package dev.jarand.authprotectedrequests;

import dev.jarand.authprotectedrequests.authapi.AuthApiClientImpl;
import dev.jarand.authprotectedrequests.jws.JwsService;
import dev.jarand.authprotectedrequests.jws.ParseClaimsResult;
import dev.jarand.authprotectedrequests.jws.ParseClaimsResultState;
import io.jsonwebtoken.Claims;
import java.util.Arrays;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.streams.jdk8.StreamsKt;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* compiled from: BearerAuthenticationFilter.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��0\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\u0018��2\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J \u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000f"}, d2 = {"Ldev/jarand/authprotectedrequests/BearerAuthenticationFilter;", "Ljavax/servlet/Filter;", "jwsService", "Ldev/jarand/authprotectedrequests/jws/JwsService;", "authApiClientImpl", "Ldev/jarand/authprotectedrequests/authapi/AuthApiClientImpl;", "(Ldev/jarand/authprotectedrequests/jws/JwsService;Ldev/jarand/authprotectedrequests/authapi/AuthApiClientImpl;)V", "doFilter", "", "servletRequest", "Ljavax/servlet/ServletRequest;", "servletResponse", "Ljavax/servlet/ServletResponse;", "chain", "Ljavax/servlet/FilterChain;", "auth-protected-requests"})
/* loaded from: input_file:dev/jarand/authprotectedrequests/BearerAuthenticationFilter.class */
public final class BearerAuthenticationFilter implements Filter {
    private final JwsService jwsService;
    private final AuthApiClientImpl authApiClientImpl;

    public void doFilter(@NotNull ServletRequest servletRequest, @NotNull ServletResponse servletResponse, @NotNull FilterChain filterChain) {
        Intrinsics.checkParameterIsNotNull(servletRequest, "servletRequest");
        Intrinsics.checkParameterIsNotNull(servletResponse, "servletResponse");
        Intrinsics.checkParameterIsNotNull(filterChain, "chain");
        ServletRequest servletRequest2 = (HttpServletRequest) servletRequest;
        ServletResponse servletResponse2 = (HttpServletResponse) servletResponse;
        if (servletRequest2.getCookies() != null) {
            Cookie[] cookies = servletRequest2.getCookies();
            Intrinsics.checkExpressionValueIsNotNull(cookies, "request.cookies");
            if (!(cookies.length == 0)) {
                Cookie cookie = (Cookie) Arrays.stream(servletRequest2.getCookies()).filter(new Predicate<Cookie>() { // from class: dev.jarand.authprotectedrequests.BearerAuthenticationFilter$doFilter$accessTokenCookie$1
                    @Override // java.util.function.Predicate
                    public final boolean test(Cookie cookie2) {
                        Intrinsics.checkExpressionValueIsNotNull(cookie2, "it");
                        return Intrinsics.areEqual(cookie2.getName(), "access_token");
                    }
                }).findFirst().orElse(null);
                if (cookie == null) {
                    servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
                    return;
                }
                String value = cookie.getValue();
                JwsService jwsService = this.jwsService;
                Intrinsics.checkExpressionValueIsNotNull(value, "accessToken");
                ParseClaimsResult parseClaims = jwsService.parseClaims(value);
                if (parseClaims.getState() == ParseClaimsResultState.EXPIRED) {
                    Cookie cookie2 = (Cookie) Arrays.stream(servletRequest2.getCookies()).filter(new Predicate<Cookie>() { // from class: dev.jarand.authprotectedrequests.BearerAuthenticationFilter$doFilter$refreshTokenCookie$1
                        @Override // java.util.function.Predicate
                        public final boolean test(Cookie cookie3) {
                            Intrinsics.checkExpressionValueIsNotNull(cookie3, "it");
                            return Intrinsics.areEqual(cookie3.getName(), "refresh_token");
                        }
                    }).findFirst().orElse(null);
                    Intrinsics.checkExpressionValueIsNotNull(cookie2, "refreshTokenCookie");
                    String value2 = cookie2.getValue();
                    AuthApiClientImpl authApiClientImpl = this.authApiClientImpl;
                    Intrinsics.checkExpressionValueIsNotNull(value2, "refreshToken");
                    String refreshToken = authApiClientImpl.refreshToken(value2);
                    if (refreshToken != null) {
                        parseClaims = this.jwsService.parseClaims(refreshToken);
                        Cookie cookie3 = new Cookie("access_token", refreshToken);
                        cookie3.setHttpOnly(cookie.isHttpOnly());
                        cookie3.setSecure(cookie.getSecure());
                        cookie3.setDomain(cookie.getDomain());
                        cookie3.setPath(cookie.getPath());
                        cookie3.setMaxAge(cookie.getMaxAge());
                        servletResponse2.addCookie(cookie3);
                    }
                }
                if (parseClaims.getState() != ParseClaimsResultState.SUCCESS) {
                    servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
                    return;
                }
                Claims claims = parseClaims.getClaims();
                if (claims == null) {
                    Intrinsics.throwNpe();
                }
                Object obj = claims.get("scope", String.class);
                Intrinsics.checkExpressionValueIsNotNull(obj, "claims.get(\"scope\", String::class.java)");
                Stream map = StringsKt.split$default((CharSequence) obj, new String[]{" "}, false, 0, 6, (Object) null).stream().map(new Function<T, R>() { // from class: dev.jarand.authprotectedrequests.BearerAuthenticationFilter$doFilter$authorities$1
                    @Override // java.util.function.Function
                    @NotNull
                    public final SimpleGrantedAuthority apply(String str) {
                        return new SimpleGrantedAuthority("ROLE_" + str);
                    }
                });
                Intrinsics.checkExpressionValueIsNotNull(map, "claims.get(\"scope\", Stri…edAuthority(\"ROLE_$it\") }");
                Authentication usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(claims.getSubject(), (Object) null, StreamsKt.toList(map));
                SecurityContext context = SecurityContextHolder.getContext();
                Intrinsics.checkExpressionValueIsNotNull(context, "securityContext");
                context.setAuthentication(usernamePasswordAuthenticationToken);
                filterChain.doFilter(servletRequest2, servletResponse2);
                return;
            }
        }
        servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
    }

    public BearerAuthenticationFilter(@NotNull JwsService jwsService, @NotNull AuthApiClientImpl authApiClientImpl) {
        Intrinsics.checkParameterIsNotNull(jwsService, "jwsService");
        Intrinsics.checkParameterIsNotNull(authApiClientImpl, "authApiClientImpl");
        this.jwsService = jwsService;
        this.authApiClientImpl = authApiClientImpl;
    }
}
