package de.adorsys.psd2.sandbox.auth.filter;

import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.psd2.sandbox.auth.SecurityConstant;
import feign.FeignException;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/adorsys/psd2/sandbox/auth/filter/RefreshTokenFilter.class */
public class RefreshTokenFilter extends AbstractAuthFilter {
    private final KeycloakTokenService tokenService;

    /* loaded from: input_file:de/adorsys/psd2/sandbox/auth/filter/RefreshTokenFilter$RefreshTokenRequestWrapper.class */
    private static class RefreshTokenRequestWrapper extends HttpServletRequestWrapper {
        private final String accessToken;

        RefreshTokenRequestWrapper(HttpServletRequest httpServletRequest, String str) {
            super(httpServletRequest);
            this.accessToken = str;
        }

        public String getHeader(String str) {
            return SecurityConstant.AUTHORIZATION_HEADER.equals(str) ? "Bearer " + this.accessToken : super.getHeader(str);
        }
    }

    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String resolveBearerToken = resolveBearerToken(httpServletRequest);
        try {
            if (StringUtils.isNotBlank(resolveBearerToken) && isExpiredToken(resolveBearerToken)) {
                BearerTokenTO refreshAccessToken = refreshAccessToken(httpServletRequest, httpServletResponse);
                refreshUserSession(refreshAccessToken, httpServletResponse, httpServletRequest.isSecure());
                filterChain.doFilter(new RefreshTokenRequestWrapper(httpServletRequest, refreshAccessToken.getAccess_token()), httpServletResponse);
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (FeignException | AccessDeniedException e) {
            handleAuthenticationFailure(httpServletResponse, e);
        }
    }

    private BearerTokenTO refreshAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = "rft_" + jwtId(resolveBearerToken(httpServletRequest));
        String cookieValue = getCookieValue(httpServletRequest, str);
        if (isExpiredToken(cookieValue)) {
            throw new AccessDeniedException("Refresh token is expired !");
        }
        BearerTokenTO refreshToken = this.tokenService.refreshToken(cookieValue);
        removeCookie(httpServletResponse, str, httpServletRequest.isSecure());
        return refreshToken;
    }

    public RefreshTokenFilter(KeycloakTokenService keycloakTokenService) {
        this.tokenService = keycloakTokenService;
    }

    @Override // de.adorsys.psd2.sandbox.auth.filter.AbstractAuthFilter
    public /* bridge */ /* synthetic */ Long expiredTimeInSec(String str) {
        return super.expiredTimeInSec(str);
    }

    @Override // de.adorsys.psd2.sandbox.auth.filter.AbstractAuthFilter
    public /* bridge */ /* synthetic */ boolean isExpiredToken(String str) {
        return super.isExpiredToken(str);
    }

    @Override // de.adorsys.psd2.sandbox.auth.filter.AbstractAuthFilter
    public /* bridge */ /* synthetic */ String jwtId(String str) {
        return super.jwtId(str);
    }

    @Override // de.adorsys.psd2.sandbox.auth.filter.AbstractAuthFilter
    public /* bridge */ /* synthetic */ String getCookieValue(HttpServletRequest httpServletRequest, String str) {
        return super.getCookieValue(httpServletRequest, str);
    }

    @Override // de.adorsys.psd2.sandbox.auth.filter.AbstractAuthFilter
    public /* bridge */ /* synthetic */ void addRefreshTokenCookie(HttpServletResponse httpServletResponse, String str, String str2, boolean z) {
        super.addRefreshTokenCookie(httpServletResponse, str, str2, z);
    }
}
