package be.atbash.ee.security.sso.server.filter;

import be.atbash.ee.security.octopus.authc.IncorrectDataToken;
import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.filter.authc.AuthenticatingFilter;
import be.atbash.ee.security.octopus.sso.core.token.OctopusSSOToken;
import be.atbash.ee.security.octopus.subject.UserPrincipal;
import be.atbash.ee.security.octopus.token.AuthenticationToken;
import be.atbash.ee.security.octopus.util.WebUtils;
import be.atbash.ee.security.sso.server.endpoint.AccessTokenTransformer;
import be.atbash.ee.security.sso.server.store.SSOTokenStore;
import be.atbash.util.CDIUtils;
import com.nimbusds.oauth2.sdk.Scope;
import java.lang.annotation.Annotation;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/sso/server/filter/SSOAuthenticatingFilter.class */
public class SSOAuthenticatingFilter extends AuthenticatingFilter {
    private Logger logger = LoggerFactory.getLogger(SSOAuthenticatingFilter.class);

    @Inject
    private SSOTokenStore tokenStore;

    @Inject
    private OctopusCoreConfiguration coreConfiguration;
    private AccessTokenTransformer accessTokenTransformer;

    @PostConstruct
    public void init() {
        setName("ssoFilter");
        this.accessTokenTransformer = (AccessTokenTransformer) CDIUtils.retrieveOptionalInstance(AccessTokenTransformer.class, new Annotation[0]);
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        return createSSOToken(http, http.getHeader("Authorization"));
    }

    private AuthenticationToken createSSOToken(ServletRequest servletRequest, String str) {
        if (str == null) {
            return new IncorrectDataToken("Authorization header required");
        }
        String[] split = str.split(" ");
        if (split.length != 2) {
            return new IncorrectDataToken("Authorization header value incorrect");
        }
        if (!"Bearer".equals(split[0])) {
            return new IncorrectDataToken("Authorization header value must start with Bearer");
        }
        OctopusSSOToken createOctopusToken = createOctopusToken(servletRequest, split[1]);
        return createOctopusToken == null ? new IncorrectDataToken("Authentication failed") : createOctopusToken;
    }

    private OctopusSSOToken createOctopusToken(ServletRequest servletRequest, String str) {
        String str2 = null;
        String transformAccessToken = this.accessTokenTransformer != null ? this.accessTokenTransformer.transformAccessToken(str) : str;
        OctopusSSOToken createSSOToken = createSSOToken(this.tokenStore.getUserByAccessCode(transformAccessToken));
        if (createSSOToken != null) {
            str2 = transformAccessToken;
        }
        if (createSSOToken == null) {
            this.logger.info("No user information found for token " + str);
        } else {
            servletRequest.setAttribute(Scope.class.getName(), this.tokenStore.getOIDCDataByAccessToken(str2).getScope());
            showDebugInfo(createSSOToken);
        }
        return createSSOToken;
    }

    private OctopusSSOToken createSSOToken(UserPrincipal userPrincipal) {
        if (userPrincipal == null) {
            return null;
        }
        OctopusSSOToken octopusSSOToken = new OctopusSSOToken();
        String externalId = userPrincipal.getExternalId();
        if (externalId == null) {
            externalId = userPrincipal.getId().toString();
        }
        octopusSSOToken.setId(externalId);
        Object localId = userPrincipal.getLocalId();
        if (localId == null) {
            localId = userPrincipal.getId();
        }
        octopusSSOToken.setLocalId(localId.toString());
        octopusSSOToken.setFullName(userPrincipal.getName());
        octopusSSOToken.setFirstName(userPrincipal.getFirstName());
        octopusSSOToken.setLastName(userPrincipal.getLastName());
        octopusSSOToken.setEmail(userPrincipal.getEmail());
        octopusSSOToken.setUserName(userPrincipal.getUserName());
        octopusSSOToken.setCookieToken((String) userPrincipal.getUserInfo("OCTOPUS_SSO_COOKIE_TOKEN"));
        octopusSSOToken.addUserInfo(userPrincipal.getInfo());
        return octopusSSOToken;
    }

    private void showDebugInfo(OctopusSSOToken octopusSSOToken) {
        if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            this.logger.info(String.format("(SSO Server) User %s is authenticated from Authorization Header (cookie token = %s)", octopusSSOToken.getFullName(), octopusSSOToken.getCookieToken()));
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return executeLogin(servletRequest, servletResponse);
    }
}
