package de.adorsys.psd2.sandbox.auth.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.util.DateUtils;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.psd2.sandbox.auth.ErrorResponse;
import de.adorsys.psd2.sandbox.auth.MiddlewareAuthentication;
import de.adorsys.psd2.sandbox.auth.SecurityConstant;
import java.io.IOException;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:de/adorsys/psd2/sandbox/auth/filter/AbstractAuthFilter.class */
public abstract class AbstractAuthFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(AbstractAuthFilter.class);
    private final ObjectMapper objectMapper = new ObjectMapper();
    public static final String INVALID_REFRESH_TOKEN = "invalid refresh token";

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleAuthenticationFailure(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        log.error(exc.getMessage());
        Map<String, String> buildContent = new ErrorResponse().buildContent(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.setHeader("Content-Type", "application/json");
        httpServletResponse.getOutputStream().println(this.objectMapper.writeValueAsString(buildContent));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String obtainFromHeader(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getHeader(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean authenticationIsRequired() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return isNotAuthenticated(authentication) || isNotMiddlewareAuthentication(authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fillSecurityContext(BearerTokenTO bearerTokenTO) {
        SecurityContextHolder.getContext().setAuthentication(new MiddlewareAuthentication(bearerTokenTO.getAccessTokenObject(), bearerTokenTO, buildGrantedAuthorities(bearerTokenTO.getAccessTokenObject())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String resolveBearerToken(HttpServletRequest httpServletRequest) {
        return (String) Optional.ofNullable(obtainFromHeader(httpServletRequest, SecurityConstant.AUTHORIZATION_HEADER)).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).filter(str -> {
            return StringUtils.startsWithIgnoreCase(str, SecurityConstant.BEARER_TOKEN_PREFIX);
        }).map(str2 -> {
            return StringUtils.substringAfter(str2, SecurityConstant.BEARER_TOKEN_PREFIX);
        }).orElse(null);
    }

    private boolean isNotAuthenticated(Authentication authentication) {
        return authentication == null || !authentication.isAuthenticated();
    }

    private boolean isNotMiddlewareAuthentication(Authentication authentication) {
        return !(authentication instanceof MiddlewareAuthentication);
    }

    private List<GrantedAuthority> buildGrantedAuthorities(AccessTokenTO accessTokenTO) {
        return accessTokenTO.getRole() != null ? Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + accessTokenTO.getRole().name())) : Collections.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeCookie(HttpServletResponse httpServletResponse, String str, boolean z) {
        Cookie cookie = new Cookie(str, "");
        cookie.setHttpOnly(true);
        cookie.setSecure(z);
        cookie.setPath("/");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    public void addRefreshTokenCookie(HttpServletResponse httpServletResponse, String str, String str2, boolean z) {
        Cookie cookie = new Cookie("rft_" + str, str2);
        cookie.setHttpOnly(true);
        cookie.setSecure(z);
        cookie.setMaxAge(expiredTimeInSec(str2).intValue());
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void refreshUserSession(BearerTokenTO bearerTokenTO, HttpServletResponse httpServletResponse, boolean z) {
        String access_token = bearerTokenTO.getAccess_token();
        addRefreshTokenCookie(httpServletResponse, jwtId(access_token), bearerTokenTO.getRefresh_token(), z);
        addBearerTokenHeader(access_token, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addBearerTokenHeader(String str, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(SecurityConstant.ACCESS_TOKEN, str);
    }

    public String getCookieValue(HttpServletRequest httpServletRequest, String str) {
        return (String) Optional.ofNullable(WebUtils.getCookie(httpServletRequest, str)).map((v0) -> {
            return v0.getValue();
        }).orElseThrow(() -> {
            return new AccessDeniedException(INVALID_REFRESH_TOKEN);
        });
    }

    public String jwtId(String str) {
        return JWTParser.parse(str).getJWTClaimsSet().getJWTID();
    }

    public boolean isExpiredToken(String str) {
        return ((Boolean) Optional.ofNullable(JWTParser.parse(str).getJWTClaimsSet().getExpirationTime()).map(date -> {
            return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
        }).map(localDateTime -> {
            return Boolean.valueOf(localDateTime.isBefore(LocalDateTime.now()));
        }).orElse(true)).booleanValue();
    }

    public Long expiredTimeInSec(String str) {
        return Long.valueOf(DateUtils.toSecondsSinceEpoch(JWTParser.parse(str).getJWTClaimsSet().getExpirationTime()) - DateUtils.toSecondsSinceEpoch(JWTParser.parse(str).getJWTClaimsSet().getIssueTime()));
    }
}
