package org.thingsboard.server.service.security.auth.jwt;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.service.security.auth.RefreshAuthenticationToken;
import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
import org.thingsboard.server.service.security.model.token.RawAccessJwtToken;

/* loaded from: input_file:org/thingsboard/server/service/security/auth/jwt/RefreshTokenProcessingFilter.class */
public class RefreshTokenProcessingFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger log = LoggerFactory.getLogger(RefreshTokenProcessingFilter.class);
    private final AuthenticationSuccessHandler successHandler;
    private final AuthenticationFailureHandler failureHandler;

    public RefreshTokenProcessingFilter(String str, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        super(str);
        this.successHandler = authenticationSuccessHandler;
        this.failureHandler = authenticationFailureHandler;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        if (!HttpMethod.POST.name().equals(httpServletRequest.getMethod())) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication method not supported. Request method: " + httpServletRequest.getMethod());
            }
            throw new AuthMethodNotSupportedException("Authentication method not supported");
        }
        try {
            RefreshTokenRequest refreshTokenRequest = (RefreshTokenRequest) JacksonUtil.fromReader(httpServletRequest.getReader(), RefreshTokenRequest.class);
            if (StringUtils.isBlank(refreshTokenRequest.getRefreshToken())) {
                throw new AuthenticationServiceException("Refresh token is not provided");
            }
            return getAuthenticationManager().authenticate(new RefreshAuthenticationToken(new RawAccessJwtToken(refreshTokenRequest.getRefreshToken())));
        } catch (Exception e) {
            throw new AuthenticationServiceException("Invalid refresh token request payload");
        }
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        this.successHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.clearContext();
        this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }
}
