bearer".length()).trim() : str.trim());
        return CustomPrincipal.builder().userId(Integer.valueOf(Integer.parseInt(decode.getSubject()))).name(decode.getClaims().get("name").asString()).user(decode.getClaims().get("user").asString()).type(String.valueOf(decode.getClaims().get("type"))).build();
    }
}
