package org.bongiorno.ws.core.server.filters;

import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bongiorno.misc.utils.SecurityUtils;
import org.bongiorno.ws.core.exceptions.UnauthorizedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/bongiorno/ws/core/server/filters/SharedSecretFilter.class */
public class SharedSecretFilter extends OncePerRequestFilter {
    private Logger logger;
    private String tokenSeed;
    private String strategy;

    public SharedSecretFilter(String str) {
        this.logger = LoggerFactory.getLogger(SharedSecretFilter.class);
        this.tokenSeed = str;
        this.strategy = "SHA-256";
    }

    public SharedSecretFilter(String str, String str2) {
        this.logger = LoggerFactory.getLogger(SharedSecretFilter.class);
        this.tokenSeed = str;
        this.strategy = str2;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("x-username");
        String header2 = httpServletRequest.getHeader("x-token");
        String header3 = httpServletRequest.getHeader("x-time");
        if (StringUtils.isEmpty(header3)) {
            throw new UnauthorizedException("No time header provided", new Object[0]);
        }
        if (Instant.ofEpochMilli(Long.parseLong(header3)).isBefore(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.MINUTES))) {
            throw new UnauthorizedException("Token too old", new Object[0]);
        }
        if (StringUtils.isEmpty(header)) {
            this.logger.warn(String.format("No client name supplied", new Object[0]));
            throw new UnauthorizedException("Forbidden client", new Object[0]);
        }
        if (SecurityUtils.hashTo(this.tokenSeed + header3, this.strategy).equals(header2)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            this.logger.warn(String.format("client '%s' failed token check", header));
            throw new UnauthorizedException("Bad token", new Object[0]);
        }
    }
}
