package ca.pjer.iam;

import ca.pjer.iam.config.FilterProperties;
import java.io.IOException;
import java.net.URI;
import java.security.Principal;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:ca/pjer/iam/AuthFilter.class */
public class AuthFilter extends HttpFilter {
    private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
    private final boolean secure;
    private final String loginPath;
    private final String loginCallbackPath;
    private final String logoutPath;
    private final String logoutCallbackPath;
    private final String sessionName;
    private final Duration sessionDuration;
    private final boolean sessionTimeout;
    private final OAuthClient identityOAuthClient;
    private final TokenService identityTokenService;
    private final SessionService sessionService;
    private final TokenService sessionTokenService;

    /* loaded from: input_file:ca/pjer/iam/AuthFilter$HttpServletRequestWrapperImpl.class */
    private static class HttpServletRequestWrapperImpl extends HttpServletRequestWrapper {
        private Principal principal;

        HttpServletRequestWrapperImpl(HttpServletRequest httpServletRequest, Principal principal) {
            super(httpServletRequest);
            this.principal = principal;
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }
    }

    public AuthFilter(FilterProperties filterProperties, OAuthClient oAuthClient, TokenService tokenService, SessionService sessionService, TokenService tokenService2) {
        this.secure = filterProperties.isSecure();
        this.loginPath = filterProperties.getLoginPath();
        this.loginCallbackPath = filterProperties.getLoginCallbackPath();
        this.logoutPath = filterProperties.getLogoutPath();
        this.logoutCallbackPath = filterProperties.getLogoutCallbackPath();
        this.sessionName = filterProperties.getSessionName();
        this.sessionDuration = filterProperties.getSessionDuration();
        this.sessionTimeout = filterProperties.isSessionTimeout();
        this.identityOAuthClient = oAuthClient;
        this.identityTokenService = tokenService;
        this.sessionService = sessionService;
        this.sessionTokenService = tokenService2;
    }

    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (this.secure && !((String) Optional.ofNullable(getPublicUri(httpServletRequest).getScheme()).orElse("")).equals("https")) {
                redirect(httpServletResponse, HttpStatus.PERMANENT_REDIRECT, getPublicUriBuilder(httpServletRequest).scheme("https").build().toUri());
                return;
            }
            String requestURI = httpServletRequest.getRequestURI();
            if (requestURI.equals(this.loginPath)) {
                URI buildPublicUri = buildPublicUri(httpServletRequest, this.loginCallbackPath);
                String parameter = httpServletRequest.getParameter("state");
                if (StringUtils.isEmpty(parameter)) {
                    parameter = UUID.randomUUID().toString();
                }
                redirect(httpServletResponse, HttpStatus.TEMPORARY_REDIRECT, this.identityOAuthClient.getAuthorizeUri(buildPublicUri, parameter));
                return;
            }
            if (requestURI.equals(this.loginCallbackPath)) {
                URI buildPublicUri2 = buildPublicUri(httpServletRequest, this.loginCallbackPath);
                String parameter2 = httpServletRequest.getParameter("code");
                String parameter3 = httpServletRequest.getParameter("state");
                Map<String, Object> tokens = this.identityOAuthClient.getTokens(buildPublicUri2, parameter2);
                Map<String, Object> map = null;
                String str = (String) tokens.get("id_token");
                if (!Strings.isBlank(str)) {
                    map = this.identityTokenService.parse(str);
                }
                String str2 = (String) tokens.get("access_token");
                if (!Strings.isBlank(str2)) {
                    map = this.identityOAuthClient.getUserInfo(str2);
                }
                if (map != null) {
                    setCookie(httpServletResponse, this.sessionName, this.sessionTokenService.create(this.sessionService.create(map, parameter3, httpServletRequest, httpServletResponse)), this.secure, (int) this.sessionDuration.get(ChronoUnit.SECONDS));
                    redirect(httpServletResponse, HttpStatus.TEMPORARY_REDIRECT, buildPublicUri(httpServletRequest, "/"));
                    return;
                }
            }
            String cookie = getCookie(httpServletRequest, this.sessionName);
            if (Strings.isBlank(cookie)) {
                String header = httpServletRequest.getHeader("Authorization");
                if (!Strings.isBlank(header)) {
                    String[] split = header.split(" ", 2);
                    if (split.length > 1 && this.sessionName.equalsIgnoreCase(split[0])) {
                        cookie = split[1];
                    }
                }
            }
            if (Strings.isBlank(cookie)) {
                cookie = httpServletRequest.getParameter(this.sessionName);
            }
            if (Strings.isBlank(cookie)) {
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                return;
            }
            if (requestURI.equals(this.logoutPath)) {
                redirect(httpServletResponse, HttpStatus.TEMPORARY_REDIRECT, this.identityOAuthClient.getLogoutUri(buildPublicUri(httpServletRequest, this.logoutCallbackPath)));
            } else {
                if (requestURI.equals(this.logoutCallbackPath)) {
                    try {
                        this.sessionService.remove(this.sessionTokenService.parse(cookie), httpServletRequest, httpServletResponse);
                    } catch (Exception e) {
                    }
                    unsetCookie(httpServletResponse, this.sessionName);
                    redirect(httpServletResponse, HttpStatus.TEMPORARY_REDIRECT, buildPublicUri(httpServletRequest, "/"));
                    return;
                }
                Principal load = this.sessionService.load(this.sessionTokenService.parse(cookie), httpServletRequest, httpServletResponse);
                if (this.sessionTimeout) {
                    setCookie(httpServletResponse, this.sessionName, cookie, this.secure, (int) this.sessionDuration.get(ChronoUnit.SECONDS));
                }
                filterChain.doFilter(new HttpServletRequestWrapperImpl(httpServletRequest, load), httpServletResponse);
            }
        } catch (Exception e2) {
            log.info("Exception in auth: {}", e2.toString());
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        }
    }

    private void redirect(HttpServletResponse httpServletResponse, HttpStatus httpStatus, URI uri) {
        httpServletResponse.addHeader("Location", uri.toString());
        httpServletResponse.setStatus(httpStatus.value());
    }

    private URI buildPublicUri(HttpServletRequest httpServletRequest, String str) {
        return getPublicUriBuilder(httpServletRequest).replacePath(str).replaceQuery("").build().toUri();
    }

    private URI getPublicUri(HttpServletRequest httpServletRequest) {
        return getPublicUriBuilder(httpServletRequest).build().toUri();
    }

    private UriComponentsBuilder getPublicUriBuilder(HttpServletRequest httpServletRequest) {
        return UriComponentsBuilder.fromHttpRequest(new ServletServerHttpRequest(httpServletRequest));
    }

    private void unsetCookie(HttpServletResponse httpServletResponse, String str) {
        setCookie(httpServletResponse, str, "", false, 0);
    }

    private void setCookie(HttpServletResponse httpServletResponse, String str, String str2, boolean z, int i) {
        Cookie cookie = new Cookie(str, str2);
        cookie.setPath("/");
        cookie.setSecure(z);
        cookie.setMaxAge(i);
        httpServletResponse.addCookie(cookie);
    }

    private String getCookie(HttpServletRequest httpServletRequest, String str) {
        return (String) Stream.of((Object[]) Optional.ofNullable(httpServletRequest.getCookies()).orElse(new Cookie[0])).filter(cookie -> {
            return cookie.getName().equals(str);
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst().orElse(null);
    }
}
