package dev.jarand.authprotectedrequests;

import dev.jarand.authprotectedrequests.authapi.AuthApiClient;
import dev.jarand.authprotectedrequests.jws.JwsService;
import dev.jarand.authprotectedrequests.jws.ParseClaimsResult;
import dev.jarand.authprotectedrequests.jws.ParseClaimsResultState;
import io.jsonwebtoken.Claims;
import java.util.Arrays;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.streams.jdk8.StreamsKt;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* compiled from: BearerAuthenticationFilter.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��H\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u00172\u00020\u0001:\u0001\u0017B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0018\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\bH\u0002J \u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0016J\u0010\u0010\u0014\u001a\u00020\r2\u0006\u0010\u0015\u001a\u00020\u0016H\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0018"}, d2 = {"Ldev/jarand/authprotectedrequests/BearerAuthenticationFilter;", "Ljavax/servlet/Filter;", "jwsService", "Ldev/jarand/authprotectedrequests/jws/JwsService;", "authApiClient", "Ldev/jarand/authprotectedrequests/authapi/AuthApiClient;", "(Ldev/jarand/authprotectedrequests/jws/JwsService;Ldev/jarand/authprotectedrequests/authapi/AuthApiClient;)V", "createCookie", "Ljavax/servlet/http/Cookie;", "accessToken", "", "refreshTokenCookie", "doFilter", "", "servletRequest", "Ljavax/servlet/ServletRequest;", "servletResponse", "Ljavax/servlet/ServletResponse;", "chain", "Ljavax/servlet/FilterChain;", "setSecurityContext", "claims", "Lio/jsonwebtoken/Claims;", "Companion", "auth-protected-requests"})
/* loaded from: input_file:dev/jarand/authprotectedrequests/BearerAuthenticationFilter.class */
public final class BearerAuthenticationFilter implements Filter {
    private final JwsService jwsService;
    private final AuthApiClient authApiClient;
    public static final Companion Companion = new Companion(null);
    private static final Logger logger = LoggerFactory.getLogger(BearerAuthenticationFilter.class);

    /* compiled from: BearerAuthenticationFilter.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0006"}, d2 = {"Ldev/jarand/authprotectedrequests/BearerAuthenticationFilter$Companion;", "", "()V", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "auth-protected-requests"})
    /* loaded from: input_file:dev/jarand/authprotectedrequests/BearerAuthenticationFilter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public void doFilter(@NotNull ServletRequest servletRequest, @NotNull ServletResponse servletResponse, @NotNull FilterChain filterChain) {
        Intrinsics.checkParameterIsNotNull(servletRequest, "servletRequest");
        Intrinsics.checkParameterIsNotNull(servletResponse, "servletResponse");
        Intrinsics.checkParameterIsNotNull(filterChain, "chain");
        ServletRequest servletRequest2 = (HttpServletRequest) servletRequest;
        ServletResponse servletResponse2 = (HttpServletResponse) servletResponse;
        if (servletRequest2.getCookies() != null) {
            Cookie[] cookies = servletRequest2.getCookies();
            Intrinsics.checkExpressionValueIsNotNull(cookies, "request.cookies");
            if (!(cookies.length == 0)) {
                List<Cookie> list = (List) Arrays.stream(servletRequest2.getCookies()).filter(new Predicate<Cookie>() { // from class: dev.jarand.authprotectedrequests.BearerAuthenticationFilter$doFilter$tokenCookies$1
                    @Override // java.util.function.Predicate
                    public final boolean test(Cookie cookie) {
                        Intrinsics.checkExpressionValueIsNotNull(cookie, "it");
                        return Intrinsics.areEqual(cookie.getName(), "access_token") || Intrinsics.areEqual(cookie.getName(), "refresh_token");
                    }
                }).collect(Collectors.toList());
                logger.debug("Found " + list.size() + " token cookies.");
                boolean z = false;
                for (Cookie cookie : list) {
                    Intrinsics.checkExpressionValueIsNotNull(cookie, "tokenCookie");
                    if (Intrinsics.areEqual(cookie.getName(), "access_token")) {
                        logger.debug("Processing access_token.");
                        JwsService jwsService = this.jwsService;
                        String value = cookie.getValue();
                        Intrinsics.checkExpressionValueIsNotNull(value, "tokenCookie.value");
                        ParseClaimsResult parseClaims = jwsService.parseClaims(value);
                        if (parseClaims.getState() == ParseClaimsResultState.SUCCESS && parseClaims.getClaims() != null) {
                            logger.debug("Successfully parsed access_token. Setting security context.");
                            setSecurityContext(parseClaims.getClaims());
                            z = true;
                        } else if (parseClaims.getState() != ParseClaimsResultState.EXPIRED) {
                            logger.debug("Parse failed with state " + parseClaims.getState() + ". Returning 401.");
                            servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
                            return;
                        }
                    } else if (Intrinsics.areEqual(cookie.getName(), "refresh_token")) {
                        logger.debug("Processing refresh_token.");
                        if (z) {
                            logger.debug("Security context has been set. Skipping refresh_token processing.");
                        } else {
                            AuthApiClient authApiClient = this.authApiClient;
                            String value2 = cookie.getValue();
                            Intrinsics.checkExpressionValueIsNotNull(value2, "tokenCookie.value");
                            String refreshToken = authApiClient.refreshToken(value2);
                            if (refreshToken == null) {
                                logger.debug("No access_token returned when trying to refresh token. Returning 401.");
                                servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
                                return;
                            }
                            JwsService jwsService2 = this.jwsService;
                            String value3 = cookie.getValue();
                            Intrinsics.checkExpressionValueIsNotNull(value3, "tokenCookie.value");
                            ParseClaimsResult parseClaims2 = jwsService2.parseClaims(value3);
                            if (parseClaims2.getState() == ParseClaimsResultState.SUCCESS && parseClaims2.getClaims() != null) {
                                logger.debug("Successfully parsed access_token after refreshing. Adding new access token to cookie.");
                                servletResponse2.addCookie(createCookie(refreshToken, cookie));
                                logger.debug("Successfully added access_token to cookie. Setting security context.");
                                setSecurityContext(parseClaims2.getClaims());
                            } else if (parseClaims2.getState() != ParseClaimsResultState.EXPIRED) {
                                logger.debug("Parse after refreshing failed with state " + parseClaims2.getState() + ". Returning 401.");
                                servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
                                return;
                            }
                        }
                    } else {
                        continue;
                    }
                }
                filterChain.doFilter(servletRequest2, servletResponse2);
                return;
            }
        }
        logger.debug("No cookies sent with request. Returning 401.");
        servletResponse2.sendError(HttpStatus.UNAUTHORIZED.value());
    }

    private final void setSecurityContext(Claims claims) {
        Object obj = claims.get("scope", String.class);
        Intrinsics.checkExpressionValueIsNotNull(obj, "claims.get(\"scope\", String::class.java)");
        Stream map = StringsKt.split$default((CharSequence) obj, new String[]{" "}, false, 0, 6, (Object) null).stream().map(new Function<T, R>() { // from class: dev.jarand.authprotectedrequests.BearerAuthenticationFilter$setSecurityContext$authorities$1
            @Override // java.util.function.Function
            @NotNull
            public final SimpleGrantedAuthority apply(String str) {
                return new SimpleGrantedAuthority("ROLE_" + str);
            }
        });
        Intrinsics.checkExpressionValueIsNotNull(map, "claims.get(\"scope\", Stri…edAuthority(\"ROLE_$it\") }");
        Authentication usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(claims.getSubject(), (Object) null, StreamsKt.toList(map));
        SecurityContext context = SecurityContextHolder.getContext();
        Intrinsics.checkExpressionValueIsNotNull(context, "securityContext");
        context.setAuthentication(usernamePasswordAuthenticationToken);
    }

    private final Cookie createCookie(String str, Cookie cookie) {
        Cookie cookie2 = new Cookie("access_token", str);
        cookie2.setHttpOnly(true);
        cookie2.setSecure(true);
        cookie2.setDomain("arkivet.app");
        cookie2.setPath("/");
        cookie2.setMaxAge(120);
        return cookie2;
    }

    public BearerAuthenticationFilter(@NotNull JwsService jwsService, @NotNull AuthApiClient authApiClient) {
        Intrinsics.checkParameterIsNotNull(jwsService, "jwsService");
        Intrinsics.checkParameterIsNotNull(authApiClient, "authApiClient");
        this.jwsService = jwsService;
        this.authApiClient = authApiClient;
    }
}
