package it.geosolutions.geostore.services.rest.security;

import com.google.common.base.Optional;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.keycloak.admin.client.resource.BearerAuthFilter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.0.0.jar:it/geosolutions/geostore/services/rest/security/TokenAuthenticationFilter.class */
public abstract class TokenAuthenticationFilter extends GeoStoreAuthenticationFilter {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) TokenAuthenticationFilter.class);
    protected LoadingCache<String, Optional<Authentication>> cache;
    private String tokenHeader = "Authorization";
    private String tokenPrefix = BearerAuthFilter.AUTH_HEADER_PREFIX;
    private int cacheSize = 1000;
    private int cacheExpiration = 60;

    public void setTokenHeader(String str) {
        this.tokenHeader = str;
    }

    public void setTokenPrefix(String str) {
        this.tokenPrefix = str;
    }

    public void setCache(LoadingCache<String, Optional<Authentication>> loadingCache) {
        this.cache = loadingCache;
    }

    public void setCacheSize(int i) {
        this.cacheSize = i;
    }

    public void setCacheExpiration(int i) {
        this.cacheExpiration = i;
    }

    protected LoadingCache<String, Optional<Authentication>> getCache() {
        if (this.cache == null) {
            this.cache = CacheBuilder.newBuilder().maximumSize(this.cacheSize).refreshAfterWrite(this.cacheExpiration, TimeUnit.SECONDS).build(new CacheLoader<String, Optional<Authentication>>() { // from class: it.geosolutions.geostore.services.rest.security.TokenAuthenticationFilter.1
                @Override // com.google.common.cache.CacheLoader
                public Optional<Authentication> load(String str) {
                    return Optional.fromNullable(TokenAuthenticationFilter.this.checkToken(str));
                }
            });
        }
        return this.cache;
    }

    @Override // it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter
    protected void authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.tokenHeader);
        if (header == null || !header.trim().toUpperCase().startsWith(this.tokenPrefix.toUpperCase())) {
            return;
        }
        try {
            Authentication orNull = getCache().get(header.substring(this.tokenPrefix.length()).trim()).orNull();
            if (orNull != null) {
                LOGGER.info("User authenticated using token: " + orNull.getName());
                SecurityContextHolder.getContext().setAuthentication(orNull);
            }
        } catch (ExecutionException e) {
            LOGGER.error("Error authenticating token", (Throwable) e);
        }
    }

    protected abstract Authentication checkToken(String str);
}
