package ch.elexis.core.jaxrs.filter;

import io.curity.oauth.OAuthJwtFilter;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.regex.Pattern;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ch/elexis/core/jaxrs/filter/AbstractCombinedOauthJwtContextSettingFilter.class */
public abstract class AbstractCombinedOauthJwtContextSettingFilter implements Filter {
    private static final boolean IS_DISABLE_WEBSEC = Boolean.valueOf(System.getProperty("disable.web.security")).booleanValue();
    private ContextSettingFilter contextSettingFilter;
    private Pattern skipPattern;
    private Filter oAuthJwtFilter;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/elexis/core/jaxrs/filter/AbstractCombinedOauthJwtContextSettingFilter$EnvironmentVariablesExtendedFilterConfig.class */
    public class EnvironmentVariablesExtendedFilterConfig implements FilterConfig {
        private final String ENV_PREFIX;
        private FilterConfig filterConfig;

        public EnvironmentVariablesExtendedFilterConfig(FilterConfig filterConfig) {
            this.filterConfig = filterConfig;
            String initParameter = filterConfig.getInitParameter("filter-id");
            if (initParameter != null) {
                this.ENV_PREFIX = "OAUTH_FILTER_" + initParameter + "_";
            } else {
                this.ENV_PREFIX = "OAUTH_FILTER_";
            }
        }

        public String getFilterName() {
            return this.filterConfig.getFilterName();
        }

        public String getInitParameter(String str) {
            String initParameter = this.filterConfig.getInitParameter(str);
            if (initParameter == null) {
                initParameter = System.getenv(this.ENV_PREFIX + str);
            }
            return initParameter;
        }

        public Enumeration<String> getInitParameterNames() {
            Enumeration initParameterNames = this.filterConfig.getInitParameterNames();
            ArrayList arrayList = new ArrayList(System.getenv().keySet().stream().filter(str -> {
                return str.startsWith(this.ENV_PREFIX);
            }).map(str2 -> {
                return str2.substring(this.ENV_PREFIX.length());
            }).toList());
            Iterator asIterator = initParameterNames.asIterator();
            arrayList.getClass();
            asIterator.forEachRemaining((v1) -> {
                r1.add(v1);
            });
            return Collections.enumeration(arrayList);
        }

        public ServletContext getServletContext() {
            return this.filterConfig.getServletContext();
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        if (IS_DISABLE_WEBSEC) {
            LoggerFactory.getLogger(getClass()).error("!!! UNPROTECTED API !!!");
        } else {
            initializeOAuthFilter(filterConfig);
            LoggerFactory.getLogger(getClass()).debug("Filter initialized");
        }
        this.contextSettingFilter = new ContextSettingFilter(IS_DISABLE_WEBSEC);
        String initParameter = filterConfig.getInitParameter("skipPattern");
        if (initParameter != null) {
            this.skipPattern = Pattern.compile(initParameter, 32);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (shouldSkip(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (IS_DISABLE_WEBSEC) {
            this.contextSettingFilter.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            this.oAuthJwtFilter.doFilter(httpServletRequest, servletResponse, (servletRequest2, servletResponse2) -> {
                this.contextSettingFilter.doFilter(servletRequest2, servletResponse2, filterChain);
            });
        }
    }

    private void initializeOAuthFilter(FilterConfig filterConfig) throws ServletException {
        this.oAuthJwtFilter = new OAuthJwtFilter();
        this.oAuthJwtFilter.init(new EnvironmentVariablesExtendedFilterConfig(filterConfig));
    }

    private boolean shouldSkip(HttpServletRequest httpServletRequest) {
        if (this.skipPattern == null) {
            return false;
        }
        return this.skipPattern.matcher(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length())).matches();
    }
}
