package net.rwx.padlock.internal;

import jakarta.enterprise.inject.spi.Bean;
import jakarta.enterprise.inject.spi.BeanManager;
import jakarta.inject.Inject;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.NewCookie;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import jakarta.ws.rs.ext.RuntimeDelegate;
import java.lang.annotation.Annotation;
import java.util.concurrent.ConcurrentHashMap;
import net.rwx.padlock.PadlockSession;
import net.rwx.padlock.annotations.WithoutAuthentication;

@Provider
/* loaded from: input_file:net/rwx/padlock/internal/PadlockFilter.class */
class PadlockFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private static final String JWT_COOKIE_NAME = "JTOKEN";
    private static final ConcurrentHashMap<ContainerRequestContext, PadlockSession> sessionsMap = new ConcurrentHashMap<>();

    @Inject
    private PadlockSession session;

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private BeanManager beanManager;

    @Inject
    private TokenHelper tokenHelper;

    PadlockFilter() {
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        try {
            readTokenCookie(containerRequestContext);
            if (!needAuthentication()) {
                sessionsMap.put(containerRequestContext, getBeanInstanceFromContext());
            } else {
                if (!this.session.isAuthenticated()) {
                    throw new UnauthorizedException();
                }
                checkAuthorization(containerRequestContext);
                sessionsMap.put(containerRequestContext, getBeanInstanceFromContext());
            }
        } catch (BadTokenException e) {
            unauthorizedWithCookieRemove(containerRequestContext);
        } catch (UnauthorizedException e2) {
            unauthorized(containerRequestContext);
        }
    }

    private boolean needAuthentication() {
        return !this.resourceInfo.getResourceMethod().isAnnotationPresent(WithoutAuthentication.class);
    }

    private void readTokenCookie(ContainerRequestContext containerRequestContext) throws BadTokenException {
        Cookie cookie = (Cookie) containerRequestContext.getCookies().get(JWT_COOKIE_NAME);
        if (cookie != null) {
            this.tokenHelper.parseTokenAndExtractBean(this.session, cookie.getValue());
        }
    }

    private void checkAuthorization(ContainerRequestContext containerRequestContext) throws UnauthorizedException {
        AuthorizationChecker.builder().fromAuthorizedMethod(this.resourceInfo.getResourceMethod()).valueFrom(containerRequestContext).withBeanManager(this.beanManager).build().check();
    }

    private void unauthorized(ContainerRequestContext containerRequestContext) {
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
    }

    private void unauthorizedWithCookieRemove(ContainerRequestContext containerRequestContext) {
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header("Set-Cookie", buildCookieHeaderToRemoveToken()).build());
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        PadlockSession remove = sessionsMap.remove(containerRequestContext);
        if (remove != null && !remove.isValid()) {
            containerResponseContext.getHeaders().add("Set-Cookie", buildCookieHeaderToRemoveToken());
        } else {
            if (remove == null || remove.isEmpty()) {
                return;
            }
            containerResponseContext.getHeaders().add("Set-Cookie", (NewCookie) RuntimeDelegate.getInstance().createHeaderDelegate(NewCookie.class).fromString("JTOKEN=" + this.tokenHelper.serializeBeanAndCreateToken(remove) + ";Secure;HttpOnly;Path=/"));
        }
    }

    private NewCookie buildCookieHeaderToRemoveToken() {
        return (NewCookie) RuntimeDelegate.getInstance().createHeaderDelegate(NewCookie.class).fromString("JTOKEN=deleted;Secure;HttpOnly;Path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT");
    }

    private PadlockSession getBeanInstanceFromContext() {
        Bean resolve = this.beanManager.resolve(this.beanManager.getBeans(PadlockSession.class, new Annotation[0]));
        return (PadlockSession) this.beanManager.getContext(resolve.getScope()).get(resolve, this.beanManager.createCreationalContext(resolve));
    }
}
